Merge remote-tracking branch 'development' into pk_import_into_psa-implement_import
Conflicts: * tests/suites/test_suite_pk.function: consecutive changes to the depends_on line of pk_sign_verify and its argument list.
This commit is contained in:
commit
dd49c739f0
79 changed files with 2428 additions and 768 deletions
|
@ -283,6 +283,8 @@ add_subdirectory(3rdparty)
|
|||
|
||||
add_subdirectory(library)
|
||||
|
||||
add_subdirectory(pkgconfig)
|
||||
|
||||
#
|
||||
# The C files in tests/src directory contain test code shared among test suites
|
||||
# and programs. This shared test code is compiled and linked to test suites and
|
||||
|
|
3
ChangeLog.d/8799.txt
Normal file
3
ChangeLog.d/8799.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Bugfix
|
||||
* mbedtls_pem_read_buffer() now performs a check on the padding data of
|
||||
decrypted keys and it rejects invalid ones.
|
7
ChangeLog.d/8824.txt
Normal file
7
ChangeLog.d/8824.txt
Normal file
|
@ -0,0 +1,7 @@
|
|||
Bugfix
|
||||
* Fix mbedtls_pk_sign(), mbedtls_pk_verify(), mbedtls_pk_decrypt() and
|
||||
mbedtls_pk_encrypt() on non-opaque RSA keys to honor the padding mode in
|
||||
the RSA context. Before, if MBEDTLS_USE_PSA_CRYPTO was enabled, they always
|
||||
used PKCS#1 v1.5 even when the RSA context was configured for PKCS#1 v2.1
|
||||
(PSS/OAEP). Fixes #8824.
|
||||
|
3
ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt
Normal file
3
ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Features
|
||||
* Add support for using AES-CBC 128, 192, and 256 bit schemes
|
||||
with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse.
|
3
ChangeLog.d/gen-key-segfault.txt
Normal file
3
ChangeLog.d/gen-key-segfault.txt
Normal file
|
@ -0,0 +1,3 @@
|
|||
Bugfix
|
||||
* Avoid segmentation fault caused by releasing not initialized
|
||||
entropy resource in gen_key example. Fixes #8809.
|
4
ChangeLog.d/pkg-config-files-addition.txt
Normal file
4
ChangeLog.d/pkg-config-files-addition.txt
Normal file
|
@ -0,0 +1,4 @@
|
|||
Features
|
||||
* Add pc files for pkg-config, e.g.:
|
||||
pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509)
|
||||
|
7
ChangeLog.d/rsa-bitlen.txt
Normal file
7
ChangeLog.d/rsa-bitlen.txt
Normal file
|
@ -0,0 +1,7 @@
|
|||
Bugfix
|
||||
* Fix mbedtls_pk_get_bitlen() for RSA keys whose size is not a
|
||||
multiple of 8. Fixes #868.
|
||||
|
||||
Features
|
||||
* The new function mbedtls_rsa_get_bitlen() returns the length of the modulus
|
||||
in bits, i.e. the key size for an RSA key.
|
|
@ -105,7 +105,28 @@ provided by a driver or built-in, you should use the following macros:
|
|||
- for code that uses only the PSA Crypto API: `PSA_WANT_ALG_xxx` from
|
||||
`psa/crypto.h`;
|
||||
- for code that uses non-PSA crypto APIs: `MBEDTLS_MD_CAN_xxx` from
|
||||
`mbedtls/md.h`.
|
||||
`mbedtls/config_adjust_legacy_crypto.h`.
|
||||
|
||||
### HMAC
|
||||
|
||||
In addition to accelerated hash operations, it is also possible to accelerate
|
||||
HMAC by enabling and accelerating:
|
||||
- HMAC algorithm and key type, i.e. `[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_HMAC` and
|
||||
`[PSA_WANT|MBEDTLS_PSA_ACCEL]KEY_TYPE_HMAC`.
|
||||
- Required hash algorithm(s) as explained in [Hashes](#hashes) section.
|
||||
|
||||
In such a build it is possible to disable legacy HMAC support by disabling
|
||||
`MBEDTLS_MD_C` and still getting crypto operations, X.509 and TLS to work as
|
||||
usual. Exceptions are:
|
||||
- As mentioned in [Hashes](#hashes) direct calls to legacy lo-level hash APIs
|
||||
(`mbedtls_sha256()` etc.) will not be possible for the legacy modules that
|
||||
are disabled.
|
||||
- Legacy HMAC support (`mbedtls_md_hmac_xxx()`) won't be possible.
|
||||
- `MBEDTLS_PKCS[5|7]_C`, `MBEDTLS_HMAC_DRBG_C` and `MBEDTLS_HKDF_C` since they
|
||||
depend on the legacy implementation of HMAC.
|
||||
- disabling HMAC_DRBG_C cause deterministic ECDSA (i.e.
|
||||
`MBEDTLS_DETERMINISTIC_ECDSA` on the legacy side and
|
||||
`PSA_WANT_ALG_DETERMINISTIC_ECDSA` on the PSA one) to be not available.
|
||||
|
||||
Elliptic-curve cryptography (ECC)
|
||||
---------------------------------
|
||||
|
|
|
@ -158,7 +158,8 @@
|
|||
* (e.g. MBEDTLS_MD_LIGHT)
|
||||
*/
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) /* PSA_WANT_xxx influences MBEDTLS_xxx */ || \
|
||||
defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */
|
||||
defined(MBEDTLS_PSA_CRYPTO_C) /* MBEDTLS_xxx influences PSA_WANT_xxx */ || \
|
||||
defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* The same as the previous, but with separation only */
|
||||
#include "mbedtls/config_psa.h"
|
||||
#endif
|
||||
|
||||
|
|
|
@ -27,18 +27,8 @@
|
|||
#if !defined(MBEDTLS_PLATFORM_C)
|
||||
#error "MBEDTLS_PLATFORM_C is required on Windows"
|
||||
#endif
|
||||
|
||||
/* Fix the config here. Not convenient to put an #ifdef _WIN32 in mbedtls_config.h as
|
||||
* it would confuse config.py. */
|
||||
#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
|
||||
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
|
||||
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
|
||||
!defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
|
||||
#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
|
||||
#endif
|
||||
/* See auto-enabling SNPRINTF_ALT and VSNPRINTF_ALT
|
||||
* in * config_adjust_legacy_crypto.h */
|
||||
#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
|
||||
|
||||
#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
|
||||
|
@ -54,65 +44,6 @@
|
|||
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
|
||||
#endif
|
||||
|
||||
/* Check that each MBEDTLS_ECP_DP_xxx symbol has its PSA_WANT_ECC_xxx counterpart
|
||||
* when PSA crypto is enabled. */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) || defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
#error "MBEDTLS_ECP_DP_BP256R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
#error "MBEDTLS_ECP_DP_BP384R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) && !defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
#error "MBEDTLS_ECP_DP_BP512R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
#error "MBEDTLS_ECP_DP_CURVE25519_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) && !defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
#error "MBEDTLS_ECP_DP_CURVE448_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
#error "MBEDTLS_ECP_DP_SECP192R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
#error "MBEDTLS_ECP_DP_SECP224R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#error "MBEDTLS_ECP_DP_SECP256R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
#error "MBEDTLS_ECP_DP_SECP384R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && !defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
#error "MBEDTLS_ECP_DP_SECP521R1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
#error "MBEDTLS_ECP_DP_SECP192K1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
/* SECP224K1 is buggy in PSA API so we skip this check */
|
||||
#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
#error "MBEDTLS_ECP_DP_SECP224K1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) && !defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
#error "MBEDTLS_ECP_DP_SECP256K1_ENABLED defined, but not its PSA counterpart"
|
||||
#endif
|
||||
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG || MBEDTLS_PSA_CRYPTO_C */
|
||||
|
||||
/* Limitations on ECC key types acceleration: if we have any of `PUBLIC_KEY`,
|
||||
* `KEY_PAIR_BASIC`, `KEY_PAIR_IMPORT`, `KEY_PAIR_EXPORT` then we must have
|
||||
* all 4 of them.
|
||||
|
@ -154,7 +85,7 @@
|
|||
#endif /* some curve accelerated */
|
||||
|
||||
#if defined(MBEDTLS_CTR_DRBG_C) && !(defined(MBEDTLS_AES_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_AES) && \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_AES) && \
|
||||
defined(PSA_WANT_ALG_ECB_NO_PADDING)))
|
||||
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
@ -234,9 +165,8 @@
|
|||
#endif
|
||||
#endif /* MBEDTLS_PK_C && MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_ECJPAKE_C) && \
|
||||
( !defined(MBEDTLS_ECP_C) || \
|
||||
!( defined(MBEDTLS_MD_C) || defined(MBEDTLS_PSA_CRYPTO_C) ) )
|
||||
#if defined(MBEDTLS_ECJPAKE_C) && \
|
||||
!defined(MBEDTLS_ECP_C)
|
||||
#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
@ -277,27 +207,8 @@
|
|||
#error "MBEDTLS_ECP_C defined (or a subset enabled), but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
|
||||
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
/* Helpers for hash dependencies, will be undefined at the end of the file */
|
||||
/* Do SHA-256, 384, 512 to cover Entropy and TLS. */
|
||||
#if defined(MBEDTLS_SHA256_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256))
|
||||
#define MBEDTLS_MD_HAVE_SHA256
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA384_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_384))
|
||||
#define MBEDTLS_MD_HAVE_SHA384
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA512_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_512))
|
||||
#define MBEDTLS_MD_HAVE_SHA512
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
!(defined(MBEDTLS_MD_HAVE_SHA512) || defined(MBEDTLS_MD_HAVE_SHA256))
|
||||
!(defined(MBEDTLS_MD_CAN_SHA512) || defined(MBEDTLS_MD_CAN_SHA256))
|
||||
#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
|
@ -305,24 +216,24 @@
|
|||
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
(defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_HAVE_SHA512)) \
|
||||
(defined(MBEDTLS_ENTROPY_FORCE_SHA256) || !defined(MBEDTLS_MD_CAN_SHA512)) \
|
||||
&& defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
|
||||
#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
|
||||
#endif
|
||||
#if defined(MBEDTLS_ENTROPY_C) && \
|
||||
defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_HAVE_SHA256)
|
||||
defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_MD_CAN_SHA256)
|
||||
#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(__has_feature)
|
||||
#if __has_feature(memory_sanitizer)
|
||||
#define MBEDTLS_HAS_MEMSAN
|
||||
#define MBEDTLS_HAS_MEMSAN // #undef at the end of this paragraph
|
||||
#endif
|
||||
#endif
|
||||
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
|
||||
#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
|
||||
#endif
|
||||
#undef MBEDTLS_HAS_MEMSAN
|
||||
#undef MBEDTLS_HAS_MEMSAN // temporary macro defined above
|
||||
|
||||
#if defined(MBEDTLS_CCM_C) && \
|
||||
!(defined(MBEDTLS_CCM_GCM_CAN_AES) || defined(MBEDTLS_CCM_GCM_CAN_ARIA) || \
|
||||
|
@ -388,28 +299,6 @@
|
|||
#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
/* Helper for JPAKE dependencies, will be undefined at the end of the file */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
|
||||
#define MBEDTLS_PK_HAVE_JPAKE
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_ECJPAKE_C)
|
||||
#define MBEDTLS_PK_HAVE_JPAKE
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Helper for curve SECP256R1 */
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
#define MBEDTLS_PK_HAVE_CURVE_SECP256R1
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
|
||||
#define MBEDTLS_PK_HAVE_CURVE_SECP256R1
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \
|
||||
( !defined(MBEDTLS_CAN_ECDH) || \
|
||||
!defined(MBEDTLS_PK_CAN_ECDSA_SIGN) || \
|
||||
|
@ -463,47 +352,52 @@
|
|||
#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
( !defined(MBEDTLS_PK_HAVE_JPAKE) || \
|
||||
!defined(MBEDTLS_PK_HAVE_CURVE_SECP256R1) )
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
( !defined(PSA_WANT_ALG_JPAKE) || \
|
||||
!defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
|
||||
!defined(PSA_WANT_ECC_SECP_R1_256) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
( !defined(MBEDTLS_ECJPAKE_C) || \
|
||||
!defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
/* Use of EC J-PAKE in TLS requires SHA-256. */
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
|
||||
!defined(MBEDTLS_MD_HAVE_SHA256)
|
||||
!defined(MBEDTLS_MD_CAN_SHA256)
|
||||
#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
|
||||
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
|
||||
( !defined(MBEDTLS_SHA256_C) && \
|
||||
!defined(MBEDTLS_SHA512_C) && \
|
||||
!defined(MBEDTLS_SHA1_C) )
|
||||
#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
|
||||
!defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA256) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA512) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA1)
|
||||
#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires SHA-512, SHA-256 or SHA-1".
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_MD_C) && !( \
|
||||
defined(MBEDTLS_MD5_C) || \
|
||||
defined(MBEDTLS_RIPEMD160_C) || \
|
||||
defined(MBEDTLS_SHA1_C) || \
|
||||
defined(MBEDTLS_SHA224_C) || \
|
||||
defined(MBEDTLS_SHA256_C) || \
|
||||
defined(MBEDTLS_SHA384_C) || \
|
||||
defined(MBEDTLS_SHA512_C) || \
|
||||
(defined(MBEDTLS_PSA_CRYPTO_C) && \
|
||||
(defined(PSA_WANT_ALG_MD5) || \
|
||||
defined(PSA_WANT_ALG_RIPEMD160) || \
|
||||
defined(PSA_WANT_ALG_SHA_1) || \
|
||||
defined(PSA_WANT_ALG_SHA_224) || \
|
||||
defined(PSA_WANT_ALG_SHA_256) || \
|
||||
defined(PSA_WANT_ALG_SHA_384) || \
|
||||
defined(PSA_WANT_ALG_SHA_512))))
|
||||
#error "MBEDTLS_MD_C defined, but not all prerequisites"
|
||||
#if defined(MBEDTLS_MD_C) && \
|
||||
!defined(MBEDTLS_MD_CAN_MD5) && \
|
||||
!defined(MBEDTLS_MD_CAN_RIPEMD160) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA1) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA224) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA256) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA384) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA512) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA3_224) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA3_256) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA3_384) && \
|
||||
!defined(MBEDTLS_MD_CAN_SHA3_512)
|
||||
#error "MBEDTLS_MD_C defined, but no hash algorithm"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_LMS_C) && \
|
||||
! ( defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_ALG_SHA_256) )
|
||||
! ( defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_ALG_SHA_256) )
|
||||
#error "MBEDTLS_LMS_C requires MBEDTLS_PSA_CRYPTO_C and PSA_WANT_ALG_SHA_256"
|
||||
#endif
|
||||
|
||||
|
@ -538,11 +432,17 @@
|
|||
#error "MBEDTLS_PK_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
|
||||
#if defined(MBEDTLS_PK_PARSE_C) && \
|
||||
(!defined(MBEDTLS_ASN1_PARSE_C) || \
|
||||
!defined(MBEDTLS_OID_C) || \
|
||||
!defined(MBEDTLS_PK_C))
|
||||
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
|
||||
#if defined(MBEDTLS_PK_WRITE_C) && \
|
||||
(!defined(MBEDTLS_ASN1_WRITE_C) || \
|
||||
!defined(MBEDTLS_OID_C) || \
|
||||
!defined(MBEDTLS_PK_C))
|
||||
#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
@ -891,7 +791,7 @@
|
|||
* Note: for dependencies common with TLS 1.2 (running handshake hash),
|
||||
* see MBEDTLS_SSL_TLS_C. */
|
||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \
|
||||
!(defined(MBEDTLS_PSA_CRYPTO_C) && \
|
||||
!(defined(MBEDTLS_PSA_CRYPTO_CLIENT) && \
|
||||
defined(PSA_WANT_ALG_HKDF_EXTRACT) && \
|
||||
defined(PSA_WANT_ALG_HKDF_EXPAND) && \
|
||||
(defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA_384)))
|
||||
|
@ -975,7 +875,7 @@
|
|||
#endif
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#if !defined(MBEDTLS_MD_C) || \
|
||||
!(defined(MBEDTLS_MD_HAVE_SHA256) || defined(MBEDTLS_MD_HAVE_SHA384))
|
||||
!(defined(MBEDTLS_MD_CAN_SHA256) || defined(MBEDTLS_MD_CAN_SHA384))
|
||||
#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
|
||||
#endif
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
@ -1074,22 +974,20 @@
|
|||
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
|
||||
#endif
|
||||
#define MBEDTLS_THREADING_IMPL
|
||||
#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_ALT)
|
||||
#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
|
||||
#endif
|
||||
#define MBEDTLS_THREADING_IMPL
|
||||
#define MBEDTLS_THREADING_IMPL // undef at the end of this paragraph
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
|
||||
#error "MBEDTLS_THREADING_C defined, single threading implementation required"
|
||||
#endif
|
||||
#undef MBEDTLS_THREADING_IMPL
|
||||
#undef MBEDTLS_THREADING_IMPL // temporary macro defined above
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_CLIENT)
|
||||
#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
|
@ -1218,13 +1116,6 @@
|
|||
#error "MBEDTLS_PKCS7_C is defined, but not all prerequisites"
|
||||
#endif
|
||||
|
||||
/* Undefine helper symbols */
|
||||
#undef MBEDTLS_PK_HAVE_JPAKE
|
||||
#undef MBEDTLS_MD_HAVE_SHA256
|
||||
#undef MBEDTLS_MD_HAVE_SHA384
|
||||
#undef MBEDTLS_MD_HAVE_SHA512
|
||||
#undef MBEDTLS_PK_HAVE_CURVE_SECP256R1
|
||||
|
||||
/*
|
||||
* Avoid warning from -pedantic. This is a convenient place for this
|
||||
* workaround since this is included by every single file before the
|
||||
|
|
|
@ -22,6 +22,22 @@
|
|||
#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
|
||||
#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H
|
||||
|
||||
/* Ideally, we'd set those as defaults in mbedtls_config.h, but
|
||||
* putting an #ifdef _WIN32 in mbedtls_config.h would confuse config.py.
|
||||
*
|
||||
* So, adjust it here.
|
||||
* Not related to crypto, but this is the bottom of the stack. */
|
||||
#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
|
||||
#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
|
||||
!defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
|
||||
#define MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||
#endif
|
||||
#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
|
||||
!defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
|
||||
#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
|
||||
#endif
|
||||
#endif /* _MINGW32__ || (_MSC_VER && (_MSC_VER <= 1900)) */
|
||||
|
||||
/* Auto-enable CIPHER_C when any of the unauthenticated ciphers is builtin
|
||||
* in PSA. */
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C) && \
|
||||
|
|
|
@ -3059,7 +3059,7 @@
|
|||
* Caller: library/x509_crt.c
|
||||
* library/x509_csr.c
|
||||
*
|
||||
* Requires: MBEDTLS_PK_C
|
||||
* Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_OID_C, MBEDTLS_PK_C
|
||||
*
|
||||
* Uncomment to enable generic public key parse functions.
|
||||
*/
|
||||
|
@ -3073,7 +3073,7 @@
|
|||
* Module: library/pkwrite.c
|
||||
* Caller: library/x509write.c
|
||||
*
|
||||
* Requires: MBEDTLS_PK_C
|
||||
* Requires: MBEDTLS_ASN1_WRITE_C, MBEDTLS_OID_C, MBEDTLS_PK_C
|
||||
*
|
||||
* Uncomment to enable generic public key write functions.
|
||||
*/
|
||||
|
|
|
@ -288,12 +288,17 @@
|
|||
#define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */
|
||||
|
||||
/*
|
||||
* Encryption algorithms
|
||||
* Encryption algorithms,
|
||||
* the following standardized object identifiers are specified at
|
||||
* https://datatracker.ietf.org/doc/html/rfc8018#appendix-C.
|
||||
*/
|
||||
#define MBEDTLS_OID_DES_CBC MBEDTLS_OID_ISO_IDENTIFIED_ORG \
|
||||
MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
|
||||
#define MBEDTLS_OID_DES_EDE3_CBC MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
|
||||
#define MBEDTLS_OID_AES MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
|
||||
#define MBEDTLS_OID_AES_128_CBC MBEDTLS_OID_AES "\x02" /** aes128-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes128-CBC-PAD(2) } */
|
||||
#define MBEDTLS_OID_AES_192_CBC MBEDTLS_OID_AES "\x16" /** aes192-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes192-CBC-PAD(22) } */
|
||||
#define MBEDTLS_OID_AES_256_CBC MBEDTLS_OID_AES "\x2a" /** aes256-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes256-CBC-PAD(42) } */
|
||||
|
||||
/*
|
||||
* Key Wrapping algorithms
|
||||
|
|
|
@ -73,11 +73,11 @@ void mbedtls_pem_init(mbedtls_pem_context *ctx);
|
|||
* \param data source data to look in (must be nul-terminated)
|
||||
* \param pwd password for decryption (can be NULL)
|
||||
* \param pwdlen length of password
|
||||
* \param use_len destination for total length used (set after header is
|
||||
* correctly read, so unless you get
|
||||
* \param use_len destination for total length used from data buffer. It is
|
||||
* set after header is correctly read, so unless you get
|
||||
* MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
|
||||
* MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
|
||||
* the length to skip)
|
||||
* the length to skip.
|
||||
*
|
||||
* \note Attempts to check password correctness by verifying if
|
||||
* the decrypted text starts with an ASN.1 sequence of
|
||||
|
|
|
@ -181,13 +181,6 @@ typedef struct mbedtls_pk_rsassa_pss_options {
|
|||
#define MBEDTLS_PK_USE_PSA_EC_DATA
|
||||
#endif
|
||||
|
||||
/* Helper symbol to state that the PK module has support for EC keys. This
|
||||
* can either be provided through the legacy ECP solution or through the
|
||||
* PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA. */
|
||||
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA) || defined(MBEDTLS_ECP_C)
|
||||
#define MBEDTLS_PK_HAVE_ECC_KEYS
|
||||
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */
|
||||
|
||||
/**
|
||||
* \brief Types for interfacing with the debug module
|
||||
*/
|
||||
|
@ -667,14 +660,17 @@ int mbedtls_pk_import_into_psa(const mbedtls_pk_context *pk,
|
|||
* \param sig Signature to verify
|
||||
* \param sig_len Signature length
|
||||
*
|
||||
* \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
|
||||
* either PKCS#1 v1.5 or PSS (accepting any salt length),
|
||||
* depending on the padding mode in the underlying RSA context.
|
||||
* For a pk object constructed by parsing, this is PKCS#1 v1.5
|
||||
* by default. Use mbedtls_pk_verify_ext() to explicitly select
|
||||
* a different algorithm.
|
||||
*
|
||||
* \return 0 on success (signature is valid),
|
||||
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
|
||||
* signature in \p sig but its length is less than \p sig_len,
|
||||
* or a specific error code.
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
* Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
|
||||
* to verify RSASSA_PSS signatures.
|
||||
*/
|
||||
int mbedtls_pk_verify(mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
|
||||
const unsigned char *hash, size_t hash_len,
|
||||
|
@ -761,11 +757,15 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options,
|
|||
* \param f_rng RNG function, must not be \c NULL.
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
* \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
|
||||
* either PKCS#1 v1.5 or PSS (using the largest possible salt
|
||||
* length up to the hash length), depending on the padding mode
|
||||
* in the underlying RSA context. For a pk object constructed
|
||||
* by parsing, this is PKCS#1 v1.5 by default. Use
|
||||
* mbedtls_pk_verify_ext() to explicitly select a different
|
||||
* algorithm.
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
* There is no interface in the PK module to make RSASSA-PSS
|
||||
* signatures yet.
|
||||
* \return 0 on success, or a specific error code.
|
||||
*
|
||||
* \note For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
|
||||
* For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
|
||||
|
@ -861,7 +861,10 @@ int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx,
|
|||
* \param f_rng RNG function, must not be \c NULL.
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
* \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
|
||||
* either PKCS#1 v1.5 or OAEP, depending on the padding mode in
|
||||
* the underlying RSA context. For a pk object constructed by
|
||||
* parsing, this is PKCS#1 v1.5 by default.
