Merge pull request #4842 from gilles-peskine-arm/public_fields-3.0-info

Make some structure fields public: key info, ASN.1 and X.509 parsing, socket fd
This commit is contained in:
Gilles Peskine 2021-09-29 12:37:09 +02:00 committed by GitHub
commit bfe3d87f24
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
22 changed files with 330 additions and 115 deletions

View file

@ -152,9 +152,9 @@ extern "C" {
*/
typedef struct mbedtls_asn1_buf
{
int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */
int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
size_t len; /**< ASN1 length, in octets. */
unsigned char *p; /**< ASN1 data, e.g. in ASCII. */
}
mbedtls_asn1_buf;
@ -163,9 +163,9 @@ mbedtls_asn1_buf;
*/
typedef struct mbedtls_asn1_bitstring
{
size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at the end of the string */
unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */
size_t len; /**< ASN1 length, in octets. */
unsigned char unused_bits; /**< Number of unused bits at the end of the string */
unsigned char *p; /**< Raw ASN1 data for the bit string */
}
mbedtls_asn1_bitstring;
@ -174,8 +174,16 @@ mbedtls_asn1_bitstring;
*/
typedef struct mbedtls_asn1_sequence
{
mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given ASN.1 item. */
struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */
/** The next entry in the sequence.
*
* The details of memory management for sequences are not documented and
* may change in future versions. Set this field to \p NULL when
* initializing a structure, and do not modify it except via Mbed TLS
* library functions.
*/
struct mbedtls_asn1_sequence *next;
}
mbedtls_asn1_sequence;
@ -184,10 +192,24 @@ mbedtls_asn1_sequence;
*/
typedef struct mbedtls_asn1_named_data
{
mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */
struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */
unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the current one? */
mbedtls_asn1_buf oid; /**< The object identifier. */
mbedtls_asn1_buf val; /**< The named value. */
/** The next entry in the sequence.
*
* The details of memory management for named data sequences are not
* documented and may change in future versions. Set this field to \p NULL
* when initializing a structure, and do not modify it except via Mbed TLS
* library functions.
*/
struct mbedtls_asn1_named_data *next;
/** Merge next item into the current one?
*
* This field exists for the sake of Mbed TLS's X.509 certificate parsing
* code and may change in future versions of the library.
*/
unsigned char MBEDTLS_PRIVATE(next_merged);
}
mbedtls_asn1_named_data;

View file

@ -258,6 +258,13 @@ typedef struct mbedtls_cmac_context_t mbedtls_cmac_context_t;
/**
* Cipher information. Allows calling cipher functions
* in a generic way.
*
* \note The library does not support custom cipher info structures,
* only built-in structures returned by the functions
* mbedtls_cipher_info_from_string(),
* mbedtls_cipher_info_from_type(),
* mbedtls_cipher_info_from_values(),
* mbedtls_cipher_info_from_psa().
*/
typedef struct mbedtls_cipher_info_t
{
@ -414,6 +421,82 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_ciph
int key_bitlen,
const mbedtls_cipher_mode_t mode );
/**
* \brief Retrieve the identifier for a cipher info structure.
*
* \param[in] info The cipher info structure to query.
* This may be \c NULL.
*
* \return The full cipher identifier (\c MBEDTLS_CIPHER_xxx).
* \return #MBEDTLS_CIPHER_NONE if \p info is \c NULL.
*/
static inline mbedtls_cipher_type_t mbedtls_cipher_info_get_type(
const mbedtls_cipher_info_t *info )
{
if( info == NULL )
return( MBEDTLS_CIPHER_NONE );
else
return( info->MBEDTLS_PRIVATE(type) );
}
/**
* \brief Retrieve the operation mode for a cipher info structure.
*
* \param[in] info The cipher info structure to query.
* This may be \c NULL.
*
* \return The cipher mode (\c MBEDTLS_MODE_xxx).
* \return #MBEDTLS_MODE_NONE if \p info is \c NULL.
*/
static inline mbedtls_cipher_mode_t mbedtls_cipher_info_get_mode(
const mbedtls_cipher_info_t *info )
{
if( info == NULL )
return( MBEDTLS_MODE_NONE );
else
return( info->MBEDTLS_PRIVATE(mode) );
}
/**
* \brief Retrieve the key size for a cipher info structure.
*
* \param[in] info The cipher info structure to query.
* This may be \c NULL.
*
* \return The key length in bits.
* For variable-sized ciphers, this is the default length.
* For DES, this includes the parity bits.
* \return \c 0 if \p info is \c NULL.
*/
static inline size_t mbedtls_cipher_info_get_key_bitlen(
const mbedtls_cipher_info_t *info )
{
if( info == NULL )
return( 0 );
else
return( info->MBEDTLS_PRIVATE(key_bitlen) );
}
/**
* \brief Retrieve the human-readable name for a
* cipher info structure.
*
* \param[in] info The cipher info structure to query.
* This may be \c NULL.
*
* \return The cipher name, which is a human readable string,
* with static storage duration.
* \return \c NULL if \c info is \p NULL.
*/
static inline const char *mbedtls_cipher_info_get_name(
const mbedtls_cipher_info_t *info )
{
if( info == NULL )
return( NULL );
else
return( info->MBEDTLS_PRIVATE(name) );
}
/**
* \brief This function initializes a \p cipher_context as NONE.
*

