Merge pull request #816 from ARMmbed/development
Merge recent commits from development into 2.26.0-rc
This commit is contained in:
commit
e483a77c85
32 changed files with 1993 additions and 901 deletions
|
@ -179,6 +179,9 @@ if(CMAKE_COMPILER_IS_GNU)
|
||||||
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
|
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
|
||||||
OUTPUT_VARIABLE GCC_VERSION)
|
OUTPUT_VARIABLE GCC_VERSION)
|
||||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings")
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings")
|
||||||
|
if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0)
|
||||||
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral")
|
||||||
|
endif()
|
||||||
if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
|
if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
|
||||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla")
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wvla")
|
||||||
endif()
|
endif()
|
||||||
|
@ -194,6 +197,9 @@ if(CMAKE_COMPILER_IS_GNU)
|
||||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness")
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness")
|
||||||
endif()
|
endif()
|
||||||
endif()
|
endif()
|
||||||
|
if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0)
|
||||||
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-overflow=2 -Wformat-truncation=2")
|
||||||
|
endif()
|
||||||
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
||||||
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
||||||
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
||||||
|
@ -204,7 +210,7 @@ if(CMAKE_COMPILER_IS_GNU)
|
||||||
endif(CMAKE_COMPILER_IS_GNU)
|
endif(CMAKE_COMPILER_IS_GNU)
|
||||||
|
|
||||||
if(CMAKE_COMPILER_IS_CLANG)
|
if(CMAKE_COMPILER_IS_CLANG)
|
||||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla")
|
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral")
|
||||||
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
||||||
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
||||||
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
||||||
|
|
10
ChangeLog.d/fix-printf-specifiers.txt
Normal file
10
ChangeLog.d/fix-printf-specifiers.txt
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
Bugfix
|
||||||
|
* Add printf function attributes to mbedtls_debug_print_msg to ensure we
|
||||||
|
get printf format specifier warnings.
|
||||||
|
Changes
|
||||||
|
* Add extra printf compiler warning flags to builds.
|
||||||
|
Requirement changes
|
||||||
|
* The library now uses the %zu format specifier with the printf() family of
|
||||||
|
functions, so requires a toolchain that supports it. This change does not
|
||||||
|
affect the maintained LTS branches, so when contributing changes please
|
||||||
|
bear this in mind and do not add them to backported code.
|
2
ChangeLog.d/fix_memsan_build_clang11.txt
Normal file
2
ChangeLog.d/fix_memsan_build_clang11.txt
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
Changes
|
||||||
|
* Fix memsan build false positive in x509_crt.c with clang 11
|
|
@ -80,6 +80,50 @@
|
||||||
|
|
||||||
#endif /* MBEDTLS_DEBUG_C */
|
#endif /* MBEDTLS_DEBUG_C */
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_PRINTF_ATTRIBUTE
|
||||||
|
*
|
||||||
|
* Mark a function as having printf attributes, and thus enable checking
|
||||||
|
* via -wFormat and other flags. This does nothing on builds with compilers
|
||||||
|
* that do not support the format attribute
|
||||||
|
*
|
||||||
|
* Module: library/debug.c
|
||||||
|
* Caller:
|
||||||
|
*
|
||||||
|
* This module provides debugging functions.
|
||||||
|
*/
|
||||||
|
#if defined(__has_attribute)
|
||||||
|
#if __has_attribute(format)
|
||||||
|
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
|
||||||
|
__attribute__((format (printf, string_index, first_to_check)))
|
||||||
|
#else /* __has_attribute(format) */
|
||||||
|
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
|
||||||
|
#endif /* __has_attribute(format) */
|
||||||
|
#else /* defined(__has_attribute) */
|
||||||
|
#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \def MBEDTLS_PRINTF_SIZET
|
||||||
|
*
|
||||||
|
* MBEDTLS_PRINTF_xxx: Due to issues with older window compilers
|
||||||
|
* and MinGW we need to define the printf specifier for size_t
|
||||||
|
* and long long per platform.
|
||||||
|
*
|
||||||
|
* Module: library/debug.c
|
||||||
|
* Caller:
|
||||||
|
*
|
||||||
|
* This module provides debugging functions.
|
||||||
|
*/
|
||||||
|
#if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800)
|
||||||
|
#include <inttypes.h>
|
||||||
|
#define MBEDTLS_PRINTF_SIZET PRIuPTR
|
||||||
|
#define MBEDTLS_PRINTF_LONGLONG "I64d"
|
||||||
|
#else /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */
|
||||||
|
#define MBEDTLS_PRINTF_SIZET "zu"
|
||||||
|
#define MBEDTLS_PRINTF_LONGLONG "lld"
|
||||||
|
#endif /* defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER < 1800) */
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
@ -118,7 +162,7 @@ void mbedtls_debug_set_threshold( int threshold );
|
||||||
*/
|
*/
|
||||||
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
||||||
const char *file, int line,
|
const char *file, int line,
|
||||||
const char *format, ... );
|
const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Print the return value of a function to the debug output. This
|
* \brief Print the return value of a function to the debug output. This
|
||||||
|
|
|
@ -65,8 +65,6 @@
|
||||||
*
|
*
|
||||||
* \return The hash size for the specified hash algorithm.
|
* \return The hash size for the specified hash algorithm.
|
||||||
* If the hash algorithm is not recognized, return 0.
|
* If the hash algorithm is not recognized, return 0.
|
||||||
* An implementation may return either 0 or the correct size
|
|
||||||
* for a hash algorithm that it recognizes, but does not support.
|
|
||||||
*/
|
*/
|
||||||
#define PSA_HASH_LENGTH(alg) \
|
#define PSA_HASH_LENGTH(alg) \
|
||||||
( \
|
( \
|
||||||
|
@ -91,9 +89,8 @@
|
||||||
*
|
*
|
||||||
* Maximum size of a hash.
|
* Maximum size of a hash.
|
||||||
*
|
*
|
||||||
* This macro must expand to a compile-time constant integer. This value
|
* This macro expands to a compile-time constant integer. This value
|
||||||
* should be the maximum size of a hash supported by the implementation,
|
* is the maximum size of a hash in bytes.
|
||||||
* in bytes, and must be no smaller than this maximum.
|
|
||||||
*/
|
*/
|
||||||
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
|
/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226,
|
||||||
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
|
* 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for
|
||||||
|
@ -110,9 +107,8 @@
|
||||||
*
|
*
|
||||||
* Maximum size of a MAC.
|
* Maximum size of a MAC.
|
||||||
*
|
*
|
||||||
* This macro must expand to a compile-time constant integer. This value
|
* This macro expands to a compile-time constant integer. This value
|
||||||
* should be the maximum size of a MAC supported by the implementation,
|
* is the maximum size of a MAC in bytes.
|
||||||
* in bytes, and must be no smaller than this maximum.
|
|
||||||
*/
|
*/
|
||||||
/* All non-HMAC MACs have a maximum size that's smaller than the
|
/* All non-HMAC MACs have a maximum size that's smaller than the
|
||||||
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
|
* minimum possible value of PSA_HASH_MAX_SIZE in this implementation. */
|
||||||
|
@ -132,15 +128,18 @@
|
||||||
* tag that can be distinguished from the rest of
|
* tag that can be distinguished from the rest of
|
||||||
* the ciphertext, return 0.
|
* the ciphertext, return 0.
|
||||||
* If the AEAD algorithm is not recognized, return 0.
|
* If the AEAD algorithm is not recognized, return 0.
|
||||||
* An implementation may return either 0 or a
|
|
||||||
* correct size for an AEAD algorithm that it
|
|
||||||
* recognizes, but does not support.
|
|
||||||
*/
|
*/
|
||||||
#define PSA_AEAD_TAG_LENGTH(alg) \
|
#define PSA_AEAD_TAG_LENGTH(alg) \
|
||||||
(PSA_ALG_IS_AEAD(alg) ? \
|
(PSA_ALG_IS_AEAD(alg) ? \
|
||||||
(((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
|
(((alg) & PSA_ALG_AEAD_TAG_LENGTH_MASK) >> PSA_AEAD_TAG_LENGTH_OFFSET) : \
|
||||||
0)
|
0)
|
||||||
|
|
||||||
|
/** The maximum tag size for all supported AEAD algorithms, in bytes.
|
||||||
|
*
|
||||||
|
* See also #PSA_AEAD_TAG_LENGTH(\p alg).
|
||||||
|
*/
|
||||||
|
#define PSA_AEAD_TAG_MAX_SIZE 16
|
||||||
|
|
||||||
/* The maximum size of an RSA key on this implementation, in bits.
|
/* The maximum size of an RSA key on this implementation, in bits.
|
||||||
* This is a vendor-specific macro.
|
* This is a vendor-specific macro.
|
||||||
*
|
*
|
||||||
|
@ -205,7 +204,7 @@
|
||||||
*/
|
*/
|
||||||
#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
|
#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128
|
||||||
|
|
||||||
/** The maximum size of a block cipher supported by the implementation. */
|
/** The maximum size of a block cipher. */
|
||||||
#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
|
#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16
|
||||||
|
|
||||||
/** The size of the output of psa_mac_sign_finish(), in bytes.
|
/** The size of the output of psa_mac_sign_finish(), in bytes.
|
||||||
|
@ -242,6 +241,10 @@
|
||||||
* insufficient buffer size. Depending on the algorithm, the actual size of
|
* insufficient buffer size. Depending on the algorithm, the actual size of
|
||||||
* the ciphertext may be smaller.
|
* the ciphertext may be smaller.
|
||||||
*
|
*
|
||||||
|
* \warning This macro may evaluate its arguments multiple times or
|
||||||
|
* zero times, so you should not pass arguments that contain
|
||||||
|
* side effects.
|
||||||
|
*
|
||||||
* \param alg An AEAD algorithm
|
* \param alg An AEAD algorithm
|
||||||
* (\c PSA_ALG_XXX value such that
|
* (\c PSA_ALG_XXX value such that
|
||||||
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
||||||
|
@ -250,15 +253,33 @@
|
||||||
* \return The AEAD ciphertext size for the specified
|
* \return The AEAD ciphertext size for the specified
|
||||||
* algorithm.
|
* algorithm.
|
||||||
* If the AEAD algorithm is not recognized, return 0.
|
* If the AEAD algorithm is not recognized, return 0.
|
||||||
* An implementation may return either 0 or a
|
|
||||||
* correct size for an AEAD algorithm that it
|
|
||||||
* recognizes, but does not support.
|
|
||||||
*/
|
*/
|
||||||
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
|
#define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(alg, plaintext_length) \
|
||||||
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
|
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
|
||||||
(plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
|
(plaintext_length) + PSA_AEAD_TAG_LENGTH(alg) : \
|
||||||
0)
|
0)
|
||||||
|
|
||||||
|
/** A sufficient output buffer size for psa_aead_encrypt(), for any of the
|
||||||
|
* supported key types and AEAD algorithms.
|
||||||
|
*
|
||||||
|
* If the size of the ciphertext buffer is at least this large, it is guaranteed
|
||||||
|
* that psa_aead_encrypt() will not fail due to an insufficient buffer size.
|
||||||
|
*
|
||||||
|
* \note This macro returns a compile-time constant if its arguments are
|
||||||
|
* compile-time constants.
|
||||||
|
*
|
||||||
|
* See also #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\p alg, \p plaintext_length).
|
||||||
|
*
|
||||||
|
* \param plaintext_length Size of the plaintext in bytes.
|
||||||
|
*
|
||||||
|
* \return A sufficient output buffer size for any of the
|
||||||
|
* supported key types and AEAD algorithms.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#define PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(plaintext_length) \
|
||||||
|
((plaintext_length) + PSA_AEAD_TAG_MAX_SIZE)
|
||||||
|
|
||||||
|
|
||||||
/** The maximum size of the output of psa_aead_decrypt(), in bytes.
|
/** The maximum size of the output of psa_aead_decrypt(), in bytes.
|
||||||
*
|
*
|
||||||
* If the size of the plaintext buffer is at least this large, it is
|
* If the size of the plaintext buffer is at least this large, it is
|
||||||
|
@ -266,6 +287,10 @@
|
||||||
* insufficient buffer size. Depending on the algorithm, the actual size of
|
* insufficient buffer size. Depending on the algorithm, the actual size of
|
||||||
* the plaintext may be smaller.
|
* the plaintext may be smaller.
|
||||||
*
|
*
|
||||||
|
* \warning This macro may evaluate its arguments multiple times or
|
||||||
|
* zero times, so you should not pass arguments that contain
|
||||||
|
* side effects.
|
||||||
|
*
|
||||||
* \param alg An AEAD algorithm
|
* \param alg An AEAD algorithm
|
||||||
* (\c PSA_ALG_XXX value such that
|
* (\c PSA_ALG_XXX value such that
|
||||||
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
||||||
|
@ -274,15 +299,78 @@
|
||||||
* \return The AEAD ciphertext size for the specified
|
* \return The AEAD ciphertext size for the specified
|
||||||
* algorithm.
|
* algorithm.
|
||||||
* If the AEAD algorithm is not recognized, return 0.
|
* If the AEAD algorithm is not recognized, return 0.
|
||||||
* An implementation may return either 0 or a
|
|
||||||
* correct size for an AEAD algorithm that it
|
|
||||||
* recognizes, but does not support.
|
|
||||||
*/
|
*/
|
||||||
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
|
#define PSA_AEAD_DECRYPT_OUTPUT_SIZE(alg, ciphertext_length) \
|
||||||
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
|
(PSA_AEAD_TAG_LENGTH(alg) != 0 ? \
|
||||||
(ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
|
(ciphertext_length) - PSA_AEAD_TAG_LENGTH(alg) : \
|
||||||
0)
|
0)
|
||||||
|
|
||||||
|
/** A sufficient output buffer size for psa_aead_decrypt(), for any of the
|
||||||
|
* supported key types and AEAD algorithms.
|
||||||
|
*
|
||||||
|
* If the size of the plaintext buffer is at least this large, it is guaranteed
|
||||||
|
* that psa_aead_decrypt() will not fail due to an insufficient buffer size.
|
||||||
|
*
|
||||||
|
* \note This macro returns a compile-time constant if its arguments are
|
||||||
|
* compile-time constants.
|
||||||
|
*
|
||||||
|
* See also #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\p alg, \p ciphertext_length).
|
||||||
|
*
|
||||||
|
* \param ciphertext_length Size of the ciphertext in bytes.
|
||||||
|
*
|
||||||
|
* \return A sufficient output buffer size for any of the
|
||||||
|
* supported key types and AEAD algorithms.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#define PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(ciphertext_length) \
|
||||||
|
(ciphertext_length)
|
||||||
|
|
||||||
|
/** The default nonce size for an AEAD algorithm, in bytes.
|
||||||
|
*
|
||||||
|
* This macro can be used to allocate a buffer of sufficient size to
|
||||||
|
* store the nonce output from #psa_aead_generate_nonce().
|
||||||
|
*
|
||||||
|
* See also #PSA_AEAD_NONCE_MAX_SIZE.
|
||||||
|
*
|
||||||
|
* \note This is not the maximum size of nonce supported as input to
|
||||||
|
* #psa_aead_set_nonce(), #psa_aead_encrypt() or #psa_aead_decrypt(),
|
||||||
|
* just the default size that is generated by #psa_aead_generate_nonce().
|
||||||
|
*
|
||||||
|
* \warning This macro may evaluate its arguments multiple times or
|
||||||
|
* zero times, so you should not pass arguments that contain
|
||||||
|
* side effects.
|
||||||
|
*
|
||||||
|
* \param key_type A symmetric key type that is compatible with
|
||||||
|
* algorithm \p alg.
|
||||||
|
*
|
||||||
|
* \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that
|
||||||
|
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
||||||
|
*
|
||||||
|
* \return The default nonce size for the specified key type and algorithm.
|
||||||
|
* If the key type or AEAD algorithm is not recognized,
|
||||||
|
* or the parameters are incompatible, return 0.
|
||||||
|
*/
|
||||||
|
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
|
||||||
|
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 && \
|
||||||
|
(PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM || \
|
||||||
|
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM) ? 12 : \
|
||||||
|
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
|
||||||
|
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
|
||||||
|
0)
|
||||||
|
|
||||||
|
/** The maximum default nonce size among all supported pairs of key types and
|
||||||
|
* AEAD algorithms, in bytes.
|
||||||
|
*
|
||||||
|
* This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH()
|
||||||
|
* may return.
|
||||||
|
*
|
||||||
|
* \note This is not the maximum size of nonce supported as input to
|
||||||
|
* #psa_aead_set_nonce(), #psa_aead_encrypt() or #psa_aead_decrypt(),
|
||||||
|
* just the largest size that may be generated by
|
||||||
|
* #psa_aead_generate_nonce().
|
||||||
|
*/
|
||||||
|
#define PSA_AEAD_NONCE_MAX_SIZE 12
|
||||||
|
|
||||||
/** A sufficient output buffer size for psa_aead_update().
|
/** A sufficient output buffer size for psa_aead_update().
|
||||||
*
|
*
|
||||||
* If the size of the output buffer is at least this large, it is
|
* If the size of the output buffer is at least this large, it is
|
||||||
|
@ -290,6 +378,10 @@
|
||||||
* insufficient buffer size. The actual size of the output may be smaller
|
* insufficient buffer size. The actual size of the output may be smaller
|
||||||
* in any given call.
|
* in any given call.
|
||||||
*
|
*
|
||||||
|
* \warning This macro may evaluate its arguments multiple times or
|
||||||
|
* zero times, so you should not pass arguments that contain
|
||||||
|
* side effects.
|
||||||
|
*
|
||||||
* \param alg An AEAD algorithm
|
* \param alg An AEAD algorithm
|
||||||
* (\c PSA_ALG_XXX value such that
|
* (\c PSA_ALG_XXX value such that
|
||||||
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
* #PSA_ALG_IS_AEAD(\p alg) is true).
|
||||||
|
@ -298,19 +390,29 @@
|
||||||
* \return A sufficient output buffer size for the specified
|
* \return A sufficient output buffer size for the specified
|
||||||
* algorithm.
|
* algorithm.
|
||||||
* If the AEAD algorithm is not recognized, return 0.
|
* If the AEAD algorithm is not recognized, return 0.
|
||||||
* An implementation may return either 0 or a
|
|
||||||
* correct size for an AEAD algorithm that it
|
|
||||||
* recognizes, but does not support.
|
|
||||||
*/
|
*/
|
||||||
/* For all the AEAD modes defined in this specification, it is possible
|
/* For all the AEAD modes defined in this specification, it is possible
|
||||||
* to emit output without delay. However, hardware may not always be
|
* to emit output without delay. However, hardware may not always be
|
||||||
* capable of this. So for modes based on a block cipher, allow the
|
* capable of this. So for modes based on a block cipher, allow the
|
||||||
* implementation to delay the output until it has a full block. */
|
* implementation to delay the output until it has a full block. */
|
||||||
#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
|
#define PSA_AEAD_UPDATE_OUTPUT_SIZE(alg, input_length) \
|
||||||
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
|
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
|
||||||
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \
|
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)) : \
|
||||||
(input_length))
|
(input_length))
|
||||||
|
|
||||||
|
/** A sufficient output buffer size for psa_aead_update(), for any of the
|
||||||
|
* supported key types and AEAD algorithms.
|
||||||
|
*
|
||||||
|
* If the size of the output buffer is at least this large, it is guaranteed
|
||||||
|
* that psa_aead_update() will not fail due to an insufficient buffer size.
|
||||||
|
*
|
||||||
|
* See also #PSA_AEAD_UPDATE_OUTPUT_SIZE(\p alg, \p input_length).
|
||||||
|
*
|
||||||
|
* \param input_length Size of the input in bytes.
|
||||||
|
*/
|
||||||
|
#define PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_length) \
|
||||||
|
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, (input_length)))
|
||||||
|
|
||||||
/** A sufficient ciphertext buffer size for psa_aead_finish().
|
/** A sufficient ciphertext buffer size for psa_aead_finish().
|
||||||
*
|
*
|
||||||
* If the size of the ciphertext buffer is at least this large, it is
|
* If the size of the ciphertext buffer is at least this large, it is
|
||||||
|
@ -325,15 +427,19 @@
|
||||||
* \return A sufficient ciphertext buffer size for the
|
* \return A sufficient ciphertext buffer size for the
|
||||||
* specified algorithm.
|
* specified algorithm.
|
||||||
* If the AEAD algorithm is not recognized, return 0.
|
* If the AEAD algorithm is not recognized, return 0.
|
||||||
* An implementation may return either 0 or a
|
|
||||||
* correct size for an AEAD algorithm that it
|
|
||||||
* recognizes, but does not support.
|
|
||||||
*/
|
*/
|
||||||
#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
|
#define PSA_AEAD_FINISH_OUTPUT_SIZE(alg) \
|
||||||
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
|
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
|
||||||
PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
|
PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
|
||||||
0)
|
0)
|
||||||
|
|
||||||
|
/** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the
|
||||||
|
* supported key types and AEAD algorithms.
|
||||||
|
*
|
||||||
|
* See also #PSA_AEAD_FINISH_OUTPUT_SIZE(\p alg).
|
||||||
|
*/
|
||||||
|
#define PSA_AEAD_FINISH_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
|
||||||
|
|
||||||
/** A sufficient plaintext buffer size for psa_aead_verify().
|
/** A sufficient plaintext buffer size for psa_aead_verify().
|
||||||
*
|
*
|
||||||
* If the size of the plaintext buffer is at least this large, it is
|
* If the size of the plaintext buffer is at least this large, it is
|
||||||
|
@ -348,15 +454,19 @@
|
||||||
* \return A sufficient plaintext buffer size for the
|
* \return A sufficient plaintext buffer size for the
|
||||||
* specified algorithm.
|
* specified algorithm.
|
||||||
* If the AEAD algorithm is not recognized, return 0.
|
* If the AEAD algorithm is not recognized, return 0.
|
||||||
* An implementation may return either 0 or a
|
|
||||||
* correct size for an AEAD algorithm that it
|
|
||||||
* recognizes, but does not support.
|
|
||||||
*/
|
*/
|
||||||
#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \
|
#define PSA_AEAD_VERIFY_OUTPUT_SIZE(alg) \
|
||||||
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
|
(PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \
|
||||||
PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
|
PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE : \
|
||||||
0)
|
0)
|
||||||
|
|
||||||
|
/** A sufficient plaintext buffer size for psa_aead_verify(), for any of the
|
||||||
|
* supported key types and AEAD algorithms.
|
||||||
|
*
|
||||||
|
* See also #PSA_AEAD_VERIFY_OUTPUT_SIZE(\p alg).
|
||||||
|
*/
|
||||||
|
#define PSA_AEAD_VERIFY_OUTPUT_MAX_SIZE (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
|
||||||
|
|
||||||
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
|
#define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \
|
||||||
(PSA_ALG_IS_RSA_OAEP(alg) ? \
|
(PSA_ALG_IS_RSA_OAEP(alg) ? \
|
||||||
2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
|
2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \
|
||||||
|
@ -393,9 +503,8 @@
|
||||||
* a buffer size in bytes that guarantees that
|
* a buffer size in bytes that guarantees that
|
||||||
* psa_sign_hash() will not fail with
|
* psa_sign_hash() will not fail with
|
||||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||||
* If the parameters are a valid combination that is not supported
|
* If the parameters are a valid combination that is not supported,
|
||||||
* by the implementation, this macro shall return either a
|
* return either a sensible size or 0.
|
||||||
* sensible size or 0.
|
|
||||||
* If the parameters are not valid, the
|
* If the parameters are not valid, the
|
||||||
* return value is unspecified.
|
* return value is unspecified.
|
||||||
*/
|
*/
|
||||||
|
@ -411,9 +520,8 @@
|
||||||
*
|
*
|
||||||
* Maximum size of an asymmetric signature.
|
* Maximum size of an asymmetric signature.
|
||||||
*
|
*
|
||||||
* This macro must expand to a compile-time constant integer. This value
|
* This macro expands to a compile-time constant integer. This value
|
||||||
* should be the maximum size of a signature supported by the implementation,
|
* is the maximum size of a signature in bytes.
|
||||||
* in bytes, and must be no smaller than this maximum.
|
|
||||||
*/
|
*/
|
||||||
#define PSA_SIGNATURE_MAX_SIZE \
|
#define PSA_SIGNATURE_MAX_SIZE \
|
||||||
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
|
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS) > PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE ? \
|
||||||
|
@ -440,9 +548,8 @@
|
||||||
* a buffer size in bytes that guarantees that
|
* a buffer size in bytes that guarantees that
|
||||||
* psa_asymmetric_encrypt() will not fail with
|
* psa_asymmetric_encrypt() will not fail with
|
||||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||||
* If the parameters are a valid combination that is not supported
|
* If the parameters are a valid combination that is not supported,
|
||||||
* by the implementation, this macro shall return either a
|
* return either a sensible size or 0.
