yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'tls/development' into development

Browse source 
Resolve conflicts actions:
 - Reject path changes to config.h
 - Reject submodule-related changes in build scripts (Makefile,
   CMakeLists.txt)
 - Add oid test suite to list of tests in tests/CMakeLists.txt,
   rejecting any test filtering related changes (which TLS uses to avoid
   duplicating crypto tests)
 - Add legacy ECDH test to all.sh without including
   all.sh tests that depend on SSL
This commit is contained in:
Jaeden Amero 2019-03-28 16:02:25 +00:00
commit c70a3c76bf
28 changed files with 880 additions and 122 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
ChangeLog
View file

@ -1,6 +1,32 @@
mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.x.x branch released xxxx-xx-xx
= mbed TLS x.x.x branch released xxxx-xx-xx
Features
* Add the Any Policy certificate policy oid, as defined in
rfc 5280 section 4.2.1.4.
Bugfix
* Fix private key DER output in the key_app_writer example. File contents
were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
Christian Walther in #2239.
Changes
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
mbedTLS configuration only SHA-2 signed certificates are accepted.
This certificate is used in the demo server programs, which lead the
client programs to fail at the peer's certificate verification
due to an unacceptable hash signature. The certificate has been
updated to one that is SHA-256 signed. Fix contributed by
Illya Gerasymchuk.
* Return from various debugging routines immediately if the
provided SSL context is unset.
* Remove dead code from bignum.c in the default configuration.
Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
* Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
Contributed by Peter Kolbus (Garmin).
= mbed TLS 2.17.0 branch released 2019-03-19
Features
* Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`
@ -24,6 +50,14 @@ API Changes
mbedtls_ssl_session structure which otherwise stores the peer's
certificate.
Security
* Make mbedtls_ecdh_get_params return an error if the second key
belongs to a different group from the first. Before, if an application
passed keys that belonged to different group, the first key's data was
interpreted according to the second group, which could lead to either
an error or a meaningless output from mbedtls_ecdh_get_params. In the
latter case, this could expose at most 5 bits of the private key.
Bugfix
* Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined
when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242.
@ -49,9 +83,6 @@ Bugfix
extensions in CSRs and CRTs that caused these bitstrings to not be encoded
correctly as trailing zeroes were not accounted for as unused bits in the
leading content octet. Fixes #1610.
* Fix private key DER output in the key_app_writer example. File contents
were shifted by one byte, creating an invalid ASN.1 tag. Fixed by
Christian Walther in #2239.
Changes
* Reduce RAM consumption during session renegotiation by not storing
@ -78,19 +109,6 @@ Changes
been disabled for lack of a sufficiently recent version of GnuTLS on the CI.
* Ciphersuites based on 3DES now have the lowest priority by default when
they are enabled.
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
mbedTLS configuration only SHA-2 signed certificates are accepted.
This certificate is used in the demo server programs, which lead the
client programs to fail at the peer's certificate verification
due to an unacceptable hash signature. The certificate has been
updated to one that is SHA-256 signed. Fix contributed by
Illya Gerasymchuk.
* Return from various debugging routines immediately if the
provided SSL context is unset.
* Remove dead code from bignum.c in the default configuration.
Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
* Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh.
Contributed by Peter Kolbus (Garmin).
= mbed TLS 2.16.0 branch released 2018-12-21

2
doxygen/input/doc_mainpage.h
View file

@ -24,7 +24,7 @@
*/
/**
* @mainpage mbed TLS v0.0.0 source code documentation
* @mainpage mbed TLS v2.17.0 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in

2
doxygen/mbedtls.doxyfile
View file

@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
PROJECT_NAME = "mbed TLS v0.0.0"
PROJECT_NAME = "mbed TLS v2.17.0"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or

38
include/mbedtls/bignum.h
View file

@ -490,8 +490,24 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf,
size_t buflen );
/**
* \brief Export an MPI into unsigned big endian binary data
* of fixed size.
* \brief Import X from unsigned binary data, little endian
*
* \param X The destination MPI. This must point to an initialized MPI.
* \param buf The input buffer. This must be a readable buffer of length
* \p buflen Bytes.
* \param buflen The length of the input buffer \p p in Bytes.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
const unsigned char *buf, size_t buflen );
/**
* \brief Export X into unsigned binary data, big endian.
* Always fills the whole buffer, which will start with zeros
* if the number is smaller.
*
* \param X The source MPI. This must point to an initialized MPI.
* \param buf The output buffer. This must be a writable buffer of length
@ -506,6 +522,24 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf,
int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf,
size_t buflen );
/**
* \brief Export X into unsigned binary data, little endian.
* Always fills the whole buffer, which will end with zeros
* if the number is smaller.
*
* \param X The source MPI. This must point to an initialized MPI.
* \param buf The output buffer. This must be a writable buffer of length
* \p buflen Bytes.
* \param buflen The size of the output buffer \p buf in Bytes.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p buf isn't
* large enough to hold the value of \p X.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
unsigned char *buf, size_t buflen );
/**
* \brief Perform a left-shift on an MPI: X <<= count
*

5
include/mbedtls/check_config.h
View file

@ -125,6 +125,11 @@
#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
#endif
#if defined(MBEDTLS_ECP_RESTARTABLE) && \
! defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
#error "MBEDTLS_ECP_RESTARTABLE defined, but not MBEDTLS_ECDH_LEGACY_CONTEXT"
#endif
#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
#endif