View file

@ -147,13 +147,17 @@ typedef enum
/**
* Curve information, for use by other modules.
*
* The fields of this structure are part of the public API and can be
* accessed directly by applications. Future versions of the library may
* add extra fields or reorder existing fields.
*/
typedef struct mbedtls_ecp_curve_info
{
mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier. */
uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */
uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */
const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */
mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */
uint16_t tls_id; /*!< The TLS NamedCurve identifier. */
uint16_t bit_size; /*!< The curve size in bits. */
const char *name; /*!< A human-friendly name. */
} mbedtls_ecp_curve_info;
/**

View file

@ -94,7 +94,13 @@ extern "C" {
*/
typedef struct mbedtls_net_context
{
int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */
/** The underlying file descriptor.
*
* This field is only guaranteed to be present on POSIX/Unix-like platforms.
* On other platforms, it may have a different type, have a different
* meaning, or be absent altogether.
*/
int fd;
}
mbedtls_net_context;

View file

@ -186,6 +186,10 @@ typedef struct mbedtls_pk_debug_item
/**
* \brief Public key information and operations
*
* \note The library does not support custom pk info structures,
* only built-in structures returned by
* mbedtls_cipher_info_from_type().
*/
typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;

View file

@ -369,7 +369,7 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
if( curve_info == NULL )
return( 0 );
return( PSA_KEY_TYPE_ECC_KEY_PAIR(
mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) );
mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) );
}
#endif /* MBEDTLS_ECP_C */

View file

@ -246,8 +246,8 @@ typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
/** Container for date and time (precision in seconds). */
typedef struct mbedtls_x509_time
{
int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day); /**< Date. */
int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec); /**< Time. */
int year, mon, day; /**< Date. */
int hour, min, sec; /**< Time. */
}
mbedtls_x509_time;

View file

@ -43,18 +43,30 @@ extern "C" {
/**
* Certificate revocation list entry.
* Contains the CA-specific serial numbers and revocation dates.
*
* Some fields of this structure are publicly readable. Do not modify
* them except via Mbed TLS library functions: the effect of modifying
* those fields or the data that those fields points to is unspecified.
*/
typedef struct mbedtls_x509_crl_entry
{
mbedtls_x509_buf MBEDTLS_PRIVATE(raw);
/** Direct access to the whole entry inside the containing buffer. */
mbedtls_x509_buf raw;
/** The serial number of the revoked certificate. */
mbedtls_x509_buf serial;
/** The revocation date of this entry. */
mbedtls_x509_time revocation_date;
/** Direct access to the list of CRL entry extensions
* (an ASN.1 constructed sequence).
*
* If there are no extensions, `entry_ext.len == 0` and
* `entry_ext.p == NULL`. */
mbedtls_x509_buf entry_ext;
mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
mbedtls_x509_time MBEDTLS_PRIVATE(revocation_date);
mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext);
struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next);
/** Next element in the linked list of entries.
* \p NULL indicates the end of the list.
* Do not modify this field directly. */
struct mbedtls_x509_crl_entry *next;
}
mbedtls_x509_crl_entry;
@ -64,22 +76,22 @@ mbedtls_x509_crl_entry;
*/
typedef struct mbedtls_x509_crl
{
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type identifier */
int version; /**< CRL version (1=v1, 2=v2) */
mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). */
mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */
mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
mbedtls_x509_time MBEDTLS_PRIVATE(this_update);
mbedtls_x509_time MBEDTLS_PRIVATE(next_update);
mbedtls_x509_time this_update;
mbedtls_x509_time next_update;
mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries containing the certificate revocation times for this CA. */
mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */
mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext);
mbedtls_x509_buf crl_ext;
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
@ -87,7 +99,10 @@ typedef struct mbedtls_x509_crl
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next);
/** Next element in the linked list of CRL.
* \p NULL indicates the end of the list.
* Do not modify this field directly. */
struct mbedtls_x509_crl *next;
}
mbedtls_x509_crl;