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*/
|
||||
|
@ -882,9 +885,12 @@ int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
|
|||
* \param f_rng RNG function, must not be \c NULL.
|
||||
* \param p_rng RNG parameter
|
||||
*
|
||||
* \note \p f_rng is used for padding generation.
|
||||
* \note For keys of type #MBEDTLS_PK_RSA, the signature algorithm is
|
||||
* either PKCS#1 v1.5 or OAEP, depending on the padding mode in
|
||||
* the underlying RSA context. For a pk object constructed by
|
||||
* parsing, this is PKCS#1 v1.5 by default.
|
||||
*
|
||||
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
|
||||
* \note \p f_rng is used for padding generation.
|
||||
*
|
||||
* \return 0 on success, or a specific error code.
|
||||
*/
|
||||
|
|
|
@ -426,6 +426,16 @@ int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx,
|
|||
int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx,
|
||||
mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP);
|
||||
|
||||
/**
|
||||
* \brief This function retrieves the length of the RSA modulus in bits.
|
||||
*
|
||||
* \param ctx The initialized RSA context.
|
||||
*
|
||||
* \return The length of the RSA modulus in bits.
|
||||
*
|
||||
*/
|
||||
size_t mbedtls_rsa_get_bitlen(const mbedtls_rsa_context *ctx);
|
||||
|
||||
/**
|
||||
* \brief This function retrieves the length of RSA modulus in Bytes.
|
||||
*
|
||||
|
|
|
@ -4737,7 +4737,7 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl
|
|||
* \param ssl The SSL context representing the connection for which to
|
||||
* to export a session structure for later resumption.
|
||||
* \param session The target structure in which to store the exported session.
|
||||
* This must have been initialized with mbedtls_ssl_init_session()
|
||||
* This must have been initialized with mbedtls_ssl_session_init()
|
||||
* but otherwise be unused.
|
||||
*
|
||||
* \note This function can handle a variety of mechanisms for session
|
||||
|
@ -5106,9 +5106,9 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl);
|
|||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 0
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 1
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 2
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT 1
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED 2
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED 3
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
/**
|
||||
|
|
|
@ -198,6 +198,8 @@ psa_status_t mbedtls_psa_register_se_key(
|
|||
*
|
||||
* This function clears all data associated with the PSA layer,
|
||||
* including the whole key store.
|
||||
* This function is not thread safe, it wipes every key slot regardless of
|
||||
* state and reader count. It should only be called when no slot is in use.
|
||||
*
|
||||
* This is an Mbed TLS extension.
|
||||
*/
|
||||
|
|
|
@ -334,7 +334,7 @@ static void aesce_setkey_enc(unsigned char *rk,
|
|||
* - Section 5, Nr = Nk + 6
|
||||
* - Section 5.2, the length of round keys is Nb*(Nr+1)
|
||||
*/
|
||||
const uint32_t key_len_in_words = key_bit_length / 32; /* Nk */
|
||||
const size_t key_len_in_words = key_bit_length / 32; /* Nk */
|
||||
const size_t round_key_len_in_words = 4; /* Nb */
|
||||
const size_t rounds_needed = key_len_in_words + 6; /* Nr */
|
||||
const size_t round_keys_len_in_words =
|
||||
|
|
|
@ -65,7 +65,8 @@ static int local_err_translation(psa_status_t status)
|
|||
#define H_TREE_HEIGHT_MAX 10
|
||||
#define MERKLE_TREE_NODE_AM(type) ((size_t) 1 << (MBEDTLS_LMS_H_TREE_HEIGHT(type) + 1u))
|
||||
#define MERKLE_TREE_LEAF_NODE_AM(type) ((size_t) 1 << MBEDTLS_LMS_H_TREE_HEIGHT(type))
|
||||
#define MERKLE_TREE_INTERNAL_NODE_AM(type) ((size_t) 1 << MBEDTLS_LMS_H_TREE_HEIGHT(type))
|
||||
#define MERKLE_TREE_INTERNAL_NODE_AM(type) ((unsigned int) \
|
||||
(1u << MBEDTLS_LMS_H_TREE_HEIGHT(type)))
|
||||
|
||||
#define D_CONST_LEN (2)
|
||||
static const unsigned char D_LEAF_CONSTANT_BYTES[D_CONST_LEN] = { 0x82, 0x82 };
|
||||
|
|
|
@ -683,6 +683,18 @@ static const oid_cipher_alg_t oid_cipher_alg[] =
|
|||
OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC"),
|
||||
MBEDTLS_CIPHER_DES_EDE3_CBC,
|
||||
},
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_AES_128_CBC, "aes128-cbc", "AES128-CBC"),
|
||||
MBEDTLS_CIPHER_AES_128_CBC,
|
||||
},
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_AES_192_CBC, "aes192-cbc", "AES192-CBC"),
|
||||
MBEDTLS_CIPHER_AES_192_CBC,
|
||||
},
|
||||
{
|
||||
OID_DESCRIPTOR(MBEDTLS_OID_AES_256_CBC, "aes256-cbc", "AES256-CBC"),
|
||||
MBEDTLS_CIPHER_AES_256_CBC,
|
||||
},
|
||||
{
|
||||
NULL_OID_DESCRIPTOR,
|
||||
MBEDTLS_CIPHER_NONE,
|
||||
|
|
|
@ -240,6 +240,29 @@ exit:
|
|||
}
|
||||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
#if defined(MBEDTLS_DES_C) || defined(MBEDTLS_AES_C)
|
||||
static int pem_check_pkcs_padding(unsigned char *input, size_t input_len, size_t *data_len)
|
||||
{
|
||||
/* input_len > 0 is guaranteed by mbedtls_pem_read_buffer(). */
|
||||
size_t pad_len = input[input_len - 1];
|
||||
size_t i;
|
||||
|
||||
if (pad_len > input_len) {
|
||||
return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH;
|
||||
}
|
||||
|
||||
*data_len = input_len - pad_len;
|
||||
|
||||
for (i = *data_len; i < input_len; i++) {
|
||||
if (input[i] != pad_len) {
|
||||
return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_DES_C || MBEDTLS_AES_C */
|
||||
|
||||
#endif /* PEM_RFC1421 */
|
||||
|
||||
int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const char *footer,
|
||||
|
@ -389,6 +412,10 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const
|
|||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PEM_INVALID_DATA, ret);
|
||||
}
|
||||
|
||||
if (len == 0) {
|
||||
return MBEDTLS_ERR_PEM_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
if ((buf = mbedtls_calloc(1, len)) == NULL) {
|
||||
return MBEDTLS_ERR_PEM_ALLOC_FAILED;
|
||||
}
|
||||
|
@ -426,20 +453,20 @@ int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx, const char *header, const
|
|||
#endif /* MBEDTLS_AES_C */
|
||||
|
||||
if (ret != 0) {
|
||||
mbedtls_free(buf);
|
||||
mbedtls_zeroize_and_free(buf, len);
|
||||
return ret;
|
||||
}
|
||||
|
||||
/*
|
||||
* The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
|
||||
* length bytes (allow 4 to be sure) in all known use cases.
|
||||
*
|
||||
* Use that as a heuristic to try to detect password mismatches.
|
||||
*/
|
||||
if (len <= 2 || buf[0] != 0x30 || buf[1] > 0x83) {
|
||||
/* Check PKCS padding and update data length based on padding info.
|
||||
* This can be used to detect invalid padding data and password
|
||||
* mismatches. */
|
||||
size_t unpadded_len;
|
||||
ret = pem_check_pkcs_padding(buf, len, &unpadded_len);
|
||||
if (ret != 0) {
|
||||
mbedtls_zeroize_and_free(buf, len);
|
||||
return MBEDTLS_ERR_PEM_PASSWORD_MISMATCH;
|
||||
return ret;
|
||||
}
|
||||
len = unpadded_len;
|
||||
#else
|
||||
mbedtls_zeroize_and_free(buf, len);
|
||||
return MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE;
|
||||
|
|
|
@ -383,7 +383,7 @@ static psa_algorithm_t psa_algorithm_for_rsa(const mbedtls_rsa_context *rsa,
|
|||
{
|
||||
if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) {
|
||||
if (want_crypt) {
|
||||
mbedtls_md_type_t md_type = mbedtls_rsa_get_md_alg(rsa);
|
||||
mbedtls_md_type_t md_type = (mbedtls_md_type_t) mbedtls_rsa_get_md_alg(rsa);
|
||||
return PSA_ALG_RSA_OAEP(mbedtls_md_psa_alg_from_type(md_type));
|
||||
} else {
|
||||
return PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH);
|
||||
|
|
|
@ -58,7 +58,7 @@ static int rsa_can_do(mbedtls_pk_type_t type)
|
|||
static size_t rsa_get_bitlen(mbedtls_pk_context *pk)
|
||||
{
|
||||
const mbedtls_rsa_context *rsa = (const mbedtls_rsa_context *) pk->pk_ctx;
|
||||
return 8 * mbedtls_rsa_get_len(rsa);
|
||||
return mbedtls_rsa_get_bitlen(rsa);
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
@ -74,8 +74,7 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
|
|||
int key_len;
|
||||
unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
|
||||
unsigned char *p = buf + sizeof(buf);
|
||||
psa_algorithm_t psa_alg_md =
|
||||
PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg));
|
||||
psa_algorithm_t psa_alg_md;
|
||||
size_t rsa_len = mbedtls_rsa_get_len(rsa);
|
||||
|
||||
#if SIZE_MAX > UINT_MAX
|
||||
|
@ -84,6 +83,12 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
|
|||
}
|
||||
#endif
|
||||
|
||||
if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) {
|
||||
psa_alg_md = PSA_ALG_RSA_PSS(mbedtls_md_psa_alg_from_type(md_alg));
|
||||
} else {
|
||||
psa_alg_md = PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg));
|
||||
}
|
||||
|
||||
if (sig_len < rsa_len) {
|
||||
return MBEDTLS_ERR_RSA_VERIFY_FAILED;
|
||||
}
|
||||
|
@ -235,10 +240,14 @@ static int rsa_sign_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
|
|||
if (psa_md_alg == 0) {
|
||||
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
||||
}
|
||||
psa_algorithm_t psa_alg;
|
||||
if (mbedtls_rsa_get_padding_mode(mbedtls_pk_rsa(*pk)) == MBEDTLS_RSA_PKCS_V21) {
|
||||
psa_alg = PSA_ALG_RSA_PSS(psa_md_alg);
|
||||
} else {
|
||||
psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN(psa_md_alg);
|
||||
}
|
||||
|
||||
return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PKCS1V15_SIGN(
|
||||
psa_md_alg),
|
||||
pk->pk_ctx, hash, hash_len,
|
||||
return mbedtls_pk_psa_rsa_sign_ext(psa_alg, pk->pk_ctx, hash, hash_len,
|
||||
sig, sig_size, sig_len);
|
||||
}
|
||||
#else /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
@ -276,6 +285,7 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_algorithm_t psa_md_alg, decrypt_alg;
|
||||
psa_status_t status;
|
||||
int key_len;
|
||||
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
|
||||
|
@ -284,12 +294,6 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
|
|||
((void) f_rng);
|
||||
((void) p_rng);
|
||||
|
||||
#if !defined(MBEDTLS_RSA_ALT)
|
||||
if (rsa->padding != MBEDTLS_RSA_PKCS_V15) {
|
||||
return MBEDTLS_ERR_RSA_INVALID_PADDING;
|
||||
}
|
||||
#endif /* !MBEDTLS_RSA_ALT */
|
||||
|
||||
if (ilen != mbedtls_rsa_get_len(rsa)) {
|
||||
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
}
|
||||
|
@ -301,7 +305,13 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
|
|||
|
||||
psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
|
||||
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
|
||||
psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
|
||||
if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) {
|
||||
psa_md_alg = mbedtls_md_psa_alg_from_type(mbedtls_rsa_get_md_alg(rsa));
|
||||
decrypt_alg = PSA_ALG_RSA_OAEP(psa_md_alg);
|
||||
} else {
|
||||
decrypt_alg = PSA_ALG_RSA_PKCS1V15_CRYPT;
|
||||
}
|
||||
psa_set_key_algorithm(&attributes, decrypt_alg);
|
||||
|
||||
status = psa_import_key(&attributes,
|
||||
buf + sizeof(buf) - key_len, key_len,
|
||||
|
@ -311,7 +321,7 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
|
|||
goto cleanup;
|
||||
}
|
||||
|
||||
status = psa_asymmetric_decrypt(key_id, PSA_ALG_RSA_PKCS1V15_CRYPT,
|
||||
status = psa_asymmetric_decrypt(key_id, decrypt_alg,
|
||||
input, ilen,
|
||||
NULL, 0,
|
||||
output, osize, olen);
|
||||
|
@ -358,6 +368,7 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk,
|
|||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_algorithm_t psa_md_alg;
|
||||
psa_status_t status;
|
||||
int key_len;
|
||||
unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
|
||||
|
@ -366,12 +377,6 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk,
|
|||
((void) f_rng);
|
||||
((void) p_rng);
|
||||
|
||||
#if !defined(MBEDTLS_RSA_ALT)
|
||||
if (rsa->padding != MBEDTLS_RSA_PKCS_V15) {
|
||||
return MBEDTLS_ERR_RSA_INVALID_PADDING;
|
||||
}
|
||||
#endif
|
||||
|
||||
if (mbedtls_rsa_get_len(rsa) > osize) {
|
||||
return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
|
||||
}
|
||||
|
@ -382,7 +387,12 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk,
|
|||
}
|
||||
|
||||
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
|
||||
psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
|
||||
if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) {
|
||||
psa_md_alg = mbedtls_md_psa_alg_from_type(mbedtls_rsa_get_md_alg(rsa));
|
||||
psa_set_key_algorithm(&attributes, PSA_ALG_RSA_OAEP(psa_md_alg));
|
||||
} else {
|
||||
psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
|
||||
}
|
||||
psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
|
||||
|
||||
status = psa_import_key(&attributes,
|
||||
|
|
|
@ -1089,6 +1089,14 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
|
|||
return status;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/* We cannot unlock between setting the state to PENDING_DELETION
|
||||
* and destroying the key in storage, as otherwise another thread
|
||||
* could load the key into a new slot and the key will not be
|
||||
* fully destroyed. */
|
||||
PSA_THREADING_CHK_GOTO_EXIT(mbedtls_mutex_lock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
#endif
|
||||
/* Set the key slot containing the key description's state to
|
||||
* PENDING_DELETION. This stops new operations from registering
|
||||
* to read the slot. Current readers can safely continue to access
|
||||
|
@ -1097,7 +1105,12 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
|
|||
* If the key is persistent, we can now delete the copy of the key
|
||||
* from memory. If the key is opaque, we require the driver to
|
||||
* deal with the deletion. */
|
||||
slot->state = PSA_SLOT_PENDING_DELETION;
|
||||
status = psa_key_slot_state_transition(slot, PSA_SLOT_FULL,
|
||||
PSA_SLOT_PENDING_DELETION);
|
||||
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (PSA_KEY_LIFETIME_IS_READ_ONLY(slot->attr.lifetime)) {
|
||||
/* Refuse the destruction of a read-only key (which may or may not work
|
||||
|
@ -1152,11 +1165,6 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key)
|
|||
if (overall_status == PSA_SUCCESS) {
|
||||
overall_status = status;
|
||||
}
|
||||
|
||||
/* TODO: other slots may have a copy of the same key. We should
|
||||
* invalidate them.
|
||||
* https://github.com/ARMmbed/mbed-crypto/issues/214
|
||||
*/
|
||||
}
|
||||
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
|
||||
|
||||
|
@ -1182,6 +1190,14 @@ exit:
|
|||
if (status != PSA_SUCCESS) {
|
||||
overall_status = status;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/* Don't overwrite existing errors if the unlock fails. */
|
||||
status = overall_status;
|
||||
PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
#endif
|
||||
|
||||
return overall_status;
|
||||
}
|
||||
|
||||
|
@ -1663,7 +1679,15 @@ static psa_status_t psa_start_key_creation(
|
|||
return status;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
PSA_THREADING_CHK_RET(mbedtls_mutex_lock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
#endif
|
||||
status = psa_reserve_free_key_slot(&volatile_key_id, p_slot);
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
#endif
|
||||
if (status != PSA_SUCCESS) {
|
||||
return status;
|
||||
}
|
||||
|
@ -1783,6 +1807,11 @@ static psa_status_t psa_finish_key_creation(
|
|||
(void) slot;
|
||||
(void) driver;
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
PSA_THREADING_CHK_RET(mbedtls_mutex_lock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
|
||||
if (!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
|
@ -1822,6 +1851,11 @@ static psa_status_t psa_finish_key_creation(
|
|||
status = psa_save_se_persistent_data(driver);
|
||||
if (status != PSA_SUCCESS) {
|
||||
psa_destroy_persistent_key(slot->attr.id);
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
#endif
|
||||
return status;
|
||||
}
|
||||
status = psa_crypto_stop_transaction();
|
||||
|
@ -1837,6 +1871,10 @@ static psa_status_t psa_finish_key_creation(
|
|||
}
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
#endif
|
||||
return status;
|
||||
}
|
||||
|
||||
|
@ -1861,6 +1899,13 @@ static void psa_fail_key_creation(psa_key_slot_t *slot,
|
|||
return;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/* If the lock operation fails we still wipe the slot.
|
||||
* Operations will no longer work after a failed lock,
|
||||
* but we still need to wipe the slot of confidential data. */
|
||||
mbedtls_mutex_lock(&mbedtls_threading_key_slot_mutex);
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
/* TODO: If the key has already been created in the secure
|
||||
* element, and the failure happened later (when saving metadata
|
||||
|
@ -1879,6 +1924,10 @@ static void psa_fail_key_creation(psa_key_slot_t *slot,
|
|||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
|
||||
psa_wipe_key_slot(slot);
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
mbedtls_mutex_unlock(&mbedtls_threading_key_slot_mutex);
|
||||
#endif
|
||||
}
|
||||
|
||||
/** Validate optional attributes during key creation.
|
||||
|
|
|
@ -521,44 +521,78 @@ psa_status_t psa_open_key(mbedtls_svc_key_id_t key, psa_key_handle_t *handle)
|
|||
|
||||
psa_status_t psa_close_key(psa_key_handle_t handle)
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot;
|
||||
|
||||
if (psa_key_handle_is_null(handle)) {
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/* We need to set status as success, otherwise CORRUPTION_DETECTED
|
||||
* would be returned if the lock fails. */
|
||||
status = PSA_SUCCESS;
|
||||
PSA_THREADING_CHK_RET(mbedtls_mutex_lock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
#endif
|
||||
status = psa_get_and_lock_key_slot_in_memory(handle, &slot);
|
||||
if (status != PSA_SUCCESS) {
|
||||
if (status == PSA_ERROR_DOES_NOT_EXIST) {
|
||||
status = PSA_ERROR_INVALID_HANDLE;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
#endif
|
||||
return status;
|
||||
}
|
||||
|
||||
if (slot->registered_readers == 1) {
|
||||
return psa_wipe_key_slot(slot);
|
||||
status = psa_wipe_key_slot(slot);
|
||||
} else {
|
||||
return psa_unregister_read(slot);
|
||||
status = psa_unregister_read(slot);
|
||||
}
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
#endif
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
psa_status_t psa_purge_key(mbedtls_svc_key_id_t key)
|
||||
{
|
||||
psa_status_t status;
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot;
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
/* We need to set status as success, otherwise CORRUPTION_DETECTED
|
||||
* would be returned if the lock fails. */
|
||||
status = PSA_SUCCESS;
|
||||
PSA_THREADING_CHK_RET(mbedtls_mutex_lock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
#endif
|
||||
status = psa_get_and_lock_key_slot_in_memory(key, &slot);
|
||||
if (status != PSA_SUCCESS) {
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
#endif
|
||||
return status;
|
||||
}
|
||||
|
||||
if ((!PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) &&
|
||||
(slot->registered_readers == 1)) {
|
||||
return psa_wipe_key_slot(slot);
|
||||
status = psa_wipe_key_slot(slot);
|
||||
} else {
|
||||
return psa_unregister_read(slot);
|
||||
status = psa_unregister_read(slot);
|
||||
}
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
PSA_THREADING_CHK_RET(mbedtls_mutex_unlock(
|
||||
&mbedtls_threading_key_slot_mutex));
|
||||
#endif
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
void mbedtls_psa_get_stats(mbedtls_psa_stats_t *stats)
|
||||
|
|
|
@ -92,6 +92,8 @@ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key,
|
|||
psa_status_t psa_initialize_key_slots(void);
|
||||
|
||||
/** Delete all data from key slots in memory.
|
||||
* This function is not thread safe, it wipes every key slot regardless of
|
||||
* state and reader count. It should only be called when no slot is in use.
|
||||
*
|
||||
* This does not affect persistent storage. */
|
||||
void psa_wipe_all_key_slots(void);
|
||||
|
@ -105,6 +107,9 @@ void psa_wipe_all_key_slots(void);
|
|||
* It is the responsibility of the caller to change the slot's state to
|
||||
* PSA_SLOT_EMPTY/FULL once key creation has finished.
|
||||
*
|
||||
* If multi-threading is enabled, the caller must hold the
|
||||
* global key slot mutex.
|
||||
*
|
||||
* \param[out] volatile_key_id On success, volatile key identifier
|
||||
* associated to the returned slot.
|
||||
* \param[out] p_slot On success, a pointer to the slot.
|
||||
|
|
|
@ -108,8 +108,9 @@ int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, si
|
|||
return ret;
|
||||
}
|
||||
|
||||
/* mbedtls_asn1_get_tag() already ensures that len is valid (i.e. p+len <= end)*/
|
||||
end = p + len;
|
||||
if (end != p + len) {
|
||||
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
|
||||
return ret;
|
||||
|
@ -241,8 +242,9 @@ int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key,
|
|||
return ret;
|
||||
}
|
||||
|
||||
/* mbedtls_asn1_get_tag() already ensures that len is valid (i.e. p+len <= end)*/
|
||||
end = p + len;
|
||||
if (end != p + len) {
|
||||
return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
/* Import N */
|
||||
if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
|
||||
|
@ -1014,6 +1016,14 @@ int mbedtls_rsa_get_md_alg(const mbedtls_rsa_context *ctx)
|
|||
return ctx->hash_id;
|
||||
}
|
||||
|
||||
/*
|
||||
* Get length in bits of RSA modulus
|
||||
*/
|
||||
size_t mbedtls_rsa_get_bitlen(const mbedtls_rsa_context *ctx)
|
||||
{
|
||||
return mbedtls_mpi_bitlen(&ctx->N);
|
||||
}
|
||||
|
||||
/*
|
||||
* Get length in bytes of RSA modulus
|
||||
*/
|
||||
|
|
|
@ -26,33 +26,35 @@
|
|||
|
||||
#define XOR_BYTE 0x6
|
||||
|
||||
typedef struct mbedtls_sha3_family_functions {
|
||||
mbedtls_sha3_id id;
|
||||
|
||||
uint16_t r;
|
||||
uint16_t olen;
|
||||
}
|
||||
mbedtls_sha3_family_functions;
|
||||
|
||||
/*
|
||||
* List of supported SHA-3 families
|
||||
/* Precomputed masks for the iota transform.
|
||||
*
|
||||
* Each round uses a 64-bit mask value. In each mask values, only
|
||||
* bits whose position is of the form 2^k-1 can be set, thus only
|
||||
* 7 of 64 bits of the mask need to be known for each mask value.
|
||||
*
|
||||
* We use a compressed encoding of the mask where bits 63, 31 and 15
|
||||
* are moved to bits 4-6. This allows us to make each mask value
|
||||
* 1 byte rather than 8 bytes, saving 7*24 = 168 bytes of data (with
|
||||
* perhaps a little variation due to alignment). Decompressing this
|
||||
* requires a little code, but much less than the savings on the table.
|
||||
*
|
||||
* The impact on performance depends on the platform and compiler.
|
||||
* There's a bit more computation, but less memory bandwidth. A quick
|
||||
* benchmark on x86_64 shows a 7% speed improvement with GCC and a
|
||||
* 5% speed penalty with Clang, compared to the naive uint64_t[24] table.
|
||||
* YMMV.
|
||||
*/
|
||||
static const mbedtls_sha3_family_functions sha3_families[] = {
|
||||
{ MBEDTLS_SHA3_224, 1152, 224 },
|
||||
{ MBEDTLS_SHA3_256, 1088, 256 },
|
||||
{ MBEDTLS_SHA3_384, 832, 384 },
|
||||
{ MBEDTLS_SHA3_512, 576, 512 },
|
||||
{ MBEDTLS_SHA3_NONE, 0, 0 }
|
||||
};
|
||||
|
||||
static const uint64_t rc[24] = {
|
||||
0x0000000000000001, 0x0000000000008082, 0x800000000000808a, 0x8000000080008000,
|
||||
0x000000000000808b, 0x0000000080000001, 0x8000000080008081, 0x8000000000008009,
|
||||
0x000000000000008a, 0x0000000000000088, 0x0000000080008009, 0x000000008000000a,
|
||||
0x000000008000808b, 0x800000000000008b, 0x8000000000008089, 0x8000000000008003,
|
||||
0x8000000000008002, 0x8000000000000080, 0x000000000000800a, 0x800000008000000a,
|
||||
0x8000000080008081, 0x8000000000008080, 0x0000000080000001, 0x8000000080008008,
|
||||
/* Helper macro to set the values of the higher bits in unused low positions */
|
||||
#define H(b63, b31, b15) (b63 << 6 | b31 << 5 | b15 << 4)
|
||||
static const uint8_t iota_r_packed[24] = {
|
||||
H(0, 0, 0) | 0x01, H(0, 0, 1) | 0x82, H(1, 0, 1) | 0x8a, H(1, 1, 1) | 0x00,
|
||||
H(0, 0, 1) | 0x8b, H(0, 1, 0) | 0x01, H(1, 1, 1) | 0x81, H(1, 0, 1) | 0x09,
|
||||
H(0, 0, 0) | 0x8a, H(0, 0, 0) | 0x88, H(0, 1, 1) | 0x09, H(0, 1, 0) | 0x0a,
|
||||
H(0, 1, 1) | 0x8b, H(1, 0, 0) | 0x8b, H(1, 0, 1) | 0x89, H(1, 0, 1) | 0x03,
|
||||
H(1, 0, 1) | 0x02, H(1, 0, 0) | 0x80, H(0, 0, 1) | 0x0a, H(1, 1, 0) | 0x0a,
|
||||
H(1, 1, 1) | 0x81, H(1, 0, 1) | 0x80, H(0, 1, 0) | 0x01, H(1, 1, 1) | 0x08,
|
||||
};
|
||||
#undef H
|
||||
|
||||
static const uint8_t rho[24] = {
|
||||
1, 62, 28, 27, 36, 44, 6, 55, 20,
|
||||
|
@ -151,7 +153,11 @@ static void keccak_f1600(mbedtls_sha3_context *ctx)
|
|||
s[24] ^= (~lane[0]) & lane[1];
|
||||
|
||||
/* Iota */
|
||||
s[0] ^= rc[round];
|
||||
/* Decompress the round masks (see definition of rc) */
|
||||
s[0] ^= ((iota_r_packed[round] & 0x40ull) << 57 |
|
||||
(iota_r_packed[round] & 0x20ull) << 26 |
|
||||
(iota_r_packed[round] & 0x10ull) << 11 |
|
||||
(iota_r_packed[round] & 0x8f));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -180,21 +186,27 @@ void mbedtls_sha3_clone(mbedtls_sha3_context *dst,
|
|||
*/
|
||||
int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id)
|
||||
{
|
||||
const mbedtls_sha3_family_functions *p = NULL;
|
||||
|
||||
for (p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++) {
|
||||
if (p->id == id) {
|
||||
switch (id) {
|
||||
case MBEDTLS_SHA3_224:
|
||||
ctx->olen = 224 / 8;
|
||||
ctx->max_block_size = 1152 / 8;
|
||||
break;
|
||||
}
|
||||
case MBEDTLS_SHA3_256:
|
||||
ctx->olen = 256 / 8;
|
||||
ctx->max_block_size = 1088 / 8;
|
||||
break;
|
||||
case MBEDTLS_SHA3_384:
|
||||
ctx->olen = 384 / 8;
|
||||
ctx->max_block_size = 832 / 8;
|
||||
break;
|
||||
case MBEDTLS_SHA3_512:
|
||||
ctx->olen = 512 / 8;
|
||||
ctx->max_block_size = 576 / 8;
|
||||
break;
|
||||
default:
|
||||
return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
if (p->id == MBEDTLS_SHA3_NONE) {
|
||||
return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
ctx->olen = p->olen / 8;
|
||||
ctx->max_block_size = p->r / 8;
|
||||
|
||||
memset(ctx->state, 0, sizeof(ctx->state));
|
||||
ctx->index = 0;
|
||||
|
||||
|
|
|
@ -731,14 +731,23 @@ struct mbedtls_ssl_handshake_params {
|
|||
uint8_t key_exchange_mode; /*!< Selected key exchange mode */
|
||||
|
||||
/** Number of HelloRetryRequest messages received/sent from/to the server. */
|
||||
int hello_retry_request_count;
|
||||
uint8_t hello_retry_request_count;
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
|
||||
/**
|
||||
* Number of dummy change_cipher_spec (CCS) record sent. Used to send only
|
||||
* one CCS per handshake without having to complicate the handshake state
|
||||
* transitions.
