Merge pull request #4842 from gilles-peskine-arm/public_fields-3.0-info
Make some structure fields public: key info, ASN.1 and X.509 parsing, socket fd
This commit is contained in:
commit
bfe3d87f24
22 changed files with 330 additions and 115 deletions
|
@ -152,9 +152,9 @@ extern "C" {
|
|||
*/
|
||||
typedef struct mbedtls_asn1_buf
|
||||
{
|
||||
int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
|
||||
size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
|
||||
unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */
|
||||
int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
|
||||
size_t len; /**< ASN1 length, in octets. */
|
||||
unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
|
||||
}
|
||||
mbedtls_asn1_buf;
|
||||
|
||||
|
@ -163,9 +163,9 @@ mbedtls_asn1_buf;
|
|||
*/
|
||||
typedef struct mbedtls_asn1_bitstring
|
||||
{
|
||||
size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
|
||||
unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at the end of the string */
|
||||
unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */
|
||||
size_t len; /**< ASN1 length, in octets. */
|
||||
unsigned char unused_bits; /**< Number of unused bits at the end of the string */
|
||||
unsigned char *p; /**< Raw ASN1 data for the bit string */
|
||||
}
|
||||
mbedtls_asn1_bitstring;
|
||||
|
||||
|
@ -174,8 +174,16 @@ mbedtls_asn1_bitstring;
|
|||
*/
|
||||
typedef struct mbedtls_asn1_sequence
|
||||
{
|
||||
mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given ASN.1 item. */
|
||||
struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
|
||||
mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
|
||||
|
||||
/** The next entry in the sequence.
|
||||
*
|
||||
* The details of memory management for sequences are not documented and
|
||||
* may change in future versions. Set this field to \p NULL when
|
||||
* initializing a structure, and do not modify it except via Mbed TLS
|
||||
* library functions.
|
||||
*/
|
||||
struct mbedtls_asn1_sequence *next;
|
||||
}
|
||||
mbedtls_asn1_sequence;
|
||||
|
||||
|
@ -184,10 +192,24 @@ mbedtls_asn1_sequence;
|
|||
*/
|
||||
typedef struct mbedtls_asn1_named_data
|
||||
{
|
||||
mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
|
||||
mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */
|
||||
struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
|
||||
unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the current one? */
|
||||
mbedtls_asn1_buf oid; /**< The object identifier. */
|
||||
mbedtls_asn1_buf val; /**< The named value. */
|
||||
|
||||
/** The next entry in the sequence.
|
||||
*
|
||||
* The details of memory management for named data sequences are not
|
||||
* documented and may change in future versions. Set this field to \p NULL
|
||||
* when initializing a structure, and do not modify it except via Mbed TLS
|
||||
* library functions.
|
||||
*/
|
||||
struct mbedtls_asn1_named_data *next;
|
||||
|
||||
/** Merge next item into the current one?
|
||||
*
|
||||
* This field exists for the sake of Mbed TLS's X.509 certificate parsing
|
||||
* code and may change in future versions of the library.
|
||||
*/
|
||||
unsigned char MBEDTLS_PRIVATE(next_merged);
|
||||
}
|
||||
mbedtls_asn1_named_data;
|
||||
|
||||
|
|
|
@ -258,6 +258,13 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
|
|||
/**
|
||||
* Cipher information. Allows calling cipher functions
|
||||
* in a generic way.
|
||||
*
|
||||
* \note The library does not support custom cipher info structures,
|
||||
* only built-in structures returned by the functions
|
||||
* mbedtls_cipher_info_from_string(),
|
||||
* mbedtls_cipher_info_from_type(),
|
||||
* mbedtls_cipher_info_from_values(),
|
||||
* mbedtls_cipher_info_from_psa().
|
||||
*/
|
||||
typedef struct mbedtls_cipher_info_t
|
||||
{
|
||||
|
@ -414,6 +421,82 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_ciph
|
|||
int key_bitlen,
|
||||
const mbedtls_cipher_mode_t mode );
|
||||
|
||||
/**
|
||||
* \brief Retrieve the identifier for a cipher info structure.