|
||||||
* sensible size or 0.
|
|
||||||
* If the parameters are not valid, the
|
* If the parameters are not valid, the
|
||||||
* return value is unspecified.
|
* return value is unspecified.
|
||||||
*/
|
*/
|
||||||
|
@ -451,6 +558,15 @@
|
||||||
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
|
((void)alg, PSA_BITS_TO_BYTES(key_bits)) : \
|
||||||
0)
|
0)
|
||||||
|
|
||||||
|
/** A sufficient output buffer size for psa_asymmetric_encrypt(), for any
|
||||||
|
* supported asymmetric encryption.
|
||||||
|
*
|
||||||
|
* See also #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg).
|
||||||
|
*/
|
||||||
|
/* This macro assumes that RSA is the only supported asymmetric encryption. */
|
||||||
|
#define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE \
|
||||||
|
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
|
||||||
|
|
||||||
/** Sufficient output buffer size for psa_asymmetric_decrypt().
|
/** Sufficient output buffer size for psa_asymmetric_decrypt().
|
||||||
*
|
*
|
||||||
* This macro returns a sufficient buffer size for a plaintext produced using
|
* This macro returns a sufficient buffer size for a plaintext produced using
|
||||||
|
@ -471,9 +587,8 @@
|
||||||
* a buffer size in bytes that guarantees that
|
* a buffer size in bytes that guarantees that
|
||||||
* psa_asymmetric_decrypt() will not fail with
|
* psa_asymmetric_decrypt() will not fail with
|
||||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||||
* If the parameters are a valid combination that is not supported
|
* If the parameters are a valid combination that is not supported,
|
||||||
* by the implementation, this macro shall return either a
|
* return either a sensible size or 0.
|
||||||
* sensible size or 0.
|
|
||||||
* If the parameters are not valid, the
|
* If the parameters are not valid, the
|
||||||
* return value is unspecified.
|
* return value is unspecified.
|
||||||
*/
|
*/
|
||||||
|
@ -482,6 +597,16 @@
|
||||||
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
|
PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \
|
||||||
0)
|
0)
|
||||||
|
|
||||||
|
/** A sufficient output buffer size for psa_asymmetric_decrypt(), for any
|
||||||
|
* supported asymmetric decryption.
|
||||||
|
*
|
||||||
|
* This macro assumes that RSA is the only supported asymmetric encryption.
|
||||||
|
*
|
||||||
|
* See also #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\p key_type, \p key_bits, \p alg).
|
||||||
|
*/
|
||||||
|
#define PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE \
|
||||||
|
(PSA_BITS_TO_BYTES(PSA_VENDOR_RSA_MAX_KEY_BITS))
|
||||||
|
|
||||||
/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
|
/* Maximum size of the ASN.1 encoding of an INTEGER with the specified
|
||||||
* number of bits.
|
* number of bits.
|
||||||
*
|
*
|
||||||
|
@ -627,11 +752,9 @@
|
||||||
* a buffer size in bytes that guarantees that
|
* a buffer size in bytes that guarantees that
|
||||||
* psa_export_key() or psa_export_public_key() will not fail with
|
* psa_export_key() or psa_export_public_key() will not fail with
|
||||||
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||||
* If the parameters are a valid combination that is not supported
|
* If the parameters are a valid combination that is not supported,
|
||||||
* by the implementation, this macro shall return either a
|
* return either a sensible size or 0.
|
||||||
* sensible size or 0.
|
* If the parameters are not valid, the return value is unspecified.
|
||||||
* If the parameters are not valid, the
|
|
||||||
* return value is unspecified.
|
|
||||||
*/
|
*/
|
||||||
#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
|
#define PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits) \
|
||||||
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
|
(PSA_KEY_TYPE_IS_UNSTRUCTURED(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \
|
||||||
|
@ -643,48 +766,123 @@
|
||||||
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||||
0)
|
0)
|
||||||
|
|
||||||
/** The default nonce size for an AEAD algorithm, in bytes.
|
/** Sufficient output buffer size for psa_export_public_key().
|
||||||
*
|
*
|
||||||
* This macro can be used to allocate a buffer of sufficient size to
|
* This macro returns a compile-time constant if its arguments are
|
||||||
* store the nonce output from #psa_aead_generate_nonce().
|
* compile-time constants.
|
||||||
*
|
|
||||||
* See also #PSA_AEAD_NONCE_MAX_SIZE.
|
|
||||||
*
|
|
||||||
* \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(),
|
|
||||||
* #psa_aead_encrypt() or #psa_aead_decrypt(), just the default size that is generated by
|
|
||||||
* #psa_aead_generate_nonce().
|
|
||||||
*
|
*
|
||||||
* \warning This macro may evaluate its arguments multiple times or
|
* \warning This macro may evaluate its arguments multiple times or
|
||||||
* zero times, so you should not pass arguments that contain
|
* zero times, so you should not pass arguments that contain
|
||||||
* side effects.
|
* side effects.
|
||||||
*
|
*
|
||||||
* \param key_type A symmetric key type that is compatible with algorithm \p alg.
|
* The following code illustrates how to allocate enough memory to export
|
||||||
|
* a public key by querying the key type and size at runtime.
|
||||||
|
* \code{c}
|
||||||
|
* psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
|
* psa_status_t status;
|
||||||
|
* status = psa_get_key_attributes(key, &attributes);
|
||||||
|
* if (status != PSA_SUCCESS) handle_error(...);
|
||||||
|
* psa_key_type_t key_type = psa_get_key_type(&attributes);
|
||||||
|
* size_t key_bits = psa_get_key_bits(&attributes);
|
||||||
|
* size_t buffer_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits);
|
||||||
|
* psa_reset_key_attributes(&attributes);
|
||||||
|
* uint8_t *buffer = malloc(buffer_size);
|
||||||
|
* if (buffer == NULL) handle_error(...);
|
||||||
|
* size_t buffer_length;
|
||||||
|
* status = psa_export_public_key(key, buffer, buffer_size, &buffer_length);
|
||||||
|
* if (status != PSA_SUCCESS) handle_error(...);
|
||||||
|
* \endcode
|
||||||
*
|
*
|
||||||
* \param alg An AEAD algorithm (\c PSA_ALG_XXX value such that #PSA_ALG_IS_AEAD(\p alg) is true).
|
* \param key_type A public key or key pair key type.
|
||||||
|
* \param key_bits The size of the key in bits.
|
||||||
*
|
*
|
||||||
* \return The default nonce size for the specified key type and algorithm.
|
* \return If the parameters are valid and supported, return
|
||||||
* If the key type or AEAD algorithm is not recognized,
|
* a buffer size in bytes that guarantees that
|
||||||
* or the parameters are incompatible, return 0.
|
* psa_export_public_key() will not fail with
|
||||||
* An implementation can return either 0 or a correct size for a key type
|
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||||
* and AEAD algorithm that it recognizes, but does not support.
|
* If the parameters are a valid combination that is not
|
||||||
|
* supported, return either a sensible size or 0.
|
||||||
|
* If the parameters are not valid,
|
||||||
|
* the return value is unspecified.
|
||||||
|
*
|
||||||
|
* If the parameters are valid and supported,
|
||||||
|
* return the same result as
|
||||||
|
* #PSA_EXPORT_KEY_OUTPUT_SIZE(
|
||||||
|
* \p #PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\p key_type),
|
||||||
|
* \p key_bits).
|
||||||
*/
|
*/
|
||||||
#define PSA_AEAD_NONCE_LENGTH(key_type, alg) \
|
#define PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(key_type, key_bits) \
|
||||||
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 && \
|
(PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||||
(PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CCM || \
|
PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \
|
||||||
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_GCM) ? 12 : \
|
|
||||||
(key_type) == PSA_KEY_TYPE_CHACHA20 && \
|
|
||||||
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG(alg) == PSA_ALG_CHACHA20_POLY1305 ? 12 : \
|
|
||||||
0)
|
0)
|
||||||
|
|
||||||
/** The maximum default nonce size among all supported pairs of key types and AEAD algorithms, in bytes.
|
/** Sufficient buffer size for exporting any asymmetric key pair.
|
||||||
*
|
*
|
||||||
* This is equal to or greater than any value that #PSA_AEAD_NONCE_LENGTH() may return.
|
* This macro expands to a compile-time constant integer. This value is
|
||||||
|
* a sufficient buffer size when calling psa_export_key() to export any
|
||||||
|
* asymmetric key pair, regardless of the exact key type and key size.
|
||||||
*
|
*
|
||||||
* \note This is not the maximum size of nonce supported as input to #psa_aead_set_nonce(),
|
* See also #PSA_EXPORT_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
|
||||||
* #psa_aead_encrypt() or #psa_aead_decrypt(), just the largest size that may be generated by
|
|
||||||
* #psa_aead_generate_nonce().
|
|
||||||
*/
|
*/
|
||||||
#define PSA_AEAD_NONCE_MAX_SIZE 12
|
#define PSA_EXPORT_KEY_PAIR_MAX_SIZE \
|
||||||
|
(PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
|
||||||
|
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
|
||||||
|
PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
|
||||||
|
PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
|
||||||
|
|
||||||
|
/** Sufficient buffer size for exporting any asymmetric public key.
|
||||||
|
*
|
||||||
|
* This macro expands to a compile-time constant integer. This value is
|
||||||
|
* a sufficient buffer size when calling psa_export_key() or
|
||||||
|
* psa_export_public_key() to export any asymmetric public key,
|
||||||
|
* regardless of the exact key type and key size.
|
||||||
|
*
|
||||||
|
* See also #PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(\p key_type, \p key_bits).
|
||||||
|
*/
|
||||||
|
#define PSA_EXPORT_PUBLIC_KEY_MAX_SIZE \
|
||||||
|
(PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) > \
|
||||||
|
PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) ? \
|
||||||
|
PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) : \
|
||||||
|
PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS))
|
||||||
|
|
||||||
|
/** Sufficient output buffer size for psa_raw_key_agreement().
|
||||||
|
*
|
||||||
|
* This macro returns a compile-time constant if its arguments are
|
||||||
|
* compile-time constants.
|
||||||
|
*
|
||||||
|
* \warning This macro may evaluate its arguments multiple times or
|
||||||
|
* zero times, so you should not pass arguments that contain
|
||||||
|
* side effects.
|
||||||
|
*
|
||||||
|
* See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE.
|
||||||
|
*
|
||||||
|
* \param key_type A supported key type.
|
||||||
|
* \param key_bits The size of the key in bits.
|
||||||
|
*
|
||||||
|
* \return If the parameters are valid and supported, return
|
||||||
|
* a buffer size in bytes that guarantees that
|
||||||
|
* psa_raw_key_agreement() will not fail with
|
||||||
|
* #PSA_ERROR_BUFFER_TOO_SMALL.
|
||||||
|
* If the parameters are a valid combination that
|
||||||
|
* is not supported, return either a sensible size or 0.
|
||||||
|
* If the parameters are not valid,
|
||||||
|
* the return value is unspecified.
|
||||||
|
*/
|
||||||
|
/* FFDH is not yet supported in PSA. */
|
||||||
|
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \
|
||||||
|
(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? \
|
||||||
|
PSA_BITS_TO_BYTES(key_bits) : \
|
||||||
|
0)
|
||||||
|
|
||||||
|
/** Maximum size of the output from psa_raw_key_agreement().
|
||||||
|
*
|
||||||
|
* This macro expands to a compile-time constant integer. This value is the
|
||||||
|
* maximum size of the output any raw key agreement algorithm, in bytes.
|
||||||
|
*
|
||||||
|
* See also #PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(\p key_type, \p key_bits).
|
||||||
|
*/
|
||||||
|
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE \
|
||||||
|
(PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS))
|
||||||
|
|
||||||
/** The default IV size for a cipher algorithm, in bytes.
|
/** The default IV size for a cipher algorithm, in bytes.
|
||||||
*
|
*
|
||||||
|
@ -709,8 +907,6 @@
|
||||||
* If the algorithm does not use an IV, return 0.
|
* If the algorithm does not use an IV, return 0.
|
||||||
* If the key type or cipher algorithm is not recognized,
|
* If the key type or cipher algorithm is not recognized,
|
||||||
* or the parameters are incompatible, return 0.
|
* or the parameters are incompatible, return 0.
|
||||||
* An implementation can return either 0 or a correct size for a key type
|
|
||||||
* and cipher algorithm that it recognizes, but does not support.
|
|
||||||
*/
|
*/
|
||||||
#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
|
#define PSA_CIPHER_IV_LENGTH(key_type, alg) \
|
||||||
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
|
(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) > 1 && \
|
||||||
|
@ -730,4 +926,163 @@
|
||||||
*/
|
*/
|
||||||
#define PSA_CIPHER_IV_MAX_SIZE 16
|
#define PSA_CIPHER_IV_MAX_SIZE 16
|
||||||
|
|
||||||
|
/** The maximum size of the output of psa_cipher_encrypt(), in bytes.
|
||||||
|
*
|
||||||
|
* If the size of the output buffer is at least this large, it is guaranteed
|
||||||
|
* that psa_cipher_encrypt() will not fail due to an insufficient buffer size.
|
||||||
|
* Depending on the algorithm, the actual size of the output might be smaller.
|
||||||
|
*
|
||||||
|
* See also #PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(\p input_length).
|
||||||
|
*
|
||||||
|
* \warning This macro may evaluate its arguments multiple times or
|
||||||
|
* zero times, so you should not pass arguments that contain
|
||||||
|
* side effects.
|
||||||
|
*
|
||||||
|
* \param key_type A symmetric key type that is compatible with algorithm
|
||||||
|
* alg.
|
||||||
|
* \param alg A cipher algorithm (\c PSA_ALG_XXX value such that
|
||||||
|
* #PSA_ALG_IS_CIPHER(\p alg) is true).
|
||||||
|
* \param input_length Size of the input in bytes.
|
||||||
|
*
|
||||||
|
* \return A sufficient output size for the specified key type and
|
||||||
|
* algorithm. If the key type or cipher algorithm is not
|
||||||
|
* recognized, or the parameters are incompatible,
|
||||||
|
* return 0.
|
||||||
|
*/
|
||||||
|
#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
|
||||||
|
(alg == PSA_ALG_CBC_PKCS7 ? \
|
||||||
|
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
|
||||||
|
(input_length) + 1) + \
|
||||||
|
PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
|
||||||
|
(PSA_ALG_IS_CIPHER(alg) ? \
|
||||||
|
(input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \
|
||||||
|
0))
|
||||||
|
|
||||||
|
/** A sufficient output buffer size for psa_cipher_encrypt(), for any of the
|
||||||
|
* supported key types and cipher algorithms.
|
||||||
|
*
|
||||||
|
* If the size of the output buffer is at least this large, it is guaranteed
|
||||||
|
* that psa_cipher_encrypt() will not fail due to an insufficient buffer size.
|
||||||
|
*
|
||||||
|
* See also #PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
|
||||||
|
*
|
||||||
|
* \param input_length Size of the input in bytes.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \
|
||||||
|
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \
|
||||||
|
(input_length) + 1) + \
|
||||||
|
PSA_CIPHER_IV_MAX_SIZE)
|
||||||
|
|
||||||
|
/** The maximum size of the output of psa_cipher_decrypt(), in bytes.
|
||||||
|
*
|
||||||
|
* If the size of the output buffer is at least this large, it is guaranteed
|
||||||
|
* that psa_cipher_decrypt() will not fail due to an insufficient buffer size.
|
||||||
|
* Depending on the algorithm, the actual size of the output might be smaller.
|
||||||
|
*
|
||||||
|
* See also #PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(\p input_length).
|
||||||
|
*
|
||||||
|
* \param key_type A symmetric key type that is compatible with algorithm
|
||||||
|
* alg.
|
||||||
|
* \param alg A cipher algorithm (\c PSA_ALG_XXX value such that
|
||||||
|
* #PSA_ALG_IS_CIPHER(\p alg) is true).
|
||||||
|
* \param input_length Size of the input in bytes.
|
||||||
|
*
|
||||||
|
* \return A sufficient output size for the specified key type and
|
||||||
|
* algorithm. If the key type or cipher algorithm is not
|
||||||
|
* recognized, or the parameters are incompatible,
|
||||||
|
* return 0.
|
||||||
|
*/
|
||||||
|
#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \
|
||||||
|
(PSA_ALG_IS_CIPHER(alg) && \
|
||||||
|
((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \
|
||||||
|
(input_length) : \
|
||||||
|
0)
|
||||||
|
|
||||||
|
/** A sufficient output buffer size for psa_cipher_decrypt(), for any of the
|
||||||
|
* supported key types and cipher algorithms.
|
||||||
|
*
|
||||||
|
* If the size of the output buffer is at least this large, it is guaranteed
|
||||||
|
* that psa_cipher_decrypt() will not fail due to an insufficient buffer size.
|
||||||
|
*
|
||||||
|
* See also #PSA_CIPHER_DECRYPT_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
|
||||||
|
*
|
||||||
|
* \param input_length Size of the input in bytes.
|
||||||
|
*/
|
||||||
|
#define PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_length) \
|
||||||
|
(input_length)
|
||||||
|
|
||||||
|
/** A sufficient output buffer size for psa_cipher_update().
|
||||||
|
*
|
||||||
|
* If the size of the output buffer is at least this large, it is guaranteed
|
||||||
|
* that psa_cipher_update() will not fail due to an insufficient buffer size.
|
||||||
|
* The actual size of the output might be smaller in any given call.
|
||||||
|
*
|
||||||
|
* See also #PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(\p input_length).
|
||||||
|
*
|
||||||
|
* \param key_type A symmetric key type that is compatible with algorithm
|
||||||
|
* alg.
|
||||||
|
* \param alg A cipher algorithm (PSA_ALG_XXX value such that
|
||||||
|
* #PSA_ALG_IS_CIPHER(\p alg) is true).
|
||||||
|
* \param input_length Size of the input in bytes.
|
||||||
|
*
|
||||||
|
* \return A sufficient output size for the specified key type and
|
||||||
|
* algorithm. If the key type or cipher algorithm is not
|
||||||
|
* recognized, or the parameters are incompatible, return 0.
|
||||||
|
*/
|
||||||
|
#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \
|
||||||
|
(PSA_ALG_IS_CIPHER(alg) ? \
|
||||||
|
(((alg) == PSA_ALG_CBC_PKCS7 || \
|
||||||
|
(alg) == PSA_ALG_CBC_NO_PADDING || \
|
||||||
|
(alg) == PSA_ALG_ECB_NO_PADDING) ? \
|
||||||
|
PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \
|
||||||
|
input_length) : \
|
||||||
|
(input_length)) : \
|
||||||
|
0)
|
||||||
|
|
||||||
|
/** A sufficient output buffer size for psa_cipher_update(), for any of the
|
||||||
|
* supported key types and cipher algorithms.
|
||||||
|
*
|
||||||
|
* If the size of the output buffer is at least this large, it is guaranteed
|
||||||
|
* that psa_cipher_update() will not fail due to an insufficient buffer size.
|
||||||
|
*
|
||||||
|
* See also #PSA_CIPHER_UPDATE_OUTPUT_SIZE(\p key_type, \p alg, \p input_length).
|
||||||
|
*
|
||||||
|
* \param input_length Size of the input in bytes.
|
||||||
|
*/
|
||||||
|
#define PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE(input_length) \
|
||||||
|
(PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, input_length))
|
||||||
|
|
||||||
|
/** A sufficient ciphertext buffer size for psa_cipher_finish().
|
||||||
|
*
|
||||||
|
* If the size of the ciphertext buffer is at least this large, it is
|
||||||
|
* guaranteed that psa_cipher_finish() will not fail due to an insufficient
|
||||||
|
* ciphertext buffer size. The actual size of the output might be smaller in
|
||||||
|
* any given call.
|
||||||
|
*
|
||||||
|
* See also #PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE().
|
||||||
|
*
|
||||||
|
* \param key_type A symmetric key type that is compatible with algorithm
|
||||||
|
* alg.
|
||||||
|
* \param alg A cipher algorithm (PSA_ALG_XXX value such that
|
||||||
|
* #PSA_ALG_IS_CIPHER(\p alg) is true).
|
||||||
|
* \return A sufficient output size for the specified key type and
|
||||||
|
* algorithm. If the key type or cipher algorithm is not
|
||||||
|
* recognized, or the parameters are incompatible, return 0.
|
||||||
|
*/
|
||||||
|
#define PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg) \
|
||||||
|
(PSA_ALG_IS_CIPHER(alg) ? \
|
||||||
|
(alg == PSA_ALG_CBC_PKCS7 ? \
|
||||||
|
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \
|
||||||
|
0) : \
|
||||||
|
0)
|
||||||
|
|
||||||
|
/** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the
|
||||||
|
* supported key types and cipher algorithms.
|
||||||
|
*
|
||||||
|
* See also #PSA_CIPHER_FINISH_OUTPUT_SIZE(\p key_type, \p alg).
|
||||||
|
*/
|
||||||
|
#define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \
|
||||||
|
(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE)
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_SIZES_H */
|
#endif /* PSA_CRYPTO_SIZES_H */
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# Also see "include/mbedtls/config.h"