|
||||
*/
|
||||
uint8_t ccs_count;
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
/** selected_group of key_share extension in HelloRetryRequest message. */
|
||||
uint16_t hrr_selected_group;
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
uint8_t tls13_kex_modes; /*!< Key exchange modes supported by the client */
|
||||
#endif
|
||||
/** selected_group of key_share extension in HelloRetryRequest message. */
|
||||
uint16_t hrr_selected_group;
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
uint16_t new_session_tickets_count; /*!< number of session tickets */
|
||||
#endif
|
||||
|
@ -2136,6 +2145,38 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
|
|||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
size_t *out_len);
|
||||
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
/*
|
||||
* The client has not sent the first ClientHello yet, it is unknown if the
|
||||
* client will send an early data indication extension or not.
|
||||
*/
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN 0
|
||||
|
||||
/*
|
||||
* The client has sent an early data indication extension in its first
|
||||
* ClientHello, it has not received the response (ServerHello or
|
||||
* HelloRetryRequest) from the server yet. The transform to protect early data
|
||||
* is not set and early data cannot be sent yet.
|
||||
*/
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_SENT 4
|
||||
|
||||
/*
|
||||
* The client has sent an early data indication extension in its first
|
||||
* ClientHello, it has not received the response (ServerHello or
|
||||
* HelloRetryRequest) from the server yet. The transform to protect early data
|
||||
* has been set and early data can be written now.
|
||||
*/
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE 5
|
||||
|
||||
/*
|
||||
* The client has sent an early data indication extension in its first
|
||||
* ClientHello, the server has accepted them and the client has received the
|
||||
* server Finished message. It cannot send early data to the server anymore.
|
||||
*/
|
||||
#define MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED 6
|
||||
#endif /* MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
|
|
@ -1100,7 +1100,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
|
|||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
#if defined(MBEDTLS_SSL_CLI_C)
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN;
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD;
|
||||
|
|
|
@ -1180,26 +1180,21 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl,
|
|||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) &&
|
||||
ssl_tls13_early_data_has_valid_ticket(ssl) &&
|
||||
ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED &&
|
||||
ssl->handshake->hello_retry_request_count == 0) {
|
||||
if (ssl->handshake->hello_retry_request_count == 0) {
|
||||
if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) &&
|
||||
ssl_tls13_early_data_has_valid_ticket(ssl) &&
|
||||
ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
|
||||
ret = mbedtls_ssl_tls13_write_early_data_ext(
|
||||
ssl, 0, p, end, &ext_len);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
p += ext_len;
|
||||
|
||||
ret = mbedtls_ssl_tls13_write_early_data_ext(
|
||||
ssl, 0, p, end, &ext_len);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_SENT;
|
||||
} else {
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
|
||||
}
|
||||
p += ext_len;
|
||||
|
||||
/* Initializes the status to `rejected`. It will be updated to
|
||||
* `accepted` if the EncryptedExtension message contain an early data
|
||||
* indication extension.
|
||||
*/
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
|
||||
} else {
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write early_data extension"));
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
|
@ -1236,7 +1231,7 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl)
|
|||
size_t psk_len;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
|
||||
if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) {
|
||||
if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_SENT) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
1, ("Set hs psk for early data when writing the first psk"));
|
||||
|
||||
|
@ -1299,6 +1294,7 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl)
|
|||
1, ("Switch to early data keys for outbound traffic"));
|
||||
mbedtls_ssl_set_outbound_transform(
|
||||
ssl, ssl->handshake->transform_earlydata);
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE;
|
||||
#endif
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
@ -1971,6 +1967,13 @@ static int ssl_tls13_postprocess_hrr(mbedtls_ssl_context *ssl)
|
|||
}
|
||||
|
||||
ssl->session_negotiate->ciphersuite = ssl->handshake->ciphersuite_info->id;
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
if (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) {
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
|
||||
}
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -2230,6 +2233,8 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl)
|
|||
}
|
||||
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
|
||||
} else if (ssl->early_data_status != MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT) {
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
@ -2567,9 +2572,8 @@ static int ssl_tls13_process_server_finished(mbedtls_ssl_context *ssl)
|
|||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED;
|
||||
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_END_OF_EARLY_DATA);
|
||||
} else if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) {
|
||||
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
|
||||
} else
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
{
|
||||
|
@ -3059,18 +3063,25 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl)
|
|||
*/
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
|
||||
case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
|
||||
ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
|
||||
if (ret == 0) {
|
||||
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
|
||||
ret = 0;
|
||||
if (ssl->handshake->ccs_count == 0) {
|
||||
ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
|
||||
if (ret != 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
|
||||
break;
|
||||
|
||||
case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
|
||||
ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
|
||||
if (ret == 0) {
|
||||
mbedtls_ssl_handshake_set_state(
|
||||
ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
|
||||
ret = 0;
|
||||
if (ssl->handshake->ccs_count == 0) {
|
||||
ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
|
||||
if (ret != 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CERTIFICATE);
|
||||
break;
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
|
@ -3083,6 +3094,7 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl)
|
|||
1, ("Switch to early data keys for outbound traffic"));
|
||||
mbedtls_ssl_set_outbound_transform(
|
||||
ssl, ssl->handshake->transform_earlydata);
|
||||
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE;
|
||||
}
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
|
|
@ -1390,6 +1390,8 @@ int mbedtls_ssl_tls13_write_change_cipher_spec(mbedtls_ssl_context *ssl)
|
|||
/* Dispatch message */
|
||||
MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_write_record(ssl, 0));
|
||||
|
||||
ssl->handshake->ccs_count++;
|
||||
|
||||
cleanup:
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("<= write change cipher spec"));
|
||||
|
|
|
@ -3482,10 +3482,14 @@ int mbedtls_ssl_tls13_handshake_server_step(mbedtls_ssl_context *ssl)
|
|||
break;
|
||||
|
||||
case MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO:
|
||||
ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
|
||||
if (ret == 0) {
|
||||
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
|
||||
ret = 0;
|
||||
if (ssl->handshake->ccs_count == 0) {
|
||||
ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
|
||||
if (ret != 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_ENCRYPTED_EXTENSIONS);
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
|
||||
|
||||
|
|
25
pkgconfig/CMakeLists.txt
Normal file
25
pkgconfig/CMakeLists.txt
Normal file
|
@ -0,0 +1,25 @@
|
|||
if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
|
||||
include(JoinPaths.cmake)
|
||||
join_paths(PKGCONFIG_INCLUDEDIR "\${prefix}" "${CMAKE_INSTALL_INCLUDEDIR}")
|
||||
join_paths(PKGCONFIG_LIBDIR "\${prefix}" "${CMAKE_INSTALL_LIBDIR}")
|
||||
|
||||
#define these manually since minimum CMAKE version is not 3.9 for DESCRIPTION and 3.12 for HOMEPAGE_URL usage in project() below.
|
||||
# Prefix with something that won't clash with newer versions of CMAKE.
|
||||
set(PKGCONFIG_PROJECT_DESCRIPTION "Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.")
|
||||
set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/")
|
||||
|
||||
configure_file(mbedcrypto.pc.in mbedcrypto.pc @ONLY)
|
||||
install(FILES
|
||||
${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto.pc
|
||||
DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
|
||||
|
||||
configure_file(mbedtls.pc.in mbedtls.pc @ONLY)
|
||||
install(FILES
|
||||
${CMAKE_CURRENT_BINARY_DIR}/mbedtls.pc
|
||||
DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
|
||||
|
||||
configure_file(mbedx509.pc.in mbedx509.pc @ONLY)
|
||||
install(FILES
|
||||
${CMAKE_CURRENT_BINARY_DIR}/mbedx509.pc
|
||||
DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
|
||||
endif()
|
27
pkgconfig/JoinPaths.cmake
Normal file
27
pkgconfig/JoinPaths.cmake
Normal file
|
@ -0,0 +1,27 @@
|
|||
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
# This module provides function for joining paths
|
||||
# known from most languages
|
||||
#
|
||||
# Copyright The Mbed TLS Contributors
|
||||
#
|
||||
# This script originates from:
|
||||
# - https://github.com/jtojnar/cmake-snips
|
||||
# Jan has provided re-licensing under Apache 2.0 and GPL 2.0+ and
|
||||
# allowed for the change of Copyright.
|
||||
#
|
||||
# Modelled after Python’s os.path.join
|
||||
# https://docs.python.org/3.7/library/os.path.html#os.path.join
|
||||
# Windows not supported
|
||||
function(join_paths joined_path first_path_segment)
|
||||
set(temp_path "${first_path_segment}")
|
||||
foreach(current_segment IN LISTS ARGN)
|
||||
if(NOT ("${current_segment}" STREQUAL ""))
|
||||
if(IS_ABSOLUTE "${current_segment}")
|
||||
set(temp_path "${current_segment}")
|
||||
else()
|
||||
set(temp_path "${temp_path}/${current_segment}")
|
||||
endif()
|
||||
endif()
|
||||
endforeach()
|
||||
set(${joined_path} "${temp_path}" PARENT_SCOPE)
|
||||
endfunction()
|
10
pkgconfig/mbedcrypto.pc.in
Normal file
10
pkgconfig/mbedcrypto.pc.in
Normal file
|
@ -0,0 +1,10 @@
|
|||
prefix=@CMAKE_INSTALL_PREFIX@
|
||||
includedir=@PKGCONFIG_INCLUDEDIR@
|
||||
libdir=@PKGCONFIG_LIBDIR@
|
||||
|
||||
Name: @PROJECT_NAME@
|
||||
Description: @PKGCONFIG_PROJECT_DESCRIPTION@
|
||||
URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
|
||||
Version: @PROJECT_VERSION@
|
||||
Cflags: -I"${includedir}"
|
||||
Libs: -L"${libdir}" -lmbedcrypto
|
11
pkgconfig/mbedtls.pc.in
Normal file
11
pkgconfig/mbedtls.pc.in
Normal file
|
@ -0,0 +1,11 @@
|
|||
prefix=@CMAKE_INSTALL_PREFIX@
|
||||
includedir=@PKGCONFIG_INCLUDEDIR@
|
||||
libdir=@PKGCONFIG_LIBDIR@
|
||||
|
||||
Name: @PROJECT_NAME@
|
||||
Description: @PKGCONFIG_PROJECT_DESCRIPTION@
|
||||
URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
|
||||
Version: @PROJECT_VERSION@
|
||||
Requires.private: mbedcrypto mbedx509
|
||||
Cflags: -I"${includedir}"
|
||||
Libs: -L"${libdir}" -lmbedtls
|
11
pkgconfig/mbedx509.pc.in
Normal file
11
pkgconfig/mbedx509.pc.in
Normal file
|
@ -0,0 +1,11 @@
|
|||
prefix=@CMAKE_INSTALL_PREFIX@
|
||||
includedir=@PKGCONFIG_INCLUDEDIR@
|
||||
libdir=@PKGCONFIG_LIBDIR@
|
||||
|
||||
Name: @PROJECT_NAME@
|
||||
Description: @PKGCONFIG_PROJECT_DESCRIPTION@
|
||||
URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
|
||||
Version: @PROJECT_VERSION@
|
||||
Requires.private: mbedcrypto
|
||||
Cflags: -I"${includedir}"
|
||||
Libs: -L"${libdir}" -lmbedx509
|
|
@ -66,7 +66,7 @@ int main(void)
|
|||
mbedtls_dhm_context dhm;
|
||||
mbedtls_aes_context aes;
|
||||
|
||||
mbedtls_mpi N, P, Q, D, E;
|
||||
mbedtls_mpi N, P, Q, D, E, dhm_P, dhm_G;
|
||||
|
||||
mbedtls_net_init(&listen_fd);
|
||||
mbedtls_net_init(&client_fd);
|
||||
|
@ -75,8 +75,8 @@ int main(void)
|
|||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
|
||||
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
|
||||
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
|
||||
|
||||
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&dhm_P);
|
||||
mbedtls_mpi_init(&dhm_G);
|
||||
/*
|
||||
* 1. Setup the RNG
|
||||
*/
|
||||
|
@ -141,8 +141,9 @@ int main(void)
|
|||
goto exit;
|
||||
}
|
||||
|
||||
if (mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(P), 16, f) != 0 ||
|
||||
mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(G), 16, f) != 0) {
|
||||
if ((ret = mbedtls_mpi_read_file(&dhm_P, 16, f)) != 0 ||
|
||||
(ret = mbedtls_mpi_read_file(&dhm_G, 16, f)) != 0 ||
|
||||
(ret = mbedtls_dhm_set_group(&dhm, &dhm_P, &dhm_G) != 0)) {
|
||||
mbedtls_printf(" failed\n ! Invalid DH parameter file\n\n");
|
||||
fclose(f);
|
||||
goto exit;
|
||||
|
@ -176,7 +177,7 @@ int main(void)
|
|||
memset(buf, 0, sizeof(buf));
|
||||
|
||||
if ((ret =
|
||||
mbedtls_dhm_make_params(&dhm, (int) mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P)), buf, &n,
|
||||
mbedtls_dhm_make_params(&dhm, (int) mbedtls_dhm_get_len(&dhm), buf, &n,
|
||||
mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
|
||||
mbedtls_printf(" failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret);
|
||||
goto exit;
|
||||
|
@ -286,7 +287,8 @@ int main(void)
|
|||
exit:
|
||||
|
||||
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
|
||||
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
|
||||
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&dhm_P);
|
||||
mbedtls_mpi_free(&dhm_G);
|
||||
|
||||
mbedtls_net_free(&client_fd);
|
||||
mbedtls_net_free(&listen_fd);
|
||||
|
|
|
@ -249,6 +249,7 @@ int main(int argc, char *argv[])
|
|||
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
mbedtls_entropy_init(&entropy);
|
||||
mbedtls_pk_init(&key);
|
||||
mbedtls_ctr_drbg_init(&ctr_drbg);
|
||||
memset(buf, 0, sizeof(buf));
|
||||
|
@ -336,7 +337,6 @@ usage:
|
|||
mbedtls_printf("\n . Seeding the random number generator...");
|
||||
fflush(stdout);
|
||||
|
||||
mbedtls_entropy_init(&entropy);
|
||||
#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
|
||||
if (opt.use_dev_random) {
|
||||
if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll,
|
||||
|
|
|
@ -833,7 +833,7 @@ int main(int argc, char *argv[])
|
|||
mbedtls_net_init(&server_fd);
|
||||
mbedtls_ssl_init(&ssl);
|
||||
mbedtls_ssl_config_init(&conf);
|
||||
memset(&saved_session, 0, sizeof(mbedtls_ssl_session));
|
||||
mbedtls_ssl_session_init(&saved_session);
|
||||
rng_init(&rng);
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
mbedtls_x509_crt_init(&cacert);
|
||||
|
|
|
@ -427,7 +427,7 @@ int test_hooks_failure_detected(void)
|
|||
mbedtls_test_mutex_usage_check();
|
||||
#endif
|
||||
|
||||
if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS) {
|
||||
if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_SUCCESS) {
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
|
|
|
@ -1089,20 +1089,24 @@ int main(int argc, char *argv[])
|
|||
mbedtls_dhm_context dhm;
|
||||
size_t olen;
|
||||
size_t n;
|
||||
mbedtls_mpi P, G;
|
||||
mbedtls_mpi_init(&P); mbedtls_mpi_init(&G);
|
||||
|
||||
for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) {
|
||||
mbedtls_dhm_init(&dhm);
|
||||
|
||||
if (mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(P), dhm_P[i],
|
||||
if (mbedtls_mpi_read_binary(&P, dhm_P[i],
|
||||
dhm_P_size[i]) != 0 ||
|
||||
mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(G), dhm_G[i],
|
||||
dhm_G_size[i]) != 0) {
|
||||
mbedtls_mpi_read_binary(&G, dhm_G[i],
|
||||
dhm_G_size[i]) != 0 ||
|
||||
mbedtls_dhm_set_group(&dhm, &P, &G) != 0) {
|
||||
mbedtls_exit(1);
|
||||
}
|
||||
|
||||
n = mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P));
|
||||
n = mbedtls_dhm_get_len(&dhm);
|
||||
mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL);
|
||||
if (mbedtls_mpi_copy(&dhm.MBEDTLS_PRIVATE(GY), &dhm.MBEDTLS_PRIVATE(GX)) != 0) {
|
||||
|
||||
if (mbedtls_dhm_read_public(&dhm, buf, n) != 0) {
|
||||
mbedtls_exit(1);
|
||||
}
|
||||
|
||||
|
@ -1119,6 +1123,7 @@ int main(int argc, char *argv[])
|
|||
mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL));
|
||||
|
||||
mbedtls_dhm_free(&dhm);
|
||||
mbedtls_mpi_free(&P), mbedtls_mpi_free(&G);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -344,9 +344,11 @@ int main(int argc, char *argv[])
|
|||
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
|
||||
mbedtls_test_mutex_usage_check();
|
||||
#endif
|
||||
int result = (int) mbedtls_test_get_result();
|
||||
|
||||
mbedtls_printf("Running metatest %s... done, result=%d\n",
|
||||
argv[1], (int) mbedtls_test_info.result);
|
||||
mbedtls_exit(mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS ?
|
||||
argv[1], result);
|
||||
mbedtls_exit(result == MBEDTLS_TEST_RESULT_SUCCESS ?
|
||||
MBEDTLS_EXIT_SUCCESS :
|
||||
MBEDTLS_EXIT_FAILURE);
|
||||
}
|
||||
|
|
|
@ -14,7 +14,8 @@
|
|||
#if !defined(MBEDTLS_X509_CSR_WRITE_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
|
||||
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \
|
||||
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
|
||||
!defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO)
|
||||
!defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_FS_IO) || \
|
||||
!defined(MBEDTLS_MD_C)
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_X509_CSR_WRITE_C and/or MBEDTLS_FS_IO and/or "
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
|
||||
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) || \
|
||||
!defined(MBEDTLS_ERROR_C) || !defined(MBEDTLS_MD_CAN_SHA256) || \
|
||||
!defined(MBEDTLS_PEM_WRITE_C)
|
||||
!defined(MBEDTLS_PEM_WRITE_C) || !defined(MBEDTLS_MD_C)
|
||||
int main(void)
|
||||
{
|
||||
mbedtls_printf("MBEDTLS_X509_CRT_WRITE_C and/or MBEDTLS_X509_CRT_PARSE_C and/or "
|
||||
|
|
|
@ -1052,6 +1052,30 @@ rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem
|
|||
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
|
||||
keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
|
||||
|
||||
rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der: rsa_pkcs1_2048_clear.pem
|
||||
$(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der
|
||||
rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem: rsa_pkcs1_2048_clear.pem
|
||||
$(OPENSSL) pkcs8 -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem
|
||||
keys_rsa_enc_pkcs8_v2_2048_aes128cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem
|
||||
|
||||
rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der: rsa_pkcs1_2048_clear.pem
|
||||
$(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der
|
||||
rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem: rsa_pkcs1_2048_clear.pem
|
||||
$(OPENSSL) pkcs8 -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem
|
||||
keys_rsa_enc_pkcs8_v2_2048_aes192cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem
|
||||
|
||||
rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der: rsa_pkcs1_2048_clear.pem
|
||||
$(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der
|
||||
rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem: rsa_pkcs1_2048_clear.pem
|
||||
$(OPENSSL) pkcs8 -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem
|
||||
keys_rsa_enc_pkcs8_v2_2048_aes256cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem
|
||||
|
||||
rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem
|
||||
$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der
|
||||
|
|
Binary file not shown.
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIID4AYf5oXcICAggA
|
||||
MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAECBBCtsq1ZGRGQPDOZ5HWj2WM3BIIE
|
||||
0G6XYOdWx+gqDnXbV4/I8o/whdxUKNXi6lhrJHQBnl+qQPSJnDl4lH6/U7LimyeM
|
||||
SASN9h2BqOQhLi+FPxw19Vn7IzKkNe4c2S87t27/p9ss8jgbKfEDPJ77uxMb64eA
|
||||
WAmDjOr1eL+HM54pIxrWcHKUNrfliffyzcwcTqf99ORj9QeGJ37XuZ7RLMxfoOij
|
||||
4v1YVbSVlMX5SM0tI9/Atm3fUG1zVAm3p3SrSAOr9FkVE0wh/aC5f5KnMzurBq8J
|
||||
f8zGrCP4AmXiowbsJ+GCpKBqOB2mFpBjWt2cwYPuZzP5VUaXiJyOgOYXvxLF4TpB
|
||||
+pDhJfs+P0iG1SWssfLOkp7smFWtowFrGn3y5nDHHd3P8/vyEDS02hdJxoLw0MBe
|
||||
zD3aVeaISOMqjc43cA27Kp7uvG7814XAXe1MPt7Bm5CGa9k6XtVhMTp6RBKxL2ow
|
||||
3U8SjA3PtuLLbNEB8FDGi2MCsoDGfmXdOZqJPJdxSbLWl5/385irsUKQDnDK9xr5
|
||||
tYVAjPLK4tkdtBgGB+Yv2bRYjPdqKiNrE2AuuFN8ESqoir0gOWbGgpmdDpVhG1az
|
||||
Y/Dyv1JcteXo/s3PsIZOXXDQEK7fdr9o/QWY62KJCIQXPZU7K4g2aWLbMN8pWabt
|
||||
3mpBeCeiLz0+miSwHFSfTg/weegogrfeBtSV6zFcBSG0nz73JT1U6U4ecDAsuk23
|
||||
nmLnm3t+n3MTZU18WxTiQrq0n5gOr1XoGduGQYBBS/bhFoQoWvVQ+gaCaR1hF4ap
|
||||
U5vTjYmdIv6Hq/Gl3sNpH324NVTQ2JIHzdItyaZiTugr89+7YxPxpL9pwJJyztdy
|
||||
31l4AvAot9vEJWH6wPC5v66MQrqcJRtdT8BuEJ2RFKkqP0wN66JC7qhtm4v5oVgp
|
||||
tblGcP4oWHMqAZuYUbgJYh5sEXMsO2tbp2ckKOR10ev+Yzq8vQ9AYFSOLNkFAIbA
|
||||
lxv0DJonU288A8Rei3WYU9PfYiYWK7cP/I40xtxOJe3cQEhQTBJwT6K1sv7Q0HAa
|
||||
hs5P2u45XqJh2waqJkeoeri0p20WnSfcWmov0OIMtxWQMT6Yb62v+aKk+nqlurIz
|
||||
BmvJvgZJtnhlJW7WfbSF3kDD8WZbmabJ+rfPclx5/Hyh0JfaHSJDa9Vd8518/wp4
|
||||
Tcptcq7GC93St7PG6RTg4nZzrguwdzBVeDGB0BjP4xI/tzEkk0MgFGAL6JDa/FLv
|
||||
5L8MOjeCLwWO9OtVjt02amc26SMmpEIyzh5f/eXWDBILnZAgbnieqyQm2+KsvQ87
|
||||
9aQdLlC4RvO73f+5Ckygf6vrIW/n8HVmHmLv+qeudVgIiYZVz3/GtiFJjuayMr/D
|
||||
SgvrzNyRw8SQWn5V0ORy/3u86ZfraIq3falIFJGZDG9rdgYoBNHzhMeOXL+fqqHa
|
||||
egvOQbfA4jpmtbWUxeqLqs1bY8T9hGW8lrRm7TofsuxDPOz+VajF/+lqWrvXp6+8
|
||||
Vp10Ig42X88TUroWRrOSXUkR45Xjq/XG5M5mbZQqBygWSqQJ9LrTzu9yqhYsqziB
|
||||
tnwXVpudK/9GK7OKEshJ0s/HsLFHAFRBPJnVP0cXTEg9EczgGBLLT6wAj5zy0dxz
|
||||
Pe8Y46K6wUUHP4Y9IQmJ+i/dBfiaquSNKKdqMU7sT5cd
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
Binary file not shown.
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI8i+OtR0wbD0CAggA
|
||||
MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAEWBBBHvOq1294P18bekzyYVp4QBIIE
|
||||
0AJnZHjPZcPYKdSNaNfPfc2s+UmTgYeLCun5sd+9KIYyozJ2ljZTijsdp/hItWTu
|
||||
DmHrfLTLV8mtL/OFJ83u0rDoHVfSrDLwFMAy/nmbtlLYPFEfU9MQ8s2OtvKuobmI
|
||||
b3x7b+MrTlG5ConptsQQw5tl3dza9DZGfHUnO2EzXorytSMLFCGeQskzbN7Y/Sbf
|
||||
2+IL5yoifcfPddTbKDyTa77K2516tK2+WTU/VUfv2r5d5SiivZLuMjIYrbneHYoq
|
||||
hW30BZozCqJKJ5G2jwNjLUjPirA6qtS0Y1tIb5rRjZ0pSy1X5oIQL2laZLrDo9gP
|
||||
/Ud8m1k2nv9Uv9HPM+G4xCMSiJVaptYPyzFQACcSdA/BVUdBC0EwzIj2nbaoAlM0
|
||||
+sZ2Asbohnds/AsDz+/b6MaMKg9Onoort0zF/HtpSII6+WSmvGOaV2469JEIvZlU
|
||||
JIn1YugpDPIe6/B35J9sYfvVNKVsvJntCKxmcz6Nw2VvPKXC3o/bseBqAhLKDMZZ
|
||||
Hr3id3O7bN2ng3lKuGofmQeMYnW4zb4coXytdc/XCvf63xE0NsUEBFuRMpc9iocC
|
||||
2RMBEzNyE4tnigI61T/zkpwgBic1p/isGoXMdPWl+Z+IAIYgyxOVwO9g78yVW9tp
|
||||
1xF9WzJrGHKNT9RLmINyo3jt/wRj8Q+T0EG45cDQcHwpyXdNS614hUCIaeTvQcR9
|
||||
8F+f4D8IvL+GJt2EtbqL+D687X/hptNehpFf+uxGiHQfrtOvYS/ArNrewa1ts9nq
|
||||
SMAE7Hb7MzFdnhDqRFBa+//H1jvNkDx3qXfb1/MNE8pR6vjcueKKQ0BzlrNX1O2C
|
||||
oz0OCMeDfXZhWdYmNjLNcdbonrvq5Z9nOUEdw2lNWELT4lOAmqgA/xBFdQa4glCx
|
||||
WS1r6DyjgTdGlPbcGugRuTcYXNx6iikWzoS1369maz+WV9qW7r8kA1Fs7WUiYnOb
|
||||
I1E06yQKVANe+t2SQYN2jPK3EsFFOBxG9tlcXbZVxvx9m6XJR7f7YnLPN+b0f1qF
|
||||
cT2c5IhK5pKRiZds82lWBnk+eli+qUXILIBbDvBmY4PyPk+kyewAHI1HWBfoSH/3
|
||||
aLIV6JPgwjAJKnr0++jUqETID/yGyLHNNy1u4ALyAfbFVU//RGmwAxhrBNPdVVGb
|
||||
rBfKL+VL8Hu/m5XWXez0nHKyD8J1i/XO1OutBsXYxEn6Xnu9rJn8F6nJ+XB3zt6K
|
||||
QdkUp85t3GM0wyizuPRWJrSVfYyjV41yEBXqe2lgqTT9dpvpgIRtvUeq83e8PD/3
|
||||
6qKoeTv+3cppCFZ3vLArGvsvRTcbfc3YEzXxz6gc/1HTzd8UpCnA/9+jepG3IzRL
|
||||
1bLs8QVzIBAT/UpuC6QWUdAR/JZMEFLU5FnRh6oXuh2Zys66Ot7LyNhnGlSEPlXI
|
||||
polURx0bew+QigBGiH7NpyMgRi9Wh+1HOA/wsAp4X7O+DhaX6vdiDbQoilN1LclU
|
||||
TRFShpuaxwRA1ek2Jz3JLn7wCsGaVXrd2v/CgrxofCWzGjR2RWj9hAkV4eoJ3G6A
|
||||
x3DhMRrqXc/O3ON9TyhKBZP1g35In5bZmBUv/o+7eYV7KDETxPwsD3A+dCqUJObU
|
||||
kyZehu2DsfyZFI98SnecRpb0M0vi6ZZueCykOVec6xkX
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
Binary file not shown.
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN ENCRYPTED PRIVATE KEY-----
|
||||
MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIhWg0Xe90dAcCAggA
|
||||
MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAEqBBCRE60k0URZBki+hlzaxgZgBIIE
|
||||
0Hffn1sg3qNNUkFDHdbvU9E3+aaMJKWqDS4bUqGguT7Tz36TPM1drUZSFyWvPgNY
|
||||
dXonxu+2h6jzRny0clPyp3kCbJEqgvyj0laKNAfV1fmJRVkIFiCMs0iBLQnyjAJb
|
||||
IJ8hGxsnotdvmL3oTvHq0YawPXRXVDC4qeO+PzcDjSZ62E+Bz1bE2/tLif1BKd0k
|
||||
QbccsD9pCyF8pauCAxgN2AWWdus3IzH+hWUf4DTT7AhCdYNijY+ZmBgKGkJoJWwl
|
||||
aIZrPGJ7tNIDecQt86xLffKifI/b2dO5e3Q1NgNzHM77ncoeLr9nFSlsc2W3qA/A
|
||||
gEDcuGj1ujchKK70Phfz50HMfnP3pCqLk8jDI78/TSvHDiblF68hsUbAsvbtHNu6
|
||||
+AXlDdSU2bcRyQRsjvaf2lMLt+qkUX+P640SKnXIYa1o9dv4+alE4XTZaimmOnao
|
||||
DjYm6bTHAYcE//DW/LXt7V+q1KCPqpoHMR140vyjIRN8uEcPXyTka6lU34ypIhUb
|
||||
N7ggLrXrCjh3nJo+nCtXOIMf9O9eD9I/0i8dktZFuTRj1sO/z9J/xFxHTdBG/BB5
|
||||
1MEmwriRubrw5Ud+uXnRq+lg5rW3n4+5TBvwYq/GLfyj36ojegbE8OdMfJJqCdd4
|
||||
zywMXwYiMi76gYAwEL60DWRn+3vud02QwY8hBXfiOPq2kxazvZM5SWy/1bPgStkn
|
||||
fG9uzE8n/ABZA0XWuV8hNAcxYlS+0s3IguvvHogQtQMYTTg/D3OODpc0f/+y3O8N
|
||||
qI5Iym1SrWpnF8vVFZsMblMDr+tbeCvYQ+HuaTc0L5cpAozoY7iCzuqwDHFrYTzC
|
||||
rSZ70V+FQ956m4xkCBu6TrzqzhA8zfDFs3z9LfV62v9zLgUS8uCKSKWxznM0IdiE
|
||||
ZnNrwaE1xsO5QN8LfvlO4NVVxN/ATie5tmlLndS4c2ZkswcR3WM6cW1buVaIPsz7
|
||||
lU7sbd/I9pWpzd3eZNkVrWpyWxvFQxBUNNC5IXcgRBZsGgVGRw35LBlWXKluKrVi
|
||||
Z/FAf23dt3n2S4dtJ+Fd2+YL/YiK0lqtrm+GkSjmMvVQ57PJn8QvW359e4QsxDyN
|
||||
wv6iEQDUqZcQ89ggdGdoSFFgBtFACc9iCKsu5AjTJl+Tql/A3FV7SwYDfZwQuT4e
|
||||
gc4dZPuSSVd8cttUeFUmtrPCMx2nP7ZDVYFrZyK07eAIL89gv3bYWu8R/wMKNvzr
|
||||
g0Ao0+AnfLJg11C8pAhJea1dxwu7g6LSpA+oCZov4RpqUnLKMCpPbypyFhSizZtF
|
||||
evDMf+5aUAbe0+ZsCjUT+RftpzYCPV9uGhYhLMIFRP/7FCcHMrDn7CbAektm063U
|
||||
EwP2O1rUrMhPWqRztx71cGBloeVPE8Ddwnsorr4M7EXihZcvNsLfz3N9NUopkU3M
|
||||
sM2fEAnq2KMyrrwVGRSHvm70gUDpJeFanRBsI9z1Tr4r3utHIIQ+0u9pFPbQln0Q
|
||||
4X4U7KbKC4leTYGMPMFOPXihiMTazNcs232stAYUYe6/DmVX/p2dJHvHux5qBGIW
|
||||
Rbv7OuwazOsDqNfrqZTesENIGl/KPoNXiolp/YtG3DHQ1vDjEj/XTOVWWkBDXVgP
|
||||
ut4Pi20hvFBwvEBtypAgi1VLcad5+dlrEwryewlLLw5h
|
||||
-----END ENCRYPTED PRIVATE KEY-----
|
|
@ -77,14 +77,14 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N);
|
|||
*
|
||||
* - This function guarantees that if \p s begins with '-' then the sign
|
||||
* bit of the result will be negative, even if the value is 0.
|
||||
* When this function encounters such a "negative 0", it
|
||||
* increments #mbedtls_test_case_uses_negative_0.
|
||||
* - The size of the result is exactly the minimum number of limbs needed
|
||||
* to fit the digits in the input. In particular, this function constructs
|
||||
* a bignum with 0 limbs for an empty string, and a bignum with leading 0
|
||||
* limbs if the string has sufficiently many leading 0 digits.
|
||||
* This is important so that the "0 (null)" and "0 (1 limb)" and
|
||||
* "leading zeros" test cases do what they claim.
|
||||
* When this function encounters such a "negative 0", it calls
|
||||
* mbedtls_test_increment_case_uses_negative_0().
|
||||
* - The size of the result is exactly the minimum number of limbs needed to fit
|
||||
* the digits in the input. In particular, this function constructs a bignum
|
||||
* with 0 limbs for an empty string, and a bignum with leading 0 limbs if the
|
||||
* string has sufficiently many leading 0 digits. This is important so that
|
||||
* the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they
|
||||
* claim.
|
||||
*
|
||||
* \param[out] X The MPI object to populate. It must be initialized.
|
||||
* \param[in] s The null-terminated hexadecimal string to read from.
|
||||
|
@ -93,14 +93,6 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N);
|
|||
*/
|
||||
int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s);
|
||||
|
||||
/** Nonzero if the current test case had an input parsed with
|
||||
* mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc.,
|
||||
* constructing a result with the sign bit set to -1 and the value being
|
||||
* all-limbs-0, which is not a valid representation in #mbedtls_mpi but is
|
||||
* tested for robustness).
|
||||
*/
|
||||
extern unsigned mbedtls_test_case_uses_negative_0;
|
||||
|
||||
#endif /* MBEDTLS_BIGNUM_C */
|
||||
|
||||
#endif /* TEST_BIGNUM_HELPERS_H */
|
||||
|
|
|
@ -40,6 +40,11 @@
|
|||
#endif
|
||||
|
||||
#include "test/threading_helpers.h"
|
||||
|
||||
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
|
||||
#include "mbedtls/threading.h"
|
||||
#endif
|
||||
|
||||
#include "mbedtls/platform.h"
|
||||
|
||||
#include <stddef.h>
|
||||
|
@ -61,20 +66,128 @@ typedef enum {
|
|||
MBEDTLS_TEST_RESULT_SKIPPED
|
||||
} mbedtls_test_result_t;
|
||||
|
||||
#define MBEDTLS_TEST_LINE_LENGTH 76
|
||||
|
||||
typedef struct {
|
||||
mbedtls_test_result_t result;
|
||||
const char *test;
|
||||
const char *filename;
|
||||
int line_no;
|
||||
unsigned long step;
|
||||
char line1[76];
|
||||
char line2[76];
|
||||
char line1[MBEDTLS_TEST_LINE_LENGTH];
|
||||
char line2[MBEDTLS_TEST_LINE_LENGTH];
|
||||
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
|
||||
const char *mutex_usage_error;
|
||||
#endif
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
unsigned case_uses_negative_0;
|
||||
#endif
|
||||
}
|
||||
mbedtls_test_info_t;
|
||||
extern mbedtls_test_info_t mbedtls_test_info;
|
||||
|
||||
/**
|
||||
* \brief Get the current test result status
|
||||
*
|
||||
* \return The current test result status
|
||||
*/
|
||||
mbedtls_test_result_t mbedtls_test_get_result(void);
|
||||
|
||||
/**
|
||||
* \brief Get the current test name/description
|
||||
*
|
||||
* \return The current test name/description
|
||||
*/
|
||||
const char *mbedtls_test_get_test(void);
|
||||
|
||||
/**
|
||||
* \brief Get the current test filename
|
||||
*
|
||||
* \return The current test filename
|
||||
*/
|
||||
const char *mbedtls_get_test_filename(void);
|
||||
|
||||
/**
|
||||
* \brief Get the current test file line number (for failure / skip)
|
||||
*
|
||||
* \return The current test file line number (for failure / skip)
|
||||
*/
|
||||
int mbedtls_test_get_line_no(void);
|
||||
|
||||
/**
|
||||
* \brief Increment the current test step.
|
||||
*
|
||||
* \note It is not recommended for multiple threads to call this
|
||||
* function concurrently - whilst it is entirely thread safe,
|
||||
* the order of calls to this function can obviously not be
|
||||
* ensured, so unexpected results may occur.
|
||||
*/
|
||||
void mbedtls_test_increment_step(void);
|
||||
|
||||
/**
|
||||
* \brief Get the current test step
|
||||
*
|
||||
* \return The current test step
|
||||
*/
|
||||
unsigned long mbedtls_test_get_step(void);
|
||||
|
||||
/**
|
||||
* \brief Get the current test line buffer 1
|
||||
*
|
||||
* \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH,
|
||||
* which will have line buffer 1 copied to it.
|
||||
*/
|
||||
void mbedtls_test_get_line1(char *line);
|
||||
|
||||
/**
|
||||
* \brief Get the current test line buffer 2
|
||||
*
|
||||
* \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH,
|
||||
* which will have line buffer 1 copied to it.
|
||||
*/
|
||||
void mbedtls_test_get_line2(char *line);
|
||||
|
||||
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
|
||||
/**
|
||||
* \brief Get the current mutex usage error message
|
||||
*
|
||||
* \return The current mutex error message (may be NULL if no error)
|
||||
*/
|
||||
const char *mbedtls_test_get_mutex_usage_error(void);
|
||||
|
||||
/**
|
||||
* \brief Set the current mutex usage error message
|
||||
*
|
||||
* \note This will only set the mutex error message if one has not
|
||||
* already been set, or if we are clearing the message (msg is
|
||||
* NULL)
|
||||
*
|
||||
* \param msg Error message to set (can be NULL to clear)
|
||||
*/
|
||||
void mbedtls_test_set_mutex_usage_error(const char *msg);
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
|
||||
/**
|
||||
* \brief Get whether the current test is a bignum test that uses
|
||||
* negative zero.
|
||||
*
|
||||
* \return non zero if the current test uses bignum negative zero.
|
||||
*/
|
||||
unsigned mbedtls_test_get_case_uses_negative_0(void);
|
||||
|
||||
/**
|
||||
* \brief Indicate that the current test uses bignum negative zero.
|
||||
*
|
||||
* \note This function is called if the current test case had an
|
||||
* input parsed with mbedtls_test_read_mpi() that is a negative
|
||||
* 0 (`"-"`, `"-0"`, `"-00"`, etc., constructing a result with
|
||||
* the sign bit set to -1 and the value being all-limbs-0,
|
||||
* which is not a valid representation in #mbedtls_mpi but is
|
||||
* tested for robustness). *
|
||||
*/
|
||||
void mbedtls_test_increment_case_uses_negative_0(void);
|
||||
#endif
|
||||
|
||||
int mbedtls_test_platform_setup(void);
|
||||
void mbedtls_test_platform_teardown(void);
|
||||
|
@ -111,24 +224,42 @@ void mbedtls_test_fail(const char *test, int line_no, const char *filename);
|
|||
void mbedtls_test_skip(const char *test, int line_no, const char *filename);
|
||||
|
||||
/**
|
||||
* \brief Set the test step number for failure reports.
|
||||
* \brief Set the test step number for failure reports.
|
||||
*
|
||||
* Call this function to display "step NNN" in addition to the
|
||||
* line number and file name if a test fails. Typically the "step
|
||||
* number" is the index of a for loop but it can be whatever you
|
||||
* want.
|
||||
* Call this function to display "step NNN" in addition to the
|
||||
* line number and file name if a test fails. Typically the
|
||||
* "step number" is the index of a for loop but it can be
|
||||
* whatever you want.
|
||||
*
|
||||
* \note It is not recommended for multiple threads to call this
|
||||
* function concurrently - whilst it is entirely thread safe,
|
||||
* the order of calls to this function can obviously not be
|
||||
* ensured, so unexpected results may occur.
|
||||
*
|
||||
* \param step The step number to report.
|
||||
*/
|
||||
void mbedtls_test_set_step(unsigned long step);
|
||||
|
||||
/**
|
||||
* \brief Reset mbedtls_test_info to a ready/starting state.
|
||||
* \brief Reset mbedtls_test_info to a ready/starting state.
|
||||
*/
|
||||
void mbedtls_test_info_reset(void);
|
||||
|
||||
#ifdef MBEDTLS_TEST_MUTEX_USAGE
|
||||
/**
|
||||
* \brief Record the current test case as a failure if two integers
|
||||
* \brief Get the test info data mutex.
|
||||
*
|
||||
* \note This is designed only to be used by threading_helpers to
|
||||
* avoid a deadlock, not for general access to this mutex.
|
||||
*
|
||||
* \return The test info data mutex.
|
||||
*/
|
||||
mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void);
|
||||
|
||||
#endif /* MBEDTLS_TEST_MUTEX_USAGE */
|
||||
|
||||
/**
|
||||
* \brief Record the current test case as a failure if two integers
|
||||
* have a different value.
|
||||
*
|
||||
* This function is usually called via the macro
|
||||
|
|
|
@ -85,6 +85,7 @@ typedef struct mbedtls_test_ssl_log_pattern {
|
|||
|
||||
typedef struct mbedtls_test_handshake_test_options {
|
||||
const char *cipher;
|
||||
uint16_t *group_list;
|
||||
mbedtls_ssl_protocol_version client_min_version;
|
||||
mbedtls_ssl_protocol_version client_max_version;
|
||||
mbedtls_ssl_protocol_version server_min_version;
|
||||
|
@ -112,6 +113,7 @@ typedef struct mbedtls_test_handshake_test_options {
|
|||
void (*srv_log_fun)(void *, int, const char *, int, const char *);
|
||||
void (*cli_log_fun)(void *, int, const char *, int, const char *);
|
||||
int resize_buffers;
|
||||
int early_data;
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
mbedtls_ssl_cache_context *cache;
|
||||
#endif
|
||||
|
@ -440,8 +442,7 @@ int mbedtls_test_ssl_endpoint_init(
|
|||
mbedtls_test_handshake_test_options *options,
|
||||
mbedtls_test_message_socket_context *dtls_context,
|
||||
mbedtls_test_ssl_message_queue *input_queue,
|
||||
mbedtls_test_ssl_message_queue *output_queue,
|
||||
uint16_t *group_list);
|
||||
mbedtls_test_ssl_message_queue *output_queue);
|
||||
|
||||
/*
|
||||
* Deinitializes endpoint represented by \p ep.
|
||||
|
@ -599,6 +600,17 @@ int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
|
|||
unsigned char *buf, size_t len);
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \
|
||||
defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
int mbedtls_test_get_tls13_ticket(
|
||||
mbedtls_test_handshake_test_options *client_options,
|
||||
mbedtls_test_handshake_test_options *server_options,
|
||||
mbedtls_ssl_session *session);
|
||||
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C &&
|
||||
MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS &&
|
||||
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
|
||||
#define ECJPAKE_TEST_PWD "bla"
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
|
|
|
@ -3691,6 +3691,75 @@ component_test_psa_crypto_config_reference_hash_use_psa() {
|
|||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
# Auxiliary function to build config for hashes with and without drivers
|
||||
config_psa_crypto_hmac_use_psa () {
|
||||
driver_only="$1"
|
||||
# start with config full for maximum coverage (also enables USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
if [ "$driver_only" -eq 1 ]; then
|
||||
# Disable MD_C in order to disable the builtin support for HMAC. MD_LIGHT
|
||||
# is still enabled though (for ENTROPY_C among others).
|
||||
scripts/config.py unset MBEDTLS_MD_C
|
||||
# Disable also the builtin hashes since they are supported by the driver
|
||||
# and MD module is able to perform PSA dispathing.
|
||||
scripts/config.py unset-all MBEDTLS_SHA
|
||||
scripts/config.py unset MBEDTLS_MD5_C
|
||||
scripts/config.py unset MBEDTLS_RIPEMD160_C
|
||||
fi
|
||||
|
||||
# Direct dependencies of MD_C. We disable them also in the reference
|
||||
# component to work with the same set of features.
|
||||
scripts/config.py unset MBEDTLS_PKCS7_C
|
||||
scripts/config.py unset MBEDTLS_PKCS5_C
|
||||
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
|
||||
scripts/config.py unset MBEDTLS_HKDF_C
|
||||
# Dependencies of HMAC_DRBG
|
||||
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
|
||||
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_hmac() {
|
||||
msg "test: full with accelerated hmac"
|
||||
|
||||
loc_accel_list="ALG_HMAC KEY_TYPE_HMAC \
|
||||
ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \
|
||||
ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
||||
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
||||
|
||||
# Configure
|
||||
# ---------
|
||||
|
||||
config_psa_crypto_hmac_use_psa 1
|
||||
|
||||
# Build
|
||||
# -----
|
||||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list"
|
||||
|
||||
helper_libtestdriver1_make_main "$loc_accel_list"
|
||||
|
||||
# Ensure that built-in support for HMAC is disabled.
|
||||
not grep mbedtls_md_hmac library/md.o
|
||||
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: full with accelerated hmac"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_reference_hmac() {
|
||||
msg "test: full without accelerated hmac"
|
||||
|
||||
config_psa_crypto_hmac_use_psa 0
|
||||
|
||||
make
|
||||
|
||||
msg "test: full without accelerated hmac"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_des () {
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated DES"
|
||||
|
||||
|
|
|
@ -240,6 +240,44 @@ KNOWN_TASKS = {
|
|||
}
|
||||
}
|
||||
},
|
||||
'analyze_driver_vs_reference_hmac': {
|
||||
'test_function': do_analyze_driver_vs_reference,
|
||||
'args': {
|
||||
'component_ref': 'test_psa_crypto_config_reference_hmac',
|
||||
'component_driver': 'test_psa_crypto_config_accel_hmac',
|
||||
'ignored_suites': [
|
||||
# These suites require legacy hash support, which is disabled
|
||||
# in the accelerated component.
|
||||
'shax', 'mdx',
|
||||
# This suite tests builtins directly, but these are missing
|
||||
# in the accelerated case.
|
||||
'psa_crypto_low_hash.generated',
|
||||
],
|
||||
'ignored_tests': {
|
||||
'test_suite_md': [
|
||||
# Builtin HMAC is not supported in the accelerate component.
|
||||
re.compile('.*HMAC.*'),
|
||||
# Following tests make use of functions which are not available
|
||||
# when MD_C is disabled, as it happens in the accelerated
|
||||
# test component.
|
||||
re.compile('generic .* Hash file .*'),
|
||||
'MD list',
|
||||
],
|
||||
'test_suite_md.psa': [
|
||||
# "legacy only" tests require hash algorithms to be NOT
|
||||
# accelerated, but this of course false for the accelerated
|
||||
# test component.
|
||||
re.compile('PSA dispatch .* legacy only'),
|
||||
],
|
||||
'test_suite_platform': [
|
||||
# Incompatible with sanitizers (e.g. ASan). If the driver
|
||||
# component uses a sanitizer but the reference component
|
||||
# doesn't, we have a PASS vs SKIP mismatch.
|
||||
'Check mbedtls_calloc overallocation',
|
||||
],
|
||||
}
|
||||
}
|
||||
},
|
||||
'analyze_driver_vs_reference_cipher_aead_cmac': {
|
||||
'test_function': do_analyze_driver_vs_reference,
|
||||
'args': {
|
||||
|
@ -562,6 +600,11 @@ KNOWN_TASKS = {
|
|||
# but these are not available in the accelerated component.
|
||||
re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'),
|
||||
],
|
||||
'test_suite_pkcs5': [
|
||||
# The AES part of PKCS#5 PBES2 is not yet supported.
|
||||
# The rest of PKCS#5 (PBKDF2) works, though.
|
||||
re.compile(r'PBES2 .* AES-.*')