|
||||
*
|
||||
* \param[in] info The cipher info structure to query.
|
||||
* This may be \c NULL.
|
||||
*
|
||||
* \return The full cipher identifier (\c MBEDTLS_CIPHER_xxx).
|
||||
* \return #MBEDTLS_CIPHER_NONE if \p info is \c NULL.
|
||||
*/
|
||||
static inline mbedtls_cipher_type_t mbedtls_cipher_info_get_type(
|
||||
const mbedtls_cipher_info_t *info )
|
||||
{
|
||||
if( info == NULL )
|
||||
return( MBEDTLS_CIPHER_NONE );
|
||||
else
|
||||
return( info->MBEDTLS_PRIVATE(type) );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Retrieve the operation mode for a cipher info structure.
|
||||
*
|
||||
* \param[in] info The cipher info structure to query.
|
||||
* This may be \c NULL.
|
||||
*
|
||||
* \return The cipher mode (\c MBEDTLS_MODE_xxx).
|
||||
* \return #MBEDTLS_MODE_NONE if \p info is \c NULL.
|
||||
*/
|
||||
static inline mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode(
|
||||
const mbedtls_cipher_info_t *info )
|
||||
{
|
||||
if( info == NULL )
|
||||
return( MBEDTLS_MODE_NONE );
|
||||
else
|
||||
return( info->MBEDTLS_PRIVATE(mode) );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Retrieve the key size for a cipher info structure.
|
||||
*
|
||||
* \param[in] info The cipher info structure to query.
|
||||
* This may be \c NULL.
|
||||
*
|
||||
* \return The key length in bits.
|
||||
* For variable-sized ciphers, this is the default length.
|
||||
* For DES, this includes the parity bits.
|
||||
* \return \c 0 if \p info is \c NULL.
|
||||
*/
|
||||
static inline size_t mbedtls_cipher_info_get_key_bitlen(
|
||||
const mbedtls_cipher_info_t *info )
|
||||
{
|
||||
if( info == NULL )
|
||||
return( 0 );
|
||||
else
|
||||
return( info->MBEDTLS_PRIVATE(key_bitlen) );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Retrieve the human-readable name for a
|
||||
* cipher info structure.
|
||||
*
|
||||
* \param[in] info The cipher info structure to query.
|
||||
* This may be \c NULL.
|
||||
*
|
||||
* \return The cipher name, which is a human readable string,
|
||||
* with static storage duration.
|
||||
* \return \c NULL if \c info is \p NULL.
|
||||
*/
|
||||
static inline const char *mbedtls_cipher_info_get_name(
|
||||
const mbedtls_cipher_info_t *info )
|
||||
{
|
||||
if( info == NULL )
|
||||
return( NULL );
|
||||
else
|
||||
return( info->MBEDTLS_PRIVATE(name) );
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief This function initializes a \p cipher_context as NONE.
|
||||
*
|
||||
|
|
|
@ -147,13 +147,17 @@ typedef enum
|
|||
|
||||
/**
|
||||
* Curve information, for use by other modules.
|
||||
*
|
||||
* The fields of this structure are part of the public API and can be
|
||||
* accessed directly by applications. Future versions of the library may
|
||||
* add extra fields or reorder existing fields.
|
||||
*/
|
||||
typedef struct mbedtls_ecp_curve_info
|
||||
{
|
||||
mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier. */
|
||||
uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */
|
||||
uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */
|
||||
const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */
|
||||
mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
|
||||
uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
|
||||
uint16_t bit_size; /*!< The curve size in bits. */
|
||||
const char *name; /*!< A human-friendly name. */
|
||||
} mbedtls_ecp_curve_info;
|
||||
|
||||
/**
|
||||
|
|
|
@ -94,7 +94,13 @@ extern "C" {
|
|||
*/
|
||||
typedef struct mbedtls_net_context
|
||||
{
|
||||
int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */
|
||||
/** The underlying file descriptor.