View file

@ -45,36 +45,40 @@ extern "C" {
/**
* Container for an X.509 certificate. The certificate may be chained.
*
* Some fields of this structure are publicly readable. Do not modify
* them except via Mbed TLS library functions: the effect of modifying
* those fields or the data that those fields points to is unspecified.
*/
typedef struct mbedtls_x509_crt
{
int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
* by the structure or not. */
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */
mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */
mbedtls_x509_buf raw; /**< The raw certificate data (DER). */
mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */
int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate issued by a specific CA. */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g. sha1RSA */
int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */
mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). Used for quick comparison. */
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). Used for quick comparison. */
mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */
mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */
mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */
mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */
mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of certificate validity. */
mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate validity. */
mbedtls_x509_time valid_from; /**< Start time of certificate validity. */
mbedtls_x509_time valid_to; /**< End time of certificate validity. */
mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw);
mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
mbedtls_x509_buf pk_raw;
mbedtls_pk_context pk; /**< Container for the public key context. */
mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3 issuer unique identifier. */
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3 subject unique identifier. */
mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions. */
mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */
mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */
mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */
mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */
int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
@ -82,7 +86,7 @@ typedef struct mbedtls_x509_crt
unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */
mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */
mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */
unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */
@ -91,7 +95,10 @@ typedef struct mbedtls_x509_crt
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the CA-chain. */
/** Next certificate in the linked list that constitutes the CA chain.
* \p NULL indicates the end of the list.
* Do not modify this field directly. */
struct mbedtls_x509_crt *next;
}
mbedtls_x509_crt;
@ -100,6 +107,9 @@ mbedtls_x509_crt;
* OtherName ::= SEQUENCE {
* type-id OBJECT IDENTIFIER,
* value [0] EXPLICIT ANY DEFINED BY type-id }
*
* Future versions of the library may add new fields to this structure or
* to its embedded union and structure.
*/
typedef struct mbedtls_x509_san_other_name
{
@ -108,7 +118,7 @@ typedef struct mbedtls_x509_san_other_name
* To check the value of the type id, you should use
* \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
*/
mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */
mbedtls_x509_buf type_id; /**< The type id. */
union
{
/**
@ -119,26 +129,30 @@ typedef struct mbedtls_x509_san_other_name
*/
struct
{
mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */
mbedtls_x509_buf oid; /**< The object identifier. */
mbedtls_x509_buf val; /**< The named value. */
}
MBEDTLS_PRIVATE(hardware_module_name);
hardware_module_name;
}
MBEDTLS_PRIVATE(value);
value;
}
mbedtls_x509_san_other_name;
/**
* A structure for holding the parsed Subject Alternative Name, according to type
* A structure for holding the parsed Subject Alternative Name,
* according to type.
*
* Future versions of the library may add new fields to this structure or
* to its embedded union and structure.
*/
typedef struct mbedtls_x509_subject_alternative_name
{
int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
union {
mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */
mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */
mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */
mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */
}
MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
san; /**< A union of the supported SAN types */
}
mbedtls_x509_subject_alternative_name;