|
# Also see "include/mbedtls/config.h"
|
||||||
|
|
||||||
CFLAGS ?= -O2
|
CFLAGS ?= -O2
|
||||||
WARNING_CFLAGS ?= -Wall -Wextra
|
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
|
||||||
LDFLAGS ?=
|
LDFLAGS ?=
|
||||||
|
|
||||||
# Include ../include for public headers and . for private headers.
|
# Include ../include for public headers and . for private headers.
|
||||||
|
|
|
@ -74,6 +74,7 @@ static inline void debug_send_line( const mbedtls_ssl_context *ssl, int level,
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
MBEDTLS_PRINTF_ATTRIBUTE(5, 6)
|
||||||
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
|
||||||
const char *file, int line,
|
const char *file, int line,
|
||||||
const char *format, ... )
|
const char *format, ... )
|
||||||
|
|
|
@ -2145,7 +2145,7 @@ exit:
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
|
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
|
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||||
static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
|
const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
|
||||||
{
|
{
|
||||||
switch( alg )
|
switch( alg )
|
||||||
{
|
{
|
||||||
|
@ -3280,275 +3280,59 @@ cleanup:
|
||||||
/* Asymmetric cryptography */
|
/* Asymmetric cryptography */
|
||||||
/****************************************************************/
|
/****************************************************************/
|
||||||
|
|
||||||
|
psa_status_t psa_sign_hash_internal(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
||||||
|
{
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
||||||
/* Decode the hash algorithm from alg and store the mbedtls encoding in
|
if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
|
||||||
* md_alg. Verify that the hash length is acceptable. */
|
|
||||||
static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
|
|
||||||
size_t hash_length,
|
|
||||||
mbedtls_md_type_t *md_alg )
|
|
||||||
{
|
|
||||||
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
|
|
||||||
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
|
|
||||||
*md_alg = mbedtls_md_get_type( md_info );
|
|
||||||
|
|
||||||
/* The Mbed TLS RSA module uses an unsigned int for hash length
|
|
||||||
* parameters. Validate that it fits so that we don't risk an
|
|
||||||
* overflow later. */
|
|
||||||
#if SIZE_MAX > UINT_MAX
|
|
||||||
if( hash_length > UINT_MAX )
|
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
|
|
||||||
/* For PKCS#1 v1.5 signature, if using a hash, the hash length
|
|
||||||
* must be correct. */
|
|
||||||
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) &&
|
|
||||||
alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
|
|
||||||
{
|
{
|
||||||
if( md_info == NULL )
|
return( mbedtls_psa_rsa_sign_hash(
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
attributes,
|
||||||
if( mbedtls_md_get_size( md_info ) != hash_length )
|
key_buffer, key_buffer_size,
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
alg, hash, hash_length,
|
||||||
}
|
signature, signature_size, signature_length ) );
|
||||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
|
||||||
/* PSS requires a hash internally. */
|
|
||||||
if( PSA_ALG_IS_RSA_PSS( alg ) )
|
|
||||||
{
|
|
||||||
if( md_info == NULL )
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
}
|
|
||||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
|
|
||||||
|
|
||||||
return( PSA_SUCCESS );
|
|
||||||
}
|
|
||||||
|
|
||||||
static psa_status_t psa_rsa_sign( mbedtls_rsa_context *rsa,
|
|
||||||
psa_algorithm_t alg,
|
|
||||||
const uint8_t *hash,
|
|
||||||
size_t hash_length,
|
|
||||||
uint8_t *signature,
|
|
||||||
size_t signature_size,
|
|
||||||
size_t *signature_length )
|
|
||||||
{
|
|
||||||
psa_status_t status;
|
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
||||||
mbedtls_md_type_t md_alg;
|
|
||||||
|
|
||||||
status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
return( status );
|
|
||||||
|
|
||||||
if( signature_size < mbedtls_rsa_get_len( rsa ) )
|
|
||||||
return( PSA_ERROR_BUFFER_TOO_SMALL );
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
|
|
||||||
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
|
|
||||||
{
|
|
||||||
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
|
|
||||||
MBEDTLS_MD_NONE );
|
|
||||||
ret = mbedtls_rsa_pkcs1_sign( rsa,
|
|
||||||
mbedtls_psa_get_random,
|
|
||||||
MBEDTLS_PSA_RANDOM_STATE,
|
|
||||||
MBEDTLS_RSA_PRIVATE,
|
|
||||||
md_alg,
|
|
||||||
(unsigned int) hash_length,
|
|
||||||
hash,
|
|
||||||
signature );
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
|
||||||
if( PSA_ALG_IS_RSA_PSS( alg ) )
|
|
||||||
{
|
|
||||||
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
|
|
||||||
ret = mbedtls_rsa_rsassa_pss_sign( rsa,
|
|
||||||
mbedtls_psa_get_random,
|
|
||||||
MBEDTLS_PSA_RANDOM_STATE,
|
|
||||||
MBEDTLS_RSA_PRIVATE,
|
|
||||||
MBEDTLS_MD_NONE,
|
|
||||||
(unsigned int) hash_length,
|
|
||||||
hash,
|
|
||||||
signature );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
|
|
||||||
{
|
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
||||||
}
|
|
||||||
|
|
||||||
if( ret == 0 )
|
|
||||||
*signature_length = mbedtls_rsa_get_len( rsa );
|
|
||||||
return( mbedtls_to_psa_error( ret ) );
|
|
||||||
}
|
|
||||||
|
|
||||||
static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
|
|
||||||
psa_algorithm_t alg,
|
|
||||||
const uint8_t *hash,
|
|
||||||
size_t hash_length,
|
|
||||||
const uint8_t *signature,
|
|
||||||
size_t signature_length )
|
|
||||||
{
|
|
||||||
psa_status_t status;
|
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
||||||
mbedtls_md_type_t md_alg;
|
|
||||||
|
|
||||||
status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
return( status );
|
|
||||||
|
|
||||||
if( signature_length != mbedtls_rsa_get_len( rsa ) )
|
|
||||||
return( PSA_ERROR_INVALID_SIGNATURE );
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN)
|
|
||||||
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
|
|
||||||
{
|
|
||||||
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
|
|
||||||
MBEDTLS_MD_NONE );
|
|
||||||
ret = mbedtls_rsa_pkcs1_verify( rsa,
|
|
||||||
mbedtls_psa_get_random,
|
|
||||||
MBEDTLS_PSA_RANDOM_STATE,
|
|
||||||
MBEDTLS_RSA_PUBLIC,
|
|
||||||
md_alg,
|
|
||||||
(unsigned int) hash_length,
|
|
||||||
hash,
|
|
||||||
signature );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN */
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
|
||||||
if( PSA_ALG_IS_RSA_PSS( alg ) )
|
|
||||||
{
|
|
||||||
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
|
|
||||||
ret = mbedtls_rsa_rsassa_pss_verify( rsa,
|
|
||||||
mbedtls_psa_get_random,
|
|
||||||
MBEDTLS_PSA_RANDOM_STATE,
|
|
||||||
MBEDTLS_RSA_PUBLIC,
|
|
||||||
MBEDTLS_MD_NONE,
|
|
||||||
(unsigned int) hash_length,
|
|
||||||
hash,
|
|
||||||
signature );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS */
|
|
||||||
{
|
|
||||||
return( PSA_ERROR_INVALID_ARGUMENT );
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Mbed TLS distinguishes "invalid padding" from "valid padding but
|
|
||||||
* the rest of the signature is invalid". This has little use in
|
|
||||||
* practice and PSA doesn't report this distinction. */
|
|
||||||
if( ret == MBEDTLS_ERR_RSA_INVALID_PADDING )
|
|
||||||
return( PSA_ERROR_INVALID_SIGNATURE );
|
|
||||||
return( mbedtls_to_psa_error( ret ) );
|
|
||||||
}
|
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
|
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||||
/* `ecp` cannot be const because `ecp->grp` needs to be non-const
|
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
|
||||||
* for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det()
|
|
||||||
* (even though these functions don't modify it). */
|
|
||||||
static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
|
|
||||||
psa_algorithm_t alg,
|
|
||||||
const uint8_t *hash,
|
|
||||||
size_t hash_length,
|
|
||||||
uint8_t *signature,
|
|
||||||
size_t signature_size,
|
|
||||||
size_t *signature_length )
|
|
||||||
{
|
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
||||||
mbedtls_mpi r, s;
|
|
||||||
size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
|
|
||||||
mbedtls_mpi_init( &r );
|
|
||||||
mbedtls_mpi_init( &s );
|
|
||||||
|
|
||||||
if( signature_size < 2 * curve_bytes )
|
|
||||||
{
|
{
|
||||||
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
|
if( PSA_ALG_IS_ECDSA( alg ) )
|
||||||
goto cleanup;
|
{
|
||||||
}
|
return( mbedtls_psa_ecdsa_sign_hash(
|
||||||
|
attributes,
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
key_buffer, key_buffer_size,
|
||||||
if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) )
|
alg, hash, hash_length,
|
||||||
{
|
signature, signature_size, signature_length ) );
|
||||||
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
|
}
|
||||||
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
|
else
|
||||||
mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
|
{
|
||||||
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext( &ecp->grp, &r, &s,
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
&ecp->d, hash,
|
}
|
||||||
hash_length, md_alg,
|
|
||||||
mbedtls_psa_get_random,
|
|
||||||
MBEDTLS_PSA_RANDOM_STATE ) );
|
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
|
||||||
{
|
|
||||||
(void) alg;
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
|
|
||||||
hash, hash_length,
|
|
||||||
mbedtls_psa_get_random,
|
|
||||||
MBEDTLS_PSA_RANDOM_STATE ) );
|
|
||||||
}
|
|
||||||
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
|
|
||||||
signature,
|
|
||||||
curve_bytes ) );
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
|
|
||||||
signature + curve_bytes,
|
|
||||||
curve_bytes ) );
|
|
||||||
|
|
||||||
cleanup:
|
|
||||||
mbedtls_mpi_free( &r );
|
|
||||||
mbedtls_mpi_free( &s );
|
|
||||||
if( ret == 0 )
|
|
||||||
*signature_length = 2 * curve_bytes;
|
|
||||||
return( mbedtls_to_psa_error( ret ) );
|
|
||||||
}
|
|
||||||
|
|
||||||
static psa_status_t psa_ecdsa_verify( mbedtls_ecp_keypair *ecp,
|
|
||||||
const uint8_t *hash,
|
|
||||||
size_t hash_length,
|
|
||||||
const uint8_t *signature,
|
|
||||||
size_t signature_length )
|
|
||||||
{
|
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
|
||||||
mbedtls_mpi r, s;
|
|
||||||
size_t curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
|
|
||||||
mbedtls_mpi_init( &r );
|
|
||||||
mbedtls_mpi_init( &s );
|
|
||||||
|
|
||||||
if( signature_length != 2 * curve_bytes )
|
|
||||||
return( PSA_ERROR_INVALID_SIGNATURE );
|
|
||||||
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
|
|
||||||
signature,
|
|
||||||
curve_bytes ) );
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
|
|
||||||
signature + curve_bytes,
|
|
||||||
curve_bytes ) );
|
|
||||||
|
|
||||||
/* Check whether the public part is loaded. If not, load it. */
|
|
||||||
if( mbedtls_ecp_is_zero( &ecp->Q ) )
|
|
||||||
{
|
|
||||||
MBEDTLS_MPI_CHK(
|
|
||||||
mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
|
|
||||||
mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) );
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length,
|
|
||||||
&ecp->Q, &r, &s );
|
|
||||||
|
|
||||||
cleanup:
|
|
||||||
mbedtls_mpi_free( &r );
|
|
||||||
mbedtls_mpi_free( &s );
|
|
||||||
return( mbedtls_to_psa_error( ret ) );
|
|
||||||
}
|
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
||||||
|
{
|
||||||
|
(void)attributes;
|
||||||
|
(void)key_buffer;
|
||||||
|
(void)key_buffer_size;
|
||||||
|
(void)alg;
|
||||||
|
(void)hash;
|
||||||
|
(void)hash_length;
|
||||||
|
(void)signature;
|
||||||
|
(void)signature_size;
|
||||||
|
(void)signature_length;
|
||||||
|
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key,
|
psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
|
@ -3581,83 +3365,14 @@ psa_status_t psa_sign_hash( mbedtls_svc_key_id_t key,
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Try any of the available accelerators first */
|
psa_key_attributes_t attributes = {
|
||||||
status = psa_driver_wrapper_sign_hash( slot,
|
.core = slot->attr
|
||||||
alg,
|
};
|
||||||
hash,
|
|
||||||
hash_length,
|
|
||||||
signature,
|
|
||||||
signature_size,
|
|
||||||
signature_length );
|
|
||||||
if( status != PSA_ERROR_NOT_SUPPORTED ||
|
|
||||||
psa_key_lifetime_is_external( slot->attr.lifetime ) )
|
|
||||||
goto exit;
|
|
||||||
|
|
||||||
/* If the operation was not supported by any accelerator, try fallback. */
|
status = psa_driver_wrapper_sign_hash(
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
&attributes, slot->key.data, slot->key.bytes,
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
alg, hash, hash_length,
|
||||||
if( slot->attr.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
|
signature, signature_size, signature_length );
|
||||||
{
|
|
||||||
mbedtls_rsa_context *rsa = NULL;
|
|
||||||
|
|
||||||
status = mbedtls_psa_rsa_load_representation( slot->attr.type,
|
|
||||||
slot->key.data,
|
|
||||||
slot->key.bytes,
|
|
||||||
&rsa );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
goto exit;
|
|
||||||
|
|
||||||
status = psa_rsa_sign( rsa,
|
|
||||||
alg,
|
|
||||||
hash, hash_length,
|
|
||||||
signature, signature_size,
|
|
||||||
signature_length );
|
|
||||||
|
|
||||||
mbedtls_rsa_free( rsa );
|
|
||||||
mbedtls_free( rsa );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
|
|
||||||
if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
|
|
||||||
{
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
|
||||||
if(
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
|
||||||
PSA_ALG_IS_ECDSA( alg )
|
|
||||||
#else
|
|
||||||
PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
|
|
||||||
#endif
|
|
||||||
)
|
|
||||||
{
|
|
||||||
mbedtls_ecp_keypair *ecp = NULL;
|
|
||||||
status = mbedtls_psa_ecp_load_representation( slot->attr.type,
|
|
||||||
slot->attr.bits,
|
|
||||||
slot->key.data,
|
|
||||||
slot->key.bytes,
|
|
||||||
&ecp );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
goto exit;
|
|
||||||
status = psa_ecdsa_sign( ecp,
|
|
||||||
alg,
|
|
||||||
hash, hash_length,
|
|
||||||
signature, signature_size,
|
|
||||||
signature_length );
|
|
||||||
mbedtls_ecp_keypair_free( ecp );
|
|
||||||
mbedtls_free( ecp );
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
|
||||||
{
|
|
||||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
status = PSA_ERROR_NOT_SUPPORTED;
|
|
||||||
}
|
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
/* Fill the unused part of the output buffer (the whole buffer on error,
|
/* Fill the unused part of the output buffer (the whole buffer on error,
|
||||||
|
@ -3677,6 +3392,58 @@ exit:
|
||||||
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
|
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
psa_status_t psa_verify_hash_internal(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
const uint8_t *signature, size_t signature_length )
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
||||||
|
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
||||||
|
if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
|
||||||
|
{
|
||||||
|
return( mbedtls_psa_rsa_verify_hash(
|
||||||
|
attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, hash, hash_length,
|
||||||
|
signature, signature_length ) );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
||||||
|
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
|
||||||
|
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||||
|
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||||
|
if( PSA_ALG_IS_ECDSA( alg ) )
|
||||||
|
{
|
||||||
|
return( mbedtls_psa_ecdsa_verify_hash(
|
||||||
|
attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, hash, hash_length,
|
||||||
|
signature, signature_length ) );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
||||||
|
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
||||||
|
{
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
(void)key_buffer;
|
||||||
|
(void)key_buffer_size;
|
||||||
|
(void)alg;
|
||||||
|
(void)hash;
|
||||||
|
(void)hash_length;
|
||||||
|
(void)signature;
|
||||||
|
(void)signature_length;
|
||||||
|
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key,
|
psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *hash,
|
const uint8_t *hash,
|
||||||
|
@ -3694,76 +3461,15 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key,
|
||||||
if( status != PSA_SUCCESS )
|
if( status != PSA_SUCCESS )
|
||||||
return( status );
|
return( status );
|
||||||
|
|
||||||
/* Try any of the available accelerators first */
|
psa_key_attributes_t attributes = {
|
||||||
status = psa_driver_wrapper_verify_hash( slot,
|
.core = slot->attr
|
||||||
alg,
|
};
|
||||||
hash,
|
|
||||||
hash_length,
|
|
||||||
signature,
|
|
||||||
signature_length );
|
|
||||||
if( status != PSA_ERROR_NOT_SUPPORTED ||
|
|
||||||
psa_key_lifetime_is_external( slot->attr.lifetime ) )
|
|
||||||
goto exit;
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
status = psa_driver_wrapper_verify_hash(
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
&attributes, slot->key.data, slot->key.bytes,
|
||||||
if( PSA_KEY_TYPE_IS_RSA( slot->attr.type ) )
|
alg, hash, hash_length,
|
||||||
{
|
signature, signature_length );
|
||||||
mbedtls_rsa_context *rsa = NULL;
|
|
||||||
|
|
||||||
status = mbedtls_psa_rsa_load_representation( slot->attr.type,
|
|
||||||
slot->key.data,
|
|
||||||
slot->key.bytes,
|
|
||||||
&rsa );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
goto exit;
|
|
||||||
|
|
||||||
status = psa_rsa_verify( rsa,
|
|
||||||
alg,
|
|
||||||
hash, hash_length,
|
|
||||||
signature, signature_length );
|
|
||||||
mbedtls_rsa_free( rsa );
|
|
||||||
mbedtls_free( rsa );
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
|
|
||||||
if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
|
|
||||||
{
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
|
||||||
if( PSA_ALG_IS_ECDSA( alg ) )
|
|
||||||
{
|
|
||||||
mbedtls_ecp_keypair *ecp = NULL;
|
|
||||||
status = mbedtls_psa_ecp_load_representation( slot->attr.type,
|
|
||||||
slot->attr.bits,
|
|
||||||
slot->key.data,
|
|
||||||
slot->key.bytes,
|
|
||||||
&ecp );
|
|
||||||
if( status != PSA_SUCCESS )
|
|
||||||
goto exit;
|
|
||||||
status = psa_ecdsa_verify( ecp,
|
|
||||||
hash, hash_length,
|
|
||||||
signature, signature_length );
|
|
||||||
mbedtls_ecp_keypair_free( ecp );
|
|
||||||
mbedtls_free( ecp );
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
|
||||||
{
|
|
||||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
status = PSA_ERROR_NOT_SUPPORTED;
|
|
||||||
}
|
|
||||||
|
|
||||||
exit:
|
|
||||||
unlock_status = psa_unlock_key_slot( slot );
|
unlock_status = psa_unlock_key_slot( slot );
|
||||||
|
|
||||||
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
|
return( ( status == PSA_SUCCESS ) ? unlock_status : status );
|
||||||
|
|
|
@ -30,6 +30,8 @@
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
#include "psa/crypto_se_driver.h"
|
#include "psa/crypto_se_driver.h"
|
||||||
|
|
||||||
|
#include <mbedtls/md_internal.h>
|
||||||
|
|
||||||
/** The data structure representing a key slot, containing key material
|
/** The data structure representing a key slot, containing key material
|
||||||
* and metadata for one key.
|
* and metadata for one key.
|
||||||
*/
|
*/
|
||||||
|
@ -212,6 +214,15 @@ psa_status_t psa_copy_key_material_into_slot( psa_key_slot_t *slot,
|
||||||
*/
|
*/
|
||||||
psa_status_t mbedtls_to_psa_error( int ret );
|
psa_status_t mbedtls_to_psa_error( int ret );
|
||||||
|
|
||||||
|
/** Get Mbed TLS MD information of a hash algorithm given its PSA identifier
|
||||||
|
*
|
||||||
|
* \param[in] alg PSA hash algorithm identifier
|
||||||
|
*
|
||||||
|
* \return The Mbed TLS MD information of the hash algorithm. \c NULL if the
|
||||||
|
* PSA hash algorithm is not supported.
|
||||||
|
*/
|
||||||
|
const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg );
|
||||||
|
|
||||||
/** Import a key in binary format.
|
/** Import a key in binary format.
|
||||||
*
|
*
|
||||||
* \note The signature of this function is that of a PSA driver
|
* \note The signature of this function is that of a PSA driver
|
||||||
|
@ -324,4 +335,80 @@ psa_status_t psa_generate_key_internal( const psa_key_attributes_t *attributes,
|
||||||
size_t key_buffer_size,
|
size_t key_buffer_size,
|
||||||
size_t *key_buffer_length );
|
size_t *key_buffer_length );
|
||||||
|
|
||||||
|
/** Sign an already-calculated hash with a private key.
|
||||||
|
*
|
||||||
|
* \note The signature of this function is that of a PSA driver
|
||||||
|
* sign_hash entry point. This function behaves as a sign_hash
|
||||||
|
* entry point as defined in the PSA driver interface specification for
|
||||||
|
* transparent drivers.
|
||||||
|
*
|
||||||
|
* \param[in] attributes The attributes of the key to use for the
|
||||||
|
* operation.
|
||||||
|
* \param[in] key_buffer The buffer containing the key context.
|
||||||
|
* format.
|
||||||
|
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
|
||||||
|
* \param[in] alg A signature algorithm that is compatible with
|
||||||
|
* the type of the key.
|
||||||
|
* \param[in] hash The hash or message to sign.
|
||||||
|
* \param[in] hash_length Size of the \p hash buffer in bytes.
|
||||||
|
* \param[out] signature Buffer where the signature is to be written.
|
||||||
|
* \param[in] signature_size Size of the \p signature buffer in bytes.
|
||||||
|
* \param[out] signature_length On success, the number of bytes
|
||||||
|
* that make up the returned signature value.
|
||||||
|
*
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||||
|
* The size of the \p signature buffer is too small. You can
|
||||||
|
* determine a sufficient buffer size by calling
|
||||||
|
* #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg)
|
||||||
|
* where \c key_type and \c key_bits are the type and bit-size
|
||||||
|
* respectively of the key.
|
||||||
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||||
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
|
||||||
|
*/
|
||||||
|
psa_status_t psa_sign_hash_internal(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
uint8_t *signature, size_t signature_size, size_t *signature_length );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Verify the signature a hash or short message using a public key.
|
||||||
|
*
|
||||||
|
* \note The signature of this function is that of a PSA driver
|
||||||
|
* verify_hash entry point. This function behaves as a verify_hash
|
||||||
|
* entry point as defined in the PSA driver interface specification for
|
||||||
|
* transparent drivers.
|
||||||
|
*
|
||||||
|
* \param[in] attributes The attributes of the key to use for the
|
||||||
|
* operation.
|
||||||
|
* \param[in] key_buffer The buffer containing the key context.
|
||||||
|
* format.
|
||||||
|
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
|
||||||
|
* \param[in] alg A signature algorithm that is compatible with
|
||||||
|
* the type of the key.
|
||||||
|
* \param[in] hash The hash or message whose signature is to be
|
||||||
|
* verified.
|
||||||
|
* \param[in] hash_length Size of the \p hash buffer in bytes.
|
||||||
|
* \param[in] signature Buffer containing the signature to verify.
|
||||||
|
* \param[in] signature_length Size of the \p signature buffer in bytes.
|
||||||
|
*
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* The signature is valid.
|
||||||
|
* \retval #PSA_ERROR_INVALID_SIGNATURE
|
||||||
|
* The calculation was performed successfully, but the passed
|
||||||
|
* signature is not a valid signature.
|
||||||
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||||
|
*/
|
||||||
|
psa_status_t psa_verify_hash_internal(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
const uint8_t *signature, size_t signature_length );
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_CORE_H */
|
#endif /* PSA_CRYPTO_CORE_H */
|
||||||
|
|
|
@ -57,21 +57,18 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* Start delegation functions */
|
/* Start delegation functions */
|
||||||
psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
psa_status_t psa_driver_wrapper_sign_hash(
|
||||||
psa_algorithm_t alg,
|
const psa_key_attributes_t *attributes,
|
||||||
const uint8_t *hash,
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
size_t hash_length,
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
uint8_t *signature,
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
||||||
size_t signature_size,
|
|
||||||
size_t *signature_length )
|
|
||||||
{
|
{
|
||||||
#if defined(PSA_CRYPTO_DRIVER_PRESENT)
|
|
||||||
/* Try dynamically-registered SE interface first */
|
/* Try dynamically-registered SE interface first */
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
const psa_drv_se_t *drv;
|
const psa_drv_se_t *drv;
|
||||||
psa_drv_se_context_t *drv_context;
|
psa_drv_se_context_t *drv_context;
|
||||||
|
|
||||||
if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
|
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
||||||
{
|
{
|
||||||
if( drv->asymmetric == NULL ||
|
if( drv->asymmetric == NULL ||
|
||||||
drv->asymmetric->p_sign == NULL )
|
drv->asymmetric->p_sign == NULL )
|
||||||
|
@ -79,32 +76,27 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
||||||
/* Key is defined in SE, but we have no way to exercise it */
|
/* Key is defined in SE, but we have no way to exercise it */
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
}
|
}
|
||||||
return( drv->asymmetric->p_sign( drv_context,
|
return( drv->asymmetric->p_sign(
|
||||||
psa_key_slot_get_slot_number( slot ),
|
drv_context, *( (psa_key_slot_number_t *)key_buffer ),
|
||||||
alg,
|
alg, hash, hash_length,
|
||||||
hash, hash_length,
|
signature, signature_size, signature_length ) );
|
||||||
signature, signature_size,
|
|
||||||
signature_length ) );
|
|
||||||
}
|
}
|
||||||
#endif /* PSA_CRYPTO_SE_C */
|
#endif /* PSA_CRYPTO_SE_C */
|
||||||
|
|
||||||
/* Then try accelerator API */
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
psa_key_location_t location =
|
||||||
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
|
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
|
|
||||||
psa_key_attributes_t attributes = {
|
|
||||||
.core = slot->attr
|
|
||||||
};
|
|
||||||
|
|
||||||
switch( location )
|
switch( location )
|
||||||
{
|
{
|
||||||
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
||||||
/* Key is stored in the slot in export representation, so
|
/* Key is stored in the slot in export representation, so
|
||||||
* cycle through all known transparent accelerators */
|
* cycle through all known transparent accelerators */
|
||||||
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||||
status = test_transparent_signature_sign_hash( &attributes,
|
status = test_transparent_signature_sign_hash( attributes,
|
||||||
slot->key.data,
|
key_buffer,
|
||||||
slot->key.bytes,
|
key_buffer_size,
|
||||||
alg,
|
alg,
|
||||||
hash,
|
hash,
|
||||||
hash_length,
|
hash_length,
|
||||||
|
@ -115,14 +107,25 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
||||||
if( status != PSA_ERROR_NOT_SUPPORTED )
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
||||||
return( status );
|
return( status );
|
||||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||||
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||||
/* Fell through, meaning no accelerator supports this operation */
|
/* Fell through, meaning no accelerator supports this operation */
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( psa_sign_hash_internal( attributes,
|
||||||
|
key_buffer,
|
||||||
|
key_buffer_size,
|
||||||
|
alg,
|
||||||
|
hash,
|
||||||
|
hash_length,
|
||||||
|
signature,
|
||||||
|
signature_size,
|
||||||
|
signature_length ) );
|
||||||
|
|
||||||
/* Add cases for opaque driver here */
|
/* Add cases for opaque driver here */
|
||||||
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||||
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
||||||
return( test_opaque_signature_sign_hash( &attributes,
|
return( test_opaque_signature_sign_hash( attributes,
|
||||||
slot->key.data,
|
key_buffer,
|
||||||
slot->key.bytes,
|
key_buffer_size,
|
||||||
alg,
|
alg,
|
||||||
hash,
|
hash,
|
||||||
hash_length,
|
hash_length,
|
||||||
|
@ -130,40 +133,26 @@ psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
||||||
signature_size,
|
signature_size,
|
||||||
signature_length ) );
|
signature_length ) );
|
||||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||||
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||||
default:
|
default:
|
||||||
/* Key is declared with a lifetime not known to us */
|
/* Key is declared with a lifetime not known to us */
|
||||||
return( status );
|
(void)status;
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
}
|
}
|
||||||
#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
||||||
#else /* PSA_CRYPTO_DRIVER_PRESENT */
|
|
||||||
(void)slot;
|
|
||||||
(void)alg;
|
|
||||||
(void)hash;
|
|
||||||
(void)hash_length;
|
|
||||||
(void)signature;
|
|
||||||
(void)signature_size;
|
|
||||||
(void)signature_length;
|
|
||||||
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
psa_status_t psa_driver_wrapper_verify_hash(
|
||||||
psa_algorithm_t alg,
|
const psa_key_attributes_t *attributes,
|
||||||
const uint8_t *hash,
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
size_t hash_length,
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
const uint8_t *signature,
|
const uint8_t *signature, size_t signature_length )
|
||||||
size_t signature_length )
|
|
||||||
{
|
{
|
||||||
#if defined(PSA_CRYPTO_DRIVER_PRESENT)
|
|
||||||
/* Try dynamically-registered SE interface first */
|
/* Try dynamically-registered SE interface first */
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||||
const psa_drv_se_t *drv;
|
const psa_drv_se_t *drv;
|
||||||
psa_drv_se_context_t *drv_context;
|
psa_drv_se_context_t *drv_context;
|
||||||
|
|
||||||
if( psa_get_se_driver( slot->attr.lifetime, &drv, &drv_context ) )
|
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
||||||
{
|
{
|
||||||
if( drv->asymmetric == NULL ||
|
if( drv->asymmetric == NULL ||
|
||||||
drv->asymmetric->p_verify == NULL )
|
drv->asymmetric->p_verify == NULL )
|
||||||
|
@ -171,31 +160,27 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
||||||
/* Key is defined in SE, but we have no way to exercise it */
|
/* Key is defined in SE, but we have no way to exercise it */
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
}
|
}
|
||||||
return( drv->asymmetric->p_verify( drv_context,
|
return( drv->asymmetric->p_verify(
|
||||||
psa_key_slot_get_slot_number( slot ),
|
drv_context, *( (psa_key_slot_number_t *)key_buffer ),
|
||||||
alg,
|
alg, hash, hash_length,
|
||||||
hash, hash_length,
|
signature, signature_length ) );
|
||||||
signature, signature_length ) );
|
|
||||||
}
|
}
|
||||||
#endif /* PSA_CRYPTO_SE_C */
|
#endif /* PSA_CRYPTO_SE_C */
|
||||||
|
|
||||||
/* Then try accelerator API */
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
psa_key_location_t location =
|
||||||
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
|
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(slot->attr.lifetime);
|
|
||||||
psa_key_attributes_t attributes = {
|
|
||||||
.core = slot->attr
|
|
||||||
};
|
|
||||||
|
|
||||||
switch( location )
|
switch( location )
|
||||||
{
|
{
|
||||||
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
case PSA_KEY_LOCATION_LOCAL_STORAGE:
|
||||||
/* Key is stored in the slot in export representation, so
|
/* Key is stored in the slot in export representation, so
|
||||||
* cycle through all known transparent accelerators */
|
* cycle through all known transparent accelerators */
|
||||||
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||||
status = test_transparent_signature_verify_hash( &attributes,
|
status = test_transparent_signature_verify_hash( attributes,
|
||||||
slot->key.data,
|
key_buffer,
|
||||||
slot->key.bytes,
|
key_buffer_size,
|
||||||
alg,
|
alg,
|
||||||
hash,
|
hash,
|
||||||
hash_length,
|
hash_length,
|
||||||
|
@ -205,37 +190,36 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
||||||
if( status != PSA_ERROR_NOT_SUPPORTED )
|
if( status != PSA_ERROR_NOT_SUPPORTED )
|
||||||
return( status );
|
return( status );
|
||||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||||
/* Fell through, meaning no accelerator supports this operation */
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
|
return( psa_verify_hash_internal( attributes,
|
||||||
|
key_buffer,
|
||||||
|
key_buffer_size,
|
||||||
|
alg,
|
||||||
|
hash,
|
||||||
|
hash_length,
|
||||||
|
signature,
|
||||||
|
signature_length ) );
|
||||||
|
|
||||||
/* Add cases for opaque driver here */
|
/* Add cases for opaque driver here */
|
||||||
|
#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT)
|
||||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||||
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
case PSA_CRYPTO_TEST_DRIVER_LIFETIME:
|
||||||
return( test_opaque_signature_verify_hash( &attributes,
|
return( test_opaque_signature_verify_hash( attributes,
|
||||||
slot->key.data,
|
key_buffer,
|
||||||
slot->key.bytes,
|
key_buffer_size,
|
||||||
alg,
|
alg,
|
||||||
hash,
|
hash,
|
||||||
hash_length,
|
hash_length,
|
||||||
signature,
|
signature,
|
||||||
signature_length ) );
|
signature_length ) );
|
||||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||||
|
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
||||||
default:
|
default:
|
||||||
/* Key is declared with a lifetime not known to us */
|
/* Key is declared with a lifetime not known to us */
|
||||||
return( status );
|
(void)status;
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
}
|
}
|
||||||
#else /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */
|
|
||||||
#else /* PSA_CRYPTO_DRIVER_PRESENT */
|
|
||||||
(void)slot;
|
|
||||||
(void)alg;
|
|
||||||
(void)hash;
|
|
||||||
(void)hash_length;
|
|
||||||
(void)signature;
|
|
||||||
(void)signature_length;
|
|
||||||
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
#endif /* PSA_CRYPTO_DRIVER_PRESENT */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Get the key buffer size for the key material of a generated key in the
|
/** Get the key buffer size for the key material of a generated key in the
|
||||||
|
|
|
@ -28,20 +28,17 @@
|
||||||
/*
|
/*
|
||||||
* Signature functions
|
* Signature functions
|
||||||
*/
|
*/
|
||||||
psa_status_t psa_driver_wrapper_sign_hash( psa_key_slot_t *slot,
|
psa_status_t psa_driver_wrapper_sign_hash(
|
||||||
psa_algorithm_t alg,
|
const psa_key_attributes_t *attributes,
|
||||||
const uint8_t *hash,
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
size_t hash_length,
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
uint8_t *signature,
|
uint8_t *signature, size_t signature_size, size_t *signature_length );
|
||||||
size_t signature_size,
|
|
||||||
size_t *signature_length );
|
|
||||||
|
|
||||||
psa_status_t psa_driver_wrapper_verify_hash( psa_key_slot_t *slot,
|
psa_status_t psa_driver_wrapper_verify_hash(
|
||||||
psa_algorithm_t alg,
|
const psa_key_attributes_t *attributes,
|
||||||
const uint8_t *hash,
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
size_t hash_length,
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
const uint8_t *signature,
|
const uint8_t *signature, size_t signature_length );
|
||||||
size_t signature_length );
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Key handling functions
|
* Key handling functions
|
||||||
|
|
|
@ -35,6 +35,7 @@
|
||||||
#define mbedtls_free free
|
#define mbedtls_free free
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#include <mbedtls/ecdsa.h>
|
||||||
#include <mbedtls/ecp.h>
|
#include <mbedtls/ecp.h>
|
||||||
#include <mbedtls/error.h>
|
#include <mbedtls/error.h>
|
||||||
|
|
||||||
|
@ -50,11 +51,25 @@
|
||||||
#define BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
|
#define BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||||
|
( defined(PSA_CRYPTO_DRIVER_TEST) && \
|
||||||
|
defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) && \
|
||||||
|
defined(MBEDTLS_ECDSA_C) ) )
|
||||||
|
#define BUILTIN_ALG_ECDSA 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
||||||
|
( defined(PSA_CRYPTO_DRIVER_TEST) && \
|
||||||
|
defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) && \
|
||||||
|
defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) ) )
|
||||||
|
#define BUILTIN_ALG_DETERMINISTIC_ECDSA 1
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||||
defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
defined(BUILTIN_ALG_ECDSA) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) || \
|
defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
|
||||||
psa_status_t mbedtls_psa_ecp_load_representation(
|
psa_status_t mbedtls_psa_ecp_load_representation(
|
||||||
psa_key_type_t type, size_t curve_bits,
|
psa_key_type_t type, size_t curve_bits,
|
||||||
const uint8_t *data, size_t data_length,
|
const uint8_t *data, size_t data_length,
|
||||||
|
@ -167,9 +182,9 @@ exit:
|
||||||
}
|
}
|
||||||
#endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
|
#endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) ||
|
||||||
* defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
* defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) ||
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
* defined(BUILTIN_ALG_ECDSA) ||
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) ||
|
* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) ||
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH) */
|
||||||
|
|
||||||
#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
#if defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||||
defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
|
defined(BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||||
|
@ -337,6 +352,148 @@ static psa_status_t ecp_generate_key(
|
||||||
}
|
}
|
||||||
#endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
|
#endif /* defined(BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
|
||||||
|
|
||||||
|
/****************************************************************/
|
||||||
|
/* ECDSA sign/verify */
|
||||||
|
/****************************************************************/
|
||||||
|
|
||||||
|
#if defined(BUILTIN_ALG_ECDSA) || \
|
||||||
|
defined(BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||||
|
static psa_status_t ecdsa_sign_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
||||||
|
{
|
||||||
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
mbedtls_ecp_keypair *ecp = NULL;
|
||||||
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
size_t curve_bytes;
|
||||||
|
mbedtls_mpi r, s;
|
||||||
|
|
||||||
|
status = mbedtls_psa_ecp_load_representation( attributes->core.type,
|
||||||
|
attributes->core.bits,
|
||||||
|
key_buffer,
|
||||||
|
key_buffer_size,
|
||||||
|
&ecp );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
return( status );
|
||||||
|
|
||||||
|
curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
|
||||||
|
mbedtls_mpi_init( &r );
|
||||||
|
mbedtls_mpi_init( &s );
|
||||||
|
|
||||||
|
if( signature_size < 2 * curve_bytes )
|
||||||
|
{
|
||||||
|
ret = MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
if( PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) )
|
||||||
|
{
|
||||||
|
#if defined(BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||||
|
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
|
||||||
|
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
|
||||||
|
mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info );
|
||||||
|
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det_ext(
|
||||||
|
&ecp->grp, &r, &s,
|
||||||
|
&ecp->d, hash,
|
||||||
|
hash_length, md_alg,
|
||||||
|
mbedtls_psa_get_random,
|
||||||
|
MBEDTLS_PSA_RANDOM_STATE ) );
|
||||||
|
#else
|
||||||
|
ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
|
||||||
|
goto cleanup;
|
||||||
|
#endif /* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
(void) alg;
|
||||||
|
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
|
||||||
|
hash, hash_length,
|
||||||
|
mbedtls_psa_get_random,
|
||||||
|
MBEDTLS_PSA_RANDOM_STATE ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
|
||||||
|
signature,
|
||||||
|
curve_bytes ) );
|
||||||
|
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
|
||||||
|
signature + curve_bytes,
|
||||||
|
curve_bytes ) );
|
||||||
|
cleanup:
|
||||||
|
mbedtls_mpi_free( &r );
|
||||||
|
mbedtls_mpi_free( &s );
|
||||||
|
if( ret == 0 )
|
||||||
|
*signature_length = 2 * curve_bytes;
|
||||||
|
|
||||||
|
mbedtls_ecp_keypair_free( ecp );
|
||||||
|
mbedtls_free( ecp );
|
||||||
|
|
||||||
|
return( mbedtls_to_psa_error( ret ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
static psa_status_t ecdsa_verify_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
const uint8_t *signature, size_t signature_length )
|
||||||
|
{
|
||||||
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
mbedtls_ecp_keypair *ecp = NULL;
|
||||||
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
size_t curve_bytes;
|
||||||
|
mbedtls_mpi r, s;
|
||||||
|
|
||||||
|
(void)alg;
|
||||||
|
|
||||||
|
status = mbedtls_psa_ecp_load_representation( attributes->core.type,
|
||||||
|
attributes->core.bits,
|
||||||
|
key_buffer,
|
||||||
|
key_buffer_size,
|
||||||
|
&ecp );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
return( status );
|
||||||
|
|
||||||
|
curve_bytes = PSA_BITS_TO_BYTES( ecp->grp.pbits );
|
||||||
|
mbedtls_mpi_init( &r );
|
||||||
|
mbedtls_mpi_init( &s );
|
||||||
|
|
||||||
|
if( signature_length != 2 * curve_bytes )
|
||||||
|
{
|
||||||
|
ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
|
||||||
|
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
|
||||||
|
signature,
|
||||||
|
curve_bytes ) );
|
||||||
|
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
|
||||||
|
signature + curve_bytes,
|
||||||
|
curve_bytes ) );
|
||||||
|
|
||||||
|
/* Check whether the public part is loaded. If not, load it. */
|
||||||
|
if( mbedtls_ecp_is_zero( &ecp->Q ) )
|
||||||
|
{
|
||||||
|
MBEDTLS_MPI_CHK(
|
||||||
|
mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G,
|
||||||
|
mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = mbedtls_ecdsa_verify( &ecp->grp, hash, hash_length,
|
||||||
|
&ecp->Q, &r, &s );
|
||||||
|
|
||||||
|
cleanup:
|
||||||
|
mbedtls_mpi_free( &r );
|
||||||
|
mbedtls_mpi_free( &s );
|
||||||
|
mbedtls_ecp_keypair_free( ecp );
|
||||||
|
mbedtls_free( ecp );
|
||||||
|
|
||||||
|
return( mbedtls_to_psa_error( ret ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* defined(BUILTIN_ALG_ECDSA) || \
|
||||||
|
* defined(BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
|
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
|
||||||
|
|
||||||
|
@ -373,6 +530,38 @@ psa_status_t mbedtls_psa_ecp_generate_key(
|
||||||
}
|
}
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR) */
|
||||||
|
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||||
|
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||||
|
|
||||||
|
psa_status_t mbedtls_psa_ecdsa_sign_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
||||||
|
{
|
||||||
|
|
||||||
|
return( ecdsa_sign_hash( attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, hash, hash_length,
|
||||||
|
signature, signature_size, signature_length ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
psa_status_t mbedtls_psa_ecdsa_verify_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
const uint8_t *signature, size_t signature_length )
|
||||||
|
{
|
||||||
|
return( ecdsa_verify_hash( attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, hash, hash_length,
|
||||||
|
signature, signature_length ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) ||
|
||||||
|
* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
|
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
|
||||||
*/
|
*/
|
||||||
|
@ -417,6 +606,62 @@ psa_status_t mbedtls_transparent_test_driver_ecp_generate_key(
|
||||||
#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) &&
|
#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) &&
|
||||||
defined(MBEDTLS_GENPRIME) */
|
defined(MBEDTLS_GENPRIME) */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
|
||||||
|
defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
|
||||||
|
|
||||||
|
psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
||||||
|
{
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
|
return( ecdsa_sign_hash( attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, hash, hash_length,
|
||||||
|
signature, signature_size, signature_length ) );
|
||||||
|
#else
|
||||||
|
(void)attributes;
|
||||||
|
(void)key_buffer;
|
||||||
|
(void)key_buffer_size;
|
||||||
|
(void)alg;
|
||||||
|
(void)hash;
|
||||||
|
(void)hash_length;
|
||||||
|
(void)signature;
|
||||||
|
(void)signature_size;
|
||||||
|
(void)signature_length;
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
const uint8_t *signature, size_t signature_length )
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_ECDSA_C)
|
||||||
|
return( ecdsa_verify_hash( attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, hash, hash_length,
|
||||||
|
signature, signature_length ) );
|
||||||
|
#else
|
||||||
|
(void)attributes;
|
||||||
|
(void)key_buffer;
|
||||||
|
(void)key_buffer_size;
|
||||||
|
(void)alg;
|
||||||
|
(void)hash;
|
||||||
|
(void)hash_length;
|
||||||
|
(void)signature;
|
||||||
|
(void)signature_length;
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
|
||||||
|
* defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||||
|
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||||
|
|
|
@ -146,6 +146,78 @@ psa_status_t mbedtls_psa_ecp_generate_key(
|
||||||
const psa_key_attributes_t *attributes,
|
const psa_key_attributes_t *attributes,
|
||||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
|
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
|
||||||
|
|
||||||
|
/** Sign an already-calculated hash with ECDSA.
|
||||||
|
*
|
||||||
|
* \note The signature of this function is that of a PSA driver
|
||||||
|
* sign_hash entry point. This function behaves as a sign_hash
|
||||||
|
* entry point as defined in the PSA driver interface specification for
|
||||||
|
* transparent drivers.
|
||||||
|
*
|
||||||
|
* \param[in] attributes The attributes of the ECC key to use for the
|
||||||
|
* operation.
|
||||||
|
* \param[in] key_buffer The buffer containing the ECC key context.
|
||||||
|
* format.
|
||||||
|
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
|
||||||
|
* \param[in] alg Randomized or deterministic ECDSA algorithm.
|
||||||
|
* \param[in] hash The hash or message to sign.
|
||||||
|
* \param[in] hash_length Size of the \p hash buffer in bytes.
|
||||||
|
* \param[out] signature Buffer where the signature is to be written.
|
||||||
|
* \param[in] signature_size Size of the \p signature buffer in bytes.
|
||||||
|
* \param[out] signature_length On success, the number of bytes
|
||||||
|
* that make up the returned signature value.
|
||||||
|
*
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||||
|
* The size of the \p signature buffer is too small. You can
|
||||||
|
* determine a sufficient buffer size by calling
|
||||||
|
* #PSA_SIGN_OUTPUT_SIZE(\c PSA_KEY_TYPE_ECC_KEY_PAIR, \c key_bits,
|
||||||
|
* \p alg) where \c key_bits is the bit-size of the ECC key.
|
||||||
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||||
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
|
||||||
|
*/
|
||||||
|
psa_status_t mbedtls_psa_ecdsa_sign_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
uint8_t *signature, size_t signature_size, size_t *signature_length );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Verify an ECDSA hash or short message signature.
|
||||||
|
*
|
||||||
|
* \note The signature of this function is that of a PSA driver
|
||||||
|
* verify_hash entry point. This function behaves as a verify_hash
|
||||||
|
* entry point as defined in the PSA driver interface specification for
|
||||||
|
* transparent drivers.
|
||||||
|
*
|
||||||
|
* \param[in] attributes The attributes of the ECC key to use for the
|
||||||
|
* operation.
|
||||||
|
* \param[in] key_buffer The buffer containing the ECC key context.
|
||||||
|
* format.
|
||||||
|
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
|
||||||
|
* \param[in] alg Randomized or deterministic ECDSA algorithm.
|
||||||
|
* \param[in] hash The hash or message whose signature is to be
|
||||||
|
* verified.
|
||||||
|
* \param[in] hash_length Size of the \p hash buffer in bytes.
|
||||||
|
* \param[in] signature Buffer containing the signature to verify.
|
||||||
|
* \param[in] signature_length Size of the \p signature buffer in bytes.
|
||||||
|
*
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* The signature is valid.
|
||||||
|
* \retval #PSA_ERROR_INVALID_SIGNATURE
|
||||||
|
* The calculation was performed successfully, but the passed
|
||||||
|
* signature is not a valid signature.
|
||||||
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||||
|
*/
|
||||||
|
psa_status_t mbedtls_psa_ecdsa_verify_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
const uint8_t *signature, size_t signature_length );
|
||||||
/*
|
/*
|
||||||
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
|
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
|
||||||
*/
|
*/
|
||||||
|
@ -167,6 +239,18 @@ psa_status_t mbedtls_transparent_test_driver_ecp_generate_key(
|
||||||
const psa_key_attributes_t *attributes,
|
const psa_key_attributes_t *attributes,
|
||||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
|
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
|
||||||
|
|
||||||
|
psa_status_t mbedtls_transparent_test_driver_ecdsa_sign_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
uint8_t *signature, size_t signature_size, size_t *signature_length );
|
||||||
|
|
||||||
|
psa_status_t mbedtls_transparent_test_driver_ecdsa_verify_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
const uint8_t *signature, size_t signature_length );
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_ECP_H */
|
#endif /* PSA_CRYPTO_ECP_H */
|
||||||
|
|
|
@ -52,10 +52,24 @@
|
||||||
#define BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
|
#define BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
||||||
|
( defined(PSA_CRYPTO_DRIVER_TEST) && \
|
||||||
|
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) && \
|
||||||
|
defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V15) ) )
|
||||||
|
#define BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if ( defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
|
||||||
|
( defined(PSA_CRYPTO_DRIVER_TEST) && \
|
||||||
|
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) && \
|
||||||
|
defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PKCS1_V21) ) )
|
||||||
|
#define BUILTIN_ALG_RSA_PSS 1
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
|
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) || \
|
defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
||||||
|
defined(BUILTIN_ALG_RSA_PSS) || \
|
||||||
defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
|
defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
|
||||||
defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
|
defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
|
||||||
|
|
||||||
|
@ -131,9 +145,9 @@ exit:
|
||||||
return( status );
|
return( status );
|
||||||
}
|
}
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
|
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) ||
|
||||||
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) ||
|
* defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
||||||
|
* defined(BUILTIN_ALG_RSA_PSS) ||
|
||||||
* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
|
* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||
|
||||||
* defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
|
* defined(BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY) */
|
||||||
|
|
||||||
|
@ -319,6 +333,211 @@ static psa_status_t rsa_generate_key(
|
||||||
}
|
}
|
||||||
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
|
#endif /* defined(BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
|
||||||
|
|
||||||
|
/****************************************************************/
|
||||||
|
/* Sign/verify hashes */
|
||||||
|
/****************************************************************/
|
||||||
|
|
||||||
|
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) || defined(BUILTIN_ALG_RSA_PSS)
|
||||||
|
|
||||||
|
/* Decode the hash algorithm from alg and store the mbedtls encoding in
|
||||||
|
* md_alg. Verify that the hash length is acceptable. */
|
||||||
|
static psa_status_t psa_rsa_decode_md_type( psa_algorithm_t alg,
|
||||||
|
size_t hash_length,
|
||||||
|
mbedtls_md_type_t *md_alg )
|
||||||
|
{
|
||||||
|
psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
|
||||||
|
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg );
|
||||||
|
*md_alg = mbedtls_md_get_type( md_info );
|
||||||
|
|
||||||
|
/* The Mbed TLS RSA module uses an unsigned int for hash length
|
||||||
|
* parameters. Validate that it fits so that we don't risk an
|
||||||
|
* overflow later. */
|
||||||
|
#if SIZE_MAX > UINT_MAX
|
||||||
|
if( hash_length > UINT_MAX )
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
|
||||||
|
/* For PKCS#1 v1.5 signature, if using a hash, the hash length
|
||||||
|
* must be correct. */
|
||||||
|
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) &&
|
||||||
|
alg != PSA_ALG_RSA_PKCS1V15_SIGN_RAW )
|
||||||
|
{
|
||||||
|
if( md_info == NULL )
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
if( mbedtls_md_get_size( md_info ) != hash_length )
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
}
|
||||||
|
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
|
||||||
|
|
||||||
|
#if defined(BUILTIN_ALG_RSA_PSS)
|
||||||
|
/* PSS requires a hash internally. */
|
||||||
|
if( PSA_ALG_IS_RSA_PSS( alg ) )
|
||||||
|
{
|
||||||
|
if( md_info == NULL )
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
}
|
||||||
|
#endif /* BUILTIN_ALG_RSA_PSS */
|
||||||
|
|
||||||
|
return( PSA_SUCCESS );
|
||||||
|
}
|
||||||
|
|
||||||
|
static psa_status_t rsa_sign_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
||||||
|
{
|
||||||
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
mbedtls_rsa_context *rsa = NULL;
|
||||||
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
mbedtls_md_type_t md_alg;
|
||||||
|
|
||||||
|
status = mbedtls_psa_rsa_load_representation( attributes->core.type,
|
||||||
|
key_buffer,
|
||||||
|
key_buffer_size,
|
||||||
|
&rsa );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
return( status );
|
||||||
|
|
||||||
|
status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
goto exit;
|
||||||
|
|
||||||
|
if( signature_size < mbedtls_rsa_get_len( rsa ) )
|
||||||
|
{
|
||||||
|
status = PSA_ERROR_BUFFER_TOO_SMALL;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
|
||||||
|
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
|
||||||
|
{
|
||||||
|
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
|
||||||
|
MBEDTLS_MD_NONE );
|
||||||
|
ret = mbedtls_rsa_pkcs1_sign( rsa,
|
||||||
|
mbedtls_psa_get_random,
|
||||||
|
MBEDTLS_PSA_RANDOM_STATE,
|
||||||
|
MBEDTLS_RSA_PRIVATE,
|
||||||
|
md_alg,
|
||||||
|
(unsigned int) hash_length,
|
||||||
|
hash,
|
||||||
|
signature );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
|
||||||
|
#if defined(BUILTIN_ALG_RSA_PSS)
|
||||||
|
if( PSA_ALG_IS_RSA_PSS( alg ) )
|
||||||
|
{
|
||||||
|
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
|
||||||
|
ret = mbedtls_rsa_rsassa_pss_sign( rsa,
|
||||||
|
mbedtls_psa_get_random,
|
||||||
|
MBEDTLS_PSA_RANDOM_STATE,
|
||||||
|
MBEDTLS_RSA_PRIVATE,
|
||||||
|
MBEDTLS_MD_NONE,
|
||||||
|
(unsigned int) hash_length,
|
||||||
|
hash,
|
||||||
|
signature );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* BUILTIN_ALG_RSA_PSS */
|
||||||
|
{
|
||||||
|
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if( ret == 0 )
|
||||||
|
*signature_length = mbedtls_rsa_get_len( rsa );
|
||||||
|
status = mbedtls_to_psa_error( ret );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_rsa_free( rsa );
|
||||||
|
mbedtls_free( rsa );
|
||||||
|
|
||||||
|
return( status );
|
||||||
|
}
|
||||||
|
|
||||||
|
static psa_status_t rsa_verify_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
const uint8_t *signature, size_t signature_length )
|
||||||
|
{
|
||||||
|
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||||
|
mbedtls_rsa_context *rsa = NULL;
|
||||||
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
|
mbedtls_md_type_t md_alg;
|
||||||
|
|
||||||
|
status = mbedtls_psa_rsa_load_representation( attributes->core.type,
|
||||||
|
key_buffer,
|
||||||
|
key_buffer_size,
|
||||||
|
&rsa );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
goto exit;
|
||||||
|
|
||||||
|
status = psa_rsa_decode_md_type( alg, hash_length, &md_alg );
|
||||||
|
if( status != PSA_SUCCESS )
|
||||||
|
goto exit;
|
||||||
|
|
||||||
|
if( signature_length != mbedtls_rsa_get_len( rsa ) )
|
||||||
|
{
|
||||||
|
status = PSA_ERROR_INVALID_SIGNATURE;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
#if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN)
|
||||||
|
if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) )
|
||||||
|
{
|
||||||
|
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15,
|
||||||
|
MBEDTLS_MD_NONE );
|
||||||
|
ret = mbedtls_rsa_pkcs1_verify( rsa,
|
||||||
|
mbedtls_psa_get_random,
|
||||||
|
MBEDTLS_PSA_RANDOM_STATE,
|
||||||
|
MBEDTLS_RSA_PUBLIC,
|
||||||
|
md_alg,
|
||||||
|
(unsigned int) hash_length,
|
||||||
|
hash,
|
||||||
|
signature );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */
|
||||||
|
#if defined(BUILTIN_ALG_RSA_PSS)
|
||||||
|
if( PSA_ALG_IS_RSA_PSS( alg ) )
|
||||||
|
{
|
||||||
|
mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg );
|
||||||
|
ret = mbedtls_rsa_rsassa_pss_verify( rsa,
|
||||||
|
mbedtls_psa_get_random,
|
||||||
|
MBEDTLS_PSA_RANDOM_STATE,
|
||||||
|
MBEDTLS_RSA_PUBLIC,
|
||||||
|
MBEDTLS_MD_NONE,
|
||||||
|
(unsigned int) hash_length,
|
||||||
|
hash,
|
||||||
|
signature );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* BUILTIN_ALG_RSA_PSS */
|
||||||
|
{
|
||||||
|
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Mbed TLS distinguishes "invalid padding" from "valid padding but
|
||||||
|
* the rest of the signature is invalid". This has little use in
|
||||||
|
* practice and PSA doesn't report this distinction. */
|
||||||
|
status = ( ret == MBEDTLS_ERR_RSA_INVALID_PADDING ) ?