|
||||
*
|
||||
* This field is only guaranteed to be present on POSIX/Unix-like platforms.
|
||||
* On other platforms, it may have a different type, have a different
|
||||
* meaning, or be absent altogether.
|
||||
*/
|
||||
int fd;
|
||||
}
|
||||
mbedtls_net_context;
|
||||
|
||||
|
|
|
@ -186,6 +186,10 @@ typedef struct mbedtls_pk_debug_item
|
|||
|
||||
/**
|
||||
* \brief Public key information and operations
|
||||
*
|
||||
* \note The library does not support custom pk info structures,
|
||||
* only built-in structures returned by
|
||||
* mbedtls_cipher_info_from_type().
|
||||
*/
|
||||
typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
|
||||
|
||||
|
|
|
@ -369,7 +369,7 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
|
|||
if( curve_info == NULL )
|
||||
return( 0 );
|
||||
return( PSA_KEY_TYPE_ECC_KEY_PAIR(
|
||||
mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) );
|
||||
mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
|
||||
|
|
|
@ -246,8 +246,8 @@ typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
|
|||
/** Container for date and time (precision in seconds). */
|
||||
typedef struct mbedtls_x509_time
|
||||
{
|
||||
int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day); /**< Date. */
|
||||
int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec); /**< Time. */
|
||||
int year, mon, day; /**< Date. */
|
||||
int hour, min, sec; /**< Time. */
|
||||
}
|
||||
mbedtls_x509_time;
|
||||
|
||||
|
|
|
@ -43,18 +43,30 @@ extern "C" {
|
|||
/**
|
||||
* Certificate revocation list entry.
|
||||
* Contains the CA-specific serial numbers and revocation dates.
|
||||
*
|
||||
* Some fields of this structure are publicly readable. Do not modify
|
||||
* them except via Mbed TLS library functions: the effect of modifying
|
||||
* those fields or the data that those fields points to is unspecified.
|
||||
*/
|
||||
typedef struct mbedtls_x509_crl_entry
|
||||
{
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(raw);
|
||||
/** Direct access to the whole entry inside the containing buffer. */
|
||||
mbedtls_x509_buf raw;
|
||||
/** The serial number of the revoked certificate. */
|
||||
mbedtls_x509_buf serial;
|
||||
/** The revocation date of this entry. */
|
||||
mbedtls_x509_time revocation_date;
|
||||
/** Direct access to the list of CRL entry extensions
|
||||
* (an ASN.1 constructed sequence).
|
||||
*
|
||||
* If there are no extensions, `entry_ext.len == 0` and
|
||||
* `entry_ext.p == NULL`. */
|
||||
mbedtls_x509_buf entry_ext;
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
|
||||
|
||||
mbedtls_x509_time MBEDTLS_PRIVATE(revocation_date);
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext);
|
||||
|
||||
struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next);
|
||||
/** Next element in the linked list of entries.
|
||||
* \p NULL indicates the end of the list.
|
||||
* Do not modify this field directly. */
|
||||
struct mbedtls_x509_crl_entry *next;
|
||||
}
|
||||
mbedtls_x509_crl_entry;
|
||||
|
||||
|
@ -64,22 +76,22 @@ mbedtls_x509_crl_entry;
|
|||
*/
|
||||
typedef struct mbedtls_x509_crl
|
||||
{
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
|
||||
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
|
||||
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
|
||||
|
||||
int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type identifier */
|
||||
int version; /**< CRL version (1=v1, 2=v2) */
|
||||
mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). */
|
||||
mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */
|
||||
|
||||
mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
|
||||
mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
|
||||
|
||||
mbedtls_x509_time MBEDTLS_PRIVATE(this_update);
|
||||
mbedtls_x509_time MBEDTLS_PRIVATE(next_update);
|
||||
mbedtls_x509_time this_update;
|
||||
mbedtls_x509_time next_update;
|
||||
|
||||
mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries containing the certificate revocation times for this CA. */
|
||||
mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext);
|
||||
mbedtls_x509_buf crl_ext;
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
|
||||
|
@ -87,7 +99,10 @@ typedef struct mbedtls_x509_crl
|
|||
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
|
||||
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
|
||||
|
||||
struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next);
|
||||
/** Next element in the linked list of CRL.
|
||||
* \p NULL indicates the end of the list.
|
||||
* Do not modify this field directly. */
|
||||
struct mbedtls_x509_crl *next;
|
||||
}
|
||||
mbedtls_x509_crl;
|
||||
|
||||
|
|
|
@ -45,36 +45,40 @@ extern "C" {
|
|||
|
||||
/**
|
||||
* Container for an X.509 certificate. The certificate may be chained.
|
||||
*
|
||||
* Some fields of this structure are publicly readable. Do not modify
|
||||
* them except via Mbed TLS library functions: the effect of modifying
|
||||
* those fields or the data that those fields points to is unspecified.
|
||||
*/
|
||||
typedef struct mbedtls_x509_crt
|
||||
{
|
||||
int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
|
||||
* by the structure or not. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
|
||||
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
|
||||
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
|
||||
|
||||
int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate issued by a specific CA. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g. sha1RSA */
|
||||
int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
|
||||
mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
|
||||
mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). Used for quick comparison. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). Used for quick comparison. */
|
||||
mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
|
||||
mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
|
||||
|
||||
mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
|
||||
mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
|
||||
mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
|
||||
mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
|
||||
|
||||
mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of certificate validity. */
|
||||
mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate validity. */
|
||||
mbedtls_x509_time valid_from; /**< Start time of certificate validity. */
|
||||
mbedtls_x509_time valid_to; /**< End time of certificate validity. */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw);
|
||||
mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
|
||||
mbedtls_x509_buf pk_raw;
|
||||
mbedtls_pk_context pk; /**< Container for the public key context. */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3 issuer unique identifier. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3 subject unique identifier. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions. */
|
||||
mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
|
||||
mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
|
||||
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
|
||||
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
|
||||
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
|
||||
|
||||
mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
|
||||
mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
|
||||
|
||||
int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */
|
||||
int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
|
||||
|
@ -82,7 +86,7 @@ typedef struct mbedtls_x509_crt
|
|||
|
||||
unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */
|
||||
|
||||
mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */
|
||||
mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
|
||||
|
||||
unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */
|
||||
|
||||
|
@ -91,7 +95,10 @@ typedef struct mbedtls_x509_crt
|
|||
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
|
||||
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
|
||||
|
||||
struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the CA-chain. */
|
||||
/** Next certificate in the linked list that constitutes the CA chain.
|
||||
* \p NULL indicates the end of the list.
|
||||
* Do not modify this field directly. */
|
||||
struct mbedtls_x509_crt *next;
|
||||
}
|
||||
mbedtls_x509_crt;
|
||||
|
||||
|
@ -100,6 +107,9 @@ mbedtls_x509_crt;
|
|||
* OtherName ::= SEQUENCE {
|
||||
* type-id OBJECT IDENTIFIER,
|
||||
* value [0] EXPLICIT ANY DEFINED BY type-id }
|
||||
*
|
||||
* Future versions of the library may add new fields to this structure or
|
||||
* to its embedded union and structure.
|
||||
*/
|
||||
typedef struct mbedtls_x509_san_other_name
|
||||
{
|
||||
|
@ -108,7 +118,7 @@ typedef struct mbedtls_x509_san_other_name
|
|||
* To check the value of the type id, you should use
|
||||
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
|
||||
*/
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */
|
||||
mbedtls_x509_buf type_id; /**< The type id. */
|
||||
union
|
||||
{
|
||||
/**
|
||||
|
@ -119,26 +129,30 @@ typedef struct mbedtls_x509_san_other_name
|
|||
*/
|
||||
struct
|
||||
{
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */
|
||||
mbedtls_x509_buf oid; /**< The object identifier. */
|
||||
mbedtls_x509_buf val; /**< The named value. */
|
||||
}
|
||||
MBEDTLS_PRIVATE(hardware_module_name);
|
||||
hardware_module_name;
|
||||
}
|
||||
MBEDTLS_PRIVATE(value);
|
||||
value;
|
||||
}
|
||||
mbedtls_x509_san_other_name;
|
||||
|
||||
/**
|
||||
* A structure for holding the parsed Subject Alternative Name, according to type
|
||||
* A structure for holding the parsed Subject Alternative Name,
|
||||
* according to type.
|
||||
*
|
||||
* Future versions of the library may add new fields to this structure or
|
||||
* to its embedded union and structure.
|
||||
*/
|
||||
typedef struct mbedtls_x509_subject_alternative_name
|
||||
{
|
||||
int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
|
||||
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
|
||||
union {
|
||||
mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */
|
||||
mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
|
||||
mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
|
||||
}
|
||||
MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
|
||||
san; /**< A union of the supported SAN types */
|
||||
}
|
||||
mbedtls_x509_subject_alternative_name;
|
||||
|
||||
|
|
|
@ -42,20 +42,24 @@ extern "C" {
|
|||
|
||||
/**
|
||||
* Certificate Signing Request (CSR) structure.
|
||||
*
|
||||
* Some fields of this structure are publicly readable. Do not modify
|
||||
* them except via Mbed TLS library functions: the effect of modifying
|
||||
* those fields or the data that those fields point to is unspecified.
|
||||
*/
|
||||
typedef struct mbedtls_x509_csr
|
||||
{
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo body (DER). */
|
||||
mbedtls_x509_buf raw; /**< The raw CSR data (DER). */
|
||||
mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
|
||||
|
||||
int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */
|
||||
int version; /**< CSR version (1=v1). */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). */
|
||||
mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
|
||||
mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */
|
||||
mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
|
||||
|
||||
mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
|
||||
mbedtls_pk_context pk; /**< Container for the public key context. */
|
||||
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);
|
||||
mbedtls_x509_buf sig_oid;
|
||||
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
|
||||
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
|
||||
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
|
||||
|
|
|
@ -138,16 +138,14 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
|
|||
ctx->ticket_lifetime = lifetime;
|
||||
|
||||
cipher_info = mbedtls_cipher_info_from_type( cipher);
|
||||
if( cipher_info == NULL )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
if( cipher_info->mode != MBEDTLS_MODE_GCM &&
|
||||
cipher_info->mode != MBEDTLS_MODE_CCM )
|
||||
if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
|
||||
mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CCM )
|
||||
{
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES )
|
||||
if( mbedtls_cipher_info_get_key_bitlen( cipher_info ) > 8 * MAX_KEY_BYTES )
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
|
|
@ -689,7 +689,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
|
|||
unsigned char *mac_dec;
|
||||
size_t mac_key_len = 0;
|
||||
size_t iv_copy_len;
|
||||
unsigned keylen;
|
||||
size_t keylen;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
const mbedtls_cipher_info_t *cipher_info;
|
||||
const mbedtls_md_info_t *md_info;
|
||||
|
@ -789,14 +789,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
|
|||
* Determine the appropriate key, IV and MAC length.
|
||||
*/
|
||||
|
||||
keylen = cipher_info->key_bitlen / 8;
|
||||
keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8;
|
||||
|
||||
#if defined(MBEDTLS_GCM_C) || \
|
||||
defined(MBEDTLS_CCM_C) || \
|
||||
defined(MBEDTLS_CHACHAPOLY_C)
|
||||
if( cipher_info->mode == MBEDTLS_MODE_GCM ||
|
||||
cipher_info->mode == MBEDTLS_MODE_CCM ||
|
||||
cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
|
||||
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM ||
|
||||
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM ||
|
||||
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
|
||||
{
|
||||
size_t explicit_ivlen;
|
||||
|
||||
|
@ -814,7 +814,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
|
|||
* sequence number).