View file

@ -42,20 +42,24 @@ extern "C" {
/**
* Certificate Signing Request (CSR) structure.
*
* Some fields of this structure are publicly readable. Do not modify
* them except via Mbed TLS library functions: the effect of modifying
* those fields or the data that those fields point to is unspecified.
*/
typedef struct mbedtls_x509_csr
{
mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */
mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo body (DER). */
mbedtls_x509_buf raw; /**< The raw CSR data (DER). */
mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */
int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */
int version; /**< CSR version (1=v1). */
mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). */
mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */
mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */
mbedtls_x509_name subject; /**< The parsed subject data (named information object). */
mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */
mbedtls_pk_context pk; /**< Container for the public key context. */
mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);
mbedtls_x509_buf sig_oid;
mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */

View file

@ -138,16 +138,14 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
ctx->ticket_lifetime = lifetime;
cipher_info = mbedtls_cipher_info_from_type( cipher);
if( cipher_info == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
if( cipher_info->mode != MBEDTLS_MODE_GCM &&
cipher_info->mode != MBEDTLS_MODE_CCM )
if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_CCM )
{
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
if( cipher_info->key_bitlen > 8 * MAX_KEY_BYTES )
if( mbedtls_cipher_info_get_key_bitlen( cipher_info ) > 8 * MAX_KEY_BYTES )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
#if defined(MBEDTLS_USE_PSA_CRYPTO)

View file

@ -689,7 +689,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
unsigned char *mac_dec;
size_t mac_key_len = 0;
size_t iv_copy_len;
unsigned keylen;
size_t keylen;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
const mbedtls_cipher_info_t *cipher_info;
const mbedtls_md_info_t *md_info;
@ -789,14 +789,14 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
* Determine the appropriate key, IV and MAC length.
*/
keylen = cipher_info->key_bitlen / 8;
keylen = mbedtls_cipher_info_get_key_bitlen( cipher_info ) / 8;
#if defined(MBEDTLS_GCM_C) || \
defined(MBEDTLS_CCM_C) || \
defined(MBEDTLS_CHACHAPOLY_C)
if( cipher_info->mode == MBEDTLS_MODE_GCM ||
cipher_info->mode == MBEDTLS_MODE_CCM ||
cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_GCM ||
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CCM ||
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
{
size_t explicit_ivlen;
@ -814,7 +814,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
* sequence number).
*/
transform->ivlen = 12;
if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY )
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CHACHAPOLY )
transform->fixed_ivlen = 12;
else
transform->fixed_ivlen = 4;
@ -826,8 +826,8 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
else
#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
if( cipher_info->mode == MBEDTLS_MODE_STREAM ||
cipher_info->mode == MBEDTLS_MODE_CBC )
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM ||
mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
{
/* Initialize HMAC contexts */
if( ( ret = mbedtls_md_setup( &transform->md_ctx_enc, md_info, 1 ) ) != 0 ||
@ -845,7 +845,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
transform->ivlen = cipher_info->iv_size;
/* Minimum length */
if( cipher_info->mode == MBEDTLS_MODE_STREAM )
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_STREAM )
transform->minlen = transform->maclen;
else
{
@ -1060,7 +1060,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
}
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_enc, key1,
cipher_info->key_bitlen,
(int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
MBEDTLS_ENCRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
@ -1068,7 +1068,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
}
if( ( ret = mbedtls_cipher_setkey( &transform->cipher_ctx_dec, key2,
cipher_info->key_bitlen,
(int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
MBEDTLS_DECRYPT ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_setkey", ret );
@ -1076,7 +1076,7 @@ static int ssl_tls12_populate_transform( mbedtls_ssl_transform *transform,
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if( cipher_info->mode == MBEDTLS_MODE_CBC )
if( mbedtls_cipher_info_get_mode( cipher_info ) == MBEDTLS_MODE_CBC )
{
if( ( ret = mbedtls_cipher_set_padding_mode( &transform->cipher_ctx_enc,
MBEDTLS_PADDING_NONE ) ) != 0 )