31
include/mbedtls/config.h
View file

@ -760,10 +760,39 @@
*
* \note This option only works with the default software implementation of
* elliptic curve functionality. It is incompatible with
* MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT and MBEDTLS_ECDSA_XXX_ALT.
* MBEDTLS_ECP_ALT, MBEDTLS_ECDH_XXX_ALT, MBEDTLS_ECDSA_XXX_ALT
* and MBEDTLS_ECDH_LEGACY_CONTEXT.
*/
//#define MBEDTLS_ECP_RESTARTABLE
/**
* \def MBEDTLS_ECDH_LEGACY_CONTEXT
*
* Use a backward compatible ECDH context.
*
* Mbed TLS supports two formats for ECDH contexts (#mbedtls_ecdh_context
* defined in `ecdh.h`). For most applications, the choice of format makes
* no difference, since all library functions can work with either format,
* except that the new format is incompatible with MBEDTLS_ECP_RESTARTABLE.
* The new format used when this option is disabled is smaller
* (56 bytes on a 32-bit platform). In future versions of the library, it
* will support alternative implementations of ECDH operations.
* The new format is incompatible with applications that access
* context fields directly and with restartable ECP operations.
*
* Define this macro if you enable MBEDTLS_ECP_RESTARTABLE or if you
* want to access ECDH context fields directly. Otherwise you should
* comment out this macro definition.
*
* This option has no effect if #MBEDTLS_ECDH_C is not enabled.
*
* \note This configuration option is experimental. Future versions of the
* library may modify the way the ECDH context layout is configured
* and may modify the layout of the new context type.
*/
#define MBEDTLS_ECDH_LEGACY_CONTEXT
/**
* \def MBEDTLS_ECDSA_DETERMINISTIC
*

12
include/mbedtls/ecdh.h
View file

@ -42,18 +42,6 @@
#include "ecp.h"
/*
* Use a backward compatible ECDH context.
*
* This flag is always enabled for now and future versions might add a
* configuration option that conditionally undefines this flag.
* The configuration option in question may have a different name.
*
* Features undefining this flag, must have a warning in their description in
* config.h stating that the feature breaks backward compatibility.
*/
#define MBEDTLS_ECDH_LEGACY_CONTEXT
#ifdef __cplusplus
extern "C" {
#endif

53
include/mbedtls/ecp.h
View file

@ -99,6 +99,16 @@ typedef enum
*/
#define MBEDTLS_ECP_DP_MAX 12
/*
* Curve types
*/
typedef enum
{
MBEDTLS_ECP_TYPE_NONE = 0,
MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
} mbedtls_ecp_curve_type;
/**
* Curve information, for use by other modules.
*/
@ -417,6 +427,11 @@ void mbedtls_ecp_set_max_ops( unsigned max_ops );
int mbedtls_ecp_restart_is_enabled( void );
#endif /* MBEDTLS_ECP_RESTARTABLE */
/*
* Get the type of a curve
*/
mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp );
/**
* \brief This function retrieves the information defined in
* mbedtls_ecp_curve_info() for all supported curves in order
@ -482,7 +497,7 @@ void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
*
* \note After this function is called, domain parameters
* for various ECP groups can be loaded through the
* mbedtls_ecp_load() or mbedtls_ecp_tls_read_group()
* mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
* functions.
*/
void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
@ -626,6 +641,9 @@ int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
* \param P The point to export. This must be initialized.
* \param format The point format. This must be either
* #MBEDTLS_ECP_PF_COMPRESSED or #MBEDTLS_ECP_PF_UNCOMPRESSED.
* (For groups without these formats, this parameter is
* ignored. But it still has to be either of the above
* values.)
* \param olen The address at which to store the length of
* the output in Bytes. This must not be \c NULL.
* \param buf The output buffer. This must be a writable buffer
@ -635,11 +653,14 @@ int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
* \return \c 0 on success.
* \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the output buffer
* is too small to hold the point.
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
* or the export for the given group is not implemented.
* \return Another negative error code on other kinds of failure.
*/
int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
int format, size_t *olen,
unsigned char *buf, size_t buflen );
int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
const mbedtls_ecp_point *P,
int format, size_t *olen,
unsigned char *buf, size_t buflen );
/**
* \brief This function imports a point from unsigned binary data.
@ -660,8 +681,8 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_
* \return \c 0 on success.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the input is invalid.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
* is not implemented.
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
* given group is not implemented.
*/
int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
mbedtls_ecp_point *P,
@ -1093,6 +1114,26 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/**
* \brief This function reads an elliptic curve private key.
*
* \param grp_id The ECP group identifier.
* \param key The destination key.
* \param buf The the buffer containing the binary representation of the
* key. (Big endian integer for Weierstrass curves, byte
* string for Montgomery curves.)
* \param buflen The length of the buffer in bytes.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_ECP_INVALID_KEY error if the key is
* invalid.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
* \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
* the group is not implemented.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
const unsigned char *buf, size_t buflen );
/**
* \brief This function checks that the keypair objects
* \p pub and \p prv have the same group and the

15
include/mbedtls/oid.h
View file

@ -167,6 +167,11 @@
#define MBEDTLS_OID_INIHIBIT_ANYPOLICY MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } */
#define MBEDTLS_OID_FRESHEST_CRL MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } */
/*
* Certificate policies
*/
#define MBEDTLS_OID_ANY_POLICY MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
/*
* Netscape certificate extensions
*/
@ -576,6 +581,16 @@ int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_
*/
int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
/**
* \brief Translate certificate policies OID into description
*
* \param oid OID to use
* \param desc place to store string pointer
*
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc );
/**
* \brief Translate md_type into hash algorithm OID
*

10
include/mbedtls/version.h
View file

@ -38,8 +38,8 @@
* The version number x.y.z is split into three parts.
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 0
#define MBEDTLS_VERSION_MINOR 0
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 17
#define MBEDTLS_VERSION_PATCH 0
/**
@ -47,9 +47,9 @@
* MMNNPP00
* Major version | Minor version | Patch version
*/
#define MBEDTLS_VERSION_NUMBER 0x00000000
#define MBEDTLS_VERSION_STRING "0.0.0"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 0.0.0"
#define MBEDTLS_VERSION_NUMBER 0x02110000
#define MBEDTLS_VERSION_STRING "2.17.0"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.17.0"
#if defined(MBEDTLS_VERSION_C)

2
library/CMakeLists.txt
View file

@ -178,7 +178,7 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.0 SOVERSION 3)
set_target_properties(mbedcrypto PROPERTIES VERSION 2.17.0 SOVERSION 3)
target_link_libraries(mbedcrypto ${libs})
target_include_directories(mbedcrypto
PUBLIC ${CMAKE_SOURCE_DIR}/include/

77
library/bignum.c
View file

@ -813,6 +813,39 @@ static void mpi_bigendian_to_host( mbedtls_mpi_uint * const p, size_t limbs )
}
}
/*
* Import X from unsigned binary data, little endian
*/
int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
const unsigned char *buf, size_t buflen )
{
int ret;
size_t i;
size_t const limbs = CHARS_TO_LIMBS( buflen );
/* Ensure that target MPI has exactly the necessary number of limbs */
if( X->n != limbs )
{
mbedtls_mpi_free( X );
mbedtls_mpi_init( X );
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, limbs ) );
}
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( X, 0 ) );
for( i = 0; i < buflen; i++ )
X->p[i / ciL] |= ((mbedtls_mpi_uint) buf[i]) << ((i % ciL) << 3);
cleanup:
/*
* This function is also used to import keys. However, wiping the buffers
* upon failure is not necessary because failure only can happen before any
* input is copied.
*/
return( ret );
}
/*
* Import X from unsigned binary data, big endian
*/
@ -847,9 +880,53 @@ int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t bu
cleanup:
/*
* This function is also used to import keys. However, wiping the buffers
* upon failure is not necessary because failure only can happen before any
* input is copied.
*/
return( ret );
}
/*
* Export X into unsigned binary data, little endian
*/
int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
unsigned char *buf, size_t buflen )
{
size_t stored_bytes = X->n * ciL;
size_t bytes_to_copy;
size_t i;
if( stored_bytes < buflen )
{
bytes_to_copy = stored_bytes;
}
else
{
bytes_to_copy = buflen;
/* The output buffer is smaller than the allocated size of X.
* However X may fit if its leading bytes are zero. */
for( i = bytes_to_copy; i < stored_bytes; i++ )
{
if( GET_BYTE( X, i ) != 0 )
return( MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL );
}
}
for( i = 0; i < bytes_to_copy; i++ )
buf[i] = GET_BYTE( X, i );
if( stored_bytes < buflen )
{
/* Write trailing 0 bytes */
memset( buf + stored_bytes, 0, buflen - stored_bytes );
}
return( 0 );
}
/*
* Export X into unsigned binary data, big endian
*/

31
library/ecdh.c
View file

@ -49,6 +49,16 @@
typedef mbedtls_ecdh_context mbedtls_ecdh_context_mbed;
#endif
static mbedtls_ecp_group_id mbedtls_ecdh_grp_id(
const mbedtls_ecdh_context *ctx )
{
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ctx->grp.id );
#else
return( ctx->grp_id );
#endif
}
#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)
/*
* Generate public key (restartable version)
@ -442,8 +452,21 @@ int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
ECDH_VALIDATE_RET( side == MBEDTLS_ECDH_OURS ||
side == MBEDTLS_ECDH_THEIRS );
if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
return( ret );
if( mbedtls_ecdh_grp_id( ctx ) == MBEDTLS_ECP_DP_NONE )
{
/* This is the first call to get_params(). Set up the context
* for use with the group. */
if( ( ret = mbedtls_ecdh_setup( ctx, key->grp.id ) ) != 0 )
return( ret );
}
else
{
/* This is not the first call to get_params(). Check that the
* current key's group is the same as the context's, which was set
* from the first key's group. */
if( mbedtls_ecdh_grp_id( ctx ) != key->grp.id )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
return( ecdh_get_params_internal( ctx, key, side ) );
@ -614,6 +637,10 @@ static int ecdh_calc_secret_internal( mbedtls_ecdh_context_mbed *ctx,
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
*olen = ctx->grp.pbits / 8 + ( ( ctx->grp.pbits % 8 ) != 0 );
if( mbedtls_ecp_get_type( &ctx->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
return mbedtls_mpi_write_binary_le( &ctx->z, buf, *olen );
return mbedtls_mpi_write_binary( &ctx->z, buf, *olen );
}

232
library/ecp.c
View file

@ -363,16 +363,6 @@ int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
#define ECP_MONTGOMERY
#endif
/*
* Curve types: internal for now, might be exposed later
*/
typedef enum
{
ECP_TYPE_NONE = 0,
ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b */
ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */
} ecp_curve_type;
/*
* List of supported curves:
* - internal ID
@ -522,15 +512,15 @@ const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name
/*
* Get the type of a curve
*/
static inline ecp_curve_type ecp_get_type( const mbedtls_ecp_group *grp )
mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp )
{
if( grp->G.X.p == NULL )
return( ECP_TYPE_NONE );
return( MBEDTLS_ECP_TYPE_NONE );
if( grp->G.Y.p == NULL )
return( ECP_TYPE_MONTGOMERY );
return( MBEDTLS_ECP_TYPE_MONTGOMERY );
else
return( ECP_TYPE_SHORT_WEIERSTRASS );
return( MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS );
}
/*
@ -729,14 +719,14 @@ cleanup:
}
/*
* Export a point into unsigned binary data (SEC1 2.3.3)
* Export a point into unsigned binary data (SEC1 2.3.3 and RFC7748)
*/
int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
const mbedtls_ecp_point *P,
int format, size_t *olen,
unsigned char *buf, size_t buflen )
{
int ret = 0;
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
size_t plen;
ECP_VALIDATE_RET( grp != NULL );
ECP_VALIDATE_RET( P != NULL );
@ -745,56 +735,71 @@ int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
ECP_VALIDATE_RET( format == MBEDTLS_ECP_PF_UNCOMPRESSED ||
format == MBEDTLS_ECP_PF_COMPRESSED );
/*
* Common case: P == 0
*/
if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
{
if( buflen < 1 )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
buf[0] = 0x00;
*olen = 1;
return( 0 );
}
plen = mbedtls_mpi_size( &grp->P );
if( format == MBEDTLS_ECP_PF_UNCOMPRESSED )
#if defined(ECP_MONTGOMERY)
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
*olen = 2 * plen + 1;
*olen = plen;
if( buflen < *olen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
buf[0] = 0x04;
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary_le( &P->X, buf, plen ) );
}
else if( format == MBEDTLS_ECP_PF_COMPRESSED )
#endif
#if defined(ECP_SHORTWEIERSTRASS)
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
{
*olen = plen + 1;
/*
* Common case: P == 0
*/
if( mbedtls_mpi_cmp_int( &P->Z, 0 ) == 0 )
{
if( buflen < 1 )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
if( buflen < *olen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
buf[0] = 0x00;
*olen = 1;
buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
return( 0 );
}
if( format == MBEDTLS_ECP_PF_UNCOMPRESSED )
{
*olen = 2 * plen + 1;
if( buflen < *olen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
buf[0] = 0x04;
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->Y, buf + 1 + plen, plen ) );
}
else if( format == MBEDTLS_ECP_PF_COMPRESSED )
{
*olen = plen + 1;
if( buflen < *olen )
return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
buf[0] = 0x02 + mbedtls_mpi_get_bit( &P->Y, 0 );
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &P->X, buf + 1, plen ) );
}
}
#endif
cleanup:
return( ret );
}
/*
* Import a point from unsigned binary data (SEC1 2.3.4)
* Import a point from unsigned binary data (SEC1 2.3.4 and RFC7748)
*/
int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
mbedtls_ecp_point *pt,
const unsigned char *buf, size_t ilen )
{
int ret;
int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
size_t plen;
ECP_VALIDATE_RET( grp != NULL );
ECP_VALIDATE_RET( pt != NULL );
@ -803,25 +808,47 @@ int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
if( ilen < 1 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if( buf[0] == 0x00 )
{
if( ilen == 1 )
return( mbedtls_ecp_set_zero( pt ) );
else
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
plen = mbedtls_mpi_size( &grp->P );
if( buf[0] != 0x04 )
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
#if defined(ECP_MONTGOMERY)
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
if( plen != ilen )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
if( ilen != 2 * plen + 1 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &pt->X, buf, plen ) );
mbedtls_mpi_free( &pt->Y );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y, buf + 1 + plen, plen ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
if( grp->id == MBEDTLS_ECP_DP_CURVE25519 )
/* Set most significant bit to 0 as prescribed in RFC7748 §5 */
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &pt->X, plen * 8 - 1, 0 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
}
#endif
#if defined(ECP_SHORTWEIERSTRASS)
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
{
if( buf[0] == 0x00 )
{
if( ilen == 1 )
return( mbedtls_ecp_set_zero( pt ) );
else
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
}
if( buf[0] != 0x04 )
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
if( ilen != 2 * plen + 1 )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->X, buf + 1, plen ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &pt->Y,
buf + 1 + plen, plen ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &pt->Z, 1 ) );
}
#endif
cleanup:
return( ret );
@ -2357,11 +2384,11 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
#if defined(ECP_MONTGOMERY)
if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
MBEDTLS_MPI_CHK( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) );
#endif
#if defined(ECP_SHORTWEIERSTRASS)
if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
MBEDTLS_MPI_CHK( ecp_mul_comb( grp, R, m, P, f_rng, p_rng, rs_ctx ) );
#endif
@ -2500,7 +2527,7 @@ int mbedtls_ecp_muladd_restartable(
ECP_VALIDATE_RET( n != NULL );
ECP_VALIDATE_RET( Q != NULL );
if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS )
if( mbedtls_ecp_get_type( grp ) != MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
mbedtls_ecp_point_init( &mP );
@ -2620,11 +2647,11 @@ int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
return( MBEDTLS_ERR_ECP_INVALID_KEY );
#if defined(ECP_MONTGOMERY)
if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
return( ecp_check_pubkey_mx( grp, pt ) );
#endif
#if defined(ECP_SHORTWEIERSTRASS)
if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
return( ecp_check_pubkey_sw( grp, pt ) );
#endif
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
@ -2640,7 +2667,7 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
ECP_VALIDATE_RET( d != NULL );
#if defined(ECP_MONTGOMERY)
if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
/* see RFC 7748 sec. 5 para. 5 */
if( mbedtls_mpi_get_bit( d, 0 ) != 0 ||
@ -2656,7 +2683,7 @@ int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
}
#endif /* ECP_MONTGOMERY */
#if defined(ECP_SHORTWEIERSTRASS)
if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
{
/* see SEC1 3.2 */
if( mbedtls_mpi_cmp_int( d, 1 ) < 0 ||
@ -2688,7 +2715,7 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
n_size = ( grp->nbits + 7 ) / 8;
#if defined(ECP_MONTGOMERY)
if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
/* [M225] page 5 */
size_t b;
@ -2716,7 +2743,7 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
#endif /* ECP_MONTGOMERY */
#if defined(ECP_SHORTWEIERSTRASS)
if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
if( mbedtls_ecp_get_type( grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
{
/* SEC1 3.2.1: Generate d such that 1 <= n < N */
int count = 0;
@ -2809,6 +2836,75 @@ int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
return( mbedtls_ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) );
}
#define ECP_CURVE25519_KEY_SIZE 32
/*
* Read a private key.
*/
int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
const unsigned char *buf, size_t buflen )
{
int ret = 0;
ECP_VALIDATE_RET( key != NULL );
ECP_VALIDATE_RET( buf != NULL );
if( ( ret = mbedtls_ecp_group_load( &key->grp, grp_id ) ) != 0 )
return( ret );
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
#if defined(ECP_MONTGOMERY)
if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
/*
* If it is Curve25519 curve then mask the key as mandated by RFC7748
*/
if( grp_id == MBEDTLS_ECP_DP_CURVE25519 )
{
if( buflen != ECP_CURVE25519_KEY_SIZE )
return MBEDTLS_ERR_ECP_INVALID_KEY;
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary_le( &key->d, buf, buflen ) );
/* Set the three least significant bits to 0 */
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 0, 0 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 1, 0 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_set_bit( &key->d, 2, 0 ) );
/* Set the most significant bit to 0 */
MBEDTLS_MPI_CHK(
mbedtls_mpi_set_bit( &key->d,
ECP_CURVE25519_KEY_SIZE * 8 - 1, 0 )
);
/* Set the second most significant bit to 1 */
MBEDTLS_MPI_CHK(
mbedtls_mpi_set_bit( &key->d,
ECP_CURVE25519_KEY_SIZE * 8 - 2, 1 )
);
}
else
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
}
#endif
#if defined(ECP_SHORTWEIERSTRASS)
if( mbedtls_ecp_get_type( &key->grp ) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &key->d, buf, buflen ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_check_privkey( &key->grp, &key->d ) );
}
#endif
cleanup:
if( ret != 0 )
mbedtls_mpi_free( &key->d );
return( ret );
}
/*
* Check a public-private key pair
*/

9
library/oid.c
View file

@ -296,6 +296,15 @@ static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, ext_key_usage, const char *, description)
static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
{
{ ADD_LEN( MBEDTLS_OID_ANY_POLICY ), "anyPolicy", "Any Policy" },
{ NULL, 0, NULL, NULL },
};
FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description)
#if defined(MBEDTLS_MD_C)
/*
* For SignatureAlgorithmIdentifier

3
library/version_features.c
View file

@ -351,6 +351,9 @@ static const char *features[] = {
#if defined(MBEDTLS_ECP_RESTARTABLE)
"MBEDTLS_ECP_RESTARTABLE",
#endif /* MBEDTLS_ECP_RESTARTABLE */
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
"MBEDTLS_ECDH_LEGACY_CONTEXT",
#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
"MBEDTLS_ECDSA_DETERMINISTIC",
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */

8
programs/test/query_config.c
View file

@ -978,6 +978,14 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
if( strcmp( "MBEDTLS_ECDH_LEGACY_CONTEXT", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_LEGACY_CONTEXT );
return( 0 );
}
#endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
if( strcmp( "MBEDTLS_ECDSA_DETERMINISTIC", config ) == 0 )
{

1
tests/CMakeLists.txt
View file

@ -127,6 +127,7 @@ add_test_suite(mdx)
add_test_suite(memory_buffer_alloc)
add_test_suite(mpi)
add_test_suite(nist_kw)
add_test_suite(oid)
add_test_suite(pem)
add_test_suite(pkcs1_v15)
add_test_suite(pkcs1_v21)

10
tests/scripts/all.sh
View file

@ -574,6 +574,16 @@ component_test_rsa_no_crt () {
make test
}
component_test_new_ecdh_context () {
msg "build: new ECDH context (ASan build)" # ~ 6 min
scripts/config.pl unset MBEDTLS_ECDH_LEGACY_CONTEXT
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: new ECDH context - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
}
component_test_full_cmake_clang () {
msg "build: cmake, full config, clang" # ~ 50s
scripts/config.pl full

28
tests/suites/test_suite_ecdh.data
View file

@ -79,3 +79,31 @@ ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8A
ECDH exchange legacy context
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecdh_exchange_legacy:MBEDTLS_ECP_DP_SECP192R1
ECDH calc_secret: ours first, SECP256R1 (RFC 5903)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_SECP256R1:"c6ef9c5d78ae012a011164acb397ce2088685d8f06bf9be0b283ab46476bee53":"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":0:"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
ECDH calc_secret: theirs first, SECP256R1 (RFC 5903)
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_SECP256R1:"c6ef9c5d78ae012a011164acb397ce2088685d8f06bf9be0b283ab46476bee53":"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":1:"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de"
ecdh calc_secret: ours first (Alice), curve25519 (rfc 7748)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_CURVE25519:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":"de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f":0:"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
ecdh calc_secret: theirs first (Alice), curve25519 (rfc 7748)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_CURVE25519:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":"de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f":1:"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
ecdh calc_secret: ours first (Bob), curve25519 (rfc 7748)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_CURVE25519:"5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb":"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":0:"4a5d9d5ba4ce2de1728e3bf480350f25e07e21c947d19e3376f09b3c1e161742"
ECDH get_params with mismatched groups: our BP256R1, their SECP256R1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_BP256R1_ENABLED
ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"1234567812345678123456781234567812345678123456781234567812345678":MBEDTLS_ECP_DP_SECP256R1:"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":0:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECDH get_params with mismatched groups: their SECP256R1, our BP256R1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_BP256R1_ENABLED
ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"1234567812345678123456781234567812345678123456781234567812345678":MBEDTLS_ECP_DP_SECP256R1:"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":1:MBEDTLS_ERR_ECP_BAD_INPUT_DATA

139
tests/suites/test_suite_ecdh.function
View file

@ -1,5 +1,40 @@
/* BEGIN_HEADER */
#include "mbedtls/ecdh.h"
static int load_public_key( int grp_id, data_t *point,
mbedtls_ecp_keypair *ecp )
{
int ok = 0;
TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_binary( &ecp->grp,
&ecp->Q,
point->x,
point->len ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &ecp->grp,
&ecp->Q ) == 0 );
ok = 1;
exit:
return( ok );
}
static int load_private_key( int grp_id, data_t *private_key,
mbedtls_ecp_keypair *ecp,
rnd_pseudo_info *rnd_info )
{
int ok = 0;
TEST_ASSERT( mbedtls_ecp_read_key( grp_id, ecp,
private_key->x,
private_key->len ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_privkey( &ecp->grp, &ecp->d ) == 0 );
/* Calculate the public key from the private key. */
TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d,
&ecp->grp.G,
&rnd_pseudo_rand, rnd_info ) == 0 );
ok = 1;
exit:
return( ok );
}
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -464,3 +499,107 @@ exit:
mbedtls_ecdh_free( &cli );
}
/* END_CASE */
/* BEGIN_CASE */
void ecdh_exchange_calc_secret( int grp_id,
data_t *our_private_key,
data_t *their_point,
int ours_first,
data_t *expected )
{
rnd_pseudo_info rnd_info;
mbedtls_ecp_keypair our_key;
mbedtls_ecp_keypair their_key;
mbedtls_ecdh_context ecdh;
unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES];
size_t shared_secret_length = 0;
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
mbedtls_ecdh_init( &ecdh );
mbedtls_ecp_keypair_init( &our_key );
mbedtls_ecp_keypair_init( &their_key );
if( ! load_private_key( grp_id, our_private_key, &our_key, &rnd_info ) )
goto exit;
if( ! load_public_key( grp_id, their_point, &their_key ) )
goto exit;
/* Import the keys to the ECDH calculation. */
if( ours_first )
{
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
}
else
{
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
}
/* Perform the ECDH calculation. */
TEST_ASSERT( mbedtls_ecdh_calc_secret(
&ecdh,
&shared_secret_length,
shared_secret, sizeof( shared_secret ),
&rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( shared_secret_length == expected->len );
TEST_ASSERT( memcmp( expected->x, shared_secret,
shared_secret_length ) == 0 );
exit:
mbedtls_ecdh_free( &ecdh );
mbedtls_ecp_keypair_free( &our_key );
mbedtls_ecp_keypair_free( &their_key );
}
/* END_CASE */
/* BEGIN_CASE */
void ecdh_exchange_get_params_fail( int our_grp_id,
data_t *our_private_key,
int their_grp_id,
data_t *their_point,
int ours_first,
int expected_ret )
{
rnd_pseudo_info rnd_info;
mbedtls_ecp_keypair our_key;
mbedtls_ecp_keypair their_key;
mbedtls_ecdh_context ecdh;
memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
mbedtls_ecdh_init( &ecdh );
mbedtls_ecp_keypair_init( &our_key );
mbedtls_ecp_keypair_init( &their_key );
if( ! load_private_key( our_grp_id, our_private_key, &our_key, &rnd_info ) )
goto exit;
if( ! load_public_key( their_grp_id, their_point, &their_key ) )
goto exit;
if( ours_first )
{
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) ==
expected_ret );
}
else
{
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 );
TEST_ASSERT( mbedtls_ecdh_get_params(
&ecdh, &our_key, MBEDTLS_ECDH_OURS ) ==
expected_ret );
}
exit:
mbedtls_ecdh_free( &ecdh );
mbedtls_ecp_keypair_free( &our_key );
mbedtls_ecp_keypair_free( &their_key );
}
/* END_CASE */

94
tests/suites/test_suite_ecp.data
View file

@ -88,6 +88,14 @@ ECP write binary #9 (odd, compressed, buffer just fits)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_write_binary:MBEDTLS_ECP_DP_SECP192R1:"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"93112b28345b7d1d7799611e49bea9d8290cb2d7afe1f9f3":"01":MBEDTLS_ECP_PF_COMPRESSED:"0348d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":25:0
ECP write binary #10 (Montgomery, buffer just fits)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_write_binary:MBEDTLS_ECP_DP_CURVE25519:"11223344556677889900aabbccddeeff11223344556677889900aabbccddeeff":"0":"1":MBEDTLS_ECP_PF_COMPRESSED:"ffeeddccbbaa00998877665544332211ffeeddccbbaa00998877665544332211":32:0
ECP write binary #11 (Montgomery, buffer too small)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_write_binary:MBEDTLS_ECP_DP_CURVE25519:"11223344556677889900aabbccddeeff11223344556677889900aabbccddeeff":"0":"1":MBEDTLS_ECP_PF_COMPRESSED:"ffeeddccbbaa00998877665544332211ffeeddccbbaa00998877665544332211":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
ECP read binary #1 (zero, invalid ilen)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_read_binary:MBEDTLS_ECP_DP_SECP192R1:"0000":"01":"01":"00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
@ -112,6 +120,30 @@ ECP read binary #6 (non-zero, OK)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_read_binary:MBEDTLS_ECP_DP_SECP192R1:"0448d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc99336ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"48d8082a3a1e3112bc03a8ef2f6d40d0a77a6f8e00cc9933":"6ceed4d7cba482e288669ee1b6415626d6f34d28501e060c":"01":0
ECP read binary #7 (Curve25519, OK)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"6a4e9baa8ea9a4ebf41a38260d3abf0d5af73eb4dc7d8b7454a7308909f02085":"0":"1":0
ECP read binary #8 (Curve25519, masked first bit)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4efa":"7a4e9baa8ea9a4ebf41a38260d3abf0d5af73eb4dc7d8b7454a7308909f02085":"0":"1":0
ECP read binary #9 (Curve25519, too short)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"20f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":"6a4e9baa8ea9a4ebf41a38260d3abf0d5af73eb4dc7d8b7454a7308909f020":"0":"1":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECP read binary #10 (Curve25519, non-canonical)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff7f":"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"0":"1":0
ECP read binary #11 (Curve25519, masked non-canonical)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"0":"1":0
ECP read binary #12 (Curve25519, too long)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_read_binary:MBEDTLS_ECP_DP_CURVE25519:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a00":"6a4e9baa8ea9a4ebf41a38260d3abf0d5af73eb4dc7d8b7454a7308909f02085":"0":"1":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
ECP tls read point #1 (zero, invalid length byte)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_tls_read_point:MBEDTLS_ECP_DP_SECP192R1:"0200":"01":"01":"00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
@ -244,6 +276,68 @@ ECP gen keypair wrapper
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_gen_key:MBEDTLS_ECP_DP_SECP192R1
ECP read key #1 (short weierstrass, too small)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"00":MBEDTLS_ERR_ECP_INVALID_KEY
ECP read key #2 (short weierstrass, smallest)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"01":0
ECP read key #3 (short weierstrass, biggest)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22830":0
ECP read key #4 (short weierstrass, too big)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_SECP192R1:"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831":MBEDTLS_ERR_ECP_INVALID_KEY
ECP read key #5 (Curve25519, most significant bit set)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"000000000000000000000000000000000000000000000000000000000000000C":0
ECP read key #6 (Curve25519, second most significant bit unset)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3":0
ECP read key #7 (Curve25519, msb OK)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"0000000000000000000000000000000000000000000000000000000000000004":0
ECP read key #8 (Curve25519, bit 0 set)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"1000000000000000000000000000000000000000000000000000000000000000":0
ECP read key #9 (Curve25519, bit 1 set)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"2000000000000000000000000000000000000000000000000000000000000004":0
ECP read key #10 (Curve25519, bit 2 set)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"4000000000000000000000000000000000000000000000000000000000000004":0
ECP read key #11 (Curve25519, OK)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7":0
ECP read key #12 (Curve25519, too long)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"00000000000000000000000000000000000000000000000000000000000000000C":MBEDTLS_ERR_ECP_INVALID_KEY
ECP read key #13 (Curve25519, not long enough)
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"0FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF3":MBEDTLS_ERR_ECP_INVALID_KEY
ECP read key #14 (Curve448, not supported)
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE448:"FCFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
ECP read key #15 (Curve25519, not supported)
depends_on:!MBEDTLS_ECP_DP_CURVE25519_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
ECP read key #15 (invalid curve)
mbedtls_ecp_read_key:INT_MAX:"8FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
ECP mod p192 small (more than 192 bits, less limbs than 2 * 192 bits)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"0100000000000103010000000000010201000000000001010100000000000100"

36
tests/suites/test_suite_ecp.function
View file

@ -762,8 +762,18 @@ void ecp_read_binary( int id, data_t * buf, char * x, char * y, char * z,
if( ret == 0 )
{
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.X, &X ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Y, &Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Z, &Z ) == 0 );
if( mbedtls_ecp_get_type( &grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, 0 ) == 0 );
TEST_ASSERT( P.Y.p == NULL );
TEST_ASSERT( mbedtls_mpi_cmp_int( &Z, 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_int( &P.Z, 1 ) == 0 );
}
else
{
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Y, &Y ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.Z, &Z ) == 0 );
}
}
exit:
@ -1008,6 +1018,28 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_ecp_read_key( int grp_id, data_t* in_key, int expected )
{
int ret = 0;
mbedtls_ecp_keypair key;
mbedtls_ecp_keypair_init( &key );
ret = mbedtls_ecp_read_key( grp_id, &key, in_key->x, in_key->len );
TEST_ASSERT( ret == expected );
if( expected == 0 )
{
ret = mbedtls_ecp_check_privkey( &key.grp, &key.d );
TEST_ASSERT( ret == 0 );
}
exit:
mbedtls_ecp_keypair_free( &key );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void ecp_selftest( )
{

12
tests/suites/test_suite_mpi.data
View file

@ -58,6 +58,9 @@ mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
Base test mbedtls_mpi_read_binary #1
mbedtls_mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924"
Base test mbedtls_mpi_read_binary_le #1
mbedtls_mpi_read_binary_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":10:"219946662473865722255717126709915431768051735954189829340600976826409773245337023925691629251672268961177825243440202069039100741562168093042339401187848509859789949044607421190014088260008793380554914226244485299326152319899746569"
Base test mbedtls_mpi_write_binary #1
mbedtls_mpi_write_binary:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0
@ -67,6 +70,15 @@ mbedtls_mpi_write_binary:16:"123123123123123123123123123":"012312312312312312312
Test mbedtls_mpi_write_binary #2 (Buffer too small)
mbedtls_mpi_write_binary:16:"123123123123123123123123123":"23123123123123123123123123":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
Base test mbedtls_mpi_write_binary_le #1
mbedtls_mpi_write_binary_le:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":"24448b952fbbef93f89286ba330e62528b151eac265cc8ce3038519d09e148af89288e91f48b41acad55d9dc5e2b18097c106be4ce132721bf6359eaf403e7ff90623e8866ee5c192320418daa682f144adedf84f25de11f49d1fe009d374109":200:0
Test mbedtls_mpi_write_binary_le #1 (Buffer just fits)
mbedtls_mpi_write_binary_le:16:"123123123123123123123123123":"2331122331122331122331122301":14:0
Test mbedtls_mpi_write_binary_le #2 (Buffer too small)
mbedtls_mpi_write_binary_le:16:"123123123123123123123123123":"23311223311223311223311223":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
Base test mbedtls_mpi_read_file #1
mbedtls_mpi_read_file:10:"data_files/mpi_10":"01f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":0

54
tests/suites/test_suite_mpi.function
View file

@ -313,14 +313,33 @@ exit:
void mbedtls_mpi_read_binary( data_t * buf, int radix_A, char * input_A )
{
mbedtls_mpi X;
unsigned char str[1000];
char str[1000];
size_t len;
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_mpi_read_binary( &X, buf->x, buf->len ) == 0 );
TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, (char *) str, sizeof( str ), &len ) == 0 );
TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 );
TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_mpi_read_binary_le( data_t * buf, int radix_A, char * input_A )
{
mbedtls_mpi X;
char str[1000];
size_t len;
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_mpi_read_binary_le( &X, buf->x, buf->len ) == 0 );
TEST_ASSERT( mbedtls_mpi_write_string( &X, radix_A, str, sizeof( str ), &len ) == 0 );
TEST_ASSERT( strcmp( (char *) str, input_A ) == 0 );
exit:
@ -359,6 +378,37 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_mpi_write_binary_le( int radix_X, char * input_X,
data_t * input_A, int output_size,
int result )
{
mbedtls_mpi X;
unsigned char buf[1000];
size_t buflen;
memset( buf, 0x00, 1000 );
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
buflen = mbedtls_mpi_size( &X );
if( buflen > (size_t) output_size )
buflen = (size_t) output_size;
TEST_ASSERT( mbedtls_mpi_write_binary_le( &X, buf, buflen ) == result );
if( result == 0)
{
TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 );
}
exit:
mbedtls_mpi_free( &X );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
void mbedtls_mpi_read_file( int radix_X, char * input_file,
data_t * input_A, int result )

8
tests/suites/test_suite_oid.data Normal file
View file

@ -0,0 +1,8 @@
OID get Any Policy certificate policy
oid_get_certificate_policies:"551D2000":"Any Policy"
OID get certificate policy invalid oid
oid_get_certificate_policies:"5533445566":""
OID get certificate policy wrong oid - id-ce-authorityKeyIdentifier
oid_get_certificate_policies:"551D23":""

34
tests/suites/test_suite_oid.function Normal file
View file

@ -0,0 +1,34 @@
/* BEGIN_HEADER */
#include "mbedtls/oid.h"
#include "mbedtls/asn1.h"
#include "mbedtls/asn1write.h"
#include "string.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_OID_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_ASN1_WRITE_C*/
void oid_get_certificate_policies( data_t * oid, char * result_str )
{
mbedtls_asn1_buf asn1_buf = { 0, 0, NULL };
int ret;
const char *desc;
asn1_buf.tag = MBEDTLS_ASN1_OID;
asn1_buf.p = oid->x;
asn1_buf.len = oid->len;
ret = mbedtls_oid_get_certificate_policies( &asn1_buf, &desc );
if( strlen( result_str ) == 0 )
{
TEST_ASSERT( ret == MBEDTLS_ERR_OID_NOT_FOUND );
}
else
{
TEST_ASSERT( strcmp( ( char* )desc, result_str ) == 0 );
}
}
/* END_CASE */

4
tests/suites/test_suite_version.data
View file

@ -1,8 +1,8 @@
Check compiletime library version
check_compiletime_version:"0.0.0"
check_compiletime_version:"2.17.0"
Check runtime library version
check_runtime_version:"0.0.0"
check_runtime_version:"2.17.0"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0