|
||||
],
|
||||
'test_suite_pkparse': [
|
||||
# PEM (called by pkparse) requires AES_C in order to decrypt
|
||||
# the key, but this is not available in the accelerated
|
||||
|
@ -571,8 +614,7 @@ KNOWN_TASKS = {
|
|||
'test_suite_pem': [
|
||||
# Following tests require AES_C, but this is diabled in the
|
||||
# accelerated component.
|
||||
'PEM read (AES-128-CBC + invalid iv)',
|
||||
'PEM read (malformed PEM AES-128-CBC)',
|
||||
re.compile('PEM read .*AES.*'),
|
||||
'PEM read (unknown encryption algorithm)',
|
||||
],
|
||||
'test_suite_error': [
|
||||
|
|
|
@ -135,7 +135,7 @@ int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s)
|
|||
}
|
||||
if (negative) {
|
||||
if (mbedtls_mpi_cmp_int(X, 0) == 0) {
|
||||
++mbedtls_test_case_uses_negative_0;
|
||||
mbedtls_test_increment_case_uses_negative_0();
|
||||
}
|
||||
X->s = -1;
|
||||
}
|
||||
|
|
|
@ -13,6 +13,10 @@
|
|||
#include <test/psa_crypto_helpers.h>
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_THREADING_C)
|
||||
#include "mbedtls/threading.h"
|
||||
#endif
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
/* Static global variables */
|
||||
|
||||
|
@ -20,7 +24,267 @@
|
|||
static mbedtls_platform_context platform_ctx;
|
||||
#endif
|
||||
|
||||
mbedtls_test_info_t mbedtls_test_info;
|
||||
static mbedtls_test_info_t mbedtls_test_info;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_threading_mutex_t mbedtls_test_info_mutex;
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
/* Mbedtls Test Info accessors */
|
||||
|
||||
mbedtls_test_result_t mbedtls_test_get_result(void)
|
||||
{
|
||||
mbedtls_test_result_t result;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
result = mbedtls_test_info.result;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
return result;
|
||||
}
|
||||
|
||||
void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test,
|
||||
int line_no, const char *filename)
|
||||
{
|
||||
/* Internal function only - mbedtls_test_info_mutex should be held prior
|
||||
* to calling this function. */
|
||||
|
||||
mbedtls_test_info.result = result;
|
||||
mbedtls_test_info.test = test;
|
||||
mbedtls_test_info.line_no = line_no;
|
||||
mbedtls_test_info.filename = filename;
|
||||
}
|
||||
|
||||
const char *mbedtls_test_get_test(void)
|
||||
{
|
||||
const char *test;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
test = mbedtls_test_info.test;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
return test;
|
||||
}
|
||||
const char *mbedtls_get_test_filename(void)
|
||||
{
|
||||
const char *filename;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
/* It should be ok just to pass back the pointer here, as it is going to
|
||||
* be a pointer into non changing data. */
|
||||
filename = mbedtls_test_info.filename;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
return filename;
|
||||
}
|
||||
|
||||
int mbedtls_test_get_line_no(void)
|
||||
{
|
||||
int line_no;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
line_no = mbedtls_test_info.line_no;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
return line_no;
|
||||
}
|
||||
|
||||
void mbedtls_test_increment_step(void)
|
||||
{
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
++mbedtls_test_info.step;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
}
|
||||
|
||||
unsigned long mbedtls_test_get_step(void)
|
||||
{
|
||||
unsigned long step;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
step = mbedtls_test_info.step;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
return step;
|
||||
}
|
||||
|
||||
void mbedtls_test_reset_step(void)
|
||||
{
|
||||
/* Internal function only - mbedtls_test_info_mutex should be held prior
|
||||
* to calling this function. */
|
||||
|
||||
mbedtls_test_info.step = (unsigned long) (-1);
|
||||
}
|
||||
|
||||
void mbedtls_test_set_step(unsigned long step)
|
||||
{
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
mbedtls_test_info.step = step;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
}
|
||||
|
||||
void mbedtls_test_get_line1(char *line)
|
||||
{
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
memcpy(line, mbedtls_test_info.line1, MBEDTLS_TEST_LINE_LENGTH);
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
}
|
||||
|
||||
void mbedtls_test_set_line1(const char *line)
|
||||
{
|
||||
/* Internal function only - mbedtls_test_info_mutex should be held prior
|
||||
* to calling this function. */
|
||||
|
||||
if (line == NULL) {
|
||||
memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH);
|
||||
} else {
|
||||
memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH);
|
||||
}
|
||||
}
|
||||
|
||||
void mbedtls_test_get_line2(char *line)
|
||||
{
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
memcpy(line, mbedtls_test_info.line2, MBEDTLS_TEST_LINE_LENGTH);
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
}
|
||||
|
||||
void mbedtls_test_set_line2(const char *line)
|
||||
{
|
||||
/* Internal function only - mbedtls_test_info_mutex should be held prior
|
||||
* to calling this function. */
|
||||
|
||||
if (line == NULL) {
|
||||
memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH);
|
||||
} else {
|
||||
memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
|
||||
const char *mbedtls_test_get_mutex_usage_error(void)
|
||||
{
|
||||
return mbedtls_test_info.mutex_usage_error;
|
||||
}
|
||||
|
||||
void mbedtls_test_set_mutex_usage_error(const char *msg)
|
||||
{
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) {
|
||||
mbedtls_test_info.mutex_usage_error = msg;
|
||||
}
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
}
|
||||
#endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE)
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
|
||||
unsigned mbedtls_test_get_case_uses_negative_0(void)
|
||||
{
|
||||
unsigned test_case_uses_negative_0 = 0;
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
test_case_uses_negative_0 = mbedtls_test_info.case_uses_negative_0;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
return test_case_uses_negative_0;
|
||||
}
|
||||
|
||||
void mbedtls_test_set_case_uses_negative_0(unsigned uses)
|
||||
{
|
||||
/* Internal function only - mbedtls_test_info_mutex should be held prior
|
||||
* to calling this function. */
|
||||
|
||||
mbedtls_test_info.case_uses_negative_0 = uses;
|
||||
}
|
||||
|
||||
void mbedtls_test_increment_case_uses_negative_0(void)
|
||||
{
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
++mbedtls_test_info.case_uses_negative_0;
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_BIGNUM_C */
|
||||
|
||||
#ifdef MBEDTLS_TEST_MUTEX_USAGE
|
||||
mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void)
|
||||
{
|
||||
return &mbedtls_test_info_mutex;
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_TEST_MUTEX_USAGE */
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
/* Helper Functions */
|
||||
|
@ -44,11 +308,19 @@ int mbedtls_test_platform_setup(void)
|
|||
ret = mbedtls_platform_setup(&platform_ctx);
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_init(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
void mbedtls_test_platform_teardown(void)
|
||||
{
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_free(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
#if defined(MBEDTLS_PLATFORM_C)
|
||||
mbedtls_platform_teardown(&platform_ctx);
|
||||
#endif /* MBEDTLS_PLATFORM_C */
|
||||
|
@ -69,48 +341,63 @@ int mbedtls_test_ascii2uc(const char c, unsigned char *uc)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static void mbedtls_test_fail_internal(const char *test, int line_no, const char *filename)
|
||||
{
|
||||
/* Internal function only - mbedtls_test_info_mutex should be held prior
|
||||
* to calling this function. */
|
||||
|
||||
/* Don't use accessor, we already hold mutex. */
|
||||
if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
|
||||
/* If we have already recorded the test as having failed then don't
|
||||
* overwrite any previous information about the failure. */
|
||||
mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename);
|
||||
}
|
||||
}
|
||||
|
||||
void mbedtls_test_fail(const char *test, int line_no, const char *filename)
|
||||
{
|
||||
if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) {
|
||||
/* We've already recorded the test as having failed. Don't
|
||||
* overwrite any previous information about the failure. */
|
||||
return;
|
||||
}
|
||||
mbedtls_test_info.result = MBEDTLS_TEST_RESULT_FAILED;
|
||||
mbedtls_test_info.test = test;
|
||||
mbedtls_test_info.line_no = line_no;
|
||||
mbedtls_test_info.filename = filename;
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
mbedtls_test_fail_internal(test, line_no, filename);
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
}
|
||||
|
||||
void mbedtls_test_skip(const char *test, int line_no, const char *filename)
|
||||
{
|
||||
mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SKIPPED;
|
||||
mbedtls_test_info.test = test;
|
||||
mbedtls_test_info.line_no = line_no;
|
||||
mbedtls_test_info.filename = filename;
|
||||
}
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
void mbedtls_test_set_step(unsigned long step)
|
||||
{
|
||||
mbedtls_test_info.step = step;
|
||||
}
|
||||
mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename);
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
unsigned mbedtls_test_case_uses_negative_0 = 0;
|
||||
#endif
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
}
|
||||
|
||||
void mbedtls_test_info_reset(void)
|
||||
{
|
||||
mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SUCCESS;
|
||||
mbedtls_test_info.step = (unsigned long) (-1);
|
||||
mbedtls_test_info.test = 0;
|
||||
mbedtls_test_info.line_no = 0;
|
||||
mbedtls_test_info.filename = 0;
|
||||
memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1));
|
||||
memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2));
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0);
|
||||
mbedtls_test_reset_step();
|
||||
mbedtls_test_set_line1(NULL);
|
||||
mbedtls_test_set_line2(NULL);
|
||||
|
||||
#if defined(MBEDTLS_BIGNUM_C)
|
||||
mbedtls_test_case_uses_negative_0 = 0;
|
||||
mbedtls_test_set_case_uses_negative_0(0);
|
||||
#endif
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
}
|
||||
|
||||
int mbedtls_test_equal(const char *test, int line_no, const char *filename,
|
||||
|
@ -123,20 +410,31 @@ int mbedtls_test_equal(const char *test, int line_no, const char *filename,
|
|||
return 1;
|
||||
}
|
||||
|
||||
if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) {
|
||||
/* We've already recorded the test as having failed. Don't
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
/* Don't use accessor, as we already hold mutex. */
|
||||
if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
|
||||
/* If we've already recorded the test as having failed then don't
|
||||
* overwrite any previous information about the failure. */
|
||||
return 0;
|
||||
|
||||
char buf[MBEDTLS_TEST_LINE_LENGTH];
|
||||
mbedtls_test_fail_internal(test, line_no, filename);
|
||||
(void) mbedtls_snprintf(buf, sizeof(buf),
|
||||
"lhs = 0x%016llx = %lld",
|
||||
value1, (long long) value1);
|
||||
mbedtls_test_set_line1(buf);
|
||||
(void) mbedtls_snprintf(buf, sizeof(buf),
|
||||
"rhs = 0x%016llx = %lld",
|
||||
value2, (long long) value2);
|
||||
mbedtls_test_set_line2(buf);
|
||||
}
|
||||
mbedtls_test_fail(test, line_no, filename);
|
||||
(void) mbedtls_snprintf(mbedtls_test_info.line1,
|
||||
sizeof(mbedtls_test_info.line1),
|
||||
"lhs = 0x%016llx = %lld",
|
||||
value1, (long long) value1);
|
||||
(void) mbedtls_snprintf(mbedtls_test_info.line2,
|
||||
sizeof(mbedtls_test_info.line2),
|
||||
"rhs = 0x%016llx = %lld",
|
||||
value2, (long long) value2);
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -150,20 +448,31 @@ int mbedtls_test_le_u(const char *test, int line_no, const char *filename,
|
|||
return 1;
|
||||
}
|
||||
|
||||
if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) {
|
||||
/* We've already recorded the test as having failed. Don't
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
/* Don't use accessor, we already hold mutex. */
|
||||
if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
|
||||
/* If we've already recorded the test as having failed then don't
|
||||
* overwrite any previous information about the failure. */
|
||||
return 0;
|
||||
|
||||
char buf[MBEDTLS_TEST_LINE_LENGTH];
|
||||
mbedtls_test_fail_internal(test, line_no, filename);
|
||||
(void) mbedtls_snprintf(buf, sizeof(buf),
|
||||
"lhs = 0x%016llx = %llu",
|
||||
value1, value1);
|
||||
mbedtls_test_set_line1(buf);
|
||||
(void) mbedtls_snprintf(buf, sizeof(buf),
|
||||
"rhs = 0x%016llx = %llu",
|
||||
value2, value2);
|
||||
mbedtls_test_set_line2(buf);
|
||||
}
|
||||
mbedtls_test_fail(test, line_no, filename);
|
||||
(void) mbedtls_snprintf(mbedtls_test_info.line1,
|
||||
sizeof(mbedtls_test_info.line1),
|
||||
"lhs = 0x%016llx = %llu",
|
||||
value1, value1);
|
||||
(void) mbedtls_snprintf(mbedtls_test_info.line2,
|
||||
sizeof(mbedtls_test_info.line2),
|
||||
"rhs = 0x%016llx = %llu",
|
||||
value2, value2);
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -177,20 +486,31 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename,
|
|||
return 1;
|
||||
}
|
||||
|
||||
if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) {
|
||||
/* We've already recorded the test as having failed. Don't
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_lock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
/* Don't use accessor, we already hold mutex. */
|
||||
if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
|
||||
/* If we've already recorded the test as having failed then don't
|
||||
* overwrite any previous information about the failure. */
|
||||
return 0;
|
||||
|
||||
char buf[MBEDTLS_TEST_LINE_LENGTH];
|
||||
mbedtls_test_fail_internal(test, line_no, filename);
|
||||
(void) mbedtls_snprintf(buf, sizeof(buf),
|
||||
"lhs = 0x%016llx = %lld",
|
||||
(unsigned long long) value1, value1);
|
||||
mbedtls_test_set_line1(buf);
|
||||
(void) mbedtls_snprintf(buf, sizeof(buf),
|
||||
"rhs = 0x%016llx = %lld",
|
||||
(unsigned long long) value2, value2);
|
||||
mbedtls_test_set_line2(buf);
|
||||
}
|
||||
mbedtls_test_fail(test, line_no, filename);
|
||||
(void) mbedtls_snprintf(mbedtls_test_info.line1,
|
||||
sizeof(mbedtls_test_info.line1),
|
||||
"lhs = 0x%016llx = %lld",
|
||||
(unsigned long long) value1, value1);
|
||||
(void) mbedtls_snprintf(mbedtls_test_info.line2,
|
||||
sizeof(mbedtls_test_info.line2),
|
||||
"rhs = 0x%016llx = %lld",
|
||||
(unsigned long long) value2, value2);
|
||||
|
||||
#ifdef MBEDTLS_THREADING_C
|
||||
mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
|
||||
#endif /* MBEDTLS_THREADING_C */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
@ -49,36 +49,26 @@ void mbedtls_test_init_handshake_options(
|
|||
srand(rng_seed);
|
||||
rng_seed += 0xD0;
|
||||
#endif
|
||||
|
||||
memset(opts, 0, sizeof(*opts));
|
||||
|
||||
opts->cipher = "";
|
||||
opts->client_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
|
||||
opts->client_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
|
||||
opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
|
||||
opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
|
||||
opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_3;
|
||||
opts->expected_handshake_result = 0;
|
||||
opts->expected_ciphersuite = 0;
|
||||
opts->pk_alg = MBEDTLS_PK_RSA;
|
||||
opts->opaque_alg = 0;
|
||||
opts->opaque_alg2 = 0;
|
||||
opts->opaque_usage = 0;
|
||||
opts->psk_str = NULL;
|
||||
opts->dtls = 0;
|
||||
opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
|
||||
opts->serialize = 0;
|
||||
opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
|
||||
opts->cli_msg_len = 100;
|
||||
opts->srv_msg_len = 100;
|
||||
opts->expected_cli_fragments = 1;
|
||||
opts->expected_srv_fragments = 1;
|
||||
opts->renegotiate = 0;
|
||||
opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
|
||||
opts->srv_log_obj = NULL;
|
||||
opts->cli_log_obj = NULL;
|
||||
opts->srv_log_fun = NULL;
|
||||
opts->cli_log_fun = NULL;
|
||||
opts->resize_buffers = 1;
|
||||
opts->early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
|
||||
#if defined(MBEDTLS_SSL_CACHE_C)
|
||||
opts->cache = NULL;
|
||||
TEST_CALLOC(opts->cache, 1);
|
||||
mbedtls_ssl_cache_init(opts->cache);
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
|
@ -733,8 +723,7 @@ int mbedtls_test_ssl_endpoint_init(
|
|||
mbedtls_test_handshake_test_options *options,
|
||||
mbedtls_test_message_socket_context *dtls_context,
|
||||
mbedtls_test_ssl_message_queue *input_queue,
|
||||
mbedtls_test_ssl_message_queue *output_queue,
|
||||
uint16_t *group_list)
|
||||
mbedtls_test_ssl_message_queue *output_queue)
|
||||
{
|
||||
int ret = -1;
|
||||
uintptr_t user_data_n;
|
||||
|
@ -818,12 +807,16 @@ int mbedtls_test_ssl_endpoint_init(
|
|||
}
|
||||
}
|
||||
|
||||
if (group_list != NULL) {
|
||||
mbedtls_ssl_conf_groups(&(ep->conf), group_list);
|
||||
if (options->group_list != NULL) {
|
||||
mbedtls_ssl_conf_groups(&(ep->conf), options->group_list);
|
||||
}
|
||||
|
||||
mbedtls_ssl_conf_authmode(&(ep->conf), MBEDTLS_SSL_VERIFY_REQUIRED);
|
||||
|
||||
#if defined(MBEDTLS_SSL_EARLY_DATA)
|
||||
mbedtls_ssl_conf_early_data(&(ep->conf), options->early_data);
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_SSL_CACHE_C) && defined(MBEDTLS_SSL_SRV_C)
|
||||
if (endpoint_type == MBEDTLS_SSL_IS_SERVER && options->cache != NULL) {
|
||||
mbedtls_ssl_conf_session_cache(&(ep->conf), options->cache,
|
||||
|
@ -2006,7 +1999,7 @@ void mbedtls_test_ssl_perform_handshake(
|
|||
MBEDTLS_SSL_IS_CLIENT,
|
||||
options, &client_context,
|
||||
&client_queue,
|
||||
&server_queue, NULL) == 0);
|
||||
&server_queue) == 0);
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client,
|
||||
mbedtls_timing_set_delay,
|
||||
|
@ -2016,7 +2009,7 @@ void mbedtls_test_ssl_perform_handshake(
|
|||
TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
options, NULL, NULL,
|
||||
NULL, NULL) == 0);
|
||||
NULL) == 0);
|
||||
}
|
||||
|
||||
if (strlen(options->cipher) > 0) {
|
||||
|
@ -2029,7 +2022,7 @@ void mbedtls_test_ssl_perform_handshake(
|
|||
MBEDTLS_SSL_IS_SERVER,
|
||||
options, &server_context,
|
||||
&server_queue,
|
||||
&client_queue, NULL) == 0);
|
||||
&client_queue) == 0);
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
|
||||
mbedtls_timing_set_delay,
|
||||
|
@ -2038,7 +2031,7 @@ void mbedtls_test_ssl_perform_handshake(
|
|||
} else {
|
||||
TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
|
||||
MBEDTLS_SSL_IS_SERVER,
|
||||
options, NULL, NULL, NULL,
|
||||
options, NULL, NULL,
|
||||
NULL) == 0);
|
||||
}
|
||||
|
||||
|
@ -2462,4 +2455,60 @@ int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
|
|||
return mbedtls_ssl_session_load(session, buf, len);
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SRV_C) && \
|
||||
defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS) && \
|
||||
defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
int mbedtls_test_get_tls13_ticket(
|
||||
mbedtls_test_handshake_test_options *client_options,
|
||||
mbedtls_test_handshake_test_options *server_options,
|
||||
mbedtls_ssl_session *session)
|
||||
{
|
||||
int ret = -1;
|
||||
unsigned char buf[64];
|
||||
mbedtls_test_ssl_endpoint client_ep, server_ep;
|
||||
|
||||
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
|
||||
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
|
||||
client_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
|
||||
server_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
|
||||
mbedtls_test_ticket_write,
|
||||
mbedtls_test_ticket_parse,
|
||||
NULL);
|
||||
|
||||
ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
|
||||
&(server_ep.socket), 1024);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
|
||||
&(server_ep.ssl), &(client_ep.ssl),
|
||||
MBEDTLS_SSL_HANDSHAKE_OVER), 0);
|
||||
|
||||
TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 0);
|
||||
|
||||
do {
|
||||
ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf));
|
||||
} while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET);
|
||||
|
||||
ret = mbedtls_ssl_get_session(&(client_ep.ssl), session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
exit:
|
||||
mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
|
||||
mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_SRV_C &&
|
||||
MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS &&
|
||||
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
|
||||
#endif /* MBEDTLS_SSL_TLS_C */
|
||||
|
|
|
@ -175,9 +175,7 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex,
|
|||
{
|
||||
(void) mutex;
|
||||
|
||||
if (mbedtls_test_info.mutex_usage_error == NULL) {
|
||||
mbedtls_test_info.mutex_usage_error = msg;
|
||||
}
|
||||
mbedtls_test_set_mutex_usage_error(msg);
|
||||
mbedtls_fprintf(stdout, "[mutex: %s] ", msg);
|
||||
/* Don't mark the test as failed yet. This way, if the test fails later
|
||||
* for a functional reason, the test framework will report the message
|
||||
|
@ -185,40 +183,60 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex,
|
|||
* mbedtls_test_mutex_usage_check() will mark it as failed. */
|
||||
}
|
||||
|
||||
static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex)
|
||||
{
|
||||
/* If we attempt to run tests on this mutex then we are going to run into a
|
||||
* couple of problems:
|
||||
* 1. If any test on this mutex fails, we are going to deadlock when
|
||||
* reporting that failure, as we already hold the mutex at that point.
|
||||
* 2. Given the 'global' position of the initialization and free of this
|
||||
* mutex, it will be shown as leaked on the first test run. */
|
||||
if (mutex == mbedtls_test_get_info_mutex()) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex)
|
||||
{
|
||||
mutex_functions.init(mutex);
|
||||
|
||||
if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
|
||||
mutex->state = MUTEX_IDLE;
|
||||
++live_mutexes;
|
||||
if (mbedtls_test_mutex_can_test(mutex)) {
|
||||
if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
|
||||
mutex->state = MUTEX_IDLE;
|
||||
++live_mutexes;
|
||||
|
||||
mutex_functions.unlock(&mbedtls_test_mutex_mutex);
|
||||
mutex_functions.unlock(&mbedtls_test_mutex_mutex);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex)
|
||||
{
|
||||
if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
|
||||
if (mbedtls_test_mutex_can_test(mutex)) {
|
||||
if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
|
||||
|
||||
switch (mutex->state) {
|
||||
case MUTEX_FREED:
|
||||
mbedtls_test_mutex_usage_error(mutex, "free without init or double free");
|
||||
break;
|
||||
case MUTEX_IDLE:
|
||||
mutex->state = MUTEX_FREED;
|
||||
--live_mutexes;
|
||||
break;
|
||||
case MUTEX_LOCKED:
|
||||
mbedtls_test_mutex_usage_error(mutex, "free without unlock");
|
||||
break;
|
||||
default:
|
||||
mbedtls_test_mutex_usage_error(mutex, "corrupted state");
|
||||
break;
|
||||
switch (mutex->state) {
|
||||
case MUTEX_FREED:
|
||||
mbedtls_test_mutex_usage_error(mutex, "free without init or double free");
|
||||
break;
|
||||
case MUTEX_IDLE:
|
||||
mutex->state = MUTEX_FREED;
|
||||
--live_mutexes;
|
||||
break;
|
||||
case MUTEX_LOCKED:
|
||||
mbedtls_test_mutex_usage_error(mutex, "free without unlock");
|
||||
break;
|
||||
default:
|
||||
mbedtls_test_mutex_usage_error(mutex, "corrupted state");
|
||||
break;
|
||||
}
|
||||
|
||||
mutex_functions.unlock(&mbedtls_test_mutex_mutex);
|
||||
}
|
||||
|
||||
mutex_functions.unlock(&mbedtls_test_mutex_mutex);
|
||||
}
|
||||
|
||||
mutex_functions.free(mutex);
|
||||
}
|
||||
|
||||
|
@ -228,26 +246,30 @@ static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex)
|
|||
* is to hold the passed in and internal mutex - otherwise we create a race
|
||||
* condition. */
|
||||
int ret = mutex_functions.lock(mutex);
|
||||
if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
|
||||
switch (mutex->state) {
|
||||
case MUTEX_FREED:
|
||||
mbedtls_test_mutex_usage_error(mutex, "lock without init");
|
||||
break;
|
||||
case MUTEX_IDLE:
|
||||
if (ret == 0) {
|
||||
mutex->state = MUTEX_LOCKED;
|
||||
}
|
||||
break;
|
||||
case MUTEX_LOCKED:
|
||||
mbedtls_test_mutex_usage_error(mutex, "double lock");
|
||||
break;
|
||||
default:
|
||||
mbedtls_test_mutex_usage_error(mutex, "corrupted state");
|
||||
break;
|
||||
}
|
||||
|
||||
mutex_functions.unlock(&mbedtls_test_mutex_mutex);
|
||||
if (mbedtls_test_mutex_can_test(mutex)) {
|
||||
if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
|
||||
switch (mutex->state) {
|
||||
case MUTEX_FREED:
|
||||
mbedtls_test_mutex_usage_error(mutex, "lock without init");
|
||||
break;
|
||||
case MUTEX_IDLE:
|
||||
if (ret == 0) {
|
||||
mutex->state = MUTEX_LOCKED;
|
||||
}
|
||||
break;
|
||||
case MUTEX_LOCKED:
|
||||
mbedtls_test_mutex_usage_error(mutex, "double lock");
|
||||
break;
|
||||
default:
|
||||
mbedtls_test_mutex_usage_error(mutex, "corrupted state");
|
||||
break;
|
||||
}
|
||||
|
||||
mutex_functions.unlock(&mbedtls_test_mutex_mutex);
|
||||
}
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
@ -256,23 +278,26 @@ static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex)
|
|||
/* Lock the internal mutex first and change state, so that the only way to
|
||||
* change the state is to hold the passed in and internal mutex - otherwise
|
||||
* we create a race condition. */
|
||||
if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
|
||||
switch (mutex->state) {
|
||||
case MUTEX_FREED:
|
||||
mbedtls_test_mutex_usage_error(mutex, "unlock without init");
|
||||
break;
|
||||
case MUTEX_IDLE:
|
||||
mbedtls_test_mutex_usage_error(mutex, "unlock without lock");
|
||||
break;
|
||||
case MUTEX_LOCKED:
|
||||
mutex->state = MUTEX_IDLE;
|
||||
break;
|
||||
default:
|
||||
mbedtls_test_mutex_usage_error(mutex, "corrupted state");
|
||||
break;
|
||||
if (mbedtls_test_mutex_can_test(mutex)) {
|
||||
if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
|
||||
switch (mutex->state) {
|
||||
case MUTEX_FREED:
|
||||
mbedtls_test_mutex_usage_error(mutex, "unlock without init");
|
||||
break;
|
||||
case MUTEX_IDLE:
|
||||
mbedtls_test_mutex_usage_error(mutex, "unlock without lock");
|
||||
break;
|
||||
case MUTEX_LOCKED:
|
||||
mutex->state = MUTEX_IDLE;
|
||||
break;
|
||||
default:
|
||||
mbedtls_test_mutex_usage_error(mutex, "corrupted state");
|
||||
break;
|
||||
}
|
||||
mutex_functions.unlock(&mbedtls_test_mutex_mutex);
|
||||
}
|
||||
mutex_functions.unlock(&mbedtls_test_mutex_mutex);
|
||||
}
|
||||
|
||||
return mutex_functions.unlock(mutex);
|
||||
}
|
||||
|
||||
|
@ -299,17 +324,15 @@ void mbedtls_test_mutex_usage_check(void)
|
|||
* negative number means a missing init somewhere. */
|
||||
mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes);
|
||||
live_mutexes = 0;
|
||||
if (mbedtls_test_info.mutex_usage_error == NULL) {
|
||||
mbedtls_test_info.mutex_usage_error = "missing free";
|
||||
}
|
||||
mbedtls_test_set_mutex_usage_error("missing free");
|
||||
}
|
||||
if (mbedtls_test_info.mutex_usage_error != NULL &&
|
||||
mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
|
||||
if (mbedtls_test_get_mutex_usage_error() != NULL &&
|
||||
mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) {
|
||||
/* Functionally, the test passed. But there was a mutex usage error,
|
||||
* so mark the test as failed after all. */
|
||||
mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__);
|
||||
}
|
||||
mbedtls_test_info.mutex_usage_error = NULL;
|
||||
mbedtls_test_set_mutex_usage_error(NULL);
|
||||
}
|
||||
|
||||
void mbedtls_test_mutex_usage_end(void)
|
||||
|
|
|
@ -371,14 +371,12 @@ static void write_outcome_entry(FILE *outcome_file,
|
|||
* \param missing_unmet_dependencies Non-zero if there was a problem tracking
|
||||
* all unmet dependencies, 0 otherwise.
|
||||
* \param ret The test dispatch status (DISPATCH_xxx).
|
||||
* \param info A pointer to the test info structure.
|
||||
*/
|
||||
static void write_outcome_result(FILE *outcome_file,
|
||||
size_t unmet_dep_count,
|
||||
int unmet_dependencies[],
|
||||
int missing_unmet_dependencies,
|
||||
int ret,
|
||||
const mbedtls_test_info_t *info)
|
||||
int ret)
|
||||
{
|
||||
if (outcome_file == NULL) {
|
||||
return;
|
||||
|
@ -401,7 +399,7 @@ static void write_outcome_result(FILE *outcome_file,
|
|||
}
|
||||
break;
|
||||
}
|
||||
switch (info->result) {
|
||||
switch (mbedtls_test_get_result()) {
|
||||
case MBEDTLS_TEST_RESULT_SUCCESS:
|
||||
mbedtls_fprintf(outcome_file, "PASS;");
|
||||
break;
|
||||
|
@ -410,8 +408,9 @@ static void write_outcome_result(FILE *outcome_file,
|
|||
break;
|
||||
default:
|
||||
mbedtls_fprintf(outcome_file, "FAIL;%s:%d:%s",
|
||||
info->filename, info->line_no,
|
||||
info->test);
|
||||
mbedtls_get_test_filename(),
|
||||
mbedtls_test_get_line_no(),
|
||||
mbedtls_test_get_test());
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
@ -614,7 +613,7 @@ int execute_tests(int argc, const char **argv)
|
|||
break;
|
||||
}
|
||||
mbedtls_fprintf(stdout, "%s%.66s",
|
||||
mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ?
|
||||
mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED ?
|
||||
"\n" : "", buf);
|
||||
mbedtls_fprintf(stdout, " ");
|
||||
for (i = strlen(buf) + 1; i < 67; i++) {
|
||||
|
@ -690,7 +689,7 @@ int execute_tests(int argc, const char **argv)
|
|||
write_outcome_result(outcome_file,
|
||||
unmet_dep_count, unmet_dependencies,
|
||||
missing_unmet_dependencies,
|
||||
ret, &mbedtls_test_info);
|
||||
ret);
|
||||
if (unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE) {
|
||||
total_skipped++;
|
||||
mbedtls_fprintf(stdout, "----");
|
||||
|
@ -715,30 +714,33 @@ int execute_tests(int argc, const char **argv)
|
|||
unmet_dep_count = 0;
|
||||
missing_unmet_dependencies = 0;
|
||||
} else if (ret == DISPATCH_TEST_SUCCESS) {
|
||||
if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS) {
|
||||
if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_SUCCESS) {
|
||||
mbedtls_fprintf(stdout, "PASS\n");
|
||||
} else if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SKIPPED) {
|
||||
} else if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_SKIPPED) {
|
||||
mbedtls_fprintf(stdout, "----\n");
|
||||
total_skipped++;
|
||||
} else {
|
||||
char line_buffer[MBEDTLS_TEST_LINE_LENGTH];
|
||||
|
||||
total_errors++;
|
||||
mbedtls_fprintf(stdout, "FAILED\n");
|
||||
mbedtls_fprintf(stdout, " %s\n at ",
|
||||
mbedtls_test_info.test);
|
||||
if (mbedtls_test_info.step != (unsigned long) (-1)) {
|
||||
mbedtls_test_get_test());
|
||||
if (mbedtls_test_get_step() != (unsigned long) (-1)) {
|
||||
mbedtls_fprintf(stdout, "step %lu, ",
|
||||
mbedtls_test_info.step);
|
||||
mbedtls_test_get_step());
|
||||
}
|
||||
mbedtls_fprintf(stdout, "line %d, %s",
|
||||
mbedtls_test_info.line_no,
|
||||
mbedtls_test_info.filename);
|
||||
if (mbedtls_test_info.line1[0] != 0) {
|
||||
mbedtls_fprintf(stdout, "\n %s",
|
||||
mbedtls_test_info.line1);
|
||||
mbedtls_test_get_line_no(),
|
||||
mbedtls_get_test_filename());
|
||||
|
||||
mbedtls_test_get_line1(line_buffer);
|
||||
if (line_buffer[0] != 0) {
|
||||
mbedtls_fprintf(stdout, "\n %s", line_buffer);
|
||||
}
|
||||
if (mbedtls_test_info.line2[0] != 0) {
|
||||
mbedtls_fprintf(stdout, "\n %s",
|
||||
mbedtls_test_info.line2);
|
||||
mbedtls_test_get_line2(line_buffer);
|
||||
if (line_buffer[0] != 0) {
|
||||
mbedtls_fprintf(stdout, "\n %s", line_buffer);
|
||||
}
|
||||
}
|
||||
fflush(stdout);
|
||||
|
|
|
@ -24,7 +24,7 @@ static int sign_is_valid(const mbedtls_mpi *X)
|
|||
* we sometimes test the robustness of library functions when given
|
||||
* a negative zero input. If a test case has a negative zero as input,
|
||||
* we don't mind if the function has a negative zero output. */
|
||||
if (!mbedtls_test_case_uses_negative_0 &&
|
||||
if (!mbedtls_test_get_case_uses_negative_0() &&
|
||||
mbedtls_mpi_bitlen(X) == 0 && X->s != 1) {
|
||||
return 0;
|
||||
}
|
||||
|
|
|
@ -31,7 +31,7 @@ static int check_dhm_param_output(const mbedtls_mpi *expected,
|
|||
int ok = 0;
|
||||
mbedtls_mpi_init(&actual);
|
||||
|
||||
++mbedtls_test_info.step;
|
||||
mbedtls_test_increment_step();
|
||||
|
||||
TEST_ASSERT(size >= *offset + 2);
|
||||
n = (buffer[*offset] << 8) | buffer[*offset + 1];
|
||||
|
|
|
@ -447,7 +447,7 @@ void entropy_nv_seed_std_io()
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_MD_C:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_MD_LIGHT:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT */
|
||||
void entropy_nv_seed(data_t *read_seed)
|
||||
{
|
||||
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||
|
|
|
@ -22,6 +22,9 @@ mbedtls_pem_write_buffer_lengths
|
|||
PEM read (unencrypted, valid)
|
||||
mbedtls_pem_read_buffer:"^":"$":"^\nTWJlZCBUTFM=\n$":"":0:"4d62656420544c53"
|
||||
|
||||
PEM read (unencrypted, empty content)
|
||||
mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\n\n-----END EC PRIVATE KEY-----":"":MBEDTLS_ERR_PEM_BAD_INPUT_DATA:""
|
||||
|
||||
PEM read (DES-EDE3-CBC + invalid iv)
|
||||
depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C
|
||||
mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV:""
|
||||
|
@ -49,3 +52,35 @@ mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KE
|
|||
PEM read (malformed PEM AES-128-CBC)
|
||||
depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,AA94892A169FA426AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:""
|
||||
|
||||
# The output sequence's length is not multiple of block size (16 bytes). This
|
||||
# proves that the pem_context->len value is properly updated based on the SEQUENCE
|
||||
# length read from the decoded ASN.1 data (i.e. extra padding, if any, is ignored).
|
||||
PEM read (valid EC key encoded with AES-128-CBC)
|
||||
depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,151F851B6A7F3FBDAA5B7173117D0127\n\nLw+0OM+0Bwcl+ls/vxQbLrVshGc7bsNPvvtj2sJeMFFEq3V1mj/IO++0KK/CDhMH\nh6CZPsmgVOeM5uFpqYaq0fJbUduN2eDMWszWRm0SFkY=\n-----END EC PRIVATE KEY-----":"pwdpwd":0:"3041020101040f00d8023c809afd45e426d1a4dbe0ffa00706052b81040004a1220320000400da1ecfa53d528237625e119e2e0500d2eb671724f16deb6a63749516b7"
|
||||
|
||||
# The text "hello world" together with some invalid padding data is encoded
|
||||
# with AES-128-CBC in order to test padding validation.
|
||||
# Since PBKDF1 isn't supported in OpenSSL, here's the steps:
|
||||
# 1. generate the key (password="password"; IV=0x3132333435363738 in hex or "12345678" as string)
|
||||
# echo -n "password12345678" | openssl md5
|
||||
# 2. encode data
|
||||
# echo -n -e "\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x01\x02\x03\x04\x05" | openssl aes-128-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad
|
||||
PEM read (AES-128-CBC, invalid padding data)
|
||||
depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n333hxynfxEdXrSHQfIabxQ==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_PASSWORD_MISMATCH:""
|
||||
|
||||
# Padding data (0x11) is larger than AES block size (16).
|
||||
# Generated with:
|
||||
# echo -n -e "\x68\x65\x6c\x6c\x6f\x20\x77\x6f\x72\x6c\x64\x11\x11\x11\x11\x11" | openssl aes-128-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad
|
||||
PEM read (AES-128-CBC, padding data is larger than AES block length)
|
||||
depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,31323334353637380000000000000000\n\n5wA/XVXHuMsQAAOGFQmK0g==\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_PASSWORD_MISMATCH:""
|
||||
|
||||
# Padding data (0x9) is larger than DES block size (8).
|
||||
# Generated with:
|
||||
# echo -n -e "\x68\x65\x6c\x6c\x6f\x09\x09\x09" | openssl des-cbc -e -base64 -p -K "bbb0ddff1b944b3cc68eaaeb7ac20099" -iv "3132333435363738" -nopad
|
||||
PEM read (DES-CBC, padding data is larger than DES block length)
|
||||
depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,3132333435363738\n\n6a+B2WineBM=\n-----END EC PRIVATE KEY-----":"password":MBEDTLS_ERR_PEM_PASSWORD_MISMATCH:""
|
||||
|
|
|
@ -10,7 +10,21 @@ valid_parameters_pkwrite:"308204a20201000282010100a9021f3d406ad555538bfd36ee8265
|
|||
|
||||
PK utils: RSA Minimum key
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
||||
pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS /8):"RSA"
|
||||
pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_GEN_KEY_MIN_BITS:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 7) / 8:"RSA"
|
||||
|
||||
# mbedtls_rsa_gen_key() only supports even sizes, so we don't test min+1,
|
||||
# min+3, etc.
|
||||
PK utils: RSA Minimum key + 2 bits
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
||||
pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 2 + 7) / 8:"RSA"
|
||||
|
||||
PK utils: RSA Minimum key + 4 bits
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
||||
pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 4 + 7) / 8:"RSA"
|
||||
|
||||
PK utils: RSA Minimum key + 6 bits
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
||||
pk_utils:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6:MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6:(MBEDTLS_RSA_GEN_KEY_MIN_BITS + 6 + 7) / 8:"RSA"
|
||||
|
||||
PK utils: ECKEY SECP192R1
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
|
@ -312,13 +326,33 @@ PK can do ext: MBEDTLS_PK_RSA, check RSA_PSS(SHA256)
|
|||
depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
|
||||
pk_can_do_ext:0:MBEDTLS_PK_RSA:0:0:0:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
|
||||
|
||||
RSA verify test vector #1 (good)
|
||||
RSA verify test vector: PKCS1v1.5 (explicit), SHA1, good
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15
|
||||
pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0
|
||||
pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0
|
||||
|
||||
RSA verify test vector #2 (bad)
|
||||
RSA verify test vector: PKCS1v1.5 (default), SHA1, good
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15
|
||||
pk_rsa_verify_test_vec:"9f294f0c7b32da6221a3ef83654322038e8968fa":MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"3203b7647fb7e345aa457681e5131777f1adc371f2fba8534928c4e52ef6206a856425d6269352ecbf64db2f6ad82397768cafdd8cd272e512d617ad67992226da6bc291c31404c17fd4b7e2beb20eff284a44f4d7af47fd6629e2c95809fa7f2241a04f70ac70d3271bb13258af1ed5c5988c95df7fa26603515791075feccd":MBEDTLS_ERR_RSA_VERIFY_FAILED
|
||||
pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":-1:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":0
|
||||
|
||||
RSA verify test vector: PKCS1v1.5, SHA1, wrong signature
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15
|
||||
pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b8":MBEDTLS_ERR_RSA_VERIFY_FAILED
|
||||
|
||||
RSA verify test vector: PSS, SHA1, good
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V21
|
||||
pk_rsa_verify_test_vec:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:1024:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":0
|
||||
|
||||
RSA verify test vector: PSS, SHA1, wrong signature
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V21
|
||||
pk_rsa_verify_test_vec:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:1024:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747f":MBEDTLS_ERR_RSA_VERIFY_FAILED
|
||||
|
||||
RSA verify test vector: PSS, SHA1, signature is PKCS1v1.5
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V21
|
||||
pk_rsa_verify_test_vec:"6a8a1f225703fe39753c1017b43eec9e070a70b1":MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:1024:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":MBEDTLS_ERR_RSA_VERIFY_FAILED
|
||||
|
||||
RSA verify test vector: PKCS1v1.5, SHA1, signature is PSS
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS1_V15
|
||||
pk_rsa_verify_test_vec:"37b66ae0445843353d47ecb0b4fd14c110e62d6a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:"a2ba40ee07e3b2bd2f02ce227f36a195024486e49c19cb41bbbdfbba98b22b0e577c2eeaffa20d883a76e65e394c69d4b3c05a1e8fadda27edb2a42bc000fe888b9b32c22d15add0cd76b3e7936e19955b220dd17d4ea904b1ec102b2e4de7751222aa99151024c7cb41cc5ea21d00eeb41f7c800834d2c6e06bce3bce7ea9a5":"010001":"8daa627d3de7595d63056c7ec659e54406f10610128baae821c8b2a0f3936d54dc3bdce46689f6b7951bb18e840542769718d5715d210d85efbb596192032c42be4c29972c856275eb6d5a45f05f51876fc6743deddd28caec9bb30ea99e02c3488269604fe497f74ccd7c7fca1671897123cbd30def5d54a2b5536ad90a747e":MBEDTLS_ERR_RSA_VERIFY_FAILED
|
||||
|
||||
ECDSA verify test vector #1 (good)
|
||||
depends_on:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
|
@ -370,51 +404,79 @@ pk_ec_test_vec:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"0437cc56d976091e5a723e
|
|||
|
||||
ECDSA sign-verify: SECP192R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP192R1:0:0:0:0
|
||||
|
||||
ECDSA sign-verify: SECP256R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP256R1:0:0:0:0
|
||||
|
||||
ECDSA sign-verify: SECP384R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP384R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP384R1:0:0:0:0
|
||||
|
||||
ECDSA sign-verify: SECP521R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP521R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_SECP521R1:0:0:0:0
|
||||
|
||||
ECDSA sign-verify: BP256R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP256R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP256R1:0:0:0:0
|
||||
|
||||
ECDSA sign-verify: BP512R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_ECP_HAVE_BP512R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0
|
||||
pk_sign_verify:MBEDTLS_PK_ECDSA:MBEDTLS_ECP_DP_BP512R1:0:0:0:0
|
||||
|
||||
EC(DSA) sign-verify: SECP192R1
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0
|
||||
pk_sign_verify:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP192R1:0:0:0:0
|
||||
|
||||
EC_DH (no) sign-verify: SECP192R1
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_HAVE_SECP192R1
|
||||
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
pk_sign_verify:MBEDTLS_PK_ECKEY_DH:MBEDTLS_ECP_DP_SECP192R1:0:0:MBEDTLS_ERR_PK_TYPE_MISMATCH:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
RSA sign-verify
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512
|
||||
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:0
|
||||
RSA sign-verify, PKCS1v1.5, SHA1
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1
|
||||
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:0:0
|
||||
|
||||
RSA sign-verify, PKCS1v2.1, SHA1
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA1
|
||||
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:0:0
|
||||
|
||||
RSA sign-verify, PKCS1v1.5, SHA256
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256
|
||||
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:0:0
|
||||
|
||||
RSA sign-verify, PKCS1v2.1, SHA256
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME:MBEDTLS_RSA_GEN_KEY_MIN_BITS >= 512:MBEDTLS_MD_CAN_SHA256
|
||||
pk_sign_verify:MBEDTLS_PK_RSA:MBEDTLS_RSA_GEN_KEY_MIN_BITS:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA256:0:0
|
||||
|
||||
RSA encrypt-decrypt test
|
||||
depends_on:MBEDTLS_PKCS1_V15
|
||||
pk_rsa_encrypt_decrypt_test:"4E636AF98E40F3ADCFCCB698F4E80B9F":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":0
|
||||
|
||||
RSA decrypt test vector #1
|
||||
RSA decrypt test vector - PKCS1v1.5
|
||||
depends_on:MBEDTLS_PKCS1_V15
|
||||
pk_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":0
|
||||
pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_NONE:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":0
|
||||
|
||||
RSA decrypt test vector #2
|
||||
RSA decrypt test vector - PKCS1v1.5, corrupted encrypted data
|
||||
depends_on:MBEDTLS_PKCS1_V15
|
||||
pk_rsa_decrypt_test_vec:"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404feb284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":2048:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"3":"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_ERR_RSA_INVALID_PADDING
|
||||
pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43d":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_NONE:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING
|
||||
|
||||
RSA decrypt test vector - PKCS1v2.1
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1
|
||||
pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":1024:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":0
|
||||
|
||||
RSA decrypt test vector - PKCS1v2.1, corrupted encrypted data
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1
|
||||
pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0956":1024:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING
|
||||
|
||||
RSA decrypt test vector - PKCS1v1.5, but data is PKCS1v2.1 encrypted
|
||||
depends_on:MBEDTLS_PKCS1_V15
|
||||
pk_rsa_decrypt_test_vec:"1253e04dc0a5397bb44a7ab87e9bf2a039a33d1e996fc82a94ccd30074c95df763722017069e5268da5d1c0b4f872cf653c11df82314a67968dfeae28def04bb6d84b1c31d654a1970e5783bd6eb96a024c2ca2f4a90fe9f2ef5c9c140e5bb48da9536ad8700c84fc9130adea74e558d51a74ddf85d8b50de96838d6063e0955":1024:MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_NONE:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING
|
||||
|
||||
RSA decrypt test vector - PKCS1v2.1, but data is PKCS1v1.5 encrypted
|
||||
depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA1
|
||||
pk_rsa_decrypt_test_vec:"28818cb14236ad18f4527e7f1f7633e96cef021bc3234475d7f61e88702b6335b42a352ed3f3267ac7c3e9ba4af17e45096c63eefd8d9a7cb42dfc52fffb2f5b8afb305b46312c2eb50634123b4437a2287ac57b7509d59a583fb741989a49f32625e9267b4641a6607b7303d35c68489db53c8d387b620d0d46a852e72ea43c":1024:MBEDTLS_RSA_PKCS_V21:MBEDTLS_MD_SHA1:"eecfae81b1b9b3c908810b10a1b5600199eb9f44aef4fda493b81a9e3d84f632124ef0236e5d1e3b7e28fae7aa040a2d5b252176459d1f397541ba2a58fb6599":"c97fb1f027f453f6341233eaaad1d9353f6c42d08866b1d05a0f2035028b9d869840b41666b42e92ea0da3b43204b5cfce3352524d0416a5a441e700af461503":"bbf82f090682ce9c2338ac2b9da871f7368d07eed41043a440d6b6f07454f51fb8dfbaaf035c02ab61ea48ceeb6fcd4876ed520d60e1ec4619719d8a5b8b807fafb8e0a3dfc737723ee6b4b7d93a2584ee6a649d060953748834b2454598394ee0aab12d7b61a51f527a9a41f6c1687fe2537298ca2a8f5946f8e5fd091dbdcb":"11":"d436e99569fd32a7c8a05bbc90d32c49":MBEDTLS_ERR_RSA_INVALID_PADDING
|
||||
|
||||
RSA Opaque decrypt test vector #1
|
||||
depends_on:MBEDTLS_PKCS1_V15
|
||||
|
|
|
@ -520,7 +520,7 @@ void pk_psa_utils(int key_is_rsa)
|
|||
TEST_ASSERT(strcmp(mbedtls_pk_get_name(&pk), name) == 0);
|
||||
|
||||
TEST_ASSERT(mbedtls_pk_get_bitlen(&pk) == bitlen);
|
||||
TEST_ASSERT(mbedtls_pk_get_len(&pk) == bitlen / 8);
|
||||
TEST_ASSERT(mbedtls_pk_get_len(&pk) == (bitlen + 7) / 8);
|
||||
|
||||
if (key_is_rsa) {
|
||||
TEST_ASSERT(mbedtls_pk_can_do(&pk, MBEDTLS_PK_ECKEY) == 0);
|
||||
|
@ -774,7 +774,7 @@ void valid_parameters()
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PK_WRITE_C:MBEDTLS_PK_PARSE_C */
|
||||
void valid_parameters_pkwrite(data_t *key_data)
|
||||
{
|
||||
mbedtls_pk_context pk;
|
||||
|
@ -893,9 +893,9 @@ exit:
|
|||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
||||
void pk_rsa_verify_test_vec(data_t *message_str, int digest, int mod,
|
||||
char *input_N, char *input_E,
|
||||
data_t *result_str, int result)
|
||||
void pk_rsa_verify_test_vec(data_t *message_str, int padding, int digest,
|
||||
int mod, char *input_N, char *input_E,
|
||||
data_t *result_str, int expected_result)
|
||||
{
|
||||
mbedtls_rsa_context *rsa;
|
||||
mbedtls_pk_context pk;
|
||||
|
@ -910,28 +910,54 @@ void pk_rsa_verify_test_vec(data_t *message_str, int digest, int mod,
|
|||
#endif
|
||||
|
||||
mbedtls_pk_init(&pk);
|
||||
USE_PSA_INIT();
|
||||
MD_OR_USE_PSA_INIT();
|
||||
|
||||
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
|
||||
rsa = mbedtls_pk_rsa(pk);
|
||||
|
||||
rsa->len = mod / 8;
|
||||
rsa->len = (mod + 7) / 8;
|
||||
if (padding >= 0) {
|
||||
TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, MBEDTLS_MD_NONE), 0);
|
||||
}
|
||||
|
||||
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0);
|
||||
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0);
|
||||
|
||||
TEST_ASSERT(mbedtls_pk_verify(&pk, digest, message_str->x, 0,
|
||||
result_str->x, mbedtls_pk_get_len(&pk)) == result);
|
||||
int actual_result;
|
||||
actual_result = mbedtls_pk_verify(&pk, digest, message_str->x, 0,
|
||||
result_str->x, mbedtls_pk_get_len(&pk));
|
||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING &&
|
||||
expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) {
|
||||
/* Tolerate INVALID_PADDING error for an invalid signature with
|
||||
* the legacy API (but not with PSA). */
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
TEST_EQUAL(actual_result, expected_result);
|
||||
}
|
||||
|
||||
TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, digest, message_str->x, 0,
|
||||
result_str->x, mbedtls_pk_get_len(
|
||||
&pk), rs_ctx) == result);
|
||||
actual_result = mbedtls_pk_verify_restartable(&pk, digest, message_str->x, 0,
|
||||
result_str->x,
|
||||
mbedtls_pk_get_len(&pk),
|
||||
rs_ctx);
|
||||
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (actual_result == MBEDTLS_ERR_RSA_INVALID_PADDING &&
|
||||
expected_result == MBEDTLS_ERR_RSA_VERIFY_FAILED) {
|
||||
/* Tolerate INVALID_PADDING error for an invalid signature with
|
||||
* the legacy API (but not with PSA). */
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
TEST_EQUAL(actual_result, expected_result);
|
||||
}
|
||||
|
||||
exit:
|
||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
|
||||
mbedtls_pk_restart_free(rs_ctx);
|
||||
#endif
|
||||
mbedtls_pk_free(&pk);
|
||||
USE_PSA_DONE();
|
||||
MD_OR_USE_PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -955,7 +981,7 @@ void pk_rsa_verify_ext_test_vec(data_t *message_str, int digest,
|
|||
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
|
||||
rsa = mbedtls_pk_rsa(pk);
|
||||
|
||||
rsa->len = mod / 8;
|
||||
rsa->len = (mod + 7) / 8;
|
||||
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0);
|
||||
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0);
|
||||
|
||||
|
@ -1120,7 +1146,8 @@ exit:
|
|||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_MD_CAN_SHA256:PK_CAN_SIGN_SOME */
|
||||
void pk_sign_verify(int type, int curve_or_keybits, int sign_ret, int verify_ret)
|
||||
void pk_sign_verify(int type, int curve_or_keybits, int rsa_padding, int rsa_md_alg,
|
||||
int sign_ret, int verify_ret)
|
||||
{
|
||||
mbedtls_pk_context pk;
|
||||
size_t sig_len;
|
||||
|
@ -1148,6 +1175,15 @@ void pk_sign_verify(int type, int curve_or_keybits, int sign_ret, int verify_ret
|
|||
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
|
||||
TEST_ASSERT(pk_genkey(&pk, curve_or_keybits) == 0);
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
if (type == MBEDTLS_PK_RSA) {
|
||||
TEST_ASSERT(mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), rsa_padding, rsa_md_alg) == 0);
|
||||
}
|
||||
#else
|
||||
(void) rsa_padding;
|
||||
(void) rsa_md_alg;
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
|
||||
TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_SHA256,
|
||||
hash, hash_len,
|
||||
sig, sizeof(sig), &sig_len,
|
||||
|
@ -1236,7 +1272,7 @@ void pk_rsa_encrypt_decrypt_test(data_t *message, int mod,
|
|||
rsa = mbedtls_pk_rsa(pk);
|
||||
|
||||
/* load public key */
|
||||
rsa->len = mod / 8;
|
||||
rsa->len = (mod + 7) / 8;
|
||||
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->N, input_N) == 0);
|
||||
TEST_ASSERT(mbedtls_test_read_mpi(&rsa->E, input_E) == 0);
|
||||
|
||||
|
@ -1262,9 +1298,12 @@ void pk_rsa_encrypt_decrypt_test(data_t *message, int mod,
|
|||
TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
|
||||
TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_get_len(rsa) == (size_t) (mod / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8);
|
||||
TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0);
|
||||
|
||||
TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8);
|
||||
TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod);
|
||||
|
||||
memset(result, 0, sizeof(result));
|
||||
rlen = 0;
|
||||
TEST_ASSERT(mbedtls_pk_decrypt(&pk, output, olen,
|
||||
|
@ -1284,7 +1323,7 @@ exit:
|
|||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C */
|
||||
void pk_rsa_decrypt_test_vec(data_t *cipher, int mod,
|
||||
void pk_rsa_decrypt_test_vec(data_t *cipher, int mod, int padding, int md_alg,
|
||||
char *input_P, char *input_Q,
|
||||
char *input_N, char *input_E,
|
||||
data_t *clear, int ret)
|
||||
|
@ -1299,7 +1338,7 @@ void pk_rsa_decrypt_test_vec(data_t *cipher, int mod,
|
|||
mbedtls_pk_init(&pk);
|
||||
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
|
||||
mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
|
||||
USE_PSA_INIT();
|
||||
MD_OR_USE_PSA_INIT();
|
||||
|
||||
memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
|
||||
|
||||
|
@ -1315,9 +1354,17 @@ void pk_rsa_decrypt_test_vec(data_t *cipher, int mod,
|
|||
TEST_ASSERT(mbedtls_test_read_mpi(&P, input_P) == 0);
|
||||
TEST_ASSERT(mbedtls_test_read_mpi(&Q, input_Q) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_get_len(rsa) == (size_t) (mod / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8);
|
||||
TEST_ASSERT(mbedtls_rsa_complete(rsa) == 0);
|
||||
|
||||
TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod);
|
||||
TEST_EQUAL(mbedtls_pk_get_len(&pk), (mod + 7) / 8);
|
||||
|
||||
/* set padding mode */
|
||||
if (padding >= 0) {
|
||||
TEST_EQUAL(mbedtls_rsa_set_padding(rsa, padding, md_alg), 0);
|
||||
}
|
||||
|
||||
/* decryption test */
|
||||
memset(output, 0, sizeof(output));
|
||||
olen = 0;
|
||||
|
@ -1333,7 +1380,7 @@ exit:
|
|||
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
|
||||
mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
|
||||
mbedtls_pk_free(&pk);
|
||||
USE_PSA_DONE();
|
||||
MD_OR_USE_PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
|
@ -1371,7 +1418,7 @@ void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod,
|
|||
TEST_EQUAL(mbedtls_test_read_mpi(&P, input_P), 0);
|
||||
TEST_EQUAL(mbedtls_test_read_mpi(&Q, input_Q), 0);
|
||||
TEST_EQUAL(mbedtls_rsa_import(rsa, &N, &P, &Q, NULL, &E), 0);
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(rsa), (size_t) (mod / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(rsa), (mod + 7) / 8);
|
||||
TEST_EQUAL(mbedtls_rsa_complete(rsa), 0);
|
||||
|
||||
/* Turn PK context into an opaque one. */
|
||||
|
@ -1380,6 +1427,8 @@ void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod,
|
|||
PSA_KEY_USAGE_DECRYPT,
|
||||
PSA_ALG_NONE), 0);
|
||||
|
||||
TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod);
|
||||
|
||||
/* decryption test */
|
||||
memset(output, 0, sizeof(output));
|
||||
olen = 0;
|
||||
|
|
|
@ -126,6 +126,18 @@ PBES2 Encrypt, pad=8 (PKCS7 padding disabled)
|
|||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
|
||||
pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D5510101010101010101010101010101010":138:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:""
|
||||
|
||||
PBES2 Encrypt, AES-128-CBC (OK, generated with OpenSSL)
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
|
||||
pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e"
|
||||
|
||||
PBES2 Encrypt, AES-192-CBC (OK, generated with OpenSSL)
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7
|
||||
pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94"
|
||||
|
||||
PBES2 Encrypt, AES-256-CBC (OK, generated with OpenSSL)
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7
|
||||
pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566"
|
||||
|
||||
PBES2 Decrypt (OK)
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF"
|
||||
|
@ -142,6 +154,18 @@ PBES2 Decrypt (Invalid padding & PKCS7 padding enabled)
|
|||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
|
||||
pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607"
|
||||
|
||||
PBES2 Decrypt AES-128-CBC (OK, generated with OpenSSL)
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629"
|
||||
|
||||
PBES2 Decrypt AES-192-CBC (OK, generated with OpenSSL)
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629"
|
||||
|
||||
PBES2 Decrypt AES-256-CBC (OK, generated with OpenSSL)
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629"
|
||||
|
||||
PBES2 Decrypt (bad params tag)
|
||||
depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
|
||||
pbes2_decrypt:MBEDTLS_ASN1_SEQUENCE:"":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
|
||||
|
|
|
@ -890,6 +890,46 @@ Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit
|
|||
depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
|
||||
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
|
||||
|
||||
Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit)
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem":"PolarSSLTest":0
|
||||
|
||||
Parse RSA Key #99.4 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384, 2048-bit)
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem":"PolarSSLTest":0
|
||||
|
||||
Parse RSA Key #99.5 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384, 2048-bit)
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem":"PolarSSLTest":0
|
||||
|
||||
Parse RSA Key #99.6 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384 DER, 2048-bit)
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
|
||||
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der":"PolarSSLTest":0
|
||||
|
||||
Parse RSA Key #99.7 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384 DER, 2048-bit)
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der":"PolarSSLTest":0
|
||||
|
||||
Parse RSA Key #99.8 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384 DER, 2048-bit)
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0
|
||||
|
||||
Parse RSA Key #100.1 (512-bit)
|
||||
depends_on:MBEDTLS_PEM_C
|
||||
pk_parse_keyfile_rsa:"data_files/rsa512.key":"":0
|
||||
|
||||
Parse RSA Key #100.1 (521-bit)
|
||||
depends_on:MBEDTLS_PEM_C
|
||||
pk_parse_keyfile_rsa:"data_files/rsa521.key":"":0
|
||||
|
||||
Parse RSA Key #100.1 (522-bit)
|
||||
depends_on:MBEDTLS_PEM_C
|
||||
pk_parse_keyfile_rsa:"data_files/rsa522.key":"":0
|
||||
|
||||
Parse RSA Key #100.1 (528-bit)
|
||||
depends_on:MBEDTLS_PEM_C
|
||||
pk_parse_keyfile_rsa:"data_files/rsa528.key":"":0
|
||||
|
||||
Parse Public RSA Key #1 (PKCS#8 wrapped)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C
|
||||
pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_2048_public.pem":0
|
||||
|
|
|
@ -123,6 +123,10 @@ void pk_parse_keyfile_rsa(char *key_file, char *password, int result)
|
|||
rsa = mbedtls_pk_rsa(ctx);
|
||||
TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0);
|
||||
|
||||
size_t bitlen = mbedtls_rsa_get_bitlen(rsa);
|
||||
TEST_EQUAL(mbedtls_pk_get_bitlen(&ctx), bitlen);
|
||||
TEST_EQUAL(mbedtls_pk_get_len(&ctx), (bitlen + 7) / 8);
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
PSA_INIT();
|
||||
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_SIGN_HASH));
|
||||
|
@ -160,6 +164,10 @@ void pk_parse_public_keyfile_rsa(char *key_file, int result)
|
|||
rsa = mbedtls_pk_rsa(ctx);
|
||||
TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0);
|
||||
|
||||
size_t bitlen = mbedtls_rsa_get_bitlen(rsa);
|
||||
TEST_EQUAL(mbedtls_pk_get_bitlen(&ctx), bitlen);
|
||||
TEST_EQUAL(mbedtls_pk_get_len(&ctx), (bitlen + 7) / 8);
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_C)
|
||||
PSA_INIT();
|
||||
TEST_ASSERT(test_psa_bridge(&ctx, PSA_KEY_USAGE_VERIFY_HASH));
|
||||
|
|
|
@ -104,9 +104,9 @@ PSA import/export RSA keypair: export buffer too small
|
|||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
|
||||
import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
|
||||
|
||||
PSA import/export RSA keypair: trailing garbage ignored
|
||||
PSA import/export RSA keypair: trailing garbage rejected
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
|
||||
import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_SUCCESS:0
|
||||
import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA import/export RSA public key: good, 1024-bit, opaque
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_CRYPTO_DRIVER_TEST
|
||||
|
@ -156,9 +156,9 @@ PSA import/export RSA keypair: export buffer too small, opaque
|
|||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST
|
||||
import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1
|
||||
|
||||
PSA import/export RSA keypair: trailing garbage ignored, opaque
|
||||
PSA import/export RSA keypair: trailing garbage rejected, opaque
|
||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST
|
||||
import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_SUCCESS:0
|
||||
import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ERROR_INVALID_ARGUMENT
|
||||
|
||||
PSA import RSA keypair: truncated
|
||||
depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
|
||||
|
|
|
@ -468,58 +468,160 @@ RSA Deduce Moduli, corrupted
|
|||
mbedtls_rsa_deduce_primes:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
|
||||
|
||||
RSA Import (N,P,Q,D,E)
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":0:1:0:0
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:0:1:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E), inconsistent
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":0:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:0:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0
|
||||
|
||||
RSA Import (N,P,Q,D,E), successive
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":1:1:0:0
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:1:1:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E), successive, inconsistent
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":1:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:1:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0
|
||||
|
||||
RSA Import (-,P,Q,D,E)
|
||||
mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":0:1:0:0
|
||||
mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:0:1:0:0
|
||||
|
||||
RSA Import (-,P,Q,D,E), successive
|
||||
mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":1:1:0:0
|
||||
mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:1:1:0:0
|
||||
|
||||
RSA Import (N,-,-,D,E)
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":0:1:0:0
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,D,E), successive
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":1:1:0:0
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"3":2048:1:1:0:0
|
||||
|
||||
RSA Import (N,P,Q,-,E)
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":0:1:0:0
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:0:1:0:0
|
||||
|
||||
RSA Import (N,P,Q,-,E), successive
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":1:1:0:0
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:1:1:0:0
|
||||
|
||||
RSA Import (-,P,Q,-,E)
|
||||
mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":0:1:0:0
|
||||
mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:0:1:0:0
|
||||
|
||||
RSA Import (-,P,Q,-,E), successive
|
||||
mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":1:1:0:0
|
||||
mbedtls_rsa_import:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:1:1:0:0
|
||||
|
||||
RSA Import (N,-,Q,-,E)
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":0:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:0:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSA Import (N,-,Q,-,E), successive
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":1:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"3":2048:1:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSA Import (N,-,-,-,E), complete public key
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"3":0:0:0:0
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"3":2048:0:0:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E), complete public key, successive
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"3":1:0:0:0
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"3":2048:1:0:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E), complete public key, corrupted
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"4":0:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"4":2048:0:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0
|
||||
|
||||
RSA Import (N,-,-,-,E), complete public key, successive, corrupted
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"4":1:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0
|
||||
mbedtls_rsa_import:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"4":2048:1:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 512-bit complete pair
|
||||
mbedtls_rsa_import:"cbc23c9751d5b0dc4f7ea5f871d6e31d7fb8a414eacfa006cf9c782385ce177b2a41b52cd80ddf75c4f14ffb679c388b4d0fe828413c2b8dd651e5039b2e14b3":"fbf724e9d31cb074dd117e96c4f9ad8ff6b4fe6dc72c7b9bc5af370c0833314d":"cf057bde49ab3cc354d731c03925e4cb34d7ecc41335948bca6d3438a0e35dff":"5705d006f8a68170b66aeacb9f231dc0bd89c85a3ea70a3b9e73bf43bca3f69699bfd123ec6fc533d3163dc8645d1e45342ad38b110659e96656f4763ec318f1":"10001":512:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 512-bit public
|
||||
mbedtls_rsa_import:"cbc23c9751d5b0dc4f7ea5f871d6e31d7fb8a414eacfa006cf9c782385ce177b2a41b52cd80ddf75c4f14ffb679c388b4d0fe828413c2b8dd651e5039b2e14b3":"":"":"":"10001":512:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 513-bit complete pair
|
||||
mbedtls_rsa_import:"16798857c4718f9367a715b29038d042ea41686a457279db149d4da54146262305da39b02b764f2b56902e4c45425c2c3f404da82f86d8ed3b067da70899c5149":"18486f2d2df61d10ebe578caff5142047cae635909946b57c33028d35e4abac0b":"ecefea558b614138e773e1cd25380e49a910d6dd4b584457c1bfabf86922f87b":"1c3dbb460e6364b725989f7b321f3213e3a92d3bdce86c970ee05ba13cd4993758140f790489b61188c26354a6b372d32081750cecb84db563ec5724d78388ad":"10001":513:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 513-bit public
|
||||
mbedtls_rsa_import:"16798857c4718f9367a715b29038d042ea41686a457279db149d4da54146262305da39b02b764f2b56902e4c45425c2c3f404da82f86d8ed3b067da70899c5149":"":"":"":"10001":513:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 514-bit complete pair
|
||||
mbedtls_rsa_import:"32f54232899f45a415e7a7728fc744703f4b4466e56d7d6900f125950bb9a42082d2f0162ce1ac9949da5be37af8c20178d79d8ac1ab860d5ed55b14f49d064ab":"1d2cc9d59be8079457a5f28c3e74d1d4c7763acc1a7e725dff09198a5b99d35cf":"1bf23921dfe89a0f681bf10fd27fd2bc914f8888b8addb1d102255e586827b665":"1d9f13ebecb3f8f7790440020831fd4682846e2ea20f13678674a7340caccd0b37ccaf79b7d4005adafb7e6f84e0ff7bbe28a27fd7337cdf100fe63afe967419":"10001":514:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 514-bit public
|
||||
mbedtls_rsa_import:"32f54232899f45a415e7a7728fc744703f4b4466e56d7d6900f125950bb9a42082d2f0162ce1ac9949da5be37af8c20178d79d8ac1ab860d5ed55b14f49d064ab":"":"":"":"10001":514:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 515-bit complete pair
|
||||
mbedtls_rsa_import:"5f47dbe0d15f66c13ce0ff8af2edc7942ef4ff8b6b6e49ef5518ce3754efb5270204cb727c3f325b4a51dc02688eae0a6bfd7549854a7ede8b31f0e4adb835f85":"30c23bf1faf7515ed3e63abcda5b88b6387d213854da798e6662afb09441f192f":"1f4419ac839887606a8d299bc430f8e48f8984ae81982eaf03775fbe1a347bd8b":"5e8416fece5337c84acedb5007a98e4855c85d52fd2ffb91b9b590a2dcd3a8bc88e6e61573daa526a1b37ebae41401e6811d0d1e5458f1a5074178fb274a275a5":"10001":515:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 515-bit public
|
||||
mbedtls_rsa_import:"5f47dbe0d15f66c13ce0ff8af2edc7942ef4ff8b6b6e49ef5518ce3754efb5270204cb727c3f325b4a51dc02688eae0a6bfd7549854a7ede8b31f0e4adb835f85":"":"":"":"10001":515:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 516-bit complete pair
|
||||
mbedtls_rsa_import:"bcc54a5a10ef1a3241c60aeec9c5ec54cd63407ee2b69748ad5ec53d1a3d7fea540811ba0eed19574cad6dca28691e2711fdf0e76d2bc6eec508e7a864ee13b03":"3a83434f8995a87a977f0e15e9b39f55551968a5f3cbaf6f7e0f177215c3a69bb":"339e4b5aef4912382ee5f6dd82c2cb5255e604279477ca22ed0b02cab66a75b59":"60a460bc5b8f0dca4d0226f6b9362b17ff4ea0e6550b45c85f79f560a2de796e35d51da40d1eae356cca05626a3686cee2dbcaa5b71b76ffa0cb313fb4a412f1":"10001":516:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 516-bit public
|
||||
mbedtls_rsa_import:"bcc54a5a10ef1a3241c60aeec9c5ec54cd63407ee2b69748ad5ec53d1a3d7fea540811ba0eed19574cad6dca28691e2711fdf0e76d2bc6eec508e7a864ee13b03":"":"":"":"10001":516:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 517-bit complete pair
|
||||
mbedtls_rsa_import:"1a7b2e3d43f1b3e060d2f598939d0542178feac3310be308f4fd05872ec91048ea79543c0b00e5f61ec8b577ffa33c26bb74c2bc079033f006e6af59ec15cef529":"72e502be06a9fcb3ef64801055d10ecf8ec2b4a9429423813760e4258cf575373":"3b00e49f541091dce4940c9a36f203d195a81c7812111d9a89fc5971f363085f3":"19297286444925e1ce1ea5be94845ebaae28d1a926b164c8de008d8025b46704d77326956f97ceaadc3ebb74f94edbe1b7df5236693e7bb97cdd77b4569420fd01":"10001":517:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 517-bit public
|
||||
mbedtls_rsa_import:"1a7b2e3d43f1b3e060d2f598939d0542178feac3310be308f4fd05872ec91048ea79543c0b00e5f61ec8b577ffa33c26bb74c2bc079033f006e6af59ec15cef529":"":"":"":"10001":517:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 518-bit complete pair
|
||||
mbedtls_rsa_import:"31defca6f97dac931fea5bd182c801b6512065929b327443dad9421379e15b37e33a6d3b11e51bd6905c9df9ec15980e91f10c34607749085456e85c1aad9cae1d":"725f1a4b37008897949b12bc9ba249d60d2df673b5a5367f9b490e79cc798446d":"6fa09a0615754b14f9aa4b5613e60e6d4988437c25b97fc056cb4841931902271":"1bcd08df3439e0d86b7444173966b1bda6dffe7f89d0c88b83169605316e75615c84cf7ea7c9cb16204e67329584d56f1840d247e4b392b627622d2101a2af2781":"10001":518:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 518-bit public
|
||||
mbedtls_rsa_import:"31defca6f97dac931fea5bd182c801b6512065929b327443dad9421379e15b37e33a6d3b11e51bd6905c9df9ec15980e91f10c34607749085456e85c1aad9cae1d":"":"":"":"10001":518:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 519-bit complete pair
|
||||
mbedtls_rsa_import:"6de4c503dd2e6d74d6dbc95bdd85b177f3737c3da6b00860db6585d1026ae043450888773afd259ee52e7c70de86a1d805dec0d201b2cd9d91e5e1f323020b47b5":"f4c3d0904f80c3ee121aa94edda195415ddd21e4503ebbaf294993a649f896251":"72f01bc834d3eae97dea004f8af566b6030362fb3eb1063211d1dd699ece87225":"8361ce69203631864e99d5d28eb517c760b7e101941740ed0b6004ec2d07b9b6982132c9cff11ef49f715b04b6d76edd0e936b05efb4acf2cfdf6ea58f1149b41":"10001":519:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 519-bit public
|
||||
mbedtls_rsa_import:"6de4c503dd2e6d74d6dbc95bdd85b177f3737c3da6b00860db6585d1026ae043450888773afd259ee52e7c70de86a1d805dec0d201b2cd9d91e5e1f323020b47b5":"":"":"":"10001":519:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 520-bit complete pair
|
||||
mbedtls_rsa_import:"c27fbd5b63f60f14b6fbbda29444aa6639cef01ec2b89b607ca0e5cf64f4f8ea41131c8c2a0204099b2030c8b155553404464fb351a7b44e77138412164997de31":"feb75ab38c05618105c1d7f1459475520cb64d8b477804f6f48b2bcc44ca6c147":"c37ab0c657015601027454c1e45d4abc85f7177d0757312b2811d4dc46f1b60c7":"4b4d2365a79cd317e5042fd62aeb2ec1a72dec1f2caa4655a3cab34e893aa2c81c06e18bd79a0d247dc109ab540c7eb6bf8ef27f02de66e4d8dc511bff7ce33c15":"10001":520:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 520-bit public
|
||||
mbedtls_rsa_import:"c27fbd5b63f60f14b6fbbda29444aa6639cef01ec2b89b607ca0e5cf64f4f8ea41131c8c2a0204099b2030c8b155553404464fb351a7b44e77138412164997de31":"":"":"":"10001":520:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 521-bit complete pair
|
||||
mbedtls_rsa_import:"1993ce720408e69a459c96df92b90040b88b0f7234c46b96413d177ed08e562c9b7ed7c1fb351cafc4028d3d9a9792e35ddb8a3770cc5cf7011f778f78e75ff60af":"1f2d345a210b5f085447d9534abe78d77e820dddbb24b2eb334b7c6ba91634a0f9":"d205f332807775231b96e06f47e7c0cec8981f41c6b6e6a96eafdbc40773b20e7":"15ec8c594efc122ecadc9eb6a59dce89aba607676db3b044eb46e28ce15820a5b984349a7b74a9f86c17a8503f29c0cc5b3f68790653bce30d8b0a5ba7730a16b1":"10001":521:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 521-bit public
|
||||
mbedtls_rsa_import:"1993ce720408e69a459c96df92b90040b88b0f7234c46b96413d177ed08e562c9b7ed7c1fb351cafc4028d3d9a9792e35ddb8a3770cc5cf7011f778f78e75ff60af":"":"":"":"10001":521:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 522-bit complete pair
|
||||
mbedtls_rsa_import:"2eeccbdf4fb0385fefd27583bdc9ac8b99e57fd6acf0c71010ae65ee0531dbf45686bb737a2a64124ab2f695a73394f7d5dd2ba7a668d872684cb49e12a7d6a49ad":"1c5785f5108bb49e43ee0b3d7261eb0efe10334ac101893a59d67e79fb3f640951":"1a7da635573970c989ca4aaa051d3a51641eed09516f8200d15effb86c3082a39d":"1e2042a744c6f2fa8cc28655a5140425c010fa68fdb0bb6c51f95551619e68034d128406fa6fc7ccd5d35a493ee8ecf98b9e987fed18353ff7e0d50ae0b65f2b841":"10001":522:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 522-bit public
|
||||
mbedtls_rsa_import:"2eeccbdf4fb0385fefd27583bdc9ac8b99e57fd6acf0c71010ae65ee0531dbf45686bb737a2a64124ab2f695a73394f7d5dd2ba7a668d872684cb49e12a7d6a49ad":"":"":"":"10001":522:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 523-bit complete pair
|
||||
mbedtls_rsa_import:"6a8c9774b37c37d6f6c95aaf60ab27ebb426a26cd6b22fa44fe1e09f4fa47abeac2d1f84aaff436ef3f07801c617a1f990ca4ece42388d1493723ee9768730d8799":"36f10cb3d7fa6af6616991827dd988fd0687761243126e563a24977d95b3075855":"1f0771656d359a2d4907ded0e0471e27242a59f89e30a4e21fc3cffb5da3dd4635":"4cafcdde87c452e85c0d06410dc1826509ef789dff5496279bfb05d183dfed1c452fda00deb3b345fc31cd255aa1c7e2f19e50191793a7b16e6340f0723e0d5ad11":"10001":523:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 523-bit public
|
||||
mbedtls_rsa_import:"6a8c9774b37c37d6f6c95aaf60ab27ebb426a26cd6b22fa44fe1e09f4fa47abeac2d1f84aaff436ef3f07801c617a1f990ca4ece42388d1493723ee9768730d8799":"":"":"":"10001":523:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 524-bit complete pair
|
||||
mbedtls_rsa_import:"c04c05bc77eca9c05702402622b3855ac150a737132c66d6900dc8f512e752f32ce3c777d51da5cca9105b7f8f57da571cec42a450d49e43ea359538acb3610dacf":"3f78102778bec177c9bb4f313a29afbb9c2d0089539f57aeb2976b59d17b1de699":"3079f8628b827258bb785cd0bb40623207ecf6194e65871571bf004bf0c537f5a7":"9c161921de060fd3bbcc6bdd8895474d5f54e425e43e4a4b272ac94f844498241d41f7ee7a6b90775cf5a73b3ce3015b15620494130e9198550cb3f07bdba184ac1":"10001":524:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 524-bit public
|
||||
mbedtls_rsa_import:"c04c05bc77eca9c05702402622b3855ac150a737132c66d6900dc8f512e752f32ce3c777d51da5cca9105b7f8f57da571cec42a450d49e43ea359538acb3610dacf":"":"":"":"10001":524:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 525-bit complete pair
|
||||
mbedtls_rsa_import:"18197b4f054a0347a8e81576cf16fdb5d22ce9bb71b11df029c30e047b418ebb4b2d759f8c72f9b24a79b46ddeeeadb17b197911442f6e7bf3ea2106752e901c64fb":"676ee11f6bb61d7094148bb326d0267eb7a105549d72d360707001af8e03ecc6dd":"3ba5a5ba28f8adee0883947963c037e3a2c9e557b3edc5cca35b155e63ed3ae1b7":"d75e61ecbe87c0e817427d0f57874fb224a7dbe79912114ac6ecb1c8bafa146512b1b728d2d860e96fd283ae981ebb3272647841cdd254a5e1f075eb17df596e2c9":"10001":525:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 525-bit public
|
||||
mbedtls_rsa_import:"18197b4f054a0347a8e81576cf16fdb5d22ce9bb71b11df029c30e047b418ebb4b2d759f8c72f9b24a79b46ddeeeadb17b197911442f6e7bf3ea2106752e901c64fb":"":"":"":"10001":525:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 526-bit complete pair
|
||||
mbedtls_rsa_import:"2de74b63625125b31a3d4ae2719d74dae2a0dacb84f220c295e8fea55080b3bacad98593ef3dd710a949b84498ba59ac0353f8e6cd4355e9bfc0ddef8ef25ce41309":"766d695ac399679b33cdc68e7bf9b604d922dee04fa60a4aa2fab3263a8b323109":"633a53fef2f6b08daddd9e496625819753284b72f41290dcc8db82e55746555201":"1ff9c25614a29a344cceed5f17edaafcde69567ff6b80382089328ef57488fea49d3e660180107bb0b1770005d814216dbd493fd7aae4891fb2320226615d67e4001":"10001":526:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 526-bit public
|
||||
mbedtls_rsa_import:"2de74b63625125b31a3d4ae2719d74dae2a0dacb84f220c295e8fea55080b3bacad98593ef3dd710a949b84498ba59ac0353f8e6cd4355e9bfc0ddef8ef25ce41309":"":"":"":"10001":526:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 527-bit complete pair
|
||||
mbedtls_rsa_import:"54e6bb611922620e32e0e402446e3a2b8eb1be1f44a750a833ac56635a2aca00fa20cdddf6d185e60623da0ba4dd33011d5df7f7f69d95c98c4ca7fddde08ec209db":"d36b6f6e6828bc2cb35b9b5ecca60ea4d33406b11ff4fafc3b439f3fa9c521733b":"66cdc1ad01f31f5eeafff4774bf4ba95ccb58a5afae6744b560e7181f8b0a119e1":"32e1d958f7044939f33a1ecc5110b2a21a31e21cc13b793665499ab88e78687a2eb19a570263370532aac0c418867027c6275b604899b26f9913a10aaacb7895ddc1":"10001":527:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 527-bit public
|
||||
mbedtls_rsa_import:"54e6bb611922620e32e0e402446e3a2b8eb1be1f44a750a833ac56635a2aca00fa20cdddf6d185e60623da0ba4dd33011d5df7f7f69d95c98c4ca7fddde08ec209db":"":"":"":"10001":527:0:0:0:0
|
||||
|
||||
RSA Import (N,P,Q,D,E) 528-bit complete pair
|
||||
mbedtls_rsa_import:"d158d6f8bf79fd0721ad50c08ada2f023bec6970a43cc709dba277046d6e2cfd65b72239c7856c7aea7d40906c4880ce828dc4906d364600cd2dd62a284c9ebfcb59":"ebdbfc4ea38f0dac4032c21663be46d045ce4bec7e6d2d773980fd92ca6aaf0f73":"e33947ec6dccc2ca956495f34923b00a490fdfef67b5332d6f084dccf58191af03":"b2e7b0373e337b1848207c5d3f8c7c15f5adf0e1f1897b33a27e7225d77b0b79b4928fd89ca267c7b334fa39949397a8870a204c9b9e98037bfd8716f0dec4802d3d":"10001":528:0:1:0:0
|
||||
|
||||
RSA Import (N,-,-,-,E) 528-bit public
|
||||
mbedtls_rsa_import:"d158d6f8bf79fd0721ad50c08ada2f023bec6970a43cc709dba277046d6e2cfd65b72239c7856c7aea7d40906c4880ce828dc4906d364600cd2dd62a284c9ebfcb59":"":"":"":"10001":528:0:0:0:0
|
||||
|
||||
RSA Import Raw (N,P,Q,D,E), complete private key
|
||||
mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0:0
|
||||
|
@ -662,7 +764,7 @@ RSA parse private key - correct values, extra integer inside the SEQUENCE
|
|||
rsa_parse_pkcs1_key:0:"3066020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c020100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
RSA parse private key - correct values, extra integer outside the SEQUENCE
|
||||
rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c020100":0
|
||||
rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c020100":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSA parse private key - correct values, n wrong tag
|
||||
rsa_parse_pkcs1_key:0:"3063020100FF1100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
@ -707,7 +809,7 @@ RSA parse public key - public exponent 0
|
|||
rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203000000":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSA parse public key - wrong sequence length
|
||||
rsa_parse_pkcs1_key:1:"308188028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
rsa_parse_pkcs1_key:1:"308188028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSA parse public key - wrong modulus length
|
||||
rsa_parse_pkcs1_key:1:"308189028180009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
@ -725,7 +827,7 @@ RSA parse public key - correct values, extra integer inside the SEQUENCE
|
|||
rsa_parse_pkcs1_key:1:"30818c028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001020100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
RSA parse public key - correct values, extra integer outside the SEQUENCE
|
||||
rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001020100":0
|
||||
rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001020100":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
|
||||
|
||||
RSA priv key write - incremental output buffer size
|
||||
rsa_key_write_incremental:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c"
|
||||
|
|
|
@ -183,7 +183,8 @@ void mbedtls_rsa_pkcs1_sign(data_t *message_str, int padding_mode,
|
|||
TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
|
||||
|
||||
TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
|
||||
TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
|
||||
|
||||
|
@ -221,7 +222,8 @@ void mbedtls_rsa_pkcs1_verify(data_t *message_str, int padding_mode,
|
|||
TEST_ASSERT(mbedtls_test_read_mpi(&N, input_N) == 0);
|
||||
TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
|
||||
TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
|
||||
|
||||
TEST_ASSERT(mbedtls_rsa_pkcs1_verify(&ctx, digest, message_str->len, message_str->x,
|
||||
|
@ -262,7 +264,8 @@ void rsa_pkcs1_sign_raw(data_t *hash_result,
|
|||
TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
|
||||
|
||||
TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
|
||||
TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
|
||||
|
||||
|
@ -305,7 +308,8 @@ void rsa_pkcs1_verify_raw(data_t *hash_result,
|
|||
TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
|
||||
|
||||
TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
|
||||
TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
|
||||
|
||||
|
||||
|
@ -341,7 +345,8 @@ void mbedtls_rsa_pkcs1_encrypt(data_t *message_str, int padding_mode,
|
|||
TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
|
||||
|
||||
TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
|
||||
TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
|
||||
|
||||
|
||||
|
@ -382,7 +387,8 @@ void rsa_pkcs1_encrypt_bad_rng(data_t *message_str, int padding_mode,
|
|||
TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
|
||||
|
||||
TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
|
||||
TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
|
||||
|
||||
|
||||
|
@ -432,7 +438,8 @@ void mbedtls_rsa_pkcs1_decrypt(data_t *message_str, int padding_mode,
|
|||
TEST_ASSERT(mbedtls_test_read_mpi(&E, input_E) == 0);
|
||||
|
||||
TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
|
||||
TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
|
||||
|
||||
|
@ -477,8 +484,9 @@ void mbedtls_rsa_public(data_t *message_str, int mod,
|
|||
TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, NULL, NULL, NULL, &E) == 0);
|
||||
|
||||
/* Check test data consistency */
|
||||
TEST_ASSERT(message_str->len == (size_t) (mod / 8));
|
||||
TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
|
||||
TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
|
||||
TEST_ASSERT(mbedtls_rsa_check_pubkey(&ctx) == 0);
|
||||
|
||||
TEST_ASSERT(mbedtls_rsa_public(&ctx, message_str->x, output) == result);
|
||||
|
@ -537,8 +545,9 @@ void mbedtls_rsa_private(data_t *message_str, int mod,
|
|||
TEST_ASSERT(mbedtls_rsa_import(&ctx, &N, &P, &Q, NULL, &E) == 0);
|
||||
|
||||
/* Check test data consistency */
|
||||
TEST_ASSERT(message_str->len == (size_t) (mod / 8));
|
||||
TEST_ASSERT(mbedtls_rsa_get_len(&ctx) == (size_t) (mod / 8));
|
||||
TEST_EQUAL(message_str->len, (size_t) ((mod + 7) / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (size_t) ((mod + 7) / 8));
|
||||
TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), (size_t) mod);
|
||||
TEST_ASSERT(mbedtls_rsa_complete(&ctx) == 0);
|
||||
TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == 0);
|
||||
|
||||
|
@ -851,6 +860,7 @@ void mbedtls_rsa_import(char *input_N,
|
|||
char *input_Q,
|
||||
char *input_D,
|
||||
char *input_E,
|
||||
int bitlen,
|
||||
int successive,
|
||||
int is_priv,
|
||||
int res_check,
|
||||
|
@ -936,6 +946,9 @@ void mbedtls_rsa_import(char *input_N,
|
|||
/* On expected success, perform some public and private
|
||||
* key operations to check if the key is working properly. */
|
||||
if (res_complete == 0) {
|
||||
TEST_EQUAL(mbedtls_rsa_get_bitlen(&ctx), bitlen);
|
||||
TEST_EQUAL(mbedtls_rsa_get_len(&ctx), (bitlen + 7) / 8);
|
||||
|
||||
if (is_priv) {
|
||||
TEST_ASSERT(mbedtls_rsa_check_privkey(&ctx) == res_check);
|
||||
} else {
|
||||
|
|
|
@ -3274,11 +3274,23 @@ elliptic_curve_get_properties
|
|||
TLS 1.3 resume session with ticket
|
||||
tls13_resume_session_with_ticket
|
||||
|
||||
TLS 1.3 early data, reference
|
||||
tls13_early_data:TEST_EARLY_DATA_REFERENCE
|
||||
TLS 1.3 early data, early data accepted
|
||||
tls13_early_data:TEST_EARLY_DATA_ACCEPTED
|
||||
|
||||
TLS 1.3 early data, deprotect and discard
|
||||
tls13_early_data:TEST_EARLY_DATA_DEPROTECT_AND_DISCARD
|
||||
TLS 1.3 early data, server rejects early data
|
||||
tls13_early_data:TEST_EARLY_DATA_SERVER_REJECTS
|
||||
|
||||
TLS 1.3 early data, discard after HRR
|
||||
tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR
|
||||
tls13_early_data:TEST_EARLY_DATA_HRR
|
||||
|
||||
TLS 1.3 cli, early data status, early data accepted
|
||||
tls13_cli_early_data_status:TEST_EARLY_DATA_ACCEPTED
|
||||
|
||||
TLS 1.3 cli, early data status, no early data indication
|
||||
tls13_cli_early_data_status:TEST_EARLY_DATA_NO_INDICATION_SENT
|
||||
|
||||
TLS 1.3 cli, early data status, server rejects early data
|
||||
tls13_cli_early_data_status:TEST_EARLY_DATA_SERVER_REJECTS
|
||||
|
||||
TLS 1.3 cli, early data status, hello retry request
|
||||
tls13_cli_early_data_status:TEST_EARLY_DATA_HRR
|
||||
|
|
|
@ -13,9 +13,10 @@
|
|||
#define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 }
|
||||
|
||||
/* Mnemonics for the early data test scenarios */
|
||||
#define TEST_EARLY_DATA_REFERENCE 0
|
||||
#define TEST_EARLY_DATA_DEPROTECT_AND_DISCARD 1
|
||||
#define TEST_EARLY_DATA_DISCARD_AFTER_HRR 2
|
||||
#define TEST_EARLY_DATA_ACCEPTED 0
|
||||
#define TEST_EARLY_DATA_NO_INDICATION_SENT 1
|
||||
#define TEST_EARLY_DATA_SERVER_REJECTS 2
|
||||
#define TEST_EARLY_DATA_HRR 3
|
||||
|
||||
#if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
|
||||
defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \
|
||||
|
@ -2457,7 +2458,7 @@ void mbedtls_endpoint_sanity(int endpoint_type)
|
|||
MD_OR_USE_PSA_INIT();
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, &options,
|
||||
NULL, NULL, NULL, NULL);
|
||||
NULL, NULL, NULL);
|
||||
TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, options.pk_alg,
|
||||
|
@ -2465,7 +2466,7 @@ void mbedtls_endpoint_sanity(int endpoint_type)
|
|||
TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, &options,
|
||||
NULL, NULL, NULL, NULL);
|
||||
NULL, NULL, NULL);
|
||||
TEST_ASSERT(ret == 0);
|
||||
|
||||
exit:
|
||||
|
@ -2509,14 +2510,14 @@ void move_handshake_to_state(int endpoint_type, int tls_version, int state, int
|
|||
mbedtls_platform_zeroize(&second_ep, sizeof(second_ep));
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type, &options,
|
||||
NULL, NULL, NULL, NULL);
|
||||
NULL, NULL, NULL);
|
||||
TEST_ASSERT(ret == 0);
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_init(
|
||||
&second_ep,
|
||||
(endpoint_type == MBEDTLS_SSL_IS_SERVER) ?
|
||||
MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
|
||||
&options, NULL, NULL, NULL, NULL);
|
||||
&options, NULL, NULL, NULL);
|
||||
|
||||
TEST_ASSERT(ret == 0);
|
||||
|
||||
|
@ -3069,11 +3070,10 @@ void force_bad_session_id_len()
|
|||
|
||||
TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
|
||||
&options, NULL, NULL,
|
||||
NULL, NULL) == 0);
|
||||
NULL) == 0);
|
||||
|
||||
TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
|
||||
&options, NULL, NULL, NULL,
|
||||
NULL) == 0);
|
||||
&options, NULL, NULL, NULL) == 0);
|
||||
|
||||
mbedtls_debug_set_threshold(1);
|
||||
mbedtls_ssl_conf_dbg(&server.conf, options.srv_log_fun,
|
||||
|
@ -3248,8 +3248,9 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key)
|
|||
mbedtls_test_ssl_endpoint client, server;
|
||||
mbedtls_psa_stats_t stats;
|
||||
size_t free_slots_before = -1;
|
||||
mbedtls_test_handshake_test_options options;
|
||||
mbedtls_test_init_handshake_options(&options);
|
||||
mbedtls_test_handshake_test_options client_options, server_options;
|
||||
mbedtls_test_init_handshake_options(&client_options);
|
||||
mbedtls_test_init_handshake_options(&server_options);
|
||||
|
||||
uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
|
||||
|
@ -3257,21 +3258,22 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key)
|
|||
mbedtls_platform_zeroize(&client, sizeof(client));
|
||||
mbedtls_platform_zeroize(&server, sizeof(server));
|
||||
|
||||
options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
|
||||
/* Client side, force SECP256R1 to make one key bitflip fail
|
||||
* the raw key agreement. Flipping the first byte makes the
|
||||
* required 0x04 identifier invalid. */
|
||||
client_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
client_options.group_list = iana_tls_group_list;
|
||||
TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
|
||||
&options, NULL, NULL,
|
||||
NULL, iana_tls_group_list), 0);
|
||||
&client_options, NULL, NULL,
|
||||
NULL), 0);
|
||||
|
||||
/* Server side */
|
||||
server_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
server_options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
server_options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
|
||||
&options, NULL, NULL,
|
||||
NULL, NULL), 0);
|
||||
&server_options, NULL, NULL,
|
||||
NULL), 0);
|
||||
|
||||
TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket),
|
||||
&(server.socket),
|
||||
|
@ -3307,7 +3309,8 @@ void raw_key_agreement_fail(int bad_server_ecdhe_key)
|
|||
exit:
|
||||
mbedtls_test_ssl_endpoint_free(&client, NULL);
|
||||
mbedtls_test_ssl_endpoint_free(&server, NULL);
|
||||
mbedtls_test_free_handshake_options(&options);
|
||||
mbedtls_test_free_handshake_options(&client_options);
|
||||
mbedtls_test_free_handshake_options(&server_options);
|
||||
|
||||
MD_OR_USE_PSA_DONE();
|
||||
}
|
||||
|
@ -3336,15 +3339,13 @@ void tls13_server_certificate_msg_invalid_vector_len()
|
|||
|
||||
client_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
|
||||
&client_options, NULL, NULL, NULL,
|
||||
NULL);
|
||||
&client_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
mbedtls_test_init_handshake_options(&server_options);
|
||||
server_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
|
||||
&server_options, NULL, NULL, NULL,
|
||||
NULL);
|
||||
&server_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
|
||||
|
@ -3572,15 +3573,11 @@ exit:
|
|||
void tls13_resume_session_with_ticket()
|
||||
{
|
||||
int ret = -1;
|
||||
unsigned char buf[64];
|
||||
mbedtls_test_ssl_endpoint client_ep, server_ep;
|
||||
mbedtls_test_handshake_test_options client_options;
|
||||
mbedtls_test_handshake_test_options server_options;
|
||||
mbedtls_ssl_session saved_session;
|
||||
|
||||
/*
|
||||
* Test set-up
|
||||
*/
|
||||
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
|
||||
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
|
||||
mbedtls_test_init_handshake_options(&client_options);
|
||||
|
@ -3589,16 +3586,27 @@ void tls13_resume_session_with_ticket()
|
|||
|
||||
PSA_INIT();
|
||||
|
||||
/*
|
||||
* Run first handshake to get a ticket from the server.
|
||||
*/
|
||||
client_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
|
||||
&client_options, NULL, NULL, NULL,
|
||||
NULL);
|
||||
server_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
|
||||
ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options,
|
||||
&saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Prepare for handshake with the ticket.
|
||||
*/
|
||||
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
|
||||
&client_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
server_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
|
||||
&server_options, NULL, NULL, NULL,
|
||||
NULL);
|
||||
&server_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
|
||||
mbedtls_test_ticket_write,
|
||||
mbedtls_test_ticket_parse,
|
||||
|
@ -3609,41 +3617,12 @@ void tls13_resume_session_with_ticket()
|
|||
&(server_ep.socket), 1024);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Run initial handshake: ephemeral key exchange mode, certificate with
|
||||
* SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature
|
||||
* algorithm. Then, get the ticket sent by the server at the end of its
|
||||
* handshake sequence.
|
||||
*/
|
||||
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
|
||||
&(server_ep.ssl), &(client_ep.ssl),
|
||||
MBEDTLS_SSL_HANDSHAKE_OVER), 0);
|
||||
|
||||
do {
|
||||
ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf));
|
||||
} while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET);
|
||||
|
||||
/*
|
||||
* Save client session and reset the SSL context of the two endpoints.
|
||||
*/
|
||||
ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_ssl_session_reset(&(client_ep.ssl));
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_ssl_session_reset(&(server_ep.ssl));
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Set saved session on client side and handshake using the ticket
|
||||
* included in that session.
|
||||
*/
|
||||
|
||||
ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Handshake with ticket.
|
||||
*
|
||||
* Run the handshake up to MBEDTLS_SSL_HANDSHAKE_WRAPUP and not
|
||||
* MBEDTLS_SSL_HANDSHAKE_OVER to preserve handshake data for the checks
|
||||
* below.
|
||||
|
@ -3690,9 +3669,6 @@ void tls13_early_data(int scenario)
|
|||
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
|
||||
};
|
||||
|
||||
/*
|
||||
* Test set-up
|
||||
*/
|
||||
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
|
||||
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
|
||||
mbedtls_test_init_handshake_options(&client_options);
|
||||
|
@ -3701,21 +3677,56 @@ void tls13_early_data(int scenario)
|
|||
|
||||
PSA_INIT();
|
||||
|
||||
client_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
|
||||
&client_options, NULL, NULL, NULL,
|
||||
group_list);
|
||||
TEST_EQUAL(ret, 0);
|
||||
mbedtls_ssl_conf_early_data(&client_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED);
|
||||
/*
|
||||
* Run first handshake to get a ticket from the server.
|
||||
*/
|
||||
|
||||
client_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
client_options.group_list = group_list;
|
||||
client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
|
||||
server_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
server_options.group_list = group_list;
|
||||
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
|
||||
|
||||
ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options,
|
||||
&saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Prepare for handshake with the ticket.
|
||||
*/
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_ACCEPTED:
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS:
|
||||
mbedtls_debug_set_threshold(3);
|
||||
server_pattern.pattern =
|
||||
"EarlyData: deprotect and discard app data records.";
|
||||
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
mbedtls_debug_set_threshold(3);
|
||||
server_pattern.pattern =
|
||||
"EarlyData: Ignore application message before 2nd ClientHello";
|
||||
server_options.group_list = group_list + 1;
|
||||
break;
|
||||
|
||||
default:
|
||||
TEST_FAIL("Unknown scenario.");
|
||||
}
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
|
||||
&client_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
|
||||
server_options.srv_log_obj = &server_pattern;
|
||||
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
|
||||
&server_options, NULL, NULL, NULL,
|
||||
group_list);
|
||||
&server_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
mbedtls_ssl_conf_early_data(&server_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED);
|
||||
|
||||
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
|
||||
mbedtls_test_ticket_write,
|
||||
mbedtls_test_ticket_parse,
|
||||
|
@ -3725,69 +3736,12 @@ void tls13_early_data(int scenario)
|
|||
&(server_ep.socket), 1024);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Run initial handshake: ephemeral key exchange mode, certificate with
|
||||
* SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature
|
||||
* algorithm. Then, get the ticket sent by the server at the end of its
|
||||
* handshake sequence.
|
||||
*/
|
||||
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
|
||||
&(server_ep.ssl), &(client_ep.ssl),
|
||||
MBEDTLS_SSL_HANDSHAKE_OVER), 0);
|
||||
|
||||
do {
|
||||
ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf));
|
||||
} while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET);
|
||||
|
||||
/*
|
||||
* Save client session and reset the SSL context of the two endpoints.
|
||||
*/
|
||||
ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_ssl_session_reset(&(client_ep.ssl));
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_ssl_session_reset(&(server_ep.ssl));
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Set saved session on client side and start handshake using the ticket
|
||||
* included in that session.
|
||||
*/
|
||||
|
||||
ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_REFERENCE:
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD:
|
||||
mbedtls_debug_set_threshold(3);
|
||||
server_pattern.pattern =
|
||||
"EarlyData: deprotect and discard app data records.";
|
||||
mbedtls_ssl_conf_early_data(&server_ep.conf,
|
||||
MBEDTLS_SSL_EARLY_DATA_DISABLED);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_DISCARD_AFTER_HRR:
|
||||
mbedtls_debug_set_threshold(3);
|
||||
server_pattern.pattern =
|
||||
"EarlyData: Ignore application message before 2nd ClientHello";
|
||||
mbedtls_ssl_conf_groups(&server_ep.conf, group_list + 1);
|
||||
/*
|
||||
* Need to reset again to reconstruct the group list in the
|
||||
* handshake structure from the configured one.
|
||||
*/
|
||||
ret = mbedtls_ssl_session_reset(&(server_ep.ssl));
|
||||
TEST_EQUAL(ret, 0);
|
||||
break;
|
||||
|
||||
default:
|
||||
TEST_FAIL("Unknown scenario.");
|
||||
}
|
||||
|
||||
/*
|
||||
* Handshake with ticket and send early data.
|
||||
*/
|
||||
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
|
||||
&(client_ep.ssl), &(server_ep.ssl),
|
||||
MBEDTLS_SSL_SERVER_HELLO), 0);
|
||||
|
@ -3804,7 +3758,7 @@ void tls13_early_data(int scenario)
|
|||
MBEDTLS_SSL_HANDSHAKE_WRAPUP);
|
||||
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_REFERENCE:
|
||||
case TEST_EARLY_DATA_ACCEPTED:
|
||||
TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA);
|
||||
TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 1);
|
||||
TEST_EQUAL(mbedtls_ssl_read_early_data(&(server_ep.ssl),
|
||||
|
@ -3812,8 +3766,8 @@ void tls13_early_data(int scenario)
|
|||
TEST_MEMORY_COMPARE(buf, early_data_len, early_data, early_data_len);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_DISCARD_AFTER_HRR:
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
TEST_EQUAL(ret, 0);
|
||||
TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0);
|
||||
TEST_EQUAL(server_pattern.counter, 1);
|
||||
|
@ -3834,3 +3788,316 @@ exit:
|
|||
PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */
|
||||
void tls13_cli_early_data_status(int scenario)
|
||||
{
|
||||
int ret = -1;
|
||||
mbedtls_test_ssl_endpoint client_ep, server_ep;
|
||||
mbedtls_test_handshake_test_options client_options;
|
||||
mbedtls_test_handshake_test_options server_options;
|
||||
mbedtls_ssl_session saved_session;
|
||||
uint16_t group_list[3] = {
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
|
||||
};
|
||||
|
||||
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
|
||||
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
|
||||
mbedtls_test_init_handshake_options(&client_options);
|
||||
mbedtls_test_init_handshake_options(&server_options);
|
||||
mbedtls_ssl_session_init(&saved_session);
|
||||
|
||||
PSA_INIT();
|
||||
|
||||
/*
|
||||
* Run first handshake to get a ticket from the server.
|
||||
*/
|
||||
client_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
|
||||
server_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
|
||||
if (scenario == TEST_EARLY_DATA_HRR) {
|
||||
client_options.group_list = group_list;
|
||||
server_options.group_list = group_list;
|
||||
}
|
||||
|
||||
ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options,
|
||||
&saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Prepare for handshake with the ticket.
|
||||
*/
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_ACCEPTED:
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_NO_INDICATION_SENT:
|
||||
client_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS:
|
||||
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
server_options.group_list = group_list + 1;
|
||||
break;
|
||||
|
||||
default:
|
||||
TEST_FAIL("Unknown scenario.");
|
||||
}
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
|
||||
&client_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
|
||||
&server_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
|
||||
mbedtls_test_ticket_write,
|
||||
mbedtls_test_ticket_parse,
|
||||
NULL);
|
||||
|
||||
ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
|
||||
&(server_ep.socket), 1024);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Go through the handshake sequence, state by state, checking the early
|
||||
* data status each time.
|
||||
*/
|
||||
do {
|
||||
int state = client_ep.ssl.state;
|
||||
|
||||
/* Progress the handshake from at least one state */
|
||||
while (client_ep.ssl.state == state) {
|
||||
ret = mbedtls_ssl_handshake_step(&(client_ep.ssl));
|
||||
TEST_ASSERT((ret == 0) ||
|
||||
(ret == MBEDTLS_ERR_SSL_WANT_READ) ||
|
||||
(ret == MBEDTLS_ERR_SSL_WANT_WRITE));
|
||||
if (client_ep.ssl.state != state) {
|
||||
break;
|
||||
}
|
||||
ret = mbedtls_ssl_handshake_step(&(server_ep.ssl));
|
||||
TEST_ASSERT((ret == 0) ||
|
||||
(ret == MBEDTLS_ERR_SSL_WANT_READ) ||
|
||||
(ret == MBEDTLS_ERR_SSL_WANT_WRITE));
|
||||
}
|
||||
|
||||
switch (client_ep.ssl.state) {
|
||||
case MBEDTLS_SSL_CLIENT_HELLO:
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_NO_INDICATION_SENT: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
if (client_ep.ssl.handshake->hello_retry_request_count == 0) {
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_UNKNOWN);
|
||||
} else {
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
|
||||
}
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
case MBEDTLS_SSL_SERVER_HELLO:
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_NO_INDICATION_SENT:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
if (client_ep.ssl.handshake->hello_retry_request_count == 0) {
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE);
|
||||
} else {
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
|
||||
}
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
case MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_CAN_WRITE);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_NO_INDICATION_SENT:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
case MBEDTLS_SSL_SERVER_FINISHED:
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_ACCEPTED:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_NO_INDICATION_SENT:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
case MBEDTLS_SSL_END_OF_EARLY_DATA:
|
||||
TEST_EQUAL(scenario, TEST_EARLY_DATA_ACCEPTED);
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED);
|
||||
break;
|
||||
|
||||
case MBEDTLS_SSL_CLIENT_CERTIFICATE:
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_ACCEPTED:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_NO_INDICATION_SENT:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
case MBEDTLS_SSL_CLIENT_FINISHED:
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_ACCEPTED:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_NO_INDICATION_SENT:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
|
||||
case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO:
|
||||
TEST_ASSERT(scenario != TEST_EARLY_DATA_NO_INDICATION_SENT);
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_ACCEPTED: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_SENT);
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
case MBEDTLS_SSL_CLIENT_CCS_BEFORE_2ND_CLIENT_HELLO:
|
||||
TEST_ASSERT(scenario == TEST_EARLY_DATA_HRR);
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
|
||||
break;
|
||||
|
||||
case MBEDTLS_SSL_CLIENT_CCS_AFTER_SERVER_FINISHED:
|
||||
TEST_ASSERT(scenario != TEST_EARLY_DATA_ACCEPTED);
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_NO_INDICATION_SENT:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
|
||||
break;
|
||||
}
|
||||
break;
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
|
||||
|
||||
case MBEDTLS_SSL_FLUSH_BUFFERS: /* Intentional fallthrough */
|
||||
case MBEDTLS_SSL_HANDSHAKE_WRAPUP: /* Intentional fallthrough */
|
||||
case MBEDTLS_SSL_HANDSHAKE_OVER:
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_ACCEPTED:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_SERVER_FINISHED_RECEIVED);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_NO_INDICATION_SENT:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
TEST_EQUAL(client_ep.ssl.early_data_status,
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED);
|
||||
break;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
TEST_FAIL("Unexpected state.");
|
||||
}
|
||||
} while (client_ep.ssl.state != MBEDTLS_SSL_HANDSHAKE_OVER);
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
|
||||
TEST_EQUAL(client_ep.ssl.handshake->ccs_count, 1);
|
||||
#endif
|
||||
|
||||
exit:
|
||||
mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
|
||||
mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
|
||||
mbedtls_test_free_handshake_options(&client_options);
|
||||
mbedtls_test_free_handshake_options(&server_options);
|
||||
mbedtls_ssl_session_free(&saved_session);
|
||||
PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
|
|
@ -1774,7 +1774,7 @@ x509parse_crt:"307d3068a0030201008204deadbeef300d06092a864886f70d01010b0500300c3
|
|||
|
||||
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring length)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
|
||||
x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY
|
||||
|
||||
X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
|
||||
|
|
Loading…
Reference in a new issue