View file

@ -124,7 +124,7 @@ int main( int argc, char *argv[] )
while( *list )
{
cipher_info = mbedtls_cipher_info_from_type( *list );
mbedtls_printf( " %s\n", cipher_info->MBEDTLS_PRIVATE(name) );
mbedtls_printf( " %s\n", mbedtls_cipher_info_get_name( cipher_info ) );
list++;
}
@ -309,7 +309,9 @@ int main( int argc, char *argv[] )
}
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
if( mbedtls_cipher_setkey( &cipher_ctx,
digest,
(int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
MBEDTLS_ENCRYPT ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n");
@ -408,7 +410,7 @@ int main( int argc, char *argv[] )
/*
* Check the file size.
*/
if( cipher_info->MBEDTLS_PRIVATE(mode) != MBEDTLS_MODE_GCM &&
if( mbedtls_cipher_info_get_mode( cipher_info ) != MBEDTLS_MODE_GCM &&
( ( filesize - mbedtls_md_get_size( md_info ) ) %
mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 )
{
@ -448,7 +450,9 @@ int main( int argc, char *argv[] )
mbedtls_md_finish( &md_ctx, digest );
}
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen),
if( mbedtls_cipher_setkey( &cipher_ctx,
digest,
(int) mbedtls_cipher_info_get_key_bitlen( cipher_info ),
MBEDTLS_DECRYPT ) != 0 )
{
mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" );

View file

@ -51,7 +51,7 @@
#define ECPARAMS MBEDTLS_ECP_DP_SECP192R1
#if !defined(ECPARAMS)
#define ECPARAMS mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
#define ECPARAMS mbedtls_ecp_curve_list()->grp_id
#endif
#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \

View file

@ -86,7 +86,7 @@ int dev_random_entropy_poll( void *data, unsigned char *output,
#endif
#if defined(MBEDTLS_ECP_C)
#define DFL_EC_CURVE mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id)
#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id
#else
#define DFL_EC_CURVE 0
#endif
@ -219,9 +219,9 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_ECP_C)
mbedtls_printf( " available ec_curve values:\n" );
curve_info = mbedtls_ecp_curve_list();
mbedtls_printf( " %s (default)\n", curve_info->MBEDTLS_PRIVATE(name) );
while( ( ++curve_info )->MBEDTLS_PRIVATE(name) != NULL )
mbedtls_printf( " %s\n", curve_info->MBEDTLS_PRIVATE(name) );
mbedtls_printf( " %s (default)\n", curve_info->name );
while( ( ++curve_info )->name != NULL )
mbedtls_printf( " %s\n", curve_info->name );
#endif /* MBEDTLS_ECP_C */
goto exit;
}
@ -270,7 +270,7 @@ int main( int argc, char *argv[] )
{
if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL )
goto usage;
opt.ec_curve = curve_info->MBEDTLS_PRIVATE(grp_id);
opt.ec_curve = curve_info->grp_id;
}
#endif
else if( strcmp( p, "filename" ) == 0 )
@ -391,7 +391,7 @@ int main( int argc, char *argv[] )
{
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key );
mbedtls_printf( "curve: %s\n",
mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->MBEDTLS_PRIVATE(name) );
mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->name );
mbedtls_mpi_write_file( "X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL );
mbedtls_mpi_write_file( "Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL );
mbedtls_mpi_write_file( "D: ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL );

View file

@ -226,7 +226,7 @@ int main( void )
mbedtls_ssl_cache_set );
#endif
mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );

View file

@ -246,13 +246,13 @@ int main( void )
addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE;
ret = 0;
if( ( server_fd.MBEDTLS_PRIVATE(fd) = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 )
{
ret = socket_failed;
goto exit;
}
if( connect( server_fd.MBEDTLS_PRIVATE(fd),
if( connect( server_fd.fd,
(const struct sockaddr *) &addr, sizeof( addr ) ) < 0 )
{
ret = connect_failed;

View file

@ -190,7 +190,7 @@ int main( void )
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );

View file

@ -212,7 +212,7 @@ int main( void )
mbedtls_ssl_cache_set );
#endif
mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL );
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret );

View file

@ -331,7 +331,7 @@ int main( int argc, char *argv[] )
mbedtls_printf( "%s\n", buf );
cur = cur->MBEDTLS_PRIVATE(next);
cur = cur->next;
}
/*