|
||||
*/
|
||||
transform->ivlen = 12;
|
||||
if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
|
||||
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
|
||||
transform->fixed_ivlen = 12;
|
||||
else
|
||||
transform->fixed_ivlen = 4;
|
||||
|
@ -826,8 +826,8 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
|
|||
else
|
||||
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
|
||||
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
|
||||
if( cipher_info->mode == MBEDTLS_MODE_STREAM ||
|
||||
cipher_info->mode == MBEDTLS_MODE_CBC )
|
||||
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ||
|
||||
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
|
||||
{
|
||||
/* Initialize HMAC contexts */
|
||||
if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
|
||||
|
@ -845,7 +845,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
|
|||
transform->ivlen = cipher_info->iv_size;
|
||||
|
||||
/* Minimum length */
|
||||
if( cipher_info->mode == MBEDTLS_MODE_STREAM )
|
||||
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM )
|
||||
transform->minlen = transform->maclen;
|
||||
else
|
||||
{
|
||||
|
@ -1060,7 +1060,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
|
|||
}
|
||||
|
||||
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
|
||||
cipher_info->key_bitlen,
|
||||
(int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
|
||||
MBEDTLS_ENCRYPT ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
|
||||
|
@ -1068,7 +1068,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
|
|||
}
|
||||
|
||||
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
|
||||
cipher_info->key_bitlen,
|
||||
(int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
|
||||
MBEDTLS_DECRYPT ) ) != 0 )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
|
||||
|
@ -1076,7 +1076,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
|
|||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_MODE_CBC)
|
||||
if( cipher_info->mode == MBEDTLS_MODE_CBC )
|
||||
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
|
||||
{
|
||||
if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
|
||||
MBEDTLS_PADDING_NONE ) ) != 0 )
|
||||
|
|
|
@ -124,7 +124,7 @@ int main( int argc, char *argv[] )
|
|||
while( *list )
|
||||
{
|
||||
cipher_info = mbedtls_cipher_info_from_type( *list );
|
||||
mbedtls_printf( " %s\n", cipher_info->MBEDTLS_PRIVATE(name) );
|
||||
mbedtls_printf( " %s\n", mbedtls_cipher_info_get_name( cipher_info ) );
|
||||
list++;
|
||||
}
|
||||
|
||||
|
@ -309,7 +309,9 @@ int main( int argc, char *argv[] )
|
|||
|
||||
}
|
||||
|
||||
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
|
||||
if( mbedtls_cipher_setkey( &cipher_ctx,
|
||||
digest,
|
||||
(int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
|
||||
MBEDTLS_ENCRYPT ) != 0 )
|
||||
{
|
||||
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
|
||||
|
@ -408,7 +410,7 @@ int main( int argc, char *argv[] )
|
|||
/*
|
||||
* Check the file size.
|
||||
*/
|
||||
if( cipher_info->MBEDTLS_PRIVATE(mode) != MBEDTLS_MODE_GCM &&
|
||||
if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
|
||||
( ( filesize - mbedtls_md_get_size( md_info ) ) %
|
||||
mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
|
||||
{
|
||||
|
@ -448,7 +450,9 @@ int main( int argc, char *argv[] )
|
|||
mbedtls_md_finish( &md_ctx, digest );
|
||||
}
|
||||
|
||||
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
|
||||
if( mbedtls_cipher_setkey( &cipher_ctx,
|
||||
digest,
|
||||
(int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
|
||||
MBEDTLS_DECRYPT ) != 0 )
|
||||
{
|
||||
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );
|
||||
|
|
|
@ -51,7 +51,7 @@
|
|||
#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1
|
||||
|
||||
#if !defined(ECPARAMS)
|
||||
#define ECPARAMS mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
|
||||
#define ECPARAMS mbedtls_ecp_curve_list()->grp_id
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \
|
||||
|
|
|
@ -86,7 +86,7 @@ int dev_random_entropy_poll( void *data, unsigned char *output,
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_C)
|
||||
#define DFL_EC_CURVE mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
|
||||
#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id
|
||||
#else
|
||||
#define DFL_EC_CURVE 0
|
||||
#endif
|
||||
|
@ -219,9 +219,9 @@ int main( int argc, char *argv[] )
|
|||
#if defined(MBEDTLS_ECP_C)
|
||||
mbedtls_printf( " available ec_curve values:\n" );
|
||||
curve_info = mbedtls_ecp_curve_list();
|
||||
mbedtls_printf( " %s (default)\n", curve_info->MBEDTLS_PRIVATE(name) );
|
||||
while( ( ++curve_info )->MBEDTLS_PRIVATE(name) != NULL )
|
||||
mbedtls_printf( " %s\n", curve_info->MBEDTLS_PRIVATE(name) );
|
||||
mbedtls_printf( " %s (default)\n", curve_info->name );
|
||||
while( ( ++curve_info )->name != NULL )
|
||||
mbedtls_printf( " %s\n", curve_info->name );
|
||||
#endif /* MBEDTLS_ECP_C */
|
||||
goto exit;
|
||||
}
|
||||
|
@ -270,7 +270,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL )
|
||||
goto usage;
|
||||
opt.ec_curve = curve_info->MBEDTLS_PRIVATE(grp_id);
|
||||
opt.ec_curve = curve_info->grp_id;
|
||||
}
|
||||
#endif
|
||||
else if( strcmp( p, "filename" ) == 0 )
|
||||
|
@ -391,7 +391,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
|
||||
mbedtls_printf( "curve: %s\n",
|
||||
mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->MBEDTLS_PRIVATE(name) );
|
||||
mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->name );
|
||||
mbedtls_mpi_write_file( "X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
|
||||
mbedtls_mpi_write_file( "Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
|
||||
mbedtls_mpi_write_file( "D: ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL );
|
||||
|
|
|
@ -226,7 +226,7 @@ int main( void )
|
|||
mbedtls_ssl_cache_set );
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
|
||||
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
|
|
|
@ -246,13 +246,13 @@ int main( void )
|
|||
addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
|
||||
ret = 0;
|
||||
|
||||
if( ( server_fd.MBEDTLS_PRIVATE(fd) = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
|
||||
if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
|
||||
{
|
||||
ret = socket_failed;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( connect( server_fd.MBEDTLS_PRIVATE(fd),
|
||||
if( connect( server_fd.fd,
|
||||
(const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
|
||||
{
|
||||
ret = connect_failed;
|
||||
|
|
|
@ -190,7 +190,7 @@ int main( void )
|
|||
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
|
||||
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
|
||||
|
||||
mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
|
||||
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
|
|
|
@ -212,7 +212,7 @@ int main( void )
|
|||
mbedtls_ssl_cache_set );
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
|
||||
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
|
||||
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );
|
||||
|
|
|
@ -331,7 +331,7 @@ int main( int argc, char *argv[] )
|
|||
|
||||
mbedtls_printf( "%s\n", buf );
|
||||
|
||||
cur = cur->MBEDTLS_PRIVATE(next);
|
||||
cur = cur->next;
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -514,7 +514,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
|
||||
ret = mbedtls_x509_dn_gets( issuer_name, sizeof(issuer_name),
|
||||
&issuer_crt.MBEDTLS_PRIVATE(subject) );
|
||||
&issuer_crt.subject );
|
||||
if( ret < 0 )
|
||||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
|
@ -548,7 +548,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
|
||||
ret = mbedtls_x509_dn_gets( subject_name, sizeof(subject_name),
|
||||
&csr.MBEDTLS_PRIVATE(subject) );
|
||||
&csr.subject );
|
||||
if( ret < 0 )
|
||||
{
|
||||
mbedtls_strerror( ret, buf, 1024 );
|
||||
|
@ -558,7 +558,7 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
|
||||
opt.subject_name = subject_name;
|
||||
subject_key = &csr.MBEDTLS_PRIVATE(pk);
|
||||
subject_key = &csr.pk;
|
||||
|
||||
mbedtls_printf( " ok\n" );
|
||||
}
|
||||
|
@ -602,7 +602,7 @@ int main( int argc, char *argv[] )
|
|||
//
|
||||
if( strlen( opt.issuer_crt ) )
|
||||
{
|
||||
if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key,
|
||||
if( mbedtls_pk_check_pair( &issuer_crt.pk, issuer_key,
|
||||
mbedtls_ctr_drbg_random, &ctr_drbg ) != 0 )
|
||||
{
|
||||
mbedtls_printf( " failed\n ! issuer_key does not match "
|
||||
|
|
|
@ -13,6 +13,59 @@
|
|||
#define MBEDTLS_CIPHER_AUTH_CRYPT
|
||||
#endif
|
||||
|
||||
/* Check the internal consistency of a cipher info structure, and
|
||||
* check it against mbedtls_cipher_info_from_xxx(). */
|
||||
static int check_cipher_info( mbedtls_cipher_type_t type,
|
||||
const mbedtls_cipher_info_t *info )
|
||||
{
|
||||
size_t key_bitlen;
|
||||
|
||||
TEST_ASSERT( info != NULL );
|
||||
TEST_EQUAL( type, mbedtls_cipher_info_get_type( info ) );
|
||||
TEST_EQUAL( type, info->type );
|
||||
TEST_ASSERT( mbedtls_cipher_info_from_type( type ) == info );
|
||||
|
||||
TEST_EQUAL( info->mode, mbedtls_cipher_info_get_mode( info ) );
|
||||
|
||||
/* Insist that get_name() return the string from the structure and
|
||||
* not a copy. A copy would have an unknown storage duration. */
|
||||
TEST_ASSERT( mbedtls_cipher_info_get_name( info ) == info->name );
|
||||
TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info );
|
||||
|
||||
key_bitlen = mbedtls_cipher_info_get_key_bitlen( info );
|
||||
if( info->type == MBEDTLS_CIPHER_NULL )
|
||||
TEST_ASSERT( key_bitlen == 0 );
|
||||
else if( info->mode == MBEDTLS_MODE_XTS )
|
||||
{
|
||||
TEST_ASSERT( key_bitlen == 256 ||
|
||||
key_bitlen == 384 ||
|
||||
key_bitlen == 512 );
|
||||
}
|
||||
else if( ! strncmp( info->name, "DES-EDE3-", 9 ) )
|
||||
{
|
||||
TEST_ASSERT( key_bitlen == 192 );
|
||||
}
|
||||
else if( ! strncmp( info->name, "DES-EDE-", 8 ) )
|
||||
{
|
||||
TEST_ASSERT( key_bitlen == 128 );
|
||||
}
|
||||
else if( ! strncmp( info->name, "DES-", 4 ) )
|
||||
{
|
||||
TEST_ASSERT( key_bitlen == 64 );
|
||||
}
|
||||
else
|
||||
{
|
||||
TEST_ASSERT( key_bitlen == 128 ||
|
||||
key_bitlen == 192 ||
|
||||
key_bitlen == 256 );
|
||||
}
|
||||
|
||||
return( 1 );
|
||||
|
||||
exit:
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_CIPHER_AUTH_CRYPT)
|
||||
/* Helper for resetting key/direction
|
||||
*
|
||||
|
@ -81,7 +134,13 @@ void mbedtls_cipher_list( )
|
|||
const int *cipher_type;
|
||||
|
||||
for( cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++ )
|
||||
TEST_ASSERT( mbedtls_cipher_info_from_type( *cipher_type ) != NULL );
|
||||
{
|
||||
const mbedtls_cipher_info_t *info =
|
||||
mbedtls_cipher_info_from_type( *cipher_type );
|
||||
mbedtls_test_set_step( *cipher_type );
|
||||
if( ! check_cipher_info( *cipher_type, info ) )
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -309,6 +368,8 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
|
|||
cipher_info = mbedtls_cipher_info_from_type( cipher_id );
|
||||
TEST_ASSERT( NULL != cipher_info );
|
||||
TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info );
|
||||
TEST_ASSERT( strcmp( mbedtls_cipher_info_get_name( cipher_info ),
|
||||
cipher_string ) == 0 );
|
||||
|
||||
/* Initialise enc and dec contexts */
|
||||
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
|
||||
|
|
Loading…
Reference in a new issue