|
||||||
|
PSA_ERROR_INVALID_SIGNATURE :
|
||||||
|
mbedtls_to_psa_error( ret );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_rsa_free( rsa );
|
||||||
|
mbedtls_free( rsa );
|
||||||
|
|
||||||
|
return( status );
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
||||||
|
* defined(BUILTIN_ALG_RSA_PSS) */
|
||||||
|
|
||||||
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
|
#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
|
||||||
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
|
defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
|
||||||
|
|
||||||
|
@ -355,6 +574,36 @@ psa_status_t mbedtls_psa_rsa_generate_key(
|
||||||
}
|
}
|
||||||
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
||||||
|
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
|
||||||
|
psa_status_t mbedtls_psa_rsa_sign_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
||||||
|
{
|
||||||
|
return( rsa_sign_hash(
|
||||||
|
attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, hash, hash_length,
|
||||||
|
signature, signature_size, signature_length ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
psa_status_t mbedtls_psa_rsa_verify_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
const uint8_t *signature, size_t signature_length )
|
||||||
|
{
|
||||||
|
return( rsa_verify_hash(
|
||||||
|
attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, hash, hash_length,
|
||||||
|
signature, signature_length ) );
|
||||||
|
}
|
||||||
|
#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) ||
|
||||||
|
* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS) */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
|
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
|
||||||
*/
|
*/
|
||||||
|
@ -397,6 +646,63 @@ psa_status_t mbedtls_transparent_test_driver_rsa_generate_key(
|
||||||
}
|
}
|
||||||
#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */
|
#endif /* defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
|
||||||
|
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
|
||||||
|
psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_RSA_C) && \
|
||||||
|
(defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21))
|
||||||
|
return( rsa_sign_hash(
|
||||||
|
attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, hash, hash_length,
|
||||||
|
signature, signature_size, signature_length ) );
|
||||||
|
#else
|
||||||
|
(void)attributes;
|
||||||
|
(void)key_buffer;
|
||||||
|
(void)key_buffer_size;
|
||||||
|
(void)alg;
|
||||||
|
(void)hash;
|
||||||
|
(void)hash_length;
|
||||||
|
(void)signature;
|
||||||
|
(void)signature_size;
|
||||||
|
(void)signature_length;
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
const uint8_t *signature, size_t signature_length )
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_RSA_C) && \
|
||||||
|
(defined(MBEDTLS_PKCS1_V15) || defined(MBEDTLS_PKCS1_V21))
|
||||||
|
return( rsa_verify_hash(
|
||||||
|
attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, hash, hash_length,
|
||||||
|
signature, signature_length ) );
|
||||||
|
#else
|
||||||
|
(void)attributes;
|
||||||
|
(void)key_buffer;
|
||||||
|
(void)key_buffer_size;
|
||||||
|
(void)alg;
|
||||||
|
(void)hash;
|
||||||
|
(void)hash_length;
|
||||||
|
(void)signature;
|
||||||
|
(void)signature_length;
|
||||||
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
|
||||||
|
* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||||
|
|
||||||
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
#endif /* MBEDTLS_PSA_CRYPTO_C */
|
||||||
|
|
|
@ -137,6 +137,81 @@ psa_status_t mbedtls_psa_rsa_generate_key(
|
||||||
const psa_key_attributes_t *attributes,
|
const psa_key_attributes_t *attributes,
|
||||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
|
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length );
|
||||||
|
|
||||||
|
/** Sign an already-calculated hash with an RSA private key.
|
||||||
|
*
|
||||||
|
* \note The signature of this function is that of a PSA driver
|
||||||
|
* sign_hash entry point. This function behaves as a sign_hash
|
||||||
|
* entry point as defined in the PSA driver interface specification for
|
||||||
|
* transparent drivers.
|
||||||
|
*
|
||||||
|
* \param[in] attributes The attributes of the RSA key to use for the
|
||||||
|
* operation.
|
||||||
|
* \param[in] key_buffer The buffer containing the RSA key context.
|
||||||
|
* format.
|
||||||
|
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
|
||||||
|
* \param[in] alg A signature algorithm that is compatible with
|
||||||
|
* an RSA key.
|
||||||
|
* \param[in] hash The hash or message to sign.
|
||||||
|
* \param[in] hash_length Size of the \p hash buffer in bytes.
|
||||||
|
* \param[out] signature Buffer where the signature is to be written.
|
||||||
|
* \param[in] signature_size Size of the \p signature buffer in bytes.
|
||||||
|
* \param[out] signature_length On success, the number of bytes
|
||||||
|
* that make up the returned signature value.
|
||||||
|
*
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* \retval #PSA_ERROR_BUFFER_TOO_SMALL
|
||||||
|
* The size of the \p signature buffer is too small. You can
|
||||||
|
* determine a sufficient buffer size by calling
|
||||||
|
* #PSA_SIGN_OUTPUT_SIZE(\c PSA_KEY_TYPE_RSA_KEY_PAIR, \c key_bits,
|
||||||
|
* \p alg) where \c key_bits is the bit-size of the RSA key.
|
||||||
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||||
|
* \retval #PSA_ERROR_CORRUPTION_DETECTED
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_ENTROPY
|
||||||
|
*/
|
||||||
|
psa_status_t mbedtls_psa_rsa_sign_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
uint8_t *signature, size_t signature_size, size_t *signature_length );
|
||||||
|
|
||||||
|
/**
|
||||||
|
* \brief Verify the signature a hash or short message using a public RSA key.
|
||||||
|
*
|
||||||
|
* \note The signature of this function is that of a PSA driver
|
||||||
|
* verify_hash entry point. This function behaves as a verify_hash
|
||||||
|
* entry point as defined in the PSA driver interface specification for
|
||||||
|
* transparent drivers.
|
||||||
|
*
|
||||||
|
* \param[in] attributes The attributes of the RSA key to use for the
|
||||||
|
* operation.
|
||||||
|
* \param[in] key_buffer The buffer containing the RSA key context.
|
||||||
|
* format.
|
||||||
|
* \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes.
|
||||||
|
* \param[in] alg A signature algorithm that is compatible with
|
||||||
|
* an RSA key.
|
||||||
|
* \param[in] hash The hash or message whose signature is to be
|
||||||
|
* verified.
|
||||||
|
* \param[in] hash_length Size of the \p hash buffer in bytes.
|
||||||
|
* \param[in] signature Buffer containing the signature to verify.
|
||||||
|
* \param[in] signature_length Size of the \p signature buffer in bytes.
|
||||||
|
*
|
||||||
|
* \retval #PSA_SUCCESS
|
||||||
|
* The signature is valid.
|
||||||
|
* \retval #PSA_ERROR_INVALID_SIGNATURE
|
||||||
|
* The calculation was performed successfully, but the passed
|
||||||
|
* signature is not a valid signature.
|
||||||
|
* \retval #PSA_ERROR_NOT_SUPPORTED
|
||||||
|
* \retval #PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
* \retval #PSA_ERROR_INSUFFICIENT_MEMORY
|
||||||
|
*/
|
||||||
|
psa_status_t mbedtls_psa_rsa_verify_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
const uint8_t *signature, size_t signature_length );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
|
* BEYOND THIS POINT, TEST DRIVER ENTRY POINTS ONLY.
|
||||||
*/
|
*/
|
||||||
|
@ -158,6 +233,18 @@ psa_status_t mbedtls_transparent_test_driver_rsa_generate_key(
|
||||||
const psa_key_attributes_t *attributes,
|
const psa_key_attributes_t *attributes,
|
||||||
uint8_t *key, size_t key_size, size_t *key_length );
|
uint8_t *key, size_t key_size, size_t *key_length );
|
||||||
|
|
||||||
|
psa_status_t mbedtls_transparent_test_driver_rsa_sign_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
uint8_t *signature, size_t signature_size, size_t *signature_length );
|
||||||
|
|
||||||
|
psa_status_t mbedtls_transparent_test_driver_rsa_verify_hash(
|
||||||
|
const psa_key_attributes_t *attributes,
|
||||||
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
|
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||||
|
const uint8_t *signature, size_t signature_length );
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||||
|
|
||||||
#endif /* PSA_CRYPTO_RSA_H */
|
#endif /* PSA_CRYPTO_RSA_H */
|
||||||
|
|
|
@ -47,7 +47,7 @@
|
||||||
#define PSA_ITS_STORAGE_PREFIX ""
|
#define PSA_ITS_STORAGE_PREFIX ""
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx"
|
#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08x%08x"
|
||||||
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
|
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
|
||||||
#define PSA_ITS_STORAGE_FILENAME_LENGTH \
|
#define PSA_ITS_STORAGE_FILENAME_LENGTH \
|
||||||
( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
|
( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
|
||||||
|
@ -87,8 +87,8 @@ static void psa_its_fill_filename( psa_storage_uid_t uid, char *filename )
|
||||||
mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
|
mbedtls_snprintf( filename, PSA_ITS_STORAGE_FILENAME_LENGTH,
|
||||||
"%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
|
"%s" PSA_ITS_STORAGE_FILENAME_PATTERN "%s",
|
||||||
PSA_ITS_STORAGE_PREFIX,
|
PSA_ITS_STORAGE_PREFIX,
|
||||||
(unsigned long) ( uid >> 32 ),
|
(unsigned) ( uid >> 32 ),
|
||||||
(unsigned long) ( uid & 0xffffffff ),
|
(unsigned) ( uid & 0xffffffff ),
|
||||||
PSA_ITS_STORAGE_SUFFIX );
|
PSA_ITS_STORAGE_SUFFIX );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -685,7 +685,7 @@ static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||||
( "sending session ticket of length %d", tlen ) );
|
( "sending session ticket of length %" MBEDTLS_PRINTF_SIZET, tlen ) );
|
||||||
|
|
||||||
memcpy( p, ssl->session_negotiate->ticket, tlen );
|
memcpy( p, ssl->session_negotiate->ticket, tlen );
|
||||||
|
|
||||||
|
@ -905,7 +905,8 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
|
||||||
*p++ = (unsigned char)( t >> 8 );
|
*p++ = (unsigned char)( t >> 8 );
|
||||||
*p++ = (unsigned char)( t );
|
*p++ = (unsigned char)( t );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %lu", t ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
|
||||||
|
(long long) t ) );
|
||||||
#else
|
#else
|
||||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -1114,7 +1115,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
for( i = 0; i < n; i++ )
|
for( i = 0; i < n; i++ )
|
||||||
*p++ = ssl->session_negotiate->id[i];
|
*p++ = ssl->session_negotiate->id[i];
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -1182,7 +1183,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, add ciphersuite: %#04x (%s)",
|
||||||
ciphersuites[i], ciphersuite_info->name ) );
|
(unsigned int)ciphersuites[i], ciphersuite_info->name ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
|
||||||
|
@ -1197,7 +1198,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||||
( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
|
( "client hello, got %" MBEDTLS_PRINTF_SIZET " ciphersuites (excluding SCSVs)", n ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
|
||||||
|
@ -1420,7 +1421,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
||||||
/* olen unused if all extensions are disabled */
|
/* olen unused if all extensions are disabled */
|
||||||
((void) olen);
|
((void) olen);
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ext_len ) );
|
ext_len ) );
|
||||||
|
|
||||||
if( ext_len > 0 )
|
if( ext_len > 0 )
|
||||||
|
@ -2167,10 +2168,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
|
||||||
( (uint32_t) buf[2] << 24 ) |
|
( (unsigned long) buf[2] << 24 ) |
|
||||||
( (uint32_t) buf[3] << 16 ) |
|
( (unsigned long) buf[3] << 16 ) |
|
||||||
( (uint32_t) buf[4] << 8 ) |
|
( (unsigned long) buf[4] << 8 ) |
|
||||||
( (uint32_t) buf[5] ) ) );
|
( (unsigned long) buf[5] ) ) );
|
||||||
|
|
||||||
memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
|
memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
|
||||||
|
|
||||||
|
@ -2253,7 +2254,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
if( ssl->handshake->ciphersuite_info == NULL )
|
if( ssl->handshake->ciphersuite_info == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||||
( "ciphersuite info for %04x not found", i ) );
|
( "ciphersuite info for %04x not found", (unsigned int)i ) );
|
||||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
@ -2261,7 +2262,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
|
mbedtls_ssl_optimize_checksum( ssl, ssl->handshake->ciphersuite_info );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 35, n );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -2304,7 +2305,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||||
ssl->handshake->resume ? "a" : "no" ) );
|
ssl->handshake->resume ? "a" : "no" ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", (unsigned) i ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
|
||||||
buf[37 + n] ) );
|
buf[37 + n] ) );
|
||||||
|
|
||||||
|
@ -2373,7 +2374,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
ext = buf + 40 + n;
|
ext = buf + 40 + n;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2,
|
MBEDTLS_SSL_DEBUG_MSG( 2,
|
||||||
( "server hello, total extension length: %d", ext_len ) );
|
( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET, ext_len ) );
|
||||||
|
|
||||||
while( ext_len )
|
while( ext_len )
|
||||||
{
|
{
|
||||||
|
@ -2537,7 +2538,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
default:
|
default:
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3,
|
MBEDTLS_SSL_DEBUG_MSG( 3,
|
||||||
( "unknown extension found: %d (ignoring)", ext_id ) );
|
( "unknown extension found: %u (ignoring)", ext_id ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
ext_len -= 4 + ext_size;
|
ext_len -= 4 + ext_size;
|
||||||
|
@ -2628,7 +2629,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
|
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u",
|
||||||
ssl->handshake->dhm_ctx.len * 8,
|
ssl->handshake->dhm_ctx.len * 8,
|
||||||
ssl->conf->dhm_min_bitlen ) );
|
ssl->conf->dhm_min_bitlen ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
|
||||||
|
@ -4347,7 +4348,7 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
|
return( MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET );
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", ticket_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, ticket_len ) );
|
||||||
|
|
||||||
/* We're not waiting for a NewSessionTicket message any more */
|
/* We're not waiting for a NewSessionTicket message any more */
|
||||||
ssl->handshake->new_session_ticket = 0;
|
ssl->handshake->new_session_ticket = 0;
|
||||||
|
|
|
@ -283,8 +283,8 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
|
||||||
}
|
}
|
||||||
|
|
||||||
ssl->handshake->retransmit_timeout = new_timeout;
|
ssl->handshake->retransmit_timeout = new_timeout;
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
|
||||||
ssl->handshake->retransmit_timeout ) );
|
(unsigned long) ssl->handshake->retransmit_timeout ) );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
@ -292,8 +292,8 @@ static int ssl_double_retransmit_timeout( mbedtls_ssl_context *ssl )
|
||||||
static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
|
static void ssl_reset_retransmit_timeout( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
|
ssl->handshake->retransmit_timeout = ssl->conf->hs_timeout_min;
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %d millisecs",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "update timeout value to %lu millisecs",
|
||||||
ssl->handshake->retransmit_timeout ) );
|
(unsigned long) ssl->handshake->retransmit_timeout ) );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
|
||||||
|
@ -623,9 +623,10 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
|
|
||||||
if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
if( rec->data_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %u too large, maximum %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record content %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) rec->data_len,
|
" too large, maximum %" MBEDTLS_PRINTF_SIZET,
|
||||||
MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
rec->data_len,
|
||||||
|
(size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -764,7 +765,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||||
size_t olen;
|
size_t olen;
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
|
||||||
"including %d bytes of padding",
|
"including %d bytes of padding",
|
||||||
rec->data_len, 0 ) );
|
rec->data_len, 0 ) );
|
||||||
|
|
||||||
|
@ -842,7 +843,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
dynamic_iv_is_explicit ? dynamic_iv_len : 0 );
|
dynamic_iv_is_explicit ? dynamic_iv_len : 0 );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD",
|
||||||
add_data, add_data_len );
|
add_data, add_data_len );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
|
||||||
"including 0 bytes of padding",
|
"including 0 bytes of padding",
|
||||||
rec->data_len ) );
|
rec->data_len ) );
|
||||||
|
|
||||||
|
@ -945,8 +946,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
|
#endif /* MBEDTLS_SSL_PROTO_TLS1_1 || MBEDTLS_SSL_PROTO_TLS1_2 */
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %" MBEDTLS_PRINTF_SIZET ", "
|
||||||
"including %d bytes of IV and %d bytes of padding",
|
"including %" MBEDTLS_PRINTF_SIZET
|
||||||
|
" bytes of IV and %" MBEDTLS_PRINTF_SIZET " bytes of padding",
|
||||||
rec->data_len, transform->ivlen,
|
rec->data_len, transform->ivlen,
|
||||||
padlen + 1 ) );
|
padlen + 1 ) );
|
||||||
|
|
||||||
|
@ -1366,7 +1368,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
{
|
{
|
||||||
if( rec->data_len < dynamic_iv_len )
|
if( rec->data_len < dynamic_iv_len )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) ",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
|
||||||
|
" ) < explicit_iv_len (%" MBEDTLS_PRINTF_SIZET ") ",
|
||||||
rec->data_len,
|
rec->data_len,
|
||||||
dynamic_iv_len ) );
|
dynamic_iv_len ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||||
|
@ -1385,7 +1388,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
/* Check that there's space for the authentication tag. */
|
/* Check that there's space for the authentication tag. */
|
||||||
if( rec->data_len < transform->taglen )
|
if( rec->data_len < transform->taglen )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < taglen (%d) ",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
|
||||||
|
") < taglen (%" MBEDTLS_PRINTF_SIZET ") ",
|
||||||
rec->data_len,
|
rec->data_len,
|
||||||
transform->taglen ) );
|
transform->taglen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||||
|
@ -1488,7 +1492,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
if( rec->data_len < minlen + transform->ivlen ||
|
if( rec->data_len < minlen + transform->ivlen ||
|
||||||
rec->data_len < minlen + transform->maclen + 1 )
|
rec->data_len < minlen + transform->maclen + 1 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < max( ivlen(%d), maclen (%d) "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
|
||||||
|
") < max( ivlen(%" MBEDTLS_PRINTF_SIZET
|
||||||
|
"), maclen (%" MBEDTLS_PRINTF_SIZET ") "
|
||||||
"+ 1 ) ( + expl IV )", rec->data_len,
|
"+ 1 ) ( + expl IV )", rec->data_len,
|
||||||
transform->ivlen,
|
transform->ivlen,
|
||||||
transform->maclen ) );
|
transform->maclen ) );
|
||||||
|
@ -1554,7 +1560,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
* data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */
|
* data_len >= minlen + ivlen ( = minlen or 2 * minlen ). */
|
||||||
if( rec->data_len % transform->ivlen != 0 )
|
if( rec->data_len % transform->ivlen != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) %% ivlen (%d) != 0",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
|
||||||
|
") %% ivlen (%" MBEDTLS_PRINTF_SIZET ") != 0",
|
||||||
rec->data_len, transform->ivlen ) );
|
rec->data_len, transform->ivlen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
return( MBEDTLS_ERR_SSL_INVALID_MAC );
|
||||||
}
|
}
|
||||||
|
@ -1624,7 +1631,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
||||||
if( rec->data_len < transform->maclen + padlen + 1 )
|
if( rec->data_len < transform->maclen + padlen + 1 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < maclen (%d) + padlen (%d)",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%" MBEDTLS_PRINTF_SIZET
|
||||||
|
") < maclen (%" MBEDTLS_PRINTF_SIZET
|
||||||
|
") + padlen (%" MBEDTLS_PRINTF_SIZET ")",
|
||||||
rec->data_len,
|
rec->data_len,
|
||||||
transform->maclen,
|
transform->maclen,
|
||||||
padlen + 1 ) );
|
padlen + 1 ) );
|
||||||
|
@ -1653,8 +1662,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
|
||||||
if( padlen > transform->ivlen )
|
if( padlen > transform->ivlen )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
#if defined(MBEDTLS_SSL_DEBUG_ALL)
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad padding length: is %" MBEDTLS_PRINTF_SIZET ", "
|
||||||
"should be no more than %d",
|
"should be no more than %" MBEDTLS_PRINTF_SIZET,
|
||||||
padlen, transform->ivlen ) );
|
padlen, transform->ivlen ) );
|
||||||
#endif
|
#endif
|
||||||
correct = 0;
|
correct = 0;
|
||||||
|
@ -1890,7 +1899,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
memcpy( msg_pre, ssl->out_msg, len_pre );
|
memcpy( msg_pre, ssl->out_msg, len_pre );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %d, ",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
|
||||||
ssl->out_msglen ) );
|
ssl->out_msglen ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "before compression: output payload",
|
||||||
|
@ -1911,7 +1920,7 @@ static int ssl_compress_buf( mbedtls_ssl_context *ssl )
|
||||||
ssl->out_msglen = out_buf_len -
|
ssl->out_msglen = out_buf_len -
|
||||||
ssl->transform_out->ctx_deflate.avail_out - bytes_written;
|
ssl->transform_out->ctx_deflate.avail_out - bytes_written;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %d, ",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after compression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
|
||||||
ssl->out_msglen ) );
|
ssl->out_msglen ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "after compression: output payload",
|
||||||
|
@ -1942,7 +1951,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
memcpy( msg_pre, ssl->in_msg, len_pre );
|
memcpy( msg_pre, ssl->in_msg, len_pre );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %d, ",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "before decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "before decompression: input payload",
|
||||||
|
@ -1963,7 +1972,7 @@ static int ssl_decompress_buf( mbedtls_ssl_context *ssl )
|
||||||
ssl->in_msglen = in_buf_len -
|
ssl->in_msglen = in_buf_len -
|
||||||
ssl->transform_in->ctx_inflate.avail_out - header_bytes;
|
ssl->transform_in->ctx_inflate.avail_out - header_bytes;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %d, ",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "after decompression: msglen = %" MBEDTLS_PRINTF_SIZET ", ",
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
|
MBEDTLS_SSL_DEBUG_BUF( 4, "after decompression: input payload",
|
||||||
|
@ -2042,7 +2051,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
|
|
||||||
if( ssl->in_left != 0 )
|
if( ssl->in_left != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "next record in same datagram, offset: %"
|
||||||
|
MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->next_record_offset ) );
|
ssl->next_record_offset ) );
|
||||||
memmove( ssl->in_hdr,
|
memmove( ssl->in_hdr,
|
||||||
ssl->in_hdr + ssl->next_record_offset,
|
ssl->in_hdr + ssl->next_record_offset,
|
||||||
|
@ -2052,7 +2062,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
ssl->next_record_offset = 0;
|
ssl->next_record_offset = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
|
||||||
|
", nb_want: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_left, nb_want ) );
|
ssl->in_left, nb_want ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -2094,7 +2105,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
else
|
else
|
||||||
timeout = ssl->conf->read_timeout;
|
timeout = ssl->conf->read_timeout;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %u ms", timeout ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "f_recv_timeout: %lu ms", (unsigned long) timeout ) );
|
||||||
|
|
||||||
if( ssl->f_recv_timeout != NULL )
|
if( ssl->f_recv_timeout != NULL )
|
||||||
ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
|
ret = ssl->f_recv_timeout( ssl->p_bio, ssl->in_hdr, len,
|
||||||
|
@ -2153,7 +2164,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
|
||||||
|
", nb_want: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_left, nb_want ) );
|
ssl->in_left, nb_want ) );
|
||||||
|
|
||||||
while( ssl->in_left < nb_want )
|
while( ssl->in_left < nb_want )
|
||||||
|
@ -2177,7 +2189,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %d, nb_want: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "in_left: %" MBEDTLS_PRINTF_SIZET
|
||||||
|
", nb_want: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_left, nb_want ) );
|
ssl->in_left, nb_want ) );
|
||||||
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
|
MBEDTLS_SSL_DEBUG_RET( 2, "ssl->f_recv(_timeout)", ret );
|
||||||
|
|
||||||
|
@ -2190,8 +2203,8 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
||||||
if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
|
if ( (size_t)ret > len || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||||
( "f_recv returned %d bytes but only %lu were requested",
|
( "f_recv returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " were requested",
|
||||||
ret, (unsigned long)len ) );
|
ret, len ) );
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2230,7 +2243,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
|
||||||
|
|
||||||
while( ssl->out_left > 0 )
|
while( ssl->out_left > 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %d, out_left: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "message length: %" MBEDTLS_PRINTF_SIZET
|
||||||
|
", out_left: %" MBEDTLS_PRINTF_SIZET,
|
||||||
mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
|
mbedtls_ssl_out_hdr_len( ssl ) + ssl->out_msglen, ssl->out_left ) );
|
||||||
|
|
||||||
buf = ssl->out_hdr - ssl->out_left;
|
buf = ssl->out_hdr - ssl->out_left;
|
||||||
|
@ -2244,8 +2258,8 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
|
||||||
if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
|
if( (size_t)ret > ssl->out_left || ( INT_MAX > SIZE_MAX && ret > (int)SIZE_MAX ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1,
|
MBEDTLS_SSL_DEBUG_MSG( 1,
|
||||||
( "f_send returned %d bytes but only %lu bytes were sent",
|
( "f_send returned %d bytes but only %" MBEDTLS_PRINTF_SIZET " bytes were sent",
|
||||||
ret, (unsigned long)ssl->out_left ) );
|
ret, ssl->out_left ) );
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2286,14 +2300,15 @@ static int ssl_flight_append( mbedtls_ssl_context *ssl )
|
||||||
/* Allocate space for current message */
|
/* Allocate space for current message */
|
||||||
if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL )
|
if( ( msg = mbedtls_calloc( 1, sizeof( mbedtls_ssl_flight_item ) ) ) == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
|
||||||
sizeof( mbedtls_ssl_flight_item ) ) );
|
sizeof( mbedtls_ssl_flight_item ) ) );
|
||||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
|
if( ( msg->p = mbedtls_calloc( 1, ssl->out_msglen ) ) == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %d bytes failed", ssl->out_msglen ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc %" MBEDTLS_PRINTF_SIZET " bytes failed",
|
||||||
|
ssl->out_msglen ) );
|
||||||
mbedtls_free( msg );
|
mbedtls_free( msg );
|
||||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||||
}
|
}
|
||||||
|
@ -2699,9 +2714,10 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||||
if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
if( ssl->out_msglen > MBEDTLS_SSL_OUT_CONTENT_LEN )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Record too large: "
|
||||||
"size %u, maximum %u",
|
"size %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) ssl->out_msglen,
|
", maximum %" MBEDTLS_PRINTF_SIZET,
|
||||||
(unsigned) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
ssl->out_msglen,
|
||||||
|
(size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2728,9 +2744,9 @@ int mbedtls_ssl_write_handshake_msg( mbedtls_ssl_context *ssl )
|
||||||
if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
|
if( MBEDTLS_SSL_OUT_CONTENT_LEN - ssl->out_msglen < 8 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DTLS handshake message too large: "
|
||||||
"size %u, maximum %u",
|
"size %" MBEDTLS_PRINTF_SIZET ", maximum %" MBEDTLS_PRINTF_SIZET,
|
||||||
(unsigned) ( hs_len ),
|
hs_len,
|
||||||
(unsigned) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
|
(size_t) ( MBEDTLS_SSL_OUT_CONTENT_LEN - 12 ) ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2922,8 +2938,8 @@ int mbedtls_ssl_write_record( mbedtls_ssl_context *ssl, uint8_t force_flush )
|
||||||
/* Now write the potentially updated record content type. */
|
/* Now write the potentially updated record content type. */
|
||||||
ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
|
ssl->out_hdr[0] = (unsigned char) ssl->out_msgtype;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "output record: msgtype = %u, "
|
||||||
"version = [%d:%d], msglen = %d",
|
"version = [%u:%u], msglen = %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->out_hdr[0], ssl->out_hdr[1],
|
ssl->out_hdr[0], ssl->out_hdr[1],
|
||||||
ssl->out_hdr[2], len ) );
|
ssl->out_hdr[2], len ) );
|
||||||
|
|
||||||
|
@ -3119,7 +3135,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
|
if( ssl->in_msglen < mbedtls_ssl_hs_hdr_len( ssl ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "handshake message too short: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
}
|
}
|
||||||
|
@ -3127,7 +3143,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
||||||
ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );
|
ssl->in_hslen = mbedtls_ssl_hs_hdr_len( ssl ) + ssl_get_hs_total_len( ssl );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "handshake message: msglen ="
|
||||||
" %d, type = %d, hslen = %d",
|
" %" MBEDTLS_PRINTF_SIZET ", type = %u, hslen = %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
|
ssl->in_msglen, ssl->in_msg[0], ssl->in_hslen ) );
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
@ -3163,7 +3179,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
||||||
ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
|
ssl->in_msg[0] != MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "received message from last flight, "
|
||||||
"message_seq = %d, start_of_flight = %d",
|
"message_seq = %u, start_of_flight = %u",
|
||||||
recv_msg_seq,
|
recv_msg_seq,
|
||||||
ssl->handshake->in_flight_start_seq ) );
|
ssl->handshake->in_flight_start_seq ) );
|
||||||
|
|
||||||
|
@ -3176,7 +3192,7 @@ int mbedtls_ssl_prepare_handshake_record( mbedtls_ssl_context *ssl )
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "dropping out-of-sequence message: "
|
||||||
"message_seq = %d, expected = %d",
|
"message_seq = %u, expected = %u",
|
||||||
recv_msg_seq,
|
recv_msg_seq,
|
||||||
ssl->handshake->in_msg_seq ) );
|
ssl->handshake->in_msg_seq ) );
|
||||||
}
|
}
|
||||||
|
@ -3746,8 +3762,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||||
( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 );
|
( (size_t) buf[ rec_hdr_len_offset + 1 ] << 0 );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
|
MBEDTLS_SSL_DEBUG_BUF( 4, "input record header", buf, rec->data_offset );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %d, "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "input record: msgtype = %u, "
|
||||||
"version = [%d:%d], msglen = %d",
|
"version = [%d:%d], msglen = %" MBEDTLS_PRINTF_SIZET,
|
||||||
rec->type,
|
rec->type,
|
||||||
major_ver, minor_ver, rec->data_len ) );
|
major_ver, minor_ver, rec->data_len ) );
|
||||||
|
|
||||||
|
@ -3790,8 +3806,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context const *ssl,
|
||||||
if( rec_epoch != ssl->in_epoch )
|
if( rec_epoch != ssl->in_epoch )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "record from another epoch: "
|
||||||
"expected %d, received %d",
|
"expected %u, received %lu",
|
||||||
ssl->in_epoch, rec_epoch ) );
|
ssl->in_epoch, (unsigned long) rec_epoch ) );
|
||||||
|
|
||||||
/* Records from the next epoch are considered for buffering
|
/* Records from the next epoch are considered for buffering
|
||||||
* (concretely: early Finished messages). */
|
* (concretely: early Finished messages). */
|
||||||
|
@ -4325,31 +4341,41 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
/* If we can't buffer a future message because
|
/* If we can't buffer a future message because
|
||||||
* of space limitations -- ignore. */
|
* of space limitations -- ignore. */
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
" would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) hs->buffering.total_bytes_buffered ) );
|
" (already %" MBEDTLS_PRINTF_SIZET
|
||||||
|
" bytes buffered) -- ignore\n",
|
||||||
|
msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
||||||
|
hs->buffering.total_bytes_buffered ) );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- attempt to make space by freeing buffered future messages\n",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future message of size %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) msg_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
" would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) hs->buffering.total_bytes_buffered ) );
|
" (already %" MBEDTLS_PRINTF_SIZET
|
||||||
|
" bytes buffered) -- attempt to make space by freeing buffered future messages\n",
|
||||||
|
msg_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
||||||
|
hs->buffering.total_bytes_buffered ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
|
if( ssl_buffer_make_space( ssl, reassembly_buf_sz ) != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %u (%u with bitmap) would exceed the compile-time limit %u (already %u bytes buffered) -- fail\n",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reassembly of next message of size %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) msg_len,
|
" (%" MBEDTLS_PRINTF_SIZET " with bitmap) would exceed"
|
||||||
(unsigned) reassembly_buf_sz,
|
" the compile-time limit %" MBEDTLS_PRINTF_SIZET
|
||||||
MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
" (already %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) hs->buffering.total_bytes_buffered ) );
|
" bytes buffered) -- fail\n",
|
||||||
|
msg_len,
|
||||||
|
reassembly_buf_sz,
|
||||||
|
(size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
||||||
|
hs->buffering.total_bytes_buffered ) );
|
||||||
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
|
ret = MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL;
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "initialize reassembly, total length = %" MBEDTLS_PRINTF_SIZET,
|
||||||
msg_len ) );
|
msg_len ) );
|
||||||
|
|
||||||
hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
|
hs_buf->data = mbedtls_calloc( 1, reassembly_buf_sz );
|
||||||
|
@ -4395,7 +4421,8 @@ static int ssl_buffer_message( mbedtls_ssl_context *ssl )
|
||||||
frag_off = ssl_get_hs_frag_off( ssl );
|
frag_off = ssl_get_hs_frag_off( ssl );
|
||||||
frag_len = ssl_get_hs_frag_len( ssl );
|
frag_len = ssl_get_hs_frag_len( ssl );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %d, length = %d",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "adding fragment, offset = %" MBEDTLS_PRINTF_SIZET
|
||||||
|
", length = %" MBEDTLS_PRINTF_SIZET,
|
||||||
frag_off, frag_len ) );
|
frag_off, frag_len ) );
|
||||||
memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
|
memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
|
||||||
|
|
||||||
|
@ -4622,15 +4649,18 @@ static int ssl_buffer_future_record( mbedtls_ssl_context *ssl,
|
||||||
if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
|
if( rec->buf_len > ( MBEDTLS_SSL_DTLS_MAX_BUFFERING -
|
||||||
hs->buffering.total_bytes_buffered ) )
|
hs->buffering.total_bytes_buffered ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %u would exceed the compile-time limit %u (already %u bytes buffered) -- ignore\n",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffering of future epoch record of size %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) rec->buf_len, MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
" would exceed the compile-time limit %" MBEDTLS_PRINTF_SIZET
|
||||||
(unsigned) hs->buffering.total_bytes_buffered ) );
|
" (already %" MBEDTLS_PRINTF_SIZET
|
||||||
|
" bytes buffered) -- ignore\n",
|
||||||
|
rec->buf_len, (size_t) MBEDTLS_SSL_DTLS_MAX_BUFFERING,
|
||||||
|
hs->buffering.total_bytes_buffered ) );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Buffer record */
|
/* Buffer record */
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Buffer record from epoch %u",
|
||||||
ssl->in_epoch + 1 ) );
|
ssl->in_epoch + 1U ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "Buffered record", rec->buf, rec->buf_len );
|
||||||
|
|
||||||
/* ssl_parse_record_header() only considers records
|
/* ssl_parse_record_header() only considers records
|
||||||
|
@ -4903,7 +4933,7 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
||||||
{
|
{
|
||||||
if( ssl->in_msglen != 1 )
|
if( ssl->in_msglen != 1 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid CCS message, len: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
}
|
}
|
||||||
|
@ -4939,12 +4969,12 @@ int mbedtls_ssl_handle_message_type( mbedtls_ssl_context *ssl )
|
||||||
/* Note: Standard allows for more than one 2 byte alert
|
/* Note: Standard allows for more than one 2 byte alert
|
||||||
to be packed in a single message, but Mbed TLS doesn't
|
to be packed in a single message, but Mbed TLS doesn't
|
||||||
currently support this. */
|
currently support this. */
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid alert message, len: %" MBEDTLS_PRINTF_SIZET,
|
||||||
ssl->in_msglen ) );
|
ssl->in_msglen ) );
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%d:%d]",
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "got an alert message, type: [%u:%u]",
|
||||||
ssl->in_msg[0], ssl->in_msg[1] ) );
|
ssl->in_msg[0], ssl->in_msg[1] ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -5771,7 +5801,8 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "fragment larger than the (negotiated) "
|
||||||
"maximum fragment length: %d > %d",
|
"maximum fragment length: %" MBEDTLS_PRINTF_SIZET
|
||||||
|
" > %" MBEDTLS_PRINTF_SIZET,
|
||||||
len, max_len ) );
|
len, max_len ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
|
|
@ -298,13 +298,13 @@ static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
|
||||||
{
|
{
|
||||||
mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
|
mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
|
||||||
" match sig %d and hash %d",
|
" match sig %u and hash %u",
|
||||||
sig_cur, md_cur ) );
|
(unsigned) sig_cur, (unsigned) md_cur ) );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: "
|
||||||
"hash alg %d not supported", md_cur ) );
|
"hash alg %u not supported", (unsigned) md_cur ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -633,7 +633,7 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl,
|
||||||
/* Remember the client asked us to send a new ticket */
|
/* Remember the client asked us to send a new ticket */
|
||||||
ssl->handshake->new_session_ticket = 1;
|
ssl->handshake->new_session_ticket = 1;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %d", len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ticket length: %" MBEDTLS_PRINTF_SIZET, len ) );
|
||||||
|
|
||||||
if( len == 0 )
|
if( len == 0 )
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
@ -1048,7 +1048,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "trying ciphersuite: %#04x (%s)",
|
||||||
suite_id, suite_info->name ) );
|
(unsigned int) suite_id, suite_info->name ) );
|
||||||
|
|
||||||
if( suite_info->min_minor_ver > ssl->minor_ver ||
|
if( suite_info->min_minor_ver > ssl->minor_ver ||
|
||||||
suite_info->max_minor_ver < ssl->minor_ver )
|
suite_info->max_minor_ver < ssl->minor_ver )
|
||||||
|
@ -1116,7 +1116,7 @@ static int ssl_ciphersuite_match( mbedtls_ssl_context *ssl, int suite_id,
|
||||||
mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
|
mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
|
||||||
"for signature algorithm %d", sig_type ) );
|
"for signature algorithm %u", (unsigned) sig_type ) );
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1247,7 +1247,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
|
||||||
sess_len = ( buf[2] << 8 ) | buf[3];
|
sess_len = ( buf[2] << 8 ) | buf[3];
|
||||||
chal_len = ( buf[4] << 8 ) | buf[5];
|
chal_len = ( buf[4] << 8 ) | buf[5];
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %d, sess_len: %d, chal_len: %d",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciph_len: %u, sess_len: %u, chal_len: %u",
|
||||||
ciph_len, sess_len, chal_len ) );
|
ciph_len, sess_len, chal_len ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -1629,7 +1629,7 @@ read_record_header:
|
||||||
if( cli_msg_seq != ssl->handshake->in_msg_seq )
|
if( cli_msg_seq != ssl->handshake->in_msg_seq )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: "
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad client hello message_seq: "
|
||||||
"%d (expected %d)", cli_msg_seq,
|
"%u (expected %u)", cli_msg_seq,
|
||||||
ssl->handshake->in_msg_seq ) );
|
ssl->handshake->in_msg_seq ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
|
||||||
}
|
}
|
||||||
|
@ -2073,7 +2073,7 @@ read_record_header:
|
||||||
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
#endif /* MBEDTLS_SSL_DTLS_SRTP */
|
||||||
|
|
||||||
default:
|
default:
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %u (ignoring)",
|
||||||
ext_id ) );
|
ext_id ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2274,7 +2274,7 @@ have_ciphersuite:
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
|
||||||
"%d - should not happen", sig_alg ) );
|
"%u - should not happen", (unsigned) sig_alg ) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
@ -2826,7 +2826,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
*p++ = (unsigned char)( t >> 8 );
|
*p++ = (unsigned char)( t >> 8 );
|
||||||
*p++ = (unsigned char)( t );
|
*p++ = (unsigned char)( t );
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
|
||||||
|
(long long) t ) );
|
||||||
#else
|
#else
|
||||||
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p, 4 ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -2914,7 +2915,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
|
memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
|
||||||
p += ssl->session_negotiate->id_len;
|
p += ssl->session_negotiate->id_len;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %d", n ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, session id len.: %" MBEDTLS_PRINTF_SIZET, n ) );
|
||||||
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
|
MBEDTLS_SSL_DEBUG_BUF( 3, "server hello, session id", buf + 39, n );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "%s session has been resumed",
|
||||||
ssl->handshake->resume ? "a" : "no" ) );
|
ssl->handshake->resume ? "a" : "no" ) );
|
||||||
|
@ -2926,7 +2927,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s",
|
||||||
mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
|
mbedtls_ssl_get_ciphersuite_name( ssl->session_negotiate->ciphersuite ) ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: 0x%02X",
|
||||||
ssl->session_negotiate->compression ) );
|
(unsigned int) ssl->session_negotiate->compression ) );
|
||||||
|
|
||||||
/* Do not write the extensions if the protocol is SSLv3 */
|
/* Do not write the extensions if the protocol is SSLv3 */
|
||||||
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
#if defined(MBEDTLS_SSL_PROTO_SSL3)
|
||||||
|
@ -2995,7 +2996,8 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
|
||||||
ext_len += olen;
|
ext_len += olen;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %" MBEDTLS_PRINTF_SIZET,
|
||||||
|
ext_len ) );
|
||||||
|
|
||||||
if( ext_len > 0 )
|
if( ext_len > 0 )
|
||||||
{
|
{
|
||||||
|
@ -3502,7 +3504,7 @@ curve_matching_done:
|
||||||
md_alg = MBEDTLS_MD_NONE;
|
md_alg = MBEDTLS_MD_NONE;
|
||||||
}
|
}
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %d for signing", md_alg ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %u for signing", (unsigned) md_alg ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 2.2: Compute the hash to be signed
|
* 2.2: Compute the hash to be signed
|
||||||
|
|
|
@ -283,7 +283,8 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing,
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %d", in_buf_new_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating in_buf to %" MBEDTLS_PRINTF_SIZET,
|
||||||
|
in_buf_new_len ) );
|
||||||
modified = 1;
|
modified = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -304,7 +305,8 @@ static void handle_buffer_resizing( mbedtls_ssl_context *ssl, int downsizing,
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %d", out_buf_new_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "Reallocating out_buf to %" MBEDTLS_PRINTF_SIZET,
|
||||||
|
out_buf_new_len ) );
|
||||||
modified = 1;
|
modified = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -961,7 +963,7 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||||
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
|
cipher_info = mbedtls_cipher_info_from_type( ciphersuite_info->cipher );
|
||||||
if( cipher_info == NULL )
|
if( cipher_info == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %d not found",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "cipher info for %u not found",
|
||||||
ciphersuite_info->cipher ) );
|
ciphersuite_info->cipher ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
@ -969,8 +971,8 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform,
|
||||||
md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
|
md_info = mbedtls_md_info_from_type( ciphersuite_info->mac );
|
||||||
if( md_info == NULL )
|
if( md_info == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %d not found",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "mbedtls_md info for %u not found",
|
||||||
ciphersuite_info->mac ) );
|
(unsigned) ciphersuite_info->mac ) );
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2215,8 +2217,9 @@ int mbedtls_ssl_write_certificate( mbedtls_ssl_context *ssl )
|
||||||
n = crt->raw.len;
|
n = crt->raw.len;
|
||||||
if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
|
if( n > MBEDTLS_SSL_OUT_CONTENT_LEN - 3 - i )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %d > %d",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "certificate too large, %" MBEDTLS_PRINTF_SIZET
|
||||||
i + 3 + n, MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
" > %" MBEDTLS_PRINTF_SIZET,
|
||||||
|
i + 3 + n, (size_t) MBEDTLS_SSL_OUT_CONTENT_LEN ) );
|
||||||
return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
|
return( MBEDTLS_ERR_SSL_CERTIFICATE_TOO_LARGE );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2707,8 +2710,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
|
||||||
#if defined(MBEDTLS_DEBUG_C)
|
#if defined(MBEDTLS_DEBUG_C)
|
||||||
if( ssl->session_negotiate->verify_result != 0 )
|
if( ssl->session_negotiate->verify_result != 0 )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %x",
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "! Certificate verification flags %08x",
|
||||||
ssl->session_negotiate->verify_result ) );
|
(unsigned int) ssl->session_negotiate->verify_result ) );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
@ -2831,7 +2834,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
|
||||||
chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
|
chain = mbedtls_calloc( 1, sizeof( mbedtls_x509_crt ) );
|
||||||
if( chain == NULL )
|
if( chain == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed",
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed",
|
||||||
sizeof( mbedtls_x509_crt ) ) );
|
sizeof( mbedtls_x509_crt ) ) );
|
||||||
mbedtls_ssl_send_alert_message( ssl,
|
mbedtls_ssl_send_alert_message( ssl,
|
||||||
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
|
@ -3858,7 +3861,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
|
||||||
ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
|
ssl->in_buf = mbedtls_calloc( 1, in_buf_len );
|
||||||
if( ssl->in_buf == NULL )
|
if( ssl->in_buf == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", in_buf_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", in_buf_len ) );
|
||||||
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
@ -3869,7 +3872,7 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
|
||||||
ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
|
ssl->out_buf = mbedtls_calloc( 1, out_buf_len );
|
||||||
if( ssl->out_buf == NULL )
|
if( ssl->out_buf == NULL )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%d bytes) failed", out_buf_len ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "alloc(%" MBEDTLS_PRINTF_SIZET " bytes) failed", out_buf_len ) );
|
||||||
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1629,6 +1629,8 @@ cleanup:
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_THREADING_C */
|
#endif /* MBEDTLS_THREADING_C */
|
||||||
|
|
||||||
|
memset( &sb, 0, sizeof( sb ) );
|
||||||
|
|
||||||
while( ( entry = readdir( dir ) ) != NULL )
|
while( ( entry = readdir( dir ) ) != NULL )
|
||||||
{
|
{
|
||||||
snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
|
snp_ret = mbedtls_snprintf( entry_name, sizeof entry_name,
|
||||||
|
|
|
@ -3,8 +3,8 @@
|
||||||
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
|
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
|
||||||
|
|
||||||
CFLAGS ?= -O2
|
CFLAGS ?= -O2
|
||||||
WARNING_CFLAGS ?= -Wall -Wextra
|
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
|
||||||
WARNING_CXXFLAGS ?= -Wall -Wextra
|
WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
|
||||||
LDFLAGS ?=
|
LDFLAGS ?=
|
||||||
|
|
||||||
MBEDTLS_TEST_PATH:=../tests/src
|
MBEDTLS_TEST_PATH:=../tests/src
|
||||||
|
|
|
@ -1667,7 +1667,7 @@ int main( int argc, char *argv[] )
|
||||||
PSA_ALG_SHA_256 ) ) != 0 )
|
PSA_ALG_SHA_256 ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! "
|
mbedtls_printf( " failed\n ! "
|
||||||
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", -ret );
|
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n", (unsigned int) -ret );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
|
# To compile with PKCS11: add "-lpkcs11-helper" to LDFLAGS
|
||||||
|
|
||||||
CFLAGS ?= -O2
|
CFLAGS ?= -O2
|
||||||
WARNING_CFLAGS ?= -Wall -Wextra
|
WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
|
||||||
LDFLAGS ?=
|
LDFLAGS ?=
|
||||||
|
|
||||||
# Include public header files from ../include, test-specific header files
|
# Include public header files from ../include, test-specific header files
|
||||||
|
|
|
@ -40,7 +40,7 @@ typedef struct {
|
||||||
unsigned long hits;
|
unsigned long hits;
|
||||||
} test_driver_signature_hooks_t;
|
} test_driver_signature_hooks_t;
|
||||||
|
|
||||||
#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_ERROR_NOT_SUPPORTED, 0 }
|
#define TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 }
|
||||||
static inline test_driver_signature_hooks_t test_driver_signature_hooks_init( void )
|
static inline test_driver_signature_hooks_t test_driver_signature_hooks_init( void )
|
||||||
{
|
{
|
||||||
const test_driver_signature_hooks_t v = TEST_DRIVER_SIGNATURE_INIT;
|
const test_driver_signature_hooks_t v = TEST_DRIVER_SIGNATURE_INIT;
|
||||||
|
|
|
@ -1450,7 +1450,17 @@ component_test_psa_crypto_config_basic() {
|
||||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||||
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
||||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST"
|
||||||
|
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR"
|
||||||
|
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR"
|
||||||
|
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN"
|
||||||
|
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS"
|
||||||
|
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA"
|
||||||
|
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA"
|
||||||
|
loc_cflags="${loc_cflags} -I../tests/include -O2"
|
||||||
|
|
||||||
|
make CC=gcc CFLAGS="$loc_cflags" LDFLAGS="$ASAN_CFLAGS"
|
||||||
|
unset loc_cflags
|
||||||
|
|
||||||
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG"
|
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG"
|
||||||
make test
|
make test
|
||||||
|
@ -2218,7 +2228,17 @@ component_test_psa_crypto_drivers () {
|
||||||
msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks"
|
msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks"
|
||||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
|
||||||
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
|
||||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"
|
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST"
|
||||||
|
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR"
|
||||||
|
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR"
|
||||||
|
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN"
|
||||||
|
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS"
|
||||||
|
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA"
|
||||||
|
loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA"
|
||||||
|
loc_cflags="${loc_cflags} -I../tests/include -O2"
|
||||||
|
|
||||||
|
make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
|
||||||
|
unset loc_cflags
|
||||||
|
|
||||||
msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature"
|
msg "test: MBEDTLS_PSA_CRYPTO_DRIVERS, signature"
|
||||||
make test
|
make test
|
||||||
|
|
|
@ -28,6 +28,8 @@
|
||||||
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
|
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
|
||||||
#include "psa/crypto.h"
|
#include "psa/crypto.h"
|
||||||
#include "psa_crypto_core.h"
|
#include "psa_crypto_core.h"
|
||||||
|
#include "psa_crypto_ecp.h"
|
||||||
|
#include "psa_crypto_rsa.h"
|
||||||
#include "mbedtls/ecp.h"
|
#include "mbedtls/ecp.h"
|
||||||
|
|
||||||
#include "test/drivers/signature.h"
|
#include "test/drivers/signature.h"
|
||||||
|
@ -44,7 +46,7 @@ test_driver_signature_hooks_t test_driver_signature_verify_hooks = TEST_DRIVER_S
|
||||||
|
|
||||||
psa_status_t test_transparent_signature_sign_hash(
|
psa_status_t test_transparent_signature_sign_hash(
|
||||||
const psa_key_attributes_t *attributes,
|
const psa_key_attributes_t *attributes,
|
||||||
const uint8_t *key, size_t key_length,
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *hash, size_t hash_length,
|
const uint8_t *hash, size_t hash_length,
|
||||||
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
uint8_t *signature, size_t signature_size, size_t *signature_length )
|
||||||
|
@ -64,85 +66,58 @@ psa_status_t test_transparent_signature_sign_hash(
|
||||||
return( PSA_SUCCESS );
|
return( PSA_SUCCESS );
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
|
||||||
|
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
|
||||||
|
if( attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR )
|
||||||
|
{
|
||||||
|
return( mbedtls_transparent_test_driver_rsa_sign_hash(
|
||||||
|
attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, hash, hash_length,
|
||||||
|
signature, signature_size, signature_length ) );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
|
||||||
|
* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
|
||||||
defined(MBEDTLS_SHA256_C)
|
defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
|
||||||
if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) )
|
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
|
||||||
|
{
|
||||||
|
if(
|
||||||
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
|
||||||
|
PSA_ALG_IS_ECDSA( alg )
|
||||||
|
#else
|
||||||
|
PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
|
||||||
|
#endif
|
||||||
|
)
|
||||||
|
{
|
||||||
|
return( mbedtls_transparent_test_driver_ecdsa_sign_hash(
|
||||||
|
attributes,
|
||||||
|
key_buffer, key_buffer_size,
|
||||||
|
alg, hash, hash_length,
|
||||||
|
signature, signature_size, signature_length ) );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
|
||||||
|
* defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
|
||||||
|
{
|
||||||
|
(void)attributes;
|
||||||
|
(void)key_buffer;
|
||||||
|
(void)key_buffer_size;
|
||||||
|
(void)alg;
|
||||||
|
(void)hash;
|
||||||
|
(void)hash_length;
|
||||||
|
(void)signature;
|
||||||
|
(void)signature_size;
|
||||||
|
(void)signature_length;
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
mbedtls_ecp_group_id grp_id;
|
|
||||||
switch( psa_get_key_type( attributes ) )
|
|
||||||
{
|
|
||||||
case PSA_ECC_CURVE_SECP_R1:
|
|
||||||
switch( psa_get_key_bits( attributes ) )
|
|
||||||
{
|
|
||||||
case 256:
|
|
||||||
grp_id = MBEDTLS_ECP_DP_SECP256R1;
|
|
||||||
break;
|
|
||||||
case 384:
|
|
||||||
grp_id = MBEDTLS_ECP_DP_SECP384R1;
|
|
||||||
break;
|
|
||||||
case 521:
|
|
||||||
grp_id = MBEDTLS_ECP_DP_SECP521R1;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Beyond this point, the driver is actually doing the work of
|
|
||||||
* calculating the signature. */
|
|
||||||
|
|
||||||
status = PSA_ERROR_GENERIC_ERROR;
|
|
||||||
int ret = 0;
|
|
||||||
mbedtls_mpi r, s;
|
|
||||||
mbedtls_mpi_init( &r );
|
|
||||||
mbedtls_mpi_init( &s );
|
|
||||||
mbedtls_ecp_keypair ecp;
|
|
||||||
mbedtls_ecp_keypair_init( &ecp );
|
|
||||||
size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits );
|
|
||||||
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) );
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q,
|
|
||||||
key, key_length ) );
|
|
||||||
|
|
||||||
/* Code adapted from psa_ecdsa_sign() in psa_crypto.c. */
|
|
||||||
mbedtls_md_type_t md_alg = MBEDTLS_MD_SHA256;
|
|
||||||
if( signature_size < 2 * curve_bytes )
|
|
||||||
{
|
|
||||||
status = PSA_ERROR_BUFFER_TOO_SMALL;
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign_det( &ecp.grp, &r, &s, &ecp.d,
|
|
||||||
hash, hash_length, md_alg ) );
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &r,
|
|
||||||
signature,
|
|
||||||
curve_bytes ) );
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &s,
|
|
||||||
signature + curve_bytes,
|
|
||||||
curve_bytes ) );
|
|
||||||
cleanup:
|
|
||||||
status = mbedtls_to_psa_error( ret );
|
|
||||||
mbedtls_mpi_free( &r );
|
|
||||||
mbedtls_mpi_free( &s );
|
|
||||||
mbedtls_ecp_keypair_free( &ecp );
|
|
||||||
if( status == PSA_SUCCESS )
|
|
||||||
*signature_length = 2 * curve_bytes;
|
|
||||||
#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
|
||||||
defined(MBEDTLS_SHA256_C) */
|
|
||||||
(void) attributes;
|
|
||||||
(void) key;
|
|
||||||
(void) key_length;
|
|
||||||
(void) alg;
|
|
||||||
(void) hash;
|
|
||||||
(void) hash_length;
|
|
||||||
#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
|
||||||
defined(MBEDTLS_SHA256_C) */
|
|
||||||
|
|
||||||
return( status );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_status_t test_opaque_signature_sign_hash(
|
psa_status_t test_opaque_signature_sign_hash(
|
||||||
|
@ -161,12 +136,13 @@ psa_status_t test_opaque_signature_sign_hash(
|
||||||
(void) signature;
|
(void) signature;
|
||||||
(void) signature_size;
|
(void) signature_size;
|
||||||
(void) signature_length;
|
(void) signature_length;
|
||||||
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_status_t test_transparent_signature_verify_hash(
|
psa_status_t test_transparent_signature_verify_hash(
|
||||||
const psa_key_attributes_t *attributes,
|
const psa_key_attributes_t *attributes,
|
||||||
const uint8_t *key, size_t key_length,
|
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||||
psa_algorithm_t alg,
|
psa_algorithm_t alg,
|
||||||
const uint8_t *hash, size_t hash_length,
|
const uint8_t *hash, size_t hash_length,
|
||||||
const uint8_t *signature, size_t signature_length )
|
const uint8_t *signature, size_t signature_length )
|
||||||
|
@ -176,98 +152,52 @@ psa_status_t test_transparent_signature_verify_hash(
|
||||||
if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
|
if( test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS )
|
||||||
return( test_driver_signature_verify_hooks.forced_status );
|
return( test_driver_signature_verify_hooks.forced_status );
|
||||||
|
|
||||||
psa_status_t status = PSA_ERROR_NOT_SUPPORTED;
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) || \
|
||||||
|
defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
|
||||||
#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
if( PSA_KEY_TYPE_IS_RSA( attributes->core.type ) )
|
||||||
defined(MBEDTLS_SHA256_C)
|
|
||||||
if( alg != PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) )
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
mbedtls_ecp_group_id grp_id;
|
|
||||||
switch( psa_get_key_type( attributes ) )
|
|
||||||
{
|
{
|
||||||
case PSA_ECC_CURVE_SECP_R1:
|
return( mbedtls_transparent_test_driver_rsa_verify_hash(
|
||||||
switch( psa_get_key_bits( attributes ) )
|
attributes,
|
||||||
{
|
key_buffer, key_buffer_size,
|
||||||
case 256:
|
alg, hash, hash_length,
|
||||||
grp_id = MBEDTLS_ECP_DP_SECP256R1;
|
signature, signature_length ) );
|
||||||
break;
|
|
||||||
case 384:
|
|
||||||
grp_id = MBEDTLS_ECP_DP_SECP384R1;
|
|
||||||
break;
|
|
||||||
case 521:
|
|
||||||
grp_id = MBEDTLS_ECP_DP_SECP521R1;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
return( PSA_ERROR_NOT_SUPPORTED );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Beyond this point, the driver is actually doing the work of
|
|
||||||
* calculating the signature. */
|
|
||||||
|
|
||||||
status = PSA_ERROR_GENERIC_ERROR;
|
|
||||||
int ret = 0;
|
|
||||||
mbedtls_mpi r, s;
|
|
||||||
mbedtls_mpi_init( &r );
|
|
||||||
mbedtls_mpi_init( &s );
|
|
||||||
mbedtls_ecp_keypair ecp;
|
|
||||||
mbedtls_ecp_keypair_init( &ecp );
|
|
||||||
mbedtls_test_rnd_pseudo_info rnd_info;
|
|
||||||
memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) );
|
|
||||||
size_t curve_bytes = PSA_BITS_TO_BYTES( ecp.grp.pbits );
|
|
||||||
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_ecp_group_load( &ecp.grp, grp_id ) );
|
|
||||||
|
|
||||||
/* Code adapted from psa_ecdsa_verify() in psa_crypto.c. */
|
|
||||||
if( signature_length < 2 * curve_bytes )
|
|
||||||
{
|
|
||||||
status = PSA_ERROR_BUFFER_TOO_SMALL;
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &r,
|
|
||||||
signature,
|
|
||||||
curve_bytes ) );
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &s,
|
|
||||||
signature + curve_bytes,
|
|
||||||
curve_bytes ) );
|
|
||||||
|
|
||||||
if( PSA_KEY_TYPE_IS_PUBLIC_KEY( psa_get_key_type( attributes ) ) )
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_ecp_point_read_binary( &ecp.grp, &ecp.Q,
|
|
||||||
key, key_length ) );
|
|
||||||
else
|
else
|
||||||
|
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) ||
|
||||||
|
* defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) || \
|
||||||
|
defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
|
||||||
|
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) )
|
||||||
{
|
{
|
||||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ecp.d, key, key_length ) );
|
if( PSA_ALG_IS_ECDSA( alg ) )
|
||||||
MBEDTLS_MPI_CHK(
|
{
|
||||||
mbedtls_ecp_mul( &ecp.grp, &ecp.Q, &ecp.d, &ecp.grp.G,
|
return( mbedtls_transparent_test_driver_ecdsa_verify_hash(
|
||||||
&mbedtls_test_rnd_pseudo_rand,
|
attributes,
|
||||||
&rnd_info ) );
|
key_buffer, key_buffer_size,
|
||||||
|
alg, hash, hash_length,
|
||||||
|
signature, signature_length ) );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return( PSA_ERROR_INVALID_ARGUMENT );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
else
|
||||||
|
#endif /* defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) ||
|
||||||
|
* defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) */
|
||||||
|
{
|
||||||
|
(void)attributes;
|
||||||
|
(void)key_buffer;
|
||||||
|
(void)key_buffer_size;
|
||||||
|
(void)alg;
|
||||||
|
(void)hash;
|
||||||
|
(void)hash_length;
|
||||||
|
(void)signature;
|
||||||
|
(void)signature_length;
|
||||||
|
|
||||||
MBEDTLS_MPI_CHK( mbedtls_ecdsa_verify( &ecp.grp, hash, hash_length,
|
return( PSA_ERROR_NOT_SUPPORTED );
|
||||||
&ecp.Q, &r, &s ) );
|
}
|
||||||
cleanup:
|
|
||||||
status = mbedtls_to_psa_error( ret );
|
|
||||||
mbedtls_mpi_free( &r );
|
|
||||||
mbedtls_mpi_free( &s );
|
|
||||||
mbedtls_ecp_keypair_free( &ecp );
|
|
||||||
#else /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
|
||||||
defined(MBEDTLS_SHA256_C) */
|
|
||||||
(void) attributes;
|
|
||||||
(void) key;
|
|
||||||
(void) key_length;
|
|
||||||
(void) alg;
|
|
||||||
(void) hash;
|
|
||||||
(void) hash_length;
|
|
||||||
(void) signature;
|
|
||||||
(void) signature_length;
|
|
||||||
#endif /* defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECDSA_DETERMINISTIC) && \
|
|
||||||
defined(MBEDTLS_SHA256_C) */
|
|
||||||
|
|
||||||
return( status );
|
|
||||||
}
|
}
|
||||||
|
|
||||||
psa_status_t test_opaque_signature_verify_hash(
|
psa_status_t test_opaque_signature_verify_hash(
|
||||||
|
|
|
@ -486,7 +486,7 @@ psa_status_t mbedtls_test_psa_key_agreement_with_self(
|
||||||
private_key_type = psa_get_key_type( &attributes );
|
private_key_type = psa_get_key_type( &attributes );
|
||||||
key_bits = psa_get_key_bits( &attributes );
|
key_bits = psa_get_key_bits( &attributes );
|
||||||
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
|
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
|
||||||
public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits );
|
public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits );
|
||||||
ASSERT_ALLOC( public_key, public_key_length );
|
ASSERT_ALLOC( public_key, public_key_length );
|
||||||
PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length,
|
PSA_ASSERT( psa_export_public_key( key, public_key, public_key_length,
|
||||||
&public_key_length ) );
|
&public_key_length ) );
|
||||||
|
@ -528,7 +528,7 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
|
||||||
private_key_type = psa_get_key_type( &attributes );
|
private_key_type = psa_get_key_type( &attributes );
|
||||||
key_bits = psa_get_key_bits( &attributes );
|
key_bits = psa_get_key_bits( &attributes );
|
||||||
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
|
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR( private_key_type );
|
||||||
public_key_length = PSA_EXPORT_KEY_OUTPUT_SIZE( public_key_type, key_bits );
|
public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_key_type, key_bits );
|
||||||
ASSERT_ALLOC( public_key, public_key_length );
|
ASSERT_ALLOC( public_key, public_key_length );
|
||||||
PSA_ASSERT( psa_export_public_key( key,
|
PSA_ASSERT( psa_export_public_key( key,
|
||||||
public_key, public_key_length,
|
public_key, public_key_length,
|
||||||
|
@ -537,6 +537,15 @@ psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
|
||||||
status = psa_raw_key_agreement( alg, key,
|
status = psa_raw_key_agreement( alg, key,
|
||||||
public_key, public_key_length,
|
public_key, public_key_length,
|
||||||
output, sizeof( output ), &output_length );
|
output, sizeof( output ), &output_length );
|
||||||
|
if ( status == PSA_SUCCESS )
|
||||||
|
{
|
||||||
|
TEST_ASSERT( output_length <=
|
||||||
|
PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( private_key_type,
|
||||||
|
key_bits ) );
|
||||||
|
TEST_ASSERT( output_length <=
|
||||||
|
PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
|
||||||
|
}
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
/*
|
/*
|
||||||
* Key attributes may have been returned by psa_get_key_attributes()
|
* Key attributes may have been returned by psa_get_key_attributes()
|
||||||
|
@ -644,6 +653,8 @@ int mbedtls_test_psa_exported_key_sanity_check(
|
||||||
if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
|
if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
|
||||||
goto exit;
|
goto exit;
|
||||||
TEST_EQUAL( p, end );
|
TEST_EQUAL( p, end );
|
||||||
|
|
||||||
|
TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* MBEDTLS_RSA_C */
|
||||||
|
@ -653,6 +664,8 @@ int mbedtls_test_psa_exported_key_sanity_check(
|
||||||
{
|
{
|
||||||
/* Just the secret value */
|
/* Just the secret value */
|
||||||
TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
|
TEST_EQUAL( exported_length, PSA_BITS_TO_BYTES( bits ) );
|
||||||
|
|
||||||
|
TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_ECP_C */
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
@ -677,6 +690,12 @@ int mbedtls_test_psa_exported_key_sanity_check(
|
||||||
if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) )
|
if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) )
|
||||||
goto exit;
|
goto exit;
|
||||||
TEST_EQUAL( p, end );
|
TEST_EQUAL( p, end );
|
||||||
|
|
||||||
|
|
||||||
|
TEST_ASSERT( exported_length <=
|
||||||
|
PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) );
|
||||||
|
TEST_ASSERT( exported_length <=
|
||||||
|
PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* MBEDTLS_RSA_C */
|
||||||
|
@ -684,6 +703,12 @@ int mbedtls_test_psa_exported_key_sanity_check(
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )
|
if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( type ) )
|
||||||
{
|
{
|
||||||
|
|
||||||
|
TEST_ASSERT( exported_length <=
|
||||||
|
PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( type, bits ) );
|
||||||
|
TEST_ASSERT( exported_length <=
|
||||||
|
PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
|
||||||
|
|
||||||
if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY )
|
if( PSA_KEY_TYPE_ECC_GET_FAMILY( type ) == PSA_ECC_FAMILY_MONTGOMERY )
|
||||||
{
|
{
|
||||||
/* The representation of an ECC Montgomery public key is
|
/* The representation of an ECC Montgomery public key is
|
||||||
|
@ -804,8 +829,8 @@ static int exercise_export_public_key( mbedtls_svc_key_id_t key )
|
||||||
|
|
||||||
public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(
|
public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(
|
||||||
psa_get_key_type( &attributes ) );
|
psa_get_key_type( &attributes ) );
|
||||||
exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE( public_type,
|
exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type,
|
||||||
psa_get_key_bits( &attributes ) );
|
psa_get_key_bits( &attributes ) );
|
||||||
ASSERT_ALLOC( exported, exported_size );
|
ASSERT_ALLOC( exported, exported_size );
|
||||||
|
|
||||||
PSA_ASSERT( psa_export_public_key( key,
|
PSA_ASSERT( psa_export_public_key( key,
|
||||||
|
|
|
@ -2158,9 +2158,13 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDT
|
||||||
sign_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
|
sign_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
|
||||||
PSA sign: invalid algorithm for ECC key
|
PSA sign: invalid algorithm for ECC key
|
||||||
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_C
|
depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_MD_C
|
||||||
sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
|
sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT
|
||||||
|
|
||||||
|
PSA sign: deterministic ECDSA not supported
|
||||||
|
depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_C
|
||||||
|
sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED
|
||||||
|
|
||||||
PSA sign/verify: RSA PKCS#1 v1.5, raw
|
PSA sign/verify: RSA PKCS#1 v1.5, raw
|
||||||
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
|
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C
|
||||||
sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263"
|
sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263"
|
||||||
|
|
|
@ -613,7 +613,10 @@ void import_export( data_t *data,
|
||||||
reexported, reexported_length );
|
reexported, reexported_length );
|
||||||
PSA_ASSERT( psa_destroy_key( key2 ) );
|
PSA_ASSERT( psa_destroy_key( key2 ) );
|
||||||
}
|
}
|
||||||
TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE( type, psa_get_key_bits( &got_attributes ) ) );
|
TEST_ASSERT( exported_length <=
|
||||||
|
PSA_EXPORT_KEY_OUTPUT_SIZE( type,
|
||||||
|
psa_get_key_bits( &got_attributes ) ) );
|
||||||
|
TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
|
||||||
|
|
||||||
destroy:
|
destroy:
|
||||||
/* Destroy the key */
|
/* Destroy the key */
|
||||||
|
@ -674,6 +677,10 @@ void import_export_public_key( data_t *data,
|
||||||
bits = psa_get_key_bits( &attributes );
|
bits = psa_get_key_bits( &attributes );
|
||||||
TEST_ASSERT( expected_public_key->len <=
|
TEST_ASSERT( expected_public_key->len <=
|
||||||
PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, bits ) );
|
PSA_EXPORT_KEY_OUTPUT_SIZE( public_type, bits ) );
|
||||||
|
TEST_ASSERT( expected_public_key->len <=
|
||||||
|
PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE( public_type, bits ) );
|
||||||
|
TEST_ASSERT( expected_public_key->len <=
|
||||||
|
PSA_EXPORT_PUBLIC_KEY_MAX_SIZE );
|
||||||
ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
|
ASSERT_COMPARE( expected_public_key->x, expected_public_key->len,
|
||||||
exported, exported_length );
|
exported, exported_length );
|
||||||
}
|
}
|
||||||
|
@ -2403,19 +2410,29 @@ void cipher_encrypt( int alg_arg, int key_type_arg,
|
||||||
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
|
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
output_buffer_size = ( (size_t) input->len +
|
output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
|
||||||
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
|
TEST_ASSERT( output_buffer_size <=
|
||||||
|
PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
|
||||||
ASSERT_ALLOC( output, output_buffer_size );
|
ASSERT_ALLOC( output, output_buffer_size );
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_update( &operation,
|
PSA_ASSERT( psa_cipher_update( &operation,
|
||||||
input->x, input->len,
|
input->x, input->len,
|
||||||
output, output_buffer_size,
|
output, output_buffer_size,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
|
||||||
total_output_length += function_output_length;
|
total_output_length += function_output_length;
|
||||||
|
|
||||||
status = psa_cipher_finish( &operation,
|
status = psa_cipher_finish( &operation,
|
||||||
output + total_output_length,
|
output + total_output_length,
|
||||||
output_buffer_size - total_output_length,
|
output_buffer_size - total_output_length,
|
||||||
&function_output_length );
|
&function_output_length );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
|
||||||
total_output_length += function_output_length;
|
total_output_length += function_output_length;
|
||||||
|
|
||||||
TEST_EQUAL( status, expected_status );
|
TEST_EQUAL( status, expected_status );
|
||||||
|
@ -2471,8 +2488,9 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
|
||||||
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
|
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
output_buffer_size = ( (size_t) input->len +
|
output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
|
||||||
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
|
TEST_ASSERT( output_buffer_size <=
|
||||||
|
PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
|
||||||
ASSERT_ALLOC( output, output_buffer_size );
|
ASSERT_ALLOC( output, output_buffer_size );
|
||||||
|
|
||||||
TEST_ASSERT( first_part_size <= input->len );
|
TEST_ASSERT( first_part_size <= input->len );
|
||||||
|
@ -2480,7 +2498,12 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
|
||||||
output, output_buffer_size,
|
output, output_buffer_size,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
TEST_ASSERT( function_output_length == output1_length );
|
TEST_ASSERT( function_output_length == output1_length );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size) );
|
||||||
total_output_length += function_output_length;
|
total_output_length += function_output_length;
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_update( &operation,
|
PSA_ASSERT( psa_cipher_update( &operation,
|
||||||
input->x + first_part_size,
|
input->x + first_part_size,
|
||||||
input->len - first_part_size,
|
input->len - first_part_size,
|
||||||
|
@ -2488,11 +2511,22 @@ void cipher_encrypt_multipart( int alg_arg, int key_type_arg,
|
||||||
output_buffer_size - total_output_length,
|
output_buffer_size - total_output_length,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
TEST_ASSERT( function_output_length == output2_length );
|
TEST_ASSERT( function_output_length == output2_length );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
|
||||||
|
alg,
|
||||||
|
input->len - first_part_size ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
|
||||||
total_output_length += function_output_length;
|
total_output_length += function_output_length;
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_finish( &operation,
|
PSA_ASSERT( psa_cipher_finish( &operation,
|
||||||
output + total_output_length,
|
output + total_output_length,
|
||||||
output_buffer_size - total_output_length,
|
output_buffer_size - total_output_length,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
|
||||||
total_output_length += function_output_length;
|
total_output_length += function_output_length;
|
||||||
PSA_ASSERT( psa_cipher_abort( &operation ) );
|
PSA_ASSERT( psa_cipher_abort( &operation ) );
|
||||||
|
|
||||||
|
@ -2544,8 +2578,9 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
|
||||||
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
|
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
output_buffer_size = ( (size_t) input->len +
|
output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input->len );
|
||||||
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
|
TEST_ASSERT( output_buffer_size <=
|
||||||
|
PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input->len ) );
|
||||||
ASSERT_ALLOC( output, output_buffer_size );
|
ASSERT_ALLOC( output, output_buffer_size );
|
||||||
|
|
||||||
TEST_ASSERT( first_part_size <= input->len );
|
TEST_ASSERT( first_part_size <= input->len );
|
||||||
|
@ -2554,7 +2589,12 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
|
||||||
output, output_buffer_size,
|
output, output_buffer_size,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
TEST_ASSERT( function_output_length == output1_length );
|
TEST_ASSERT( function_output_length == output1_length );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
|
||||||
total_output_length += function_output_length;
|
total_output_length += function_output_length;
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_update( &operation,
|
PSA_ASSERT( psa_cipher_update( &operation,
|
||||||
input->x + first_part_size,
|
input->x + first_part_size,
|
||||||
input->len - first_part_size,
|
input->len - first_part_size,
|
||||||
|
@ -2562,11 +2602,22 @@ void cipher_decrypt_multipart( int alg_arg, int key_type_arg,
|
||||||
output_buffer_size - total_output_length,
|
output_buffer_size - total_output_length,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
TEST_ASSERT( function_output_length == output2_length );
|
TEST_ASSERT( function_output_length == output2_length );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
|
||||||
|
alg,
|
||||||
|
input->len - first_part_size ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
|
||||||
total_output_length += function_output_length;
|
total_output_length += function_output_length;
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_finish( &operation,
|
PSA_ASSERT( psa_cipher_finish( &operation,
|
||||||
output + total_output_length,
|
output + total_output_length,
|
||||||
output_buffer_size - total_output_length,
|
output_buffer_size - total_output_length,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
|
||||||
total_output_length += function_output_length;
|
total_output_length += function_output_length;
|
||||||
PSA_ASSERT( psa_cipher_abort( &operation ) );
|
PSA_ASSERT( psa_cipher_abort( &operation ) );
|
||||||
|
|
||||||
|
@ -2615,19 +2666,29 @@ void cipher_decrypt( int alg_arg, int key_type_arg,
|
||||||
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
|
PSA_ASSERT( psa_cipher_set_iv( &operation, iv->x, iv->len ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
output_buffer_size = ( (size_t) input->len +
|
output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, input->len );
|
||||||
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
|
TEST_ASSERT( output_buffer_size <=
|
||||||
|
PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( input->len ) );
|
||||||
ASSERT_ALLOC( output, output_buffer_size );
|
ASSERT_ALLOC( output, output_buffer_size );
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_update( &operation,
|
PSA_ASSERT( psa_cipher_update( &operation,
|
||||||
input->x, input->len,
|
input->x, input->len,
|
||||||
output, output_buffer_size,
|
output, output_buffer_size,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
|
||||||
total_output_length += function_output_length;
|
total_output_length += function_output_length;
|
||||||
|
|
||||||
status = psa_cipher_finish( &operation,
|
status = psa_cipher_finish( &operation,
|
||||||
output + total_output_length,
|
output + total_output_length,
|
||||||
output_buffer_size - total_output_length,
|
output_buffer_size - total_output_length,
|
||||||
&function_output_length );
|
&function_output_length );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
|
||||||
total_output_length += function_output_length;
|
total_output_length += function_output_length;
|
||||||
TEST_EQUAL( status, expected_status );
|
TEST_EQUAL( status, expected_status );
|
||||||
|
|
||||||
|
@ -2686,23 +2747,37 @@ void cipher_verify_output( int alg_arg, int key_type_arg,
|
||||||
iv, iv_size,
|
iv, iv_size,
|
||||||
&iv_length ) );
|
&iv_length ) );
|
||||||
}
|
}
|
||||||
output1_size = ( (size_t) input->len +
|
output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
|
||||||
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
|
TEST_ASSERT( output1_size <=
|
||||||
|
PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
|
||||||
ASSERT_ALLOC( output1, output1_size );
|
ASSERT_ALLOC( output1, output1_size );
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_update( &operation1, input->x, input->len,
|
PSA_ASSERT( psa_cipher_update( &operation1, input->x, input->len,
|
||||||
output1, output1_size,
|
output1, output1_size,
|
||||||
&output1_length ) );
|
&output1_length ) );
|
||||||
|
TEST_ASSERT( output1_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, input->len ) );
|
||||||
|
TEST_ASSERT( output1_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len ) );
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_finish( &operation1,
|
PSA_ASSERT( psa_cipher_finish( &operation1,
|
||||||
output1 + output1_length,
|
output1 + output1_length,
|
||||||
output1_size - output1_length,
|
output1_size - output1_length,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
|
||||||
|
|
||||||
output1_length += function_output_length;
|
output1_length += function_output_length;
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_abort( &operation1 ) );
|
PSA_ASSERT( psa_cipher_abort( &operation1 ) );
|
||||||
|
|
||||||
output2_size = output1_length;
|
output2_size = output1_length;
|
||||||
|
TEST_ASSERT( output2_size <=
|
||||||
|
PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
|
||||||
|
TEST_ASSERT( output2_size <=
|
||||||
|
PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
|
||||||
ASSERT_ALLOC( output2, output2_size );
|
ASSERT_ALLOC( output2, output2_size );
|
||||||
|
|
||||||
if( iv_length > 0 )
|
if( iv_length > 0 )
|
||||||
|
@ -2714,11 +2789,20 @@ void cipher_verify_output( int alg_arg, int key_type_arg,
|
||||||
PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
|
PSA_ASSERT( psa_cipher_update( &operation2, output1, output1_length,
|
||||||
output2, output2_size,
|
output2, output2_size,
|
||||||
&output2_length ) );
|
&output2_length ) );
|
||||||
|
TEST_ASSERT( output2_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, output1_length ) );
|
||||||
|
TEST_ASSERT( output2_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length ) );
|
||||||
|
|
||||||
function_output_length = 0;
|
function_output_length = 0;
|
||||||
PSA_ASSERT( psa_cipher_finish( &operation2,
|
PSA_ASSERT( psa_cipher_finish( &operation2,
|
||||||
output2 + output2_length,
|
output2 + output2_length,
|
||||||
output2_size - output2_length,
|
output2_size - output2_length,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
|
||||||
|
|
||||||
output2_length += function_output_length;
|
output2_length += function_output_length;
|
||||||
|
|
||||||
|
@ -2780,8 +2864,9 @@ void cipher_verify_output_multipart( int alg_arg,
|
||||||
&iv_length ) );
|
&iv_length ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
output1_buffer_size = ( (size_t) input->len +
|
output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE( key_type, alg, input->len );
|
||||||
PSA_BLOCK_CIPHER_BLOCK_LENGTH( key_type ) );
|
TEST_ASSERT( output1_buffer_size <=
|
||||||
|
PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE( input->len ) );
|
||||||
ASSERT_ALLOC( output1, output1_buffer_size );
|
ASSERT_ALLOC( output1, output1_buffer_size );
|
||||||
|
|
||||||
TEST_ASSERT( first_part_size <= input->len );
|
TEST_ASSERT( first_part_size <= input->len );
|
||||||
|
@ -2789,6 +2874,10 @@ void cipher_verify_output_multipart( int alg_arg,
|
||||||
PSA_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
|
PSA_ASSERT( psa_cipher_update( &operation1, input->x, first_part_size,
|
||||||
output1, output1_buffer_size,
|
output1, output1_buffer_size,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
|
||||||
output1_length += function_output_length;
|
output1_length += function_output_length;
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_update( &operation1,
|
PSA_ASSERT( psa_cipher_update( &operation1,
|
||||||
|
@ -2796,17 +2885,31 @@ void cipher_verify_output_multipart( int alg_arg,
|
||||||
input->len - first_part_size,
|
input->len - first_part_size,
|
||||||
output1, output1_buffer_size,
|
output1, output1_buffer_size,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
|
||||||
|
alg,
|
||||||
|
input->len - first_part_size ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( input->len - first_part_size ) );
|
||||||
output1_length += function_output_length;
|
output1_length += function_output_length;
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_finish( &operation1,
|
PSA_ASSERT( psa_cipher_finish( &operation1,
|
||||||
output1 + output1_length,
|
output1 + output1_length,
|
||||||
output1_buffer_size - output1_length,
|
output1_buffer_size - output1_length,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
|
||||||
output1_length += function_output_length;
|
output1_length += function_output_length;
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_abort( &operation1 ) );
|
PSA_ASSERT( psa_cipher_abort( &operation1 ) );
|
||||||
|
|
||||||
output2_buffer_size = output1_length;
|
output2_buffer_size = output1_length;
|
||||||
|
TEST_ASSERT( output2_buffer_size <=
|
||||||
|
PSA_CIPHER_DECRYPT_OUTPUT_SIZE( key_type, alg, output1_length ) );
|
||||||
|
TEST_ASSERT( output2_buffer_size <=
|
||||||
|
PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE( output1_length ) );
|
||||||
ASSERT_ALLOC( output2, output2_buffer_size );
|
ASSERT_ALLOC( output2, output2_buffer_size );
|
||||||
|
|
||||||
if( iv_length > 0 )
|
if( iv_length > 0 )
|
||||||
|
@ -2818,6 +2921,10 @@ void cipher_verify_output_multipart( int alg_arg,
|
||||||
PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
|
PSA_ASSERT( psa_cipher_update( &operation2, output1, first_part_size,
|
||||||
output2, output2_buffer_size,
|
output2, output2_buffer_size,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type, alg, first_part_size ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( first_part_size ) );
|
||||||
output2_length += function_output_length;
|
output2_length += function_output_length;
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_update( &operation2,
|
PSA_ASSERT( psa_cipher_update( &operation2,
|
||||||
|
@ -2825,12 +2932,22 @@ void cipher_verify_output_multipart( int alg_arg,
|
||||||
output1_length - first_part_size,
|
output1_length - first_part_size,
|
||||||
output2, output2_buffer_size,
|
output2, output2_buffer_size,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_SIZE( key_type,
|
||||||
|
alg,
|
||||||
|
output1_length - first_part_size ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_UPDATE_OUTPUT_MAX_SIZE( output1_length - first_part_size ) );
|
||||||
output2_length += function_output_length;
|
output2_length += function_output_length;
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_finish( &operation2,
|
PSA_ASSERT( psa_cipher_finish( &operation2,
|
||||||
output2 + output2_length,
|
output2 + output2_length,
|
||||||
output2_buffer_size - output2_length,
|
output2_buffer_size - output2_length,
|
||||||
&function_output_length ) );
|
&function_output_length ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_SIZE( key_type, alg ) );
|
||||||
|
TEST_ASSERT( function_output_length <=
|
||||||
|
PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE );
|
||||||
output2_length += function_output_length;
|
output2_length += function_output_length;
|
||||||
|
|
||||||
PSA_ASSERT( psa_cipher_abort( &operation2 ) );
|
PSA_ASSERT( psa_cipher_abort( &operation2 ) );
|
||||||
|
@ -2913,6 +3030,9 @@ void aead_encrypt_decrypt( int key_type_arg, data_t *key_data,
|
||||||
TEST_EQUAL( input_data->len,
|
TEST_EQUAL( input_data->len,
|
||||||
PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) );
|
PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, output_length ) );
|
||||||
|
|
||||||
|
TEST_ASSERT( input_data->len <=
|
||||||
|
PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( output_length ) );
|
||||||
|
|
||||||
TEST_EQUAL( psa_aead_decrypt( key, alg,
|
TEST_EQUAL( psa_aead_decrypt( key, alg,
|
||||||
nonce->x, nonce->len,
|
nonce->x, nonce->len,
|
||||||
additional_data->x,
|
additional_data->x,
|
||||||
|
@ -2957,6 +3077,8 @@ void aead_encrypt( int key_type_arg, data_t *key_data,
|
||||||
* should be exact. */
|
* should be exact. */
|
||||||
TEST_EQUAL( output_size,
|
TEST_EQUAL( output_size,
|
||||||
PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) );
|
PSA_AEAD_ENCRYPT_OUTPUT_SIZE( alg, input_data->len ) );
|
||||||
|
TEST_ASSERT( output_size <=
|
||||||
|
PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
|
||||||
ASSERT_ALLOC( output_data, output_size );
|
ASSERT_ALLOC( output_data, output_size );
|
||||||
|
|
||||||
PSA_ASSERT( psa_crypto_init( ) );
|
PSA_ASSERT( psa_crypto_init( ) );
|
||||||
|
@ -3016,11 +3138,15 @@ void aead_decrypt( int key_type_arg, data_t *key_data,
|
||||||
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
|
psa_status_t status = PSA_ERROR_GENERIC_ERROR;
|
||||||
|
|
||||||
output_size = input_data->len - tag_length;
|
output_size = input_data->len - tag_length;
|
||||||
/* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
|
|
||||||
* should be exact. */
|
|
||||||
if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
|
if( expected_result != PSA_ERROR_INVALID_ARGUMENT )
|
||||||
|
{
|
||||||
|
/* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
|
||||||
|
* should be exact. */
|
||||||
TEST_EQUAL( output_size,
|
TEST_EQUAL( output_size,
|
||||||
PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, input_data->len ) );
|
PSA_AEAD_DECRYPT_OUTPUT_SIZE( alg, input_data->len ) );
|
||||||
|
TEST_ASSERT( output_size <=
|
||||||
|
PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE( input_data->len ) );
|
||||||
|
}
|
||||||
ASSERT_ALLOC( output_data, output_size );
|
ASSERT_ALLOC( output_data, output_size );
|
||||||
|
|
||||||
PSA_ASSERT( psa_crypto_init( ) );
|
PSA_ASSERT( psa_crypto_init( ) );
|
||||||
|
@ -3389,7 +3515,9 @@ void asymmetric_encrypt( int key_type_arg,
|
||||||
/* Determine the maximum output length */
|
/* Determine the maximum output length */
|
||||||
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
|
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
|
||||||
key_bits = psa_get_key_bits( &attributes );
|
key_bits = psa_get_key_bits( &attributes );
|
||||||
|
|
||||||
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
|
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
|
||||||
|
TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
|
||||||
ASSERT_ALLOC( output, output_size );
|
ASSERT_ALLOC( output, output_size );
|
||||||
|
|
||||||
/* Encrypt the input */
|
/* Encrypt the input */
|
||||||
|
@ -3461,9 +3589,15 @@ void asymmetric_encrypt_decrypt( int key_type_arg,
|
||||||
/* Determine the maximum ciphertext length */
|
/* Determine the maximum ciphertext length */
|
||||||
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
|
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
|
||||||
key_bits = psa_get_key_bits( &attributes );
|
key_bits = psa_get_key_bits( &attributes );
|
||||||
|
|
||||||
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
|
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
|
||||||
|
TEST_ASSERT( output_size <= PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE );
|
||||||
ASSERT_ALLOC( output, output_size );
|
ASSERT_ALLOC( output, output_size );
|
||||||
|
|
||||||
output2_size = input_data->len;
|
output2_size = input_data->len;
|
||||||
|
TEST_ASSERT( output2_size <=
|
||||||
|
PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg ) );
|
||||||
|
TEST_ASSERT( output2_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
|
||||||
ASSERT_ALLOC( output2, output2_size );
|
ASSERT_ALLOC( output2, output2_size );
|
||||||
|
|
||||||
/* We test encryption by checking that encrypt-then-decrypt gives back
|
/* We test encryption by checking that encrypt-then-decrypt gives back
|
||||||
|
@ -3511,14 +3645,12 @@ void asymmetric_decrypt( int key_type_arg,
|
||||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||||
psa_key_type_t key_type = key_type_arg;
|
psa_key_type_t key_type = key_type_arg;
|
||||||
psa_algorithm_t alg = alg_arg;
|
psa_algorithm_t alg = alg_arg;
|
||||||
|
size_t key_bits;
|
||||||
unsigned char *output = NULL;
|
unsigned char *output = NULL;
|
||||||
size_t output_size = 0;
|
size_t output_size = 0;
|
||||||
size_t output_length = ~0;
|
size_t output_length = ~0;
|
||||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
|
|
||||||
output_size = expected_data->len;
|
|
||||||
ASSERT_ALLOC( output, output_size );
|
|
||||||
|
|
||||||
PSA_ASSERT( psa_crypto_init( ) );
|
PSA_ASSERT( psa_crypto_init( ) );
|
||||||
|
|
||||||
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
|
psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_DECRYPT );
|
||||||
|
@ -3528,6 +3660,14 @@ void asymmetric_decrypt( int key_type_arg,
|
||||||
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
PSA_ASSERT( psa_import_key( &attributes, key_data->x, key_data->len,
|
||||||
&key ) );
|
&key ) );
|
||||||
|
|
||||||
|
PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
|
||||||
|
key_bits = psa_get_key_bits( &attributes );
|
||||||
|
|
||||||
|
/* Determine the maximum ciphertext length */
|
||||||
|
output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE( key_type, key_bits, alg );
|
||||||
|
TEST_ASSERT( output_size <= PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE );
|
||||||
|
ASSERT_ALLOC( output, output_size );
|
||||||
|
|
||||||
PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
|
PSA_ASSERT( psa_asymmetric_decrypt( key, alg,
|
||||||
input_data->x, input_data->len,
|
input_data->x, input_data->len,
|
||||||
label->x, label->len,
|
label->x, label->len,
|
||||||
|
@ -3925,6 +4065,14 @@ void derive_output( int alg_arg,
|
||||||
PSA_ASSERT( psa_import_key( &attributes,
|
PSA_ASSERT( psa_import_key( &attributes,
|
||||||
inputs[i]->x, inputs[i]->len,
|
inputs[i]->x, inputs[i]->len,
|
||||||
&keys[i] ) );
|
&keys[i] ) );
|
||||||
|
|
||||||
|
if ( PSA_ALG_IS_TLS12_PSK_TO_MS( alg ) )
|
||||||
|
{
|
||||||
|
PSA_ASSERT( psa_get_key_attributes( keys[i], &attributes ) );
|
||||||
|
TEST_ASSERT( PSA_BITS_TO_BYTES( psa_get_key_bits( &attributes ) ) <=
|
||||||
|
PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE );
|
||||||
|
}
|
||||||
|
|
||||||
PSA_ASSERT( psa_key_derivation_input_key(
|
PSA_ASSERT( psa_key_derivation_input_key(
|
||||||
&operation, steps[i], keys[i] ) );
|
&operation, steps[i], keys[i] ) );
|
||||||
break;
|
break;
|
||||||
|
@ -4310,6 +4458,7 @@ void raw_key_agreement( int alg_arg,
|
||||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||||
unsigned char *output = NULL;
|
unsigned char *output = NULL;
|
||||||
size_t output_length = ~0;
|
size_t output_length = ~0;
|
||||||
|
size_t key_bits;
|
||||||
|
|
||||||
ASSERT_ALLOC( output, expected_output->len );
|
ASSERT_ALLOC( output, expected_output->len );
|
||||||
PSA_ASSERT( psa_crypto_init( ) );
|
PSA_ASSERT( psa_crypto_init( ) );
|
||||||
|
@ -4321,12 +4470,19 @@ void raw_key_agreement( int alg_arg,
|
||||||
our_key_data->x, our_key_data->len,
|
our_key_data->x, our_key_data->len,
|
||||||
&our_key ) );
|
&our_key ) );
|
||||||
|
|
||||||
|
PSA_ASSERT( psa_get_key_attributes( our_key, &attributes ) );
|
||||||
|
key_bits = psa_get_key_bits( &attributes );
|
||||||
|
|
||||||
PSA_ASSERT( psa_raw_key_agreement( alg, our_key,
|
PSA_ASSERT( psa_raw_key_agreement( alg, our_key,
|
||||||
peer_key_data->x, peer_key_data->len,
|
peer_key_data->x, peer_key_data->len,
|
||||||
output, expected_output->len,
|
output, expected_output->len,
|
||||||
&output_length ) );
|
&output_length ) );
|
||||||
ASSERT_COMPARE( output, output_length,
|
ASSERT_COMPARE( output, output_length,
|
||||||
expected_output->x, expected_output->len );
|
expected_output->x, expected_output->len );
|
||||||
|
TEST_ASSERT( output_length <=
|
||||||
|
PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE( our_key_type, key_bits ) );
|
||||||
|
TEST_ASSERT( output_length <=
|
||||||
|
PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE );
|
||||||
|
|
||||||
exit:
|
exit:
|
||||||
mbedtls_free( output );
|
mbedtls_free( output );
|
||||||
|
|
|
@ -2,6 +2,7 @@ sign_hash through transparent driver: calculate in driver
|
||||||
ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
|
ecdsa_sign:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
|
||||||
|
|
||||||
sign_hash through transparent driver: fallback
|
sign_hash through transparent driver: fallback
|
||||||
|
depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
|
||||||
ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
|
ecdsa_sign:PSA_ERROR_NOT_SUPPORTED:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0:PSA_SUCCESS
|
||||||
|
|
||||||
sign_hash through transparent driver: error
|
sign_hash through transparent driver: error
|
||||||
|
@ -14,6 +15,7 @@ verify_hash using private key through transparent driver: calculate in driver
|
||||||
ecdsa_verify:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
|
ecdsa_verify:PSA_SUCCESS:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
|
||||||
|
|
||||||
verify_hash using private key through transparent driver: fallback
|
verify_hash using private key through transparent driver: fallback
|
||||||
|
depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
|
||||||
ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
|
ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:0:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
|
||||||
|
|
||||||
verify_hash using private key through transparent driver: error
|
verify_hash using private key through transparent driver: error
|
||||||
|
@ -23,6 +25,7 @@ verify_hash using public key through transparent driver: calculate in driver
|
||||||
ecdsa_verify:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
|
ecdsa_verify:PSA_SUCCESS:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
|
||||||
|
|
||||||
verify_hash using public key through transparent driver: fallback
|
verify_hash using public key through transparent driver: fallback
|
||||||
|
depends_on:MBEDTLS_PSA_BUILTIN_ALG_ECDSA
|
||||||
ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
|
ecdsa_verify:PSA_ERROR_NOT_SUPPORTED:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_SUCCESS
|
||||||
|
|
||||||
verify_hash using public key through transparent driver: error
|
verify_hash using public key through transparent driver: error
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
|
#define PSA_ITS_STORAGE_SUFFIX ".psa_its"
|
||||||
#define PSA_ITS_STORAGE_FILENAME_LENGTH \
|
#define PSA_ITS_STORAGE_FILENAME_LENGTH \
|
||||||
( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
|
( sizeof( PSA_ITS_STORAGE_PREFIX ) - 1 + /*prefix without terminating 0*/ \
|
||||||
|
16 + /*UID (64-bit number in hex)*/ \
|
||||||
16 + /*UID (64-bit number in hex)*/ \
|
16 + /*UID (64-bit number in hex)*/ \
|
||||||
sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
|
sizeof( PSA_ITS_STORAGE_SUFFIX ) - 1 + /*suffix without terminating 0*/ \
|
||||||
1 /*terminating null byte*/ )
|
1 /*terminating null byte*/ )
|
||||||
|
|
Loading…
Reference in a new issue