View file

@ -514,7 +514,7 @@ int main( int argc, char *argv[] )
}
ret = mbedtls_x509_dn_gets( issuer_name, sizeof(issuer_name),
&issuer_crt.MBEDTLS_PRIVATE(subject) );
&issuer_crt.subject );
if( ret < 0 )
{
mbedtls_strerror( ret, buf, 1024 );
@ -548,7 +548,7 @@ int main( int argc, char *argv[] )
}
ret = mbedtls_x509_dn_gets( subject_name, sizeof(subject_name),
&csr.MBEDTLS_PRIVATE(subject) );
&csr.subject );
if( ret < 0 )
{
mbedtls_strerror( ret, buf, 1024 );
@ -558,7 +558,7 @@ int main( int argc, char *argv[] )
}
opt.subject_name = subject_name;
subject_key = &csr.MBEDTLS_PRIVATE(pk);
subject_key = &csr.pk;
mbedtls_printf( " ok\n" );
}
@ -602,7 +602,7 @@ int main( int argc, char *argv[] )
//
if( strlen( opt.issuer_crt ) )
{
if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key,
if( mbedtls_pk_check_pair( &issuer_crt.pk, issuer_key,
mbedtls_ctr_drbg_random, &ctr_drbg ) != 0 )
{
mbedtls_printf( " failed\n ! issuer_key does not match "

View file

@ -13,6 +13,59 @@
#define MBEDTLS_CIPHER_AUTH_CRYPT
#endif
/* Check the internal consistency of a cipher info structure, and
* check it against mbedtls_cipher_info_from_xxx(). */
static int check_cipher_info( mbedtls_cipher_type_t type,
const mbedtls_cipher_info_t *info )
{
size_t key_bitlen;
TEST_ASSERT( info != NULL );
TEST_EQUAL( type, mbedtls_cipher_info_get_type( info ) );
TEST_EQUAL( type, info->type );
TEST_ASSERT( mbedtls_cipher_info_from_type( type ) == info );
TEST_EQUAL( info->mode, mbedtls_cipher_info_get_mode( info ) );
/* Insist that get_name() return the string from the structure and
* not a copy. A copy would have an unknown storage duration. */
TEST_ASSERT( mbedtls_cipher_info_get_name( info ) == info->name );
TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info );
key_bitlen = mbedtls_cipher_info_get_key_bitlen( info );
if( info->type == MBEDTLS_CIPHER_NULL )
TEST_ASSERT( key_bitlen == 0 );
else if( info->mode == MBEDTLS_MODE_XTS )
{
TEST_ASSERT( key_bitlen == 256 ||
key_bitlen == 384 ||
key_bitlen == 512 );
}
else if( ! strncmp( info->name, "DES-EDE3-", 9 ) )
{
TEST_ASSERT( key_bitlen == 192 );
}
else if( ! strncmp( info->name, "DES-EDE-", 8 ) )
{
TEST_ASSERT( key_bitlen == 128 );
}
else if( ! strncmp( info->name, "DES-", 4 ) )
{
TEST_ASSERT( key_bitlen == 64 );
}
else
{
TEST_ASSERT( key_bitlen == 128 ||
key_bitlen == 192 ||
key_bitlen == 256 );
}
return( 1 );
exit:
return( 0 );
}
#if defined(MBEDTLS_CIPHER_AUTH_CRYPT)
/* Helper for resetting key/direction
*
@ -81,7 +134,13 @@ void mbedtls_cipher_list( )
const int *cipher_type;
for( cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++ )
TEST_ASSERT( mbedtls_cipher_info_from_type( *cipher_type ) != NULL );
{
const mbedtls_cipher_info_t *info =
mbedtls_cipher_info_from_type( *cipher_type );
mbedtls_test_set_step( *cipher_type );
if( ! check_cipher_info( *cipher_type, info ) )
goto exit;
}
}
/* END_CASE */
@ -309,6 +368,8 @@ void enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
cipher_info = mbedtls_cipher_info_from_type( cipher_id );
TEST_ASSERT( NULL != cipher_info );
TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info );
TEST_ASSERT( strcmp( mbedtls_cipher_info_get_name( cipher_info ),
cipher_string ) == 0 );
/* Initialise enc and dec contexts */
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );