From 887e2a70f3001b072bcd74e35630601d18e66033 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Mar 2021 23:00:22 +0100 Subject: [PATCH 001/236] Separate issue templates for bugs and enhancements Mostly reuse the existing issue template, but with separate template for bug reports and feature requests. I made some minor tweaks to the presentation which should hopefully reduce the propensity of users to side-step the template rather than fill it in. In particular, most users should usually not need to remove any parts. I removed specific mentions of Mbed OS since the Mbed TLS project is no longer tightly associated with Mbed OS. I removed "Peer device TLS stack and version" because that's rarely relevant and, in my experience, is mentioned when relevant. Signed-off-by: Gilles Peskine --- .github/ISSUE_TEMPLATE/bug_report.md | 35 +++++++++++++++++++++++ .github/ISSUE_TEMPLATE/feature_request.md | 17 +++++++++++ 2 files changed, 52 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.md create mode 100644 .github/ISSUE_TEMPLATE/feature_request.md diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 000000000..b9f146808 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,35 @@ +--- +name: Bug report +about: To report a bug, please fill this form. +title: '' +labels: '' +assignees: '' + +--- + +### Summary + + + +### System information + +Mbed TLS version (number or commit id): +Operating system and version: +Configuration (if not default, please attach `config.h`): +Compiler and options (if you used a pre-built binary, please indicate how you obtained it): +Additional environment information: + +### Expected behavior + + + +### Actual behavior + + + +### Steps to reproduce + + + +### Additional information + diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 000000000..3b515137b --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Enhancement request +about: To request an enhancement, please fill this form. +title: '' +labels: '' +assignees: '' + +--- + +### Suggested enhancement + + + +### Justification + +Mbed TLS needs this because + From 49c700a026d4dce2fc626494d027b0b49a7c34dc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Mar 2021 23:05:17 +0100 Subject: [PATCH 002/236] Mandate the use of a template Signed-off-by: Gilles Peskine --- .github/ISSUE_TEMPLATE/config.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 .github/ISSUE_TEMPLATE/config.yml diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 000000000..3ba13e0ce --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1 @@ +blank_issues_enabled: false From 32b73c5052bda8832ac6652f094cc5fc575de188 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Mar 2021 23:05:38 +0100 Subject: [PATCH 003/236] Add contact links for reporting a vulnerability and for support Signed-off-by: Gilles Peskine --- .github/ISSUE_TEMPLATE/config.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 3ba13e0ce..63076f405 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1 +1,8 @@ blank_issues_enabled: false +contact_links: + - name: Mbed TLS security team + url: mailto:mbed-tls-security@lists.trustedfirmware.org + about: Report a security vulnerability. + - name: Mbed TLS mailing list + url: https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls + about: Mbed TLS community support and general discussion. From 07cdaf11f2f865eb15907e1199710406d73ebcff Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 16 Mar 2021 23:07:47 +0100 Subject: [PATCH 004/236] Remove the old issue template We have separate templates for bug reports and feature requests now. Signed-off-by: Gilles Peskine --- .github/issue_template.md | 46 --------------------------------------- 1 file changed, 46 deletions(-) delete mode 100644 .github/issue_template.md diff --git a/.github/issue_template.md b/.github/issue_template.md deleted file mode 100644 index 370066f48..000000000 --- a/.github/issue_template.md +++ /dev/null @@ -1,46 +0,0 @@ -_Note:_ this is a template, please remove the parts that are not -applicable (these initial notes, and the "Bug" section for a Feature request -and vice-versa). - -**Note:** to report a security vulnerability, see -[SECURITY.md](../SECURITY.md). Please do not use github issues for -vulnerabilities. - -_Note:_ to get support, see [SUPPORT.md](../SUPPORT.md). Please do not use -github issues for questions. - ---------------------------------------------------------------- -### Description -- Type: Bug | Enhancement / Feature Request -- Priority: Blocker | Major | Minor - ---------------------------------------------------------------- -## Bug - -**OS** -Mbed OS|linux|windows| - -**mbed TLS build:** -Version: x.x.x or git commit id -OS version: x.x.x -Configuration: please attach config.h file where possible -Compiler and options (if you used a pre-built binary, please indicate how you obtained it): -Additional environment information: - -**Peer device TLS stack and version** -OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other -Version: - -**Expected behavior** - -**Actual behavior** - -**Steps to reproduce** - ----------------------------------------------------------------- -## Enhancement / Feature Request - -**Suggested enhancement** - -**Justification - why does the library need this feature?** - From 494dc71de8aa461fb44ba7af7f44eecc3a6dd02a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 May 2021 15:08:51 +0100 Subject: [PATCH 005/236] Remove mbedtls_ssl_get_session_pointer() Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 18 ------------------ library/ssl_tls.c | 8 -------- programs/ssl/ssl_client2.c | 21 ++++++++++++++++++--- 3 files changed, 18 insertions(+), 29 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b9b2e045f..98b873bea 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2433,7 +2433,6 @@ int mbedtls_ssl_session_load( mbedtls_ssl_session *session, * of session cache or session tickets. * * \see mbedtls_ssl_session_load() - * \see mbedtls_ssl_get_session_pointer() * * \param session The session structure to be saved. * \param buf The buffer to write the serialized data to. It must be a @@ -2456,23 +2455,6 @@ int mbedtls_ssl_session_save( const mbedtls_ssl_session *session, size_t buf_len, size_t *olen ); -/** - * \brief Get a pointer to the current session structure, for example - * to serialize it. - * - * \warning Ownership of the session remains with the SSL context, and - * the returned pointer is only guaranteed to be valid until - * the next API call operating on the same \p ssl context. - * - * \see mbedtls_ssl_session_save() - * - * \param ssl The SSL context. - * - * \return A pointer to the current session if successful. - * \return \c NULL if no session is active. - */ -const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl ); - /** * \brief Set the list of allowed ciphersuites and the preference * order. First in the list has the highest preference. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bc2f269a9..1decc9fce 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4801,14 +4801,6 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, } #endif /* MBEDTLS_SSL_CLI_C */ -const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_context *ssl ) -{ - if( ssl == NULL ) - return( NULL ); - - return( ssl->session ); -} - /* * Define ticket header determining Mbed TLS version * and structure of the ticket. diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 24c859e38..eac635625 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2224,6 +2224,8 @@ int main( int argc, char *argv[] ) if( opt.reco_mode == 1 ) { + mbedtls_ssl_session exported_session; + /* free any previously saved data */ if( session_data != NULL ) { @@ -2232,27 +2234,40 @@ int main( int argc, char *argv[] ) session_data = NULL; } + mbedtls_ssl_session_init( &exported_session ); + ret = mbedtls_ssl_get_session( &ssl, &exported_session ); + if( ret != 0 ) + { + mbedtls_printf( + "failed\n ! mbedtls_ssl_get_session() returned -%#02x\n", + (unsigned) -ret ); + goto exit; + } + /* get size of the buffer needed */ - mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ), - NULL, 0, &session_data_len ); + mbedtls_ssl_session_save( &exported_session, NULL, 0, &session_data_len ); session_data = mbedtls_calloc( 1, session_data_len ); if( session_data == NULL ) { mbedtls_printf( " failed\n ! alloc %u bytes for session data\n", (unsigned) session_data_len ); + mbedtls_ssl_session_free( &exported_session ); ret = MBEDTLS_ERR_SSL_ALLOC_FAILED; goto exit; } /* actually save session data */ - if( ( ret = mbedtls_ssl_session_save( mbedtls_ssl_get_session_pointer( &ssl ), + if( ( ret = mbedtls_ssl_session_save( &exported_session, session_data, session_data_len, &session_data_len ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_session_saved returned -0x%04x\n\n", (unsigned int) -ret ); + mbedtls_ssl_session_free( &exported_session ); goto exit; } + + mbedtls_ssl_session_free( &exported_session ); } else { From e810bbc1aca89b9775f7a78535f21eb154026fa6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 May 2021 16:01:05 +0100 Subject: [PATCH 006/236] Implement 3.0-semantics for mbedtls_ssl_{get,set}_session() mbedtls_ssl_{get,set}_session() exhibited idempotent behaviour in Mbed TLS 2.x. Multiple calls to those functions are not useful in TLS 1.2, and the idempotent nature is unsuitable for support of TLS 1.3 which introduces the availabilty to offer multiple tickets for resumption, as well as receive multiple tickets. In preparation for TLS 1.3 support, this commit relaxes the semantics of `mbedtls_ssl_{get,set}_session()` by allowing implementations to fail gracefully, and leveraging this freedom by modifying the existing TLS 1.2 implementation to only accept one call to `mbedtls_ssl_{get,set}_session()` per context, and non-fatally failing all subsequent invocations. For TLS 1.3, it will be leveraged by making multiple calls to `mbedtls_ssl_get_session()` issue one ticket a time until no more tickets are available, and by using multiple calls to `mbedtls_ssl_set_session()` to allow the client to offer multiple tickets to the server. Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 96 +++++++++++++++++++++++++++++++------------ library/ssl_tls.c | 27 +++++++++++- 2 files changed, 95 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 98b873bea..6fa380d49 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -897,6 +897,8 @@ struct mbedtls_ssl_session unsigned char id[32]; /*!< session identifier */ unsigned char master[48]; /*!< the master secret */ + unsigned char exported; + #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */ @@ -2373,18 +2375,49 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_CLI_C) /** - * \brief Request resumption of session (client-side only) - * Session data is copied from presented session structure. + * \brief Load a session for session resumption. * - * \param ssl SSL context - * \param session session context + * Sessions loaded through this call will be considered + * for session resumption in the next handshake. * - * \return 0 if successful, - * MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or - * arguments are otherwise invalid + * \note Even if this call succeeds, it is not guaranteed that + * the next handshake will indeed be shortened through the + * use of session resumption: The server is always free + * to reject any attempt for resumption and fall back to + * a full handshake. + * + * \note The mechanism of session resumption is opaque to this + * call: For TLS 1.2, both session ID-based resumption and + * ticket-based resumption will be considered. For TLS 1.3, + * once implemented, sessions equate to tickets, and loading + * one or more sessions via this call will lead to their + * corresponding tickets being advertised as resumption PSKs + * by the client. + * + * \note Calling this function multiple times will only be useful + * once TLS 1.3 is supported. For TLS 1.2 connections, this + * function should be called at most once. + * + * \param ssl The SSL context representing the connection which should + * be attempted to be setup using session resumption. This + * must be initialized via mbedtls_ssl_init() and bound to + * an SSL configuration via mbedtls_ssl_setup(), but + * the handshake must not yet have been started. + * \param session The session to be considered for session resumption. + * This must be a session previously exported via + * mbedtls_ssl_get_session(), and potentially serialized and + * deserialized through mbedtls_ssl_session_save() and + * mbedtls_ssl_session_load() in the meantime. + * + * \return \c 0 if successful. + * \return \c MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the session + * could not be loaded because of an implementation limitation. + * This error is non-fatal, and has no observable effect on + * the SSL context or the session that was attempted to be loaded. + * \return Another negative error code on other kinds of failure. * * \sa mbedtls_ssl_get_session() + * \sa mbedtls_ssl_session_load() */ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session ); #endif /* MBEDTLS_SSL_CLI_C */ @@ -3677,32 +3710,41 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss #if defined(MBEDTLS_SSL_CLI_C) /** - * \brief Save session in order to resume it later (client-side only) - * Session data is copied to presented session structure. + * \brief Export a session in order to resume it later. * + * \param ssl The SSL context representing the connection for which to + * to export a session structure for later resumption. + * \param session The target structure in which to store the exported session. + * This must have been initialized with mbedtls_ssl_init_session() + * but otherwise be unused. * - * \param ssl SSL context - * \param session session context + * \note The mechanism of session resumption is opaque to this + * call: For TLS 1.2, both session ID-based resumption and + * ticket-based resumption will be considered. For TLS 1.3, + * once implemented, sessions equate to tickets, and calling + * this function multiple times will export the available + * tickets one a time until no further tickets are available, + * in which case MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE will + * be returned. * - * \return 0 if successful, - * MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed, - * MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used server-side or - * arguments are otherwise invalid. + * \note Calling this function multiple times will only be useful + * once TLS 1.3 is supported. For TLS 1.2 connections, this + * function should be called at most once. * - * \note Only the server certificate is copied, and not the full chain, - * so you should not attempt to validate the certificate again - * by calling \c mbedtls_x509_crt_verify() on it. - * Instead, you should use the results from the verification - * in the original handshake by calling \c mbedtls_ssl_get_verify_result() - * after loading the session again into a new SSL context - * using \c mbedtls_ssl_set_session(). - * - * \note Once the session object is not needed anymore, you should - * free it by calling \c mbedtls_ssl_session_free(). + * \return \c 0 if successful. In this case, \p session can be used for + * session resumption by passing it to mbedtls_ssl_set_session(), + * and serialized for storage via mbedtls_ssl_session_save(). + * \return #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if no further session + * is available for export. + * This error is a non-fatal, and has no observable effect on + * the SSL context or the destination session. + * \return Another negative error code on other kinds of failure. * * \sa mbedtls_ssl_set_session() + * \sa mbedtls_ssl_session_save() */ -int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *session ); +int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, + mbedtls_ssl_session *session ); #endif /* MBEDTLS_SSL_CLI_C */ /** diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1decc9fce..6e32b564e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3788,6 +3788,9 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } + if( ssl->handshake->resume == 1 ) + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + if( ( ret = mbedtls_ssl_session_copy( ssl->session_negotiate, session ) ) != 0 ) return( ret ); @@ -4789,6 +4792,8 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, mbedtls_ssl_session *dst ) { + int ret; + if( ssl == NULL || dst == NULL || ssl->session == NULL || @@ -4797,7 +4802,27 @@ int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } - return( mbedtls_ssl_session_copy( dst, ssl->session ) ); + /* Since Mbed TLS 3.0, mbedtls_ssl_get_session() is no longer + * idempotent: Each session can only be exported once. + * + * (This is in preparation for TLS 1.3 support where we will + * need the ability to export multiple sessions (aka tickets), + * which will be achieved by calling mbedtls_ssl_get_session() + * multiple times until it fails.) + * + * Check whether we have already exported the current session, + * and fail if so. + */ + if( ssl->session->exported == 1 ) + return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); + + ret = mbedtls_ssl_session_copy( dst, ssl->session ); + if( ret != 0 ) + return( ret ); + + /* Remember that we've exported the session. */ + ssl->session->exported = 1; + return( 0 ); } #endif /* MBEDTLS_SSL_CLI_C */ From 548b136e8f974f0fdee4a27f3c266beea0349535 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 May 2021 16:09:15 +0100 Subject: [PATCH 007/236] Add migration guide for removal of mbedtls_ssl_get_session_pointer() Signed-off-by: Hanno Becker --- .../remove-ssl-get-session_pointer.md | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 docs/3.0-migration-guide.d/remove-ssl-get-session_pointer.md diff --git a/docs/3.0-migration-guide.d/remove-ssl-get-session_pointer.md b/docs/3.0-migration-guide.d/remove-ssl-get-session_pointer.md new file mode 100644 index 000000000..a4a4895a8 --- /dev/null +++ b/docs/3.0-migration-guide.d/remove-ssl-get-session_pointer.md @@ -0,0 +1,23 @@ +Remove the SSL API mbedtls_ssl_get_session_pointer() +----------------------------------------------------------------- + +This affects two classes of users: + +1. Users who manually inspect parts of the current session through + direct structure field access. + +2. Users of session resumption who query the current session + via `mbedtls_ssl_get_session_pointer()` prior to saving or exporting + it via `mbedtls_ssl_session_copy()` or `mbedtls_ssl_session_save()`, + respectively. + +Migration paths: + +1. Mbed TLS 3.0 does not offer a migration path for the usecase 1: Like many + other Mbed TLS structures, the structure of `mbedtls_ssl_session` is no + longer part of the public API in Mbed TLS 3.0, and direct structure field + access is no longer supported. Please see the corresponding migration guide. + +2. Users should replace calls to `mbedtls_ssl_get_session_pointer()` by + calls to `mbedtls_ssl_get_session()` as demonstrated in the example + program `programs/ssl/ssl_client2.c`. From 699d4d7df75161dc5b35d67db9ebbbaaee9cae6e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 May 2021 16:21:36 +0100 Subject: [PATCH 008/236] Add migration guide for new SSL ticket API Signed-off-by: Hanno Becker --- docs/3.0-migration-guide.d/ssl-ticket-api.md | 30 ++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 docs/3.0-migration-guide.d/ssl-ticket-api.md diff --git a/docs/3.0-migration-guide.d/ssl-ticket-api.md b/docs/3.0-migration-guide.d/ssl-ticket-api.md new file mode 100644 index 000000000..ce95e2f24 --- /dev/null +++ b/docs/3.0-migration-guide.d/ssl-ticket-api.md @@ -0,0 +1,30 @@ +Modified semantics of mbedtls_ssl_{get,set}_session() +----------------------------------------------------------------- + +This affects users who call `mbedtls_ssl_get_session()` or +`mbedtls_ssl_session_set()` multiple times on the same SSL context +representing an established TLS 1.2 connection. +Those users will now observe the second call to fail with +`MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE`. + +Migration path: +- Exporting the same TLS 1.2 connection multiple times via + `mbedtls_ssl_get_session()` leads to multiple copies of + the same session. This use of `mbedtls_ssl_get_session()` + is discouraged, and the following should be considered: + * If the various session copies are later loaded into + fresh SSL contexts via `mbedtls_ssl_set_session()`, + export via `mbedtls_ssl_get_session()` only once and + load the same session into different contexts via + `mbedtls_ssl_set_session()`. Since `mbedtls_ssl_set_session()` + makes a copy of the session that's being loaded, this + is functionally equivalent. + * If the various session copies are later serialized + via `mbedtls_ssl_session_save()`, export and serialize + the session only once via `mbedtls_ssl_get_session()` and + `mbedtls_ssl_session_save()` and make copies of the raw + data instead. +- Calling `mbedtls_ssl_set_session()` multiple times in Mbed TLS 2.x + is not useful since subsequent calls overwrite the effect of previous + calls. Applications achieve equivalent functional behaviour by + issuing only the very last call to `mbedtls_ssl_set_session()`. From 5ca21db813894628586568fc6d53e08fa5cbafa5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 17 May 2021 12:28:08 +0200 Subject: [PATCH 009/236] Fix misuse of MD API in SSL constant-flow HMAC MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The sequence of calls starts-update-starts-update-finish is not a guaranteed valid way to abort an operation and start a new one. Our software implementation just happens to support it, but alt implementations may very well not support it. Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/fix-ssl-cf-hmac-alt.txt | 5 +++++ library/ssl_msg.c | 3 +++ 2 files changed, 8 insertions(+) create mode 100644 ChangeLog.d/fix-ssl-cf-hmac-alt.txt diff --git a/ChangeLog.d/fix-ssl-cf-hmac-alt.txt b/ChangeLog.d/fix-ssl-cf-hmac-alt.txt new file mode 100644 index 000000000..57ffa02e2 --- /dev/null +++ b/ChangeLog.d/fix-ssl-cf-hmac-alt.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix a regression introduced in 2.24.0 which broke (D)TLS CBC ciphersuites + (when the encrypt-then-MAC extension is not in use) with some ALT + implementations of the underlying hash (SHA-1, SHA-256, SHA-384), causing + the affected side to wrongly reject valid messages. Fixes #4118. diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 3956a67d2..55623ccb3 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1164,6 +1164,9 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_ssl_cf_hmac( MD_CHK( mbedtls_md_update( ctx, data + offset, 1 ) ); } + /* The context needs to finish() before it starts() again */ + MD_CHK( mbedtls_md_finish( ctx, aux_out ) ); + /* Now compute HASH(okey + inner_hash) */ MD_CHK( mbedtls_md_starts( ctx ) ); MD_CHK( mbedtls_md_update( ctx, okey, block_size ) ); From 2c09c9bca97dcbe42e0b8f2d6f5c00f1c94099c4 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Fri, 14 May 2021 22:20:10 +0200 Subject: [PATCH 010/236] Introduce MBEDTLS_PRIVATE macro. Public structs members are considered private and should not be used by users application. MBEDTLS_PRIVATE(member) macro is intended to clearly indicate which members are private. Signed-off-by: Mateusz Starzyk --- include/mbedtls/private_access.h | 32 +++++++++++++++++++++++ library/common.h | 7 +++++ library/psa_crypto_driver_wrappers.c | 1 + tests/include/test/helpers.h | 2 ++ tests/src/drivers/test_driver_aead.c | 2 ++ tests/src/drivers/test_driver_cipher.c | 2 ++ tests/src/drivers/test_driver_signature.c | 2 ++ tests/suites/helpers.function | 2 ++ tests/suites/main_test.function | 8 ------ 9 files changed, 50 insertions(+), 8 deletions(-) create mode 100644 include/mbedtls/private_access.h diff --git a/include/mbedtls/private_access.h b/include/mbedtls/private_access.h new file mode 100644 index 000000000..98d3419f6 --- /dev/null +++ b/include/mbedtls/private_access.h @@ -0,0 +1,32 @@ + /** + * \file private_access.h + * + * \brief Macro wrapper for struct's memebrs. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_PRIVATE_ACCESS_H +#define MBEDTLS_PRIVATE_ACCESS_H + +#ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS +#define MBEDTLS_PRIVATE(member) private_##member +#else +#define MBEDTLS_PRIVATE(member) member +#endif + +#endif /* MBEDTLS_PRIVATE_ACCESS_H */ diff --git a/library/common.h b/library/common.h index 5845766ac..c31ac1e1c 100644 --- a/library/common.h +++ b/library/common.h @@ -50,4 +50,11 @@ #define MBEDTLS_STATIC_TESTABLE static #endif +/** Allow library to access it's structs' private members. + * + * Although structs defined in header files are publicly available, + * their members are private and should not be accessed by the user. + */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #endif /* MBEDTLS_LIBRARY_COMMON_H */ diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c index f61e5ebbe..19260c45e 100644 --- a/library/psa_crypto_driver_wrappers.c +++ b/library/psa_crypto_driver_wrappers.c @@ -19,6 +19,7 @@ * limitations under the License. */ +#include "common.h" #include "psa_crypto_aead.h" #include "psa_crypto_cipher.h" #include "psa_crypto_core.h" diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 9bfe08547..0f82a9040 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -25,6 +25,8 @@ #ifndef TEST_HELPERS_H #define TEST_HELPERS_H +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 25396c92f..a14716324 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -23,6 +23,8 @@ #include MBEDTLS_CONFIG_FILE #endif +#include + #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa_crypto_aead.h" diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index a415dd812..4827946b0 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -24,6 +24,8 @@ #include MBEDTLS_CONFIG_FILE #endif +#include + #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_cipher.h" diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index 14de8318e..fdfba165f 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -25,6 +25,8 @@ #include MBEDTLS_CONFIG_FILE #endif +#include + #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" #include "psa_crypto_core.h" diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 2ef07fa62..ca03532ba 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -2,6 +2,8 @@ /*----------------------------------------------------------------------------*/ /* Headers */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include #include #include diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index ac00f45e5..62a667821 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -29,14 +29,6 @@ #include MBEDTLS_CONFIG_FILE #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa/crypto.h" -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_TEST_HOOKS) -#include "mbedtls/error.h" -#endif - /* Test code may use deprecated identifiers only if the preprocessor symbol * MBEDTLS_TEST_DEPRECATED is defined. When building tests, set * MBEDTLS_TEST_DEPRECATED explicitly if MBEDTLS_DEPRECATED_WARNING is From 0d41abbde61e40ab00ac512f16340262640ba6fb Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Wed, 12 May 2021 14:48:40 +0200 Subject: [PATCH 011/236] Introduce scripts automating wrapping structs members with MBEDTLS_PRIVATE. Usage: run setup_and_run_MBEDTLS_PRIVATE.sh Signed-off-by: Mateusz Starzyk --- apply_MBEDTLS_PRIVATE.py | 84 ++++++++++++++++++++++++++++++++ setup_and_run_MBEDTLS_PRIVATE.sh | 10 ++++ 2 files changed, 94 insertions(+) create mode 100644 apply_MBEDTLS_PRIVATE.py create mode 100755 setup_and_run_MBEDTLS_PRIVATE.sh diff --git a/apply_MBEDTLS_PRIVATE.py b/apply_MBEDTLS_PRIVATE.py new file mode 100644 index 000000000..4160287f2 --- /dev/null +++ b/apply_MBEDTLS_PRIVATE.py @@ -0,0 +1,84 @@ +import re +import fileinput +import glob +import pprint +import os +import xml.etree.ElementTree as ET + + +files_to_visit = {} + +struct_files = glob.glob("apidoc/xml/structmbedtls*.xml") + glob.glob("apidoc/xml/structpsa*.xml") + +for struct_file in struct_files: + struct_file_tree = ET.parse(struct_file) + all_struct_members_definitions = struct_file_tree.getroot().findall(".//memberdef[@kind='variable']") + + # Create dictionary with following structre + # "filepath" : { "variable_name1": (1, 2, 40, 61), # line numbers + # "variable_name2": (60, 64), + # } + for struct_member_def in all_struct_members_definitions: + # find file path for this variable + member_id = struct_member_def.attrib["id"] + location = struct_member_def.find("location") + file_path = location.attrib["file"] + variable_name = struct_member_def.find("name").text + # if path not yet in dictionary, create empty record to initialize + if file_path not in files_to_visit: + files_to_visit[file_path] = {} + # if variable is not yet in this file's dictionary, create empty set to initialize + if variable_name not in files_to_visit[file_path]: + files_to_visit[file_path][variable_name] = set() + + # add variable definition + files_to_visit[file_path][variable_name].add(int(location.attrib["line"])) + + # check where the variable was referenced + references = struct_member_def.findall("referencedby") + for reference in references: + refid = reference.attrib["refid"] + # assuming that compound name is related to header's xml file + header_file = "apidoc/xml/" + reference.attrib["compoundref"] + ".xml" + header_file_tree = ET.parse(header_file) + # check if this reference is created by static inline function + static_inline_function_definition = header_file_tree.getroot().find(f".//memberdef[@id='{refid}'][@kind='function'][@static='yes'][@inline='yes']") + if static_inline_function_definition: + static_inline_function_file_path = static_inline_function_definition.find("location").attrib["file"] + # if path not yet in dictionary, create empty record to initialize. + # This could happen if reference is inside header file which was not yet processed in search for variable definitions + if static_inline_function_file_path not in files_to_visit: + files_to_visit[static_inline_function_file_path] = {} + # if variable is not yet in this file's dictionary, create empty set to initialize + if variable_name not in files_to_visit[static_inline_function_file_path]: + files_to_visit[static_inline_function_file_path][variable_name] = set() + # function block scope + function_lines_from = int(reference.attrib["startline"]) + function_lines_to = int(reference.attrib["endline"]) + # find codelines referencing struct's variable + codelines_xml = header_file_tree.getroot().findall(f".//ref[@refid='{member_id}']/../..") + # filter by function's scope + codelines = [int(line.attrib["lineno"]) for line in codelines_xml if int(line.attrib["lineno"]) >= function_lines_from and int(line.attrib["lineno"]) <= function_lines_to] + # add variable reference + files_to_visit[static_inline_function_file_path][variable_name].update(codelines) + +pp = pprint.PrettyPrinter(indent=4) +pp.pprint(files_to_visit) + +for file_path, variables in files_to_visit.items(): + with fileinput.FileInput(file_path, inplace=True) as file: + output_line_number = 1 + re_include_guard = re.compile(r"^#define.*{name}$".format(name=os.path.basename(file_path).replace('.','_').upper())) + for line in file: + insert_allow_private_include = False + if re_include_guard.match(line): + insert_allow_private_include = True + for variable, var_lines in variables.items(): + for var_line in var_lines: + if output_line_number == var_line: + line = re.sub(r"(^.*?\W+)({var})(\W+.*$)".format(var=variable), r"\1MBEDTLS_PRIVATE(\2)\3", line) + output_line_number += 1 + print(line, end='') # fileinput redirects stdout to the target file + if insert_allow_private_include: + insert_allow_private_include = False + print("#include \"mbedtls/private_access.h\"") diff --git a/setup_and_run_MBEDTLS_PRIVATE.sh b/setup_and_run_MBEDTLS_PRIVATE.sh new file mode 100755 index 000000000..9a0e59979 --- /dev/null +++ b/setup_and_run_MBEDTLS_PRIVATE.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +make clean +sed -i 's/GENERATE_XML = NO/GENERATE_XML = YES/g' doxygen/mbedtls.doxyfile +scripts/config.py full +cd doxygen +doxygen mbedtls.doxyfile +cd .. +python3 apply_MBEDTLS_PRIVATE.py +git checkout include/mbedtls/config.h doxygen/mbedtls.doxyfile From 846f021de291c105c18031fa5d5c466917cb3cad Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Wed, 19 May 2021 19:44:07 +0200 Subject: [PATCH 012/236] Run MBEDTLS_PRIVATE wrapping script on the library. Signed-off-by: Mateusz Starzyk --- include/mbedtls/aes.h | 11 +- include/mbedtls/arc4.h | 7 +- include/mbedtls/aria.h | 5 +- include/mbedtls/asn1.h | 25 +- include/mbedtls/bignum.h | 7 +- include/mbedtls/blowfish.h | 5 +- include/mbedtls/camellia.h | 5 +- include/mbedtls/ccm.h | 3 +- include/mbedtls/chacha20.h | 7 +- include/mbedtls/chachapoly.h | 13 +- include/mbedtls/cipher.h | 73 +++--- include/mbedtls/cmac.h | 7 +- include/mbedtls/ctr_drbg.h | 19 +- include/mbedtls/des.h | 5 +- include/mbedtls/dhm.h | 23 +- include/mbedtls/ecdh.h | 19 +- include/mbedtls/ecjpake.h | 25 +- include/mbedtls/ecp.h | 51 ++-- include/mbedtls/entropy.h | 23 +- include/mbedtls/gcm.h | 19 +- include/mbedtls/hmac_drbg.h | 19 +- include/mbedtls/md.h | 7 +- include/mbedtls/md2.h | 9 +- include/mbedtls/md4.h | 7 +- include/mbedtls/md5.h | 7 +- include/mbedtls/net_sockets.h | 3 +- include/mbedtls/nist_kw.h | 3 +- include/mbedtls/oid.h | 9 +- include/mbedtls/pem.h | 7 +- include/mbedtls/pk.h | 15 +- include/mbedtls/platform.h | 3 +- include/mbedtls/poly1305.h | 11 +- include/mbedtls/psa_util.h | 3 +- include/mbedtls/ripemd160.h | 7 +- include/mbedtls/rsa.h | 37 +-- include/mbedtls/sha1.h | 7 +- include/mbedtls/sha256.h | 9 +- include/mbedtls/sha512.h | 11 +- include/mbedtls/ssl.h | 327 ++++++++++++------------ include/mbedtls/ssl_cache.h | 21 +- include/mbedtls/ssl_ciphersuites.h | 17 +- include/mbedtls/ssl_cookie.h | 7 +- include/mbedtls/ssl_ticket.h | 19 +- include/mbedtls/threading.h | 5 +- include/mbedtls/timing.h | 7 +- include/mbedtls/x509.h | 5 +- include/mbedtls/x509_crl.h | 43 ++-- include/mbedtls/x509_crt.h | 117 ++++----- include/mbedtls/x509_csr.h | 31 +-- include/mbedtls/xtea.h | 3 +- include/psa/crypto_builtin_composites.h | 15 +- include/psa/crypto_builtin_primitives.h | 29 ++- include/psa/crypto_extra.h | 29 ++- include/psa/crypto_se_driver.h | 91 +++---- include/psa/crypto_struct.h | 155 +++++------ 55 files changed, 751 insertions(+), 696 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index da741c8e8..e23b9ca94 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -39,6 +39,7 @@ #ifndef MBEDTLS_AES_H #define MBEDTLS_AES_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -78,9 +79,9 @@ extern "C" { */ typedef struct mbedtls_aes_context { - int nr; /*!< The number of rounds. */ - uint32_t *rk; /*!< AES round keys. */ - uint32_t buf[68]; /*!< Unaligned data buffer. This buffer can + int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */ + uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */ + uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can hold 32 extra Bytes, which can be used for one of the following purposes:
  • Alignment if VIA padlock is @@ -97,9 +98,9 @@ mbedtls_aes_context; */ typedef struct mbedtls_aes_xts_context { - mbedtls_aes_context crypt; /*!< The AES context to use for AES block + mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block encryption or decryption. */ - mbedtls_aes_context tweak; /*!< The AES context used for tweak + mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak computation. */ } mbedtls_aes_xts_context; #endif /* MBEDTLS_CIPHER_MODE_XTS */ diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h index ada6083e0..631365120 100644 --- a/include/mbedtls/arc4.h +++ b/include/mbedtls/arc4.h @@ -25,6 +25,7 @@ */ #ifndef MBEDTLS_ARC4_H #define MBEDTLS_ARC4_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -51,9 +52,9 @@ extern "C" { */ typedef struct mbedtls_arc4_context { - int x; /*!< permutation index */ - int y; /*!< permutation index */ - unsigned char m[256]; /*!< permutation table */ + int MBEDTLS_PRIVATE(x); /*!< permutation index */ + int MBEDTLS_PRIVATE(y); /*!< permutation index */ + unsigned char MBEDTLS_PRIVATE(m)[256]; /*!< permutation table */ } mbedtls_arc4_context; diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 7dd960f29..cd15c706f 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -28,6 +28,7 @@ #ifndef MBEDTLS_ARIA_H #define MBEDTLS_ARIA_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -64,9 +65,9 @@ extern "C" { */ typedef struct mbedtls_aria_context { - unsigned char nr; /*!< The number of rounds (12, 14 or 16) */ + unsigned char MBEDTLS_PRIVATE(nr); /*!< The number of rounds (12, 14 or 16) */ /*! The ARIA round keys. */ - uint32_t rk[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4]; + uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4]; } mbedtls_aria_context; diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index d2162fe12..66119810f 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_ASN1_H #define MBEDTLS_ASN1_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -148,9 +149,9 @@ extern "C" { */ typedef struct mbedtls_asn1_buf { - int tag; /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */ - size_t len; /**< ASN1 length, in octets. */ - unsigned char *p; /**< ASN1 data, e.g. in ASCII. */ + int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */ + size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */ + unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */ } mbedtls_asn1_buf; @@ -159,9 +160,9 @@ mbedtls_asn1_buf; */ typedef struct mbedtls_asn1_bitstring { - size_t len; /**< ASN1 length, in octets. */ - unsigned char unused_bits; /**< Number of unused bits at the end of the string */ - unsigned char *p; /**< Raw ASN1 data for the bit string */ + size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */ + unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at the end of the string */ + unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */ } mbedtls_asn1_bitstring; @@ -170,8 +171,8 @@ mbedtls_asn1_bitstring; */ typedef struct mbedtls_asn1_sequence { - mbedtls_asn1_buf buf; /**< Buffer containing the given ASN.1 item. */ - struct mbedtls_asn1_sequence *next; /**< The next entry in the sequence. */ + mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given ASN.1 item. */ + struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */ } mbedtls_asn1_sequence; @@ -180,10 +181,10 @@ mbedtls_asn1_sequence; */ typedef struct mbedtls_asn1_named_data { - mbedtls_asn1_buf oid; /**< The object identifier. */ - mbedtls_asn1_buf val; /**< The named value. */ - struct mbedtls_asn1_named_data *next; /**< The next entry in the sequence. */ - unsigned char next_merged; /**< Merge next item into the current one? */ + mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */ + mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */ + struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry in the sequence. */ + unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the current one? */ } mbedtls_asn1_named_data; diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 073b4a40c..47768fc6f 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_BIGNUM_H #define MBEDTLS_BIGNUM_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -183,9 +184,9 @@ extern "C" { */ typedef struct mbedtls_mpi { - int s; /*!< Sign: -1 if the mpi is negative, 1 otherwise */ - size_t n; /*!< total # of limbs */ - mbedtls_mpi_uint *p; /*!< pointer to limbs */ + int MBEDTLS_PRIVATE(s); /*!< Sign: -1 if the mpi is negative, 1 otherwise */ + size_t MBEDTLS_PRIVATE(n); /*!< total # of limbs */ + mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!< pointer to limbs */ } mbedtls_mpi; diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h index 1ade1fc7e..e54d4914d 100644 --- a/include/mbedtls/blowfish.h +++ b/include/mbedtls/blowfish.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_BLOWFISH_H #define MBEDTLS_BLOWFISH_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -57,8 +58,8 @@ extern "C" { */ typedef struct mbedtls_blowfish_context { - uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */ - uint32_t S[4][256]; /*!< key dependent S-boxes */ + uint32_t MBEDTLS_PRIVATE(P)[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */ + uint32_t MBEDTLS_PRIVATE(S)[4][256]; /*!< key dependent S-boxes */ } mbedtls_blowfish_context; diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h index dee5c3e2c..d2d4f61b1 100644 --- a/include/mbedtls/camellia.h +++ b/include/mbedtls/camellia.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_CAMELLIA_H #define MBEDTLS_CAMELLIA_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -53,8 +54,8 @@ extern "C" { */ typedef struct mbedtls_camellia_context { - int nr; /*!< number of rounds */ - uint32_t rk[68]; /*!< CAMELLIA round keys */ + int MBEDTLS_PRIVATE(nr); /*!< number of rounds */ + uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!< CAMELLIA round keys */ } mbedtls_camellia_context; diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index f63e61be5..2fa4b5b14 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -46,6 +46,7 @@ #ifndef MBEDTLS_CCM_H #define MBEDTLS_CCM_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -72,7 +73,7 @@ extern "C" { */ typedef struct mbedtls_ccm_context { - mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */ + mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ } mbedtls_ccm_context; diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h index a6a8cda74..441aaa4c8 100644 --- a/include/mbedtls/chacha20.h +++ b/include/mbedtls/chacha20.h @@ -31,6 +31,7 @@ #ifndef MBEDTLS_CHACHA20_H #define MBEDTLS_CHACHA20_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -51,9 +52,9 @@ extern "C" { typedef struct mbedtls_chacha20_context { - uint32_t state[16]; /*! The state (before round operations). */ - uint8_t keystream8[64]; /*! Leftover keystream bytes. */ - size_t keystream_bytes_used; /*! Number of keystream bytes already used. */ + uint32_t MBEDTLS_PRIVATE(state)[16]; /*! The state (before round operations). */ + uint8_t MBEDTLS_PRIVATE(keystream8)[64]; /*! Leftover keystream bytes. */ + size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes already used. */ } mbedtls_chacha20_context; diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h index 1007f95bb..7c3673985 100644 --- a/include/mbedtls/chachapoly.h +++ b/include/mbedtls/chachapoly.h @@ -31,6 +31,7 @@ #ifndef MBEDTLS_CHACHAPOLY_H #define MBEDTLS_CHACHAPOLY_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -61,12 +62,12 @@ mbedtls_chachapoly_mode_t; typedef struct mbedtls_chachapoly_context { - mbedtls_chacha20_context chacha20_ctx; /**< The ChaCha20 context. */ - mbedtls_poly1305_context poly1305_ctx; /**< The Poly1305 context. */ - uint64_t aad_len; /**< The length (bytes) of the Additional Authenticated Data. */ - uint64_t ciphertext_len; /**< The length (bytes) of the ciphertext. */ - int state; /**< The current state of the context. */ - mbedtls_chachapoly_mode_t mode; /**< Cipher mode (encrypt or decrypt). */ + mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx); /**< The ChaCha20 context. */ + mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx); /**< The Poly1305 context. */ + uint64_t MBEDTLS_PRIVATE(aad_len); /**< The length (bytes) of the Additional Authenticated Data. */ + uint64_t MBEDTLS_PRIVATE(ciphertext_len); /**< The length (bytes) of the ciphertext. */ + int MBEDTLS_PRIVATE(state); /**< The current state of the context. */ + mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode); /**< Cipher mode (encrypt or decrypt). */ } mbedtls_chachapoly_context; diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index ffb20a676..97aa16c83 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -26,6 +26,7 @@ #ifndef MBEDTLS_CIPHER_H #define MBEDTLS_CIPHER_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -267,37 +268,37 @@ typedef struct mbedtls_cipher_info_t /** Full cipher identifier. For example, * MBEDTLS_CIPHER_AES_256_CBC. */ - mbedtls_cipher_type_t type; + mbedtls_cipher_type_t MBEDTLS_PRIVATE(type); /** The cipher mode. For example, MBEDTLS_MODE_CBC. */ - mbedtls_cipher_mode_t mode; + mbedtls_cipher_mode_t MBEDTLS_PRIVATE(mode); /** The cipher key length, in bits. This is the * default length for variable sized ciphers. * Includes parity bits for ciphers like DES. */ - unsigned int key_bitlen; + unsigned int MBEDTLS_PRIVATE(key_bitlen); /** Name of the cipher. */ - const char * name; + const char * MBEDTLS_PRIVATE(name); /** IV or nonce size, in Bytes. * For ciphers that accept variable IV sizes, * this is the recommended size. */ - unsigned int iv_size; + unsigned int MBEDTLS_PRIVATE(iv_size); /** Bitflag comprised of MBEDTLS_CIPHER_VARIABLE_IV_LEN and * MBEDTLS_CIPHER_VARIABLE_KEY_LEN indicating whether the * cipher supports variable IV or variable key sizes, respectively. */ - int flags; + int MBEDTLS_PRIVATE(flags); /** The block size, in Bytes. */ - unsigned int block_size; + unsigned int MBEDTLS_PRIVATE(block_size); /** Struct for base cipher information and functions. */ - const mbedtls_cipher_base_t *base; + const mbedtls_cipher_base_t *MBEDTLS_PRIVATE(base); } mbedtls_cipher_info_t; @@ -307,43 +308,43 @@ typedef struct mbedtls_cipher_info_t typedef struct mbedtls_cipher_context_t { /** Information about the associated cipher. */ - const mbedtls_cipher_info_t *cipher_info; + const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info); /** Key length to use. */ - int key_bitlen; + int MBEDTLS_PRIVATE(key_bitlen); /** Operation that the key of the context has been * initialized for. */ - mbedtls_operation_t operation; + mbedtls_operation_t MBEDTLS_PRIVATE(operation); #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) /** Padding functions to use, if relevant for * the specific cipher mode. */ - void (*add_padding)( unsigned char *output, size_t olen, size_t data_len ); - int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len ); + void (*MBEDTLS_PRIVATE(add_padding))( unsigned char *output, size_t olen, size_t data_len ); + int (*MBEDTLS_PRIVATE(get_padding))( unsigned char *input, size_t ilen, size_t *data_len ); #endif /** Buffer for input that has not been processed yet. */ - unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH]; + unsigned char MBEDTLS_PRIVATE(unprocessed_data)[MBEDTLS_MAX_BLOCK_LENGTH]; /** Number of Bytes that have not been processed yet. */ - size_t unprocessed_len; + size_t MBEDTLS_PRIVATE(unprocessed_len); /** Current IV or NONCE_COUNTER for CTR-mode, data unit (or sector) number * for XTS-mode. */ - unsigned char iv[MBEDTLS_MAX_IV_LENGTH]; + unsigned char MBEDTLS_PRIVATE(iv)[MBEDTLS_MAX_IV_LENGTH]; /** IV size in Bytes, for ciphers with variable-length IVs. */ - size_t iv_size; + size_t MBEDTLS_PRIVATE(iv_size); /** The cipher-specific context. */ - void *cipher_ctx; + void *MBEDTLS_PRIVATE(cipher_ctx); #if defined(MBEDTLS_CMAC_C) /** CMAC-specific context. */ - mbedtls_cmac_context_t *cmac_ctx; + mbedtls_cmac_context_t *MBEDTLS_PRIVATE(cmac_ctx); #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -354,7 +355,7 @@ typedef struct mbedtls_cipher_context_t * mbedtls_cipher_setup(), and set if it was established through * mbedtls_cipher_setup_psa(). */ - unsigned char psa_enabled; + unsigned char MBEDTLS_PRIVATE(psa_enabled); #endif /* MBEDTLS_USE_PSA_CRYPTO */ } mbedtls_cipher_context_t; @@ -495,10 +496,10 @@ static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx ) { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - if( ctx->cipher_info == NULL ) + if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) return 0; - return ctx->cipher_info->block_size; + return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size); } /** @@ -514,10 +515,10 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx ) { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE ); - if( ctx->cipher_info == NULL ) + if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) return MBEDTLS_MODE_NONE; - return ctx->cipher_info->mode; + return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode); } /** @@ -534,13 +535,13 @@ static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx ) { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - if( ctx->cipher_info == NULL ) + if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) return 0; - if( ctx->iv_size != 0 ) - return (int) ctx->iv_size; + if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 ) + return (int) ctx->MBEDTLS_PRIVATE(iv_size); - return (int) ctx->cipher_info->iv_size; + return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size); } /** @@ -556,10 +557,10 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_CIPHER_NONE ); - if( ctx->cipher_info == NULL ) + if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) return MBEDTLS_CIPHER_NONE; - return ctx->cipher_info->type; + return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type); } /** @@ -575,10 +576,10 @@ static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx ) { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 ); - if( ctx->cipher_info == NULL ) + if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) return 0; - return ctx->cipher_info->name; + return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name); } /** @@ -595,10 +596,10 @@ static inline int mbedtls_cipher_get_key_bitlen( { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_KEY_LENGTH_NONE ); - if( ctx->cipher_info == NULL ) + if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) return MBEDTLS_KEY_LENGTH_NONE; - return (int) ctx->cipher_info->key_bitlen; + return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen); } /** @@ -614,10 +615,10 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( { MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_OPERATION_NONE ); - if( ctx->cipher_info == NULL ) + if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL ) return MBEDTLS_OPERATION_NONE; - return ctx->operation; + return ctx->MBEDTLS_PRIVATE(operation); } /** diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index a0563b1ef..65c831c87 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -25,6 +25,7 @@ #ifndef MBEDTLS_CMAC_H #define MBEDTLS_CMAC_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -55,14 +56,14 @@ extern "C" { struct mbedtls_cmac_context_t { /** The internal state of the CMAC algorithm. */ - unsigned char state[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX]; /** Unprocessed data - either data that was not block aligned and is still * pending processing, or the final block. */ - unsigned char unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX]; + unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX]; /** The length of data pending processing. */ - size_t unprocessed_len; + size_t MBEDTLS_PRIVATE(unprocessed_len); }; #else /* !MBEDTLS_CMAC_ALT */ diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 0f2c5510f..6a8d5c688 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -40,6 +40,7 @@ #ifndef MBEDTLS_CTR_DRBG_H #define MBEDTLS_CTR_DRBG_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -168,8 +169,8 @@ extern "C" { */ typedef struct mbedtls_ctr_drbg_context { - unsigned char counter[16]; /*!< The counter (V). */ - int reseed_counter; /*!< The reseed counter. + unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */ + int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter. * This is the number of requests that have * been made since the last (re)seeding, * minus one. @@ -179,25 +180,25 @@ typedef struct mbedtls_ctr_drbg_context * or -1 if no nonce length has been explicitly * set (see mbedtls_ctr_drbg_set_nonce_len()). */ - int prediction_resistance; /*!< This determines whether prediction + int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether prediction resistance is enabled, that is whether to systematically reseed before each random generation. */ - size_t entropy_len; /*!< The amount of entropy grabbed on each + size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on each seed or reseed operation, in bytes. */ - int reseed_interval; /*!< The reseed interval. + int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval. * This is the maximum number of requests * that can be made between reseedings. */ - mbedtls_aes_context aes_ctx; /*!< The AES context. */ + mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */ /* * Callbacks (Entropy) */ - int (*f_entropy)(void *, unsigned char *, size_t); + int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); /*!< The entropy callback function. */ - void *p_entropy; /*!< The context for the entropy function. */ + void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function. */ #if defined(MBEDTLS_THREADING_C) /* Invariant: the mutex is initialized if and only if f_entropy != NULL. @@ -207,7 +208,7 @@ typedef struct mbedtls_ctr_drbg_context * Note that this invariant may change without notice. Do not rely on it * and do not access the mutex directly in application code. */ - mbedtls_threading_mutex_t mutex; + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); #endif } mbedtls_ctr_drbg_context; diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h index 92da73f08..24d240283 100644 --- a/include/mbedtls/des.h +++ b/include/mbedtls/des.h @@ -26,6 +26,7 @@ */ #ifndef MBEDTLS_DES_H #define MBEDTLS_DES_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -60,7 +61,7 @@ extern "C" { */ typedef struct mbedtls_des_context { - uint32_t sk[32]; /*!< DES subkeys */ + uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!< DES subkeys */ } mbedtls_des_context; @@ -69,7 +70,7 @@ mbedtls_des_context; */ typedef struct mbedtls_des3_context { - uint32_t sk[96]; /*!< 3DES subkeys */ + uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!< 3DES subkeys */ } mbedtls_des3_context; diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 0e8892e0f..6c8ca037c 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -62,6 +62,7 @@ #ifndef MBEDTLS_DHM_H #define MBEDTLS_DHM_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -95,17 +96,17 @@ extern "C" { */ typedef struct mbedtls_dhm_context { - size_t len; /*!< The size of \p P in Bytes. */ - mbedtls_mpi P; /*!< The prime modulus. */ - mbedtls_mpi G; /*!< The generator. */ - mbedtls_mpi X; /*!< Our secret value. */ - mbedtls_mpi GX; /*!< Our public key = \c G^X mod \c P. */ - mbedtls_mpi GY; /*!< The public key of the peer = \c G^Y mod \c P. */ - mbedtls_mpi K; /*!< The shared secret = \c G^(XY) mod \c P. */ - mbedtls_mpi RP; /*!< The cached value = \c R^2 mod \c P. */ - mbedtls_mpi Vi; /*!< The blinding value. */ - mbedtls_mpi Vf; /*!< The unblinding value. */ - mbedtls_mpi pX; /*!< The previous \c X. */ + size_t MBEDTLS_PRIVATE(len); /*!< The size of \p P in Bytes. */ + mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus. */ + mbedtls_mpi MBEDTLS_PRIVATE(G); /*!< The generator. */ + mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< Our secret value. */ + mbedtls_mpi MBEDTLS_PRIVATE(GX); /*!< Our public key = \c G^X mod \c P. */ + mbedtls_mpi MBEDTLS_PRIVATE(GY); /*!< The public key of the peer = \c G^Y mod \c P. */ + mbedtls_mpi MBEDTLS_PRIVATE(K); /*!< The shared secret = \c G^(XY) mod \c P. */ + mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< The cached value = \c R^2 mod \c P. */ + mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */ + mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */ + mbedtls_mpi MBEDTLS_PRIVATE(pX); /*!< The previous \c X. */ } mbedtls_dhm_context; diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 05855cdf1..874b4ee12 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -31,6 +31,7 @@ #ifndef MBEDTLS_ECDH_H #define MBEDTLS_ECDH_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -104,15 +105,15 @@ typedef struct mbedtls_ecdh_context_mbed typedef struct mbedtls_ecdh_context { #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT) - mbedtls_ecp_group grp; /*!< The elliptic curve used. */ - mbedtls_mpi d; /*!< The private key. */ - mbedtls_ecp_point Q; /*!< The public key. */ - mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */ - mbedtls_mpi z; /*!< The shared secret. */ - int point_format; /*!< The format of point export in TLS messages. */ - mbedtls_ecp_point Vi; /*!< The blinding value. */ - mbedtls_ecp_point Vf; /*!< The unblinding value. */ - mbedtls_mpi _d; /*!< The previous \p d. */ + mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */ + mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */ + mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */ + mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */ + mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */ + int MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages. */ + mbedtls_ecp_point MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */ + mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */ + mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */ #if defined(MBEDTLS_ECP_RESTARTABLE) int restart_enabled; /*!< The flag for restartable mode. */ mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */ diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 891705d8c..0c8e8c927 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_ECJPAKE_H #define MBEDTLS_ECJPAKE_H +#include "mbedtls/private_access.h" /* * J-PAKE is a password-authenticated key exchange that allows deriving a @@ -73,21 +74,21 @@ typedef enum { */ typedef struct mbedtls_ecjpake_context { - const mbedtls_md_info_t *md_info; /**< Hash to use */ - mbedtls_ecp_group grp; /**< Elliptic curve */ - mbedtls_ecjpake_role role; /**< Are we client or server? */ - int point_format; /**< Format for point export */ + const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /**< Hash to use */ + mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /**< Elliptic curve */ + mbedtls_ecjpake_role MBEDTLS_PRIVATE(role); /**< Are we client or server? */ + int MBEDTLS_PRIVATE(point_format); /**< Format for point export */ - mbedtls_ecp_point Xm1; /**< My public key 1 C: X1, S: X3 */ - mbedtls_ecp_point Xm2; /**< My public key 2 C: X2, S: X4 */ - mbedtls_ecp_point Xp1; /**< Peer public key 1 C: X3, S: X1 */ - mbedtls_ecp_point Xp2; /**< Peer public key 2 C: X4, S: X2 */ - mbedtls_ecp_point Xp; /**< Peer public key C: Xs, S: Xc */ + mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1); /**< My public key 1 C: X1, S: X3 */ + mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2); /**< My public key 2 C: X2, S: X4 */ + mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1); /**< Peer public key 1 C: X3, S: X1 */ + mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2); /**< Peer public key 2 C: X4, S: X2 */ + mbedtls_ecp_point MBEDTLS_PRIVATE(Xp); /**< Peer public key C: Xs, S: Xc */ - mbedtls_mpi xm1; /**< My private key 1 C: x1, S: x3 */ - mbedtls_mpi xm2; /**< My private key 2 C: x2, S: x4 */ + mbedtls_mpi MBEDTLS_PRIVATE(xm1); /**< My private key 1 C: x1, S: x3 */ + mbedtls_mpi MBEDTLS_PRIVATE(xm2); /**< My private key 2 C: x2, S: x4 */ - mbedtls_mpi s; /**< Pre-shared secret (passphrase) */ + mbedtls_mpi MBEDTLS_PRIVATE(s); /**< Pre-shared secret (passphrase) */ } mbedtls_ecjpake_context; #else /* MBEDTLS_ECJPAKE_ALT */ diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index dd400a018..913e323f1 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -33,6 +33,7 @@ #ifndef MBEDTLS_ECP_H #define MBEDTLS_ECP_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -142,10 +143,10 @@ typedef enum */ typedef struct mbedtls_ecp_curve_info { - mbedtls_ecp_group_id grp_id; /*!< An internal identifier. */ - uint16_t tls_id; /*!< The TLS NamedCurve identifier. */ - uint16_t bit_size; /*!< The curve size in bits. */ - const char *name; /*!< A human-friendly name. */ + mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier. */ + uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */ + uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */ + const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */ } mbedtls_ecp_curve_info; /** @@ -161,9 +162,9 @@ typedef struct mbedtls_ecp_curve_info */ typedef struct mbedtls_ecp_point { - mbedtls_mpi X; /*!< The X coordinate of the ECP point. */ - mbedtls_mpi Y; /*!< The Y coordinate of the ECP point. */ - mbedtls_mpi Z; /*!< The Z coordinate of the ECP point. */ + mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */ + mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */ + mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */ } mbedtls_ecp_point; @@ -210,26 +211,26 @@ mbedtls_ecp_point; */ typedef struct mbedtls_ecp_group { - mbedtls_ecp_group_id id; /*!< An internal group identifier. */ - mbedtls_mpi P; /*!< The prime modulus of the base field. */ - mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For + mbedtls_ecp_group_id MBEDTLS_PRIVATE(id); /*!< An internal group identifier. */ + mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus of the base field. */ + mbedtls_mpi MBEDTLS_PRIVATE(A); /*!< For Short Weierstrass: \p A in the equation. For Montgomery curves: (A + 2) / 4. */ - mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. + mbedtls_mpi MBEDTLS_PRIVATE(B); /*!< For Short Weierstrass: \p B in the equation. For Montgomery curves: unused. */ - mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ - mbedtls_mpi N; /*!< The order of \p G. */ - size_t pbits; /*!< The number of bits in \p P.*/ - size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. + mbedtls_ecp_point MBEDTLS_PRIVATE(G); /*!< The generator of the subgroup used. */ + mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The order of \p G. */ + size_t MBEDTLS_PRIVATE(pbits); /*!< The number of bits in \p P.*/ + size_t MBEDTLS_PRIVATE(nbits); /*!< For Short Weierstrass: The number of bits in \p P. For Montgomery curves: the number of bits in the private keys. */ - unsigned int h; /*!< \internal 1 if the constants are static. */ - int (*modp)(mbedtls_mpi *); /*!< The function for fast pseudo-reduction + unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */ + int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction mod \p P (see above).*/ - int (*t_pre)(mbedtls_ecp_point *, void *); /*!< Unused. */ - int (*t_post)(mbedtls_ecp_point *, void *); /*!< Unused. */ - void *t_data; /*!< Unused. */ - mbedtls_ecp_point *T; /*!< Pre-computed points for ecp_mul_comb(). */ - size_t T_size; /*!< The number of pre-computed points. */ + int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */ + int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */ + void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */ + mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for ecp_mul_comb(). */ + size_t MBEDTLS_PRIVATE(T_size); /*!< The number of pre-computed points. */ } mbedtls_ecp_group; @@ -369,9 +370,9 @@ typedef void mbedtls_ecp_restart_ctx; */ typedef struct mbedtls_ecp_keypair { - mbedtls_ecp_group grp; /*!< Elliptic curve and base point */ - mbedtls_mpi d; /*!< our secret value */ - mbedtls_ecp_point Q; /*!< our public value */ + mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< Elliptic curve and base point */ + mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< our secret value */ + mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< our public value */ } mbedtls_ecp_keypair; diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index c51e64164..d707bddf0 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_ENTROPY_H #define MBEDTLS_ENTROPY_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -104,11 +105,11 @@ typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, s */ typedef struct mbedtls_entropy_source_state { - mbedtls_entropy_f_source_ptr f_source; /**< The entropy source callback */ - void * p_source; /**< The callback data pointer */ - size_t size; /**< Amount received in bytes */ - size_t threshold; /**< Minimum bytes required before release */ - int strong; /**< Is the source strong? */ + mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy source callback */ + void * MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */ + size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */ + size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before release */ + int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */ } mbedtls_entropy_source_state; @@ -117,21 +118,21 @@ mbedtls_entropy_source_state; */ typedef struct mbedtls_entropy_context { - int accumulator_started; /* 0 after init. + int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init. * 1 after the first update. * -1 after free. */ #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - mbedtls_sha512_context accumulator; + mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator); #else mbedtls_sha256_context accumulator; #endif - int source_count; /* Number of entries used in source. */ - mbedtls_entropy_source_state source[MBEDTLS_ENTROPY_MAX_SOURCES]; + int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */ + mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES]; #if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; /*!< mutex */ + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */ #endif #if defined(MBEDTLS_ENTROPY_NV_SEED) - int initial_entropy_run; + int MBEDTLS_PRIVATE(initial_entropy_run); #endif } mbedtls_entropy_context; diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index a2fc2ab4a..c8e384ad8 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -30,6 +30,7 @@ #ifndef MBEDTLS_GCM_H #define MBEDTLS_GCM_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -58,15 +59,15 @@ extern "C" { */ typedef struct mbedtls_gcm_context { - mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */ - uint64_t HL[16]; /*!< Precalculated HTable low. */ - uint64_t HH[16]; /*!< Precalculated HTable high. */ - uint64_t len; /*!< The total length of the encrypted data. */ - uint64_t add_len; /*!< The total length of the additional data. */ - unsigned char base_ectr[16]; /*!< The first ECTR for tag. */ - unsigned char y[16]; /*!< The Y working value. */ - unsigned char buf[16]; /*!< The buf working value. */ - int mode; /*!< The operation to perform: + mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ + uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */ + uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */ + uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data. */ + uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional data. */ + unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag. */ + unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */ + unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */ + int MBEDTLS_PRIVATE(mode); /*!< The operation to perform: #MBEDTLS_GCM_ENCRYPT or #MBEDTLS_GCM_DECRYPT. */ } diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index 1ab342252..2f81158b0 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -25,6 +25,7 @@ */ #ifndef MBEDTLS_HMAC_DRBG_H #define MBEDTLS_HMAC_DRBG_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -86,19 +87,19 @@ typedef struct mbedtls_hmac_drbg_context { /* Working state: the key K is not stored explicitly, * but is implied by the HMAC context */ - mbedtls_md_context_t md_ctx; /*!< HMAC context (inc. K) */ - unsigned char V[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */ - int reseed_counter; /*!< reseed counter */ + mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K) */ + unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */ + int MBEDTLS_PRIVATE(reseed_counter); /*!< reseed counter */ /* Administrative state */ - size_t entropy_len; /*!< entropy bytes grabbed on each (re)seed */ - int prediction_resistance; /*!< enable prediction resistance (Automatic + size_t MBEDTLS_PRIVATE(entropy_len); /*!< entropy bytes grabbed on each (re)seed */ + int MBEDTLS_PRIVATE(prediction_resistance); /*!< enable prediction resistance (Automatic reseed before every random generation) */ - int reseed_interval; /*!< reseed interval */ + int MBEDTLS_PRIVATE(reseed_interval); /*!< reseed interval */ /* Callbacks */ - int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */ - void *p_entropy; /*!< context for the entropy function */ + int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); /*!< entropy function */ + void *MBEDTLS_PRIVATE(p_entropy); /*!< context for the entropy function */ #if defined(MBEDTLS_THREADING_C) /* Invariant: the mutex is initialized if and only if @@ -109,7 +110,7 @@ typedef struct mbedtls_hmac_drbg_context * Note that this invariant may change without notice. Do not rely on it * and do not access the mutex directly in application code. */ - mbedtls_threading_mutex_t mutex; + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); #endif } mbedtls_hmac_drbg_context; diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index fbc3b4785..21dc7c4aa 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -24,6 +24,7 @@ #ifndef MBEDTLS_MD_H #define MBEDTLS_MD_H +#include "mbedtls/private_access.h" #include @@ -93,13 +94,13 @@ typedef struct mbedtls_md_info_t mbedtls_md_info_t; typedef struct mbedtls_md_context_t { /** Information about the associated message digest. */ - const mbedtls_md_info_t *md_info; + const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /** The digest-specific context. */ - void *md_ctx; + void *MBEDTLS_PRIVATE(md_ctx); /** The HMAC part of the context. */ - void *hmac_ctx; + void *MBEDTLS_PRIVATE(hmac_ctx); } mbedtls_md_context_t; /** diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 950afa241..8d8d1e538 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -26,6 +26,7 @@ */ #ifndef MBEDTLS_MD2_H #define MBEDTLS_MD2_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -53,10 +54,10 @@ extern "C" { */ typedef struct mbedtls_md2_context { - unsigned char cksum[16]; /*!< checksum of the data block */ - unsigned char state[48]; /*!< intermediate digest state */ - unsigned char buffer[16]; /*!< data block being processed */ - size_t left; /*!< amount of data in buffer */ + unsigned char MBEDTLS_PRIVATE(cksum)[16]; /*!< checksum of the data block */ + unsigned char MBEDTLS_PRIVATE(state)[48]; /*!< intermediate digest state */ + unsigned char MBEDTLS_PRIVATE(buffer)[16]; /*!< data block being processed */ + size_t MBEDTLS_PRIVATE(left); /*!< amount of data in buffer */ } mbedtls_md2_context; diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index f9e398749..ac28d2904 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -26,6 +26,7 @@ */ #ifndef MBEDTLS_MD4_H #define MBEDTLS_MD4_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -54,9 +55,9 @@ extern "C" { */ typedef struct mbedtls_md4_context { - uint32_t total[2]; /*!< number of bytes processed */ - uint32_t state[4]; /*!< intermediate digest state */ - unsigned char buffer[64]; /*!< data block being processed */ + uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */ + uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */ + unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */ } mbedtls_md4_context; diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 71a41dc0e..27bc40971 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -25,6 +25,7 @@ */ #ifndef MBEDTLS_MD5_H #define MBEDTLS_MD5_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -53,9 +54,9 @@ extern "C" { */ typedef struct mbedtls_md5_context { - uint32_t total[2]; /*!< number of bytes processed */ - uint32_t state[4]; /*!< intermediate digest state */ - unsigned char buffer[64]; /*!< data block being processed */ + uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */ + uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */ + unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */ } mbedtls_md5_context; diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h index 319f4be53..502b9f453 100644 --- a/include/mbedtls/net_sockets.h +++ b/include/mbedtls/net_sockets.h @@ -37,6 +37,7 @@ */ #ifndef MBEDTLS_NET_SOCKETS_H #define MBEDTLS_NET_SOCKETS_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -84,7 +85,7 @@ extern "C" { */ typedef struct mbedtls_net_context { - int fd; /**< The underlying file descriptor */ + int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */ } mbedtls_net_context; diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h index 7f3e64a52..c537b589a 100644 --- a/include/mbedtls/nist_kw.h +++ b/include/mbedtls/nist_kw.h @@ -34,6 +34,7 @@ #ifndef MBEDTLS_NIST_KW_H #define MBEDTLS_NIST_KW_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -65,7 +66,7 @@ typedef enum * Don't make any assumptions on this context! */ typedef struct { - mbedtls_cipher_context_t cipher_ctx; /*!< The cipher context used. */ + mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ } mbedtls_nist_kw_context; #else /* MBEDTLS_NIST_key wrapping_ALT */ diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 4198eb107..dd3ade6b1 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_OID_H #define MBEDTLS_OID_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -439,11 +440,11 @@ extern "C" { */ typedef struct mbedtls_oid_descriptor_t { - const char *asn1; /*!< OID ASN.1 representation */ - size_t asn1_len; /*!< length of asn1 */ + const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation */ + size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1 */ #if !defined(MBEDTLS_X509_REMOVE_INFO) - const char *name; /*!< official name (e.g. from RFC) */ - const char *description; /*!< human friendly description */ + const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC) */ + const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */ #endif } mbedtls_oid_descriptor_t; diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h index 4769bec5f..9242da6b1 100644 --- a/include/mbedtls/pem.h +++ b/include/mbedtls/pem.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_PEM_H #define MBEDTLS_PEM_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -57,9 +58,9 @@ extern "C" { */ typedef struct mbedtls_pem_context { - unsigned char *buf; /*!< buffer for decoded data */ - size_t buflen; /*!< length of the buffer */ - unsigned char *info; /*!< buffer for extra header information */ + unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */ + size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer */ + unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header information */ } mbedtls_pem_context; diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 093b3bc6d..06da076fb 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -22,6 +22,7 @@ #ifndef MBEDTLS_PK_H #define MBEDTLS_PK_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -91,8 +92,8 @@ typedef enum { */ typedef struct mbedtls_pk_rsassa_pss_options { - mbedtls_md_type_t mgf1_hash_id; - int expected_salt_len; + mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id); + int MBEDTLS_PRIVATE(expected_salt_len); } mbedtls_pk_rsassa_pss_options; @@ -163,9 +164,9 @@ typedef enum */ typedef struct mbedtls_pk_debug_item { - mbedtls_pk_debug_type type; - const char *name; - void *value; + mbedtls_pk_debug_type MBEDTLS_PRIVATE(type); + const char *MBEDTLS_PRIVATE(name); + void *MBEDTLS_PRIVATE(value); } mbedtls_pk_debug_item; /** Maximum number of item send for debugging, plus 1 */ @@ -181,8 +182,8 @@ typedef struct mbedtls_pk_info_t mbedtls_pk_info_t; */ typedef struct mbedtls_pk_context { - const mbedtls_pk_info_t * pk_info; /**< Public key information */ - void * pk_ctx; /**< Underlying public key context */ + const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */ + void * MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context */ } mbedtls_pk_context; #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index c944732fb..c50d7d211 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -30,6 +30,7 @@ */ #ifndef MBEDTLS_PLATFORM_H #define MBEDTLS_PLATFORM_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -367,7 +368,7 @@ int mbedtls_platform_set_nv_seed( */ typedef struct mbedtls_platform_context { - char dummy; /**< A placeholder member, as empty structs are not portable. */ + char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */ } mbedtls_platform_context; diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h index 1767f5863..4d253858e 100644 --- a/include/mbedtls/poly1305.h +++ b/include/mbedtls/poly1305.h @@ -31,6 +31,7 @@ #ifndef MBEDTLS_POLY1305_H #define MBEDTLS_POLY1305_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -51,11 +52,11 @@ extern "C" { typedef struct mbedtls_poly1305_context { - uint32_t r[4]; /** The value for 'r' (low 128 bits of the key). */ - uint32_t s[4]; /** The value for 's' (high 128 bits of the key). */ - uint32_t acc[5]; /** The accumulator number. */ - uint8_t queue[16]; /** The current partial block of data. */ - size_t queue_len; /** The number of bytes stored in 'queue'. */ + uint32_t MBEDTLS_PRIVATE(r)[4]; /** The value for 'r' (low 128 bits of the key). */ + uint32_t MBEDTLS_PRIVATE(s)[4]; /** The value for 's' (high 128 bits of the key). */ + uint32_t MBEDTLS_PRIVATE(acc)[5]; /** The accumulator number. */ + uint8_t MBEDTLS_PRIVATE(queue)[16]; /** The current partial block of data. */ + size_t MBEDTLS_PRIVATE(queue_len); /** The number of bytes stored in 'queue'. */ } mbedtls_poly1305_context; diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 75fcdac93..d5feecb9b 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -25,6 +25,7 @@ #ifndef MBEDTLS_PSA_UTIL_H #define MBEDTLS_PSA_UTIL_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -380,7 +381,7 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group( if( curve_info == NULL ) return( 0 ); return( PSA_KEY_TYPE_ECC_KEY_PAIR( - mbedtls_ecc_group_to_psa( curve_info->grp_id, bits ) ) ); + mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) ); } #endif /* MBEDTLS_ECP_C */ diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 1c72d60fc..62570c2a2 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_RIPEMD160_H #define MBEDTLS_RIPEMD160_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -44,9 +45,9 @@ extern "C" { */ typedef struct mbedtls_ripemd160_context { - uint32_t total[2]; /*!< number of bytes processed */ - uint32_t state[5]; /*!< intermediate digest state */ - unsigned char buffer[64]; /*!< data block being processed */ + uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */ + uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state */ + unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */ } mbedtls_ripemd160_context; diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index a54ac4dd0..945050c3c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -27,6 +27,7 @@ */ #ifndef MBEDTLS_RSA_H #define MBEDTLS_RSA_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -90,41 +91,41 @@ extern "C" { */ typedef struct mbedtls_rsa_context { - int ver; /*!< Reserved for internal purposes. + int MBEDTLS_PRIVATE(ver); /*!< Reserved for internal purposes. * Do not set this field in application * code. Its meaning might change without * notice. */ - size_t len; /*!< The size of \p N in Bytes. */ + size_t MBEDTLS_PRIVATE(len); /*!< The size of \p N in Bytes. */ - mbedtls_mpi N; /*!< The public modulus. */ - mbedtls_mpi E; /*!< The public exponent. */ + mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The public modulus. */ + mbedtls_mpi MBEDTLS_PRIVATE(E); /*!< The public exponent. */ - mbedtls_mpi D; /*!< The private exponent. */ - mbedtls_mpi P; /*!< The first prime factor. */ - mbedtls_mpi Q; /*!< The second prime factor. */ + mbedtls_mpi MBEDTLS_PRIVATE(D); /*!< The private exponent. */ + mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The first prime factor. */ + mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!< The second prime factor. */ - mbedtls_mpi DP; /*!< D % (P - 1). */ - mbedtls_mpi DQ; /*!< D % (Q - 1). */ - mbedtls_mpi QP; /*!< 1 / (Q % P). */ + mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!< D % (P - 1). */ + mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!< D % (Q - 1). */ + mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!< 1 / (Q % P). */ - mbedtls_mpi RN; /*!< cached R^2 mod N. */ + mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!< cached R^2 mod N. */ - mbedtls_mpi RP; /*!< cached R^2 mod P. */ - mbedtls_mpi RQ; /*!< cached R^2 mod Q. */ + mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!< cached R^2 mod P. */ + mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!< cached R^2 mod Q. */ - mbedtls_mpi Vi; /*!< The cached blinding value. */ - mbedtls_mpi Vf; /*!< The cached un-blinding value. */ + mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!< The cached blinding value. */ + mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!< The cached un-blinding value. */ - int padding; /*!< Selects padding mode: + int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode: #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */ - int hash_id; /*!< Hash identifier of mbedtls_md_type_t type, + int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t type, as specified in md.h for use in the MGF mask generating function used in the EME-OAEP and EMSA-PSS encodings. */ #if defined(MBEDTLS_THREADING_C) /* Invariant: the mutex is initialized iff ver != 0. */ - mbedtls_threading_mutex_t mutex; /*!< Thread-safety mutex. */ + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< Thread-safety mutex. */ #endif } mbedtls_rsa_context; diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 56ff9487e..5a42e5c23 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -28,6 +28,7 @@ */ #ifndef MBEDTLS_SHA1_H #define MBEDTLS_SHA1_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -58,9 +59,9 @@ extern "C" { */ typedef struct mbedtls_sha1_context { - uint32_t total[2]; /*!< The number of Bytes processed. */ - uint32_t state[5]; /*!< The intermediate digest state. */ - unsigned char buffer[64]; /*!< The data block being processed. */ + uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */ + uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< The intermediate digest state. */ + unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */ } mbedtls_sha1_context; diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 22c2c7d7e..2b982ff9b 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -24,6 +24,7 @@ */ #ifndef MBEDTLS_SHA256_H #define MBEDTLS_SHA256_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -53,10 +54,10 @@ extern "C" { */ typedef struct mbedtls_sha256_context { - uint32_t total[2]; /*!< The number of Bytes processed. */ - uint32_t state[8]; /*!< The intermediate digest state. */ - unsigned char buffer[64]; /*!< The data block being processed. */ - int is224; /*!< Determines which function to use: + uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */ + uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */ + unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */ + int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use: 0: Use SHA-256, or 1: Use SHA-224. */ } mbedtls_sha256_context; diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 04222f4a4..3f1af17b1 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -23,6 +23,7 @@ */ #ifndef MBEDTLS_SHA512_H #define MBEDTLS_SHA512_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -52,12 +53,12 @@ extern "C" { */ typedef struct mbedtls_sha512_context { - uint64_t total[2]; /*!< The number of Bytes processed. */ - uint64_t state[8]; /*!< The intermediate digest state. */ - unsigned char buffer[128]; /*!< The data block being processed. */ + uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */ + uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */ + unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being processed. */ #if defined(MBEDTLS_SHA384_C) - int is384; /*!< Determines which function to use: - 0: Use SHA-512, or 1: Use SHA-384. */ + int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use: + 0: Use SHA-512, or 1: Use SHA-384. */ #endif } mbedtls_sha512_context; diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 88a599c18..e6a3ff581 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_SSL_H #define MBEDTLS_SSL_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -912,11 +913,11 @@ typedef uint16_t mbedtls_ssl_srtp_profile; typedef struct mbedtls_dtls_srtp_info_t { /*! The SRTP profile that was negotiated. */ - mbedtls_ssl_srtp_profile chosen_dtls_srtp_profile; + mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile); /*! The length of mki_value. */ - uint16_t mki_len; + uint16_t MBEDTLS_PRIVATE(mki_len); /*! The mki_value used, with max size of 256 bytes. */ - unsigned char mki_value[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; + unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH]; } mbedtls_dtls_srtp_info; @@ -936,17 +937,17 @@ mbedtls_dtls_srtp_info; struct mbedtls_ssl_session { #if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t start; /*!< starting time */ + mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time */ #endif - int ciphersuite; /*!< chosen ciphersuite */ - int compression; /*!< chosen compression */ - size_t id_len; /*!< session id length */ - unsigned char id[32]; /*!< session identifier */ - unsigned char master[48]; /*!< the master secret */ + int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */ + int MBEDTLS_PRIVATE(compression); /*!< chosen compression */ + size_t MBEDTLS_PRIVATE(id_len); /*!< session id length */ + unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */ + unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret */ #if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) - mbedtls_x509_crt *peer_cert; /*!< peer X.509 cert chain */ + mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */ #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ /*! The digest of the peer's end-CRT. This must be kept to detect CRT * changes during renegotiation, mitigating the triple handshake attack. */ @@ -955,24 +956,24 @@ struct mbedtls_ssl_session mbedtls_md_type_t peer_cert_digest_type; #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ - uint32_t verify_result; /*!< verification result */ + uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C) - unsigned char *ticket; /*!< RFC 5077 session ticket */ - size_t ticket_len; /*!< session ticket length */ - uint32_t ticket_lifetime; /*!< ticket lifetime hint */ + unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */ + size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length */ + uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - unsigned char mfl_code; /*!< MaxFragmentLength negotiated by peer */ + unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated by peer */ #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - int trunc_hmac; /*!< flag for truncated hmac activation */ + int MBEDTLS_PRIVATE(trunc_hmac); /*!< flag for truncated hmac activation */ #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - int encrypt_then_mac; /*!< flag for EtM activation */ + int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */ #endif }; @@ -990,114 +991,114 @@ struct mbedtls_ssl_config /** Allowed ciphersuites per version. To access list's elements, please use * \c mbedtls_ssl_get_protocol_version_ciphersuites */ - const int *ciphersuite_list[3]; + const int *MBEDTLS_PRIVATE(ciphersuite_list)[3]; /** Callback for printing debug output */ - void (*f_dbg)(void *, int, const char *, int, const char *); - void *p_dbg; /*!< context for the debug function */ + void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *); + void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function */ /** Callback for getting (pseudo-)random numbers */ - int (*f_rng)(void *, unsigned char *, size_t); - void *p_rng; /*!< context for the RNG function */ + int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); + void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ /** Callback to retrieve a session from the cache */ - mbedtls_ssl_cache_get_t *f_get_cache; + mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache); /** Callback to store a session into the cache */ - mbedtls_ssl_cache_set_t *f_set_cache; - void *p_cache; /*!< context for cache callbacks */ + mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache); + void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) /** Callback for setting cert according to SNI extension */ - int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t); - void *p_sni; /*!< context for SNI callback */ + int (*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t); + void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback */ #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) /** Callback to customize X.509 certificate chain verification */ - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); - void *p_vrfy; /*!< context for X.509 verify calllback */ + int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *); + void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */ #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) /** Callback to retrieve PSK key from identity */ - int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t); - void *p_psk; /*!< context for PSK callback */ + int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t); + void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback */ #endif #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) /** Callback to create & write a cookie for ClientHello veirifcation */ - int (*f_cookie_write)( void *, unsigned char **, unsigned char *, + int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *, const unsigned char *, size_t ); /** Callback to verify validity of a ClientHello cookie */ - int (*f_cookie_check)( void *, const unsigned char *, size_t, + int (*MBEDTLS_PRIVATE(f_cookie_check))( void *, const unsigned char *, size_t, const unsigned char *, size_t ); - void *p_cookie; /*!< context for the cookie callbacks */ + void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks */ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C) /** Callback to create & write a session ticket */ - int (*f_ticket_write)( void *, const mbedtls_ssl_session *, + int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *, unsigned char *, const unsigned char *, size_t *, uint32_t * ); /** Callback to parse a session ticket into a session structure */ - int (*f_ticket_parse)( void *, mbedtls_ssl_session *, unsigned char *, size_t); - void *p_ticket; /*!< context for the ticket callbacks */ + int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t); + void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) /** Callback to export key block and master secret */ - int (*f_export_keys)( void *, const unsigned char *, + int (*MBEDTLS_PRIVATE(f_export_keys))( void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t ); /** Callback to export key block, master secret, * tls_prf and random bytes. Should replace f_export_keys */ - int (*f_export_keys_ext)( void *, const unsigned char *, + int (*MBEDTLS_PRIVATE(f_export_keys_ext))( void *, const unsigned char *, const unsigned char *, size_t, size_t, size_t, const unsigned char[32], const unsigned char[32], mbedtls_tls_prf_types ); - void *p_export_keys; /*!< context for key export callback */ + void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback */ #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - size_t cid_len; /*!< The length of CIDs for incoming DTLS records. */ + size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records. */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_X509_CRT_PARSE_C) - const mbedtls_x509_crt_profile *cert_profile; /*!< verification profile */ - mbedtls_ssl_key_cert *key_cert; /*!< own certificate/key pair(s) */ - mbedtls_x509_crt *ca_chain; /*!< trusted CAs */ - mbedtls_x509_crl *ca_crl; /*!< trusted CAs CRLs */ + const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */ + mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s) */ + mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */ + mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */ #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) - mbedtls_x509_crt_ca_cb_t f_ca_cb; - void *p_ca_cb; + mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb); + void *MBEDTLS_PRIVATE(p_ca_cb); #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_ASYNC_PRIVATE) #if defined(MBEDTLS_X509_CRT_PARSE_C) - mbedtls_ssl_async_sign_t *f_async_sign_start; /*!< start asynchronous signature operation */ - mbedtls_ssl_async_decrypt_t *f_async_decrypt_start; /*!< start asynchronous decryption operation */ + mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */ + mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ - mbedtls_ssl_async_resume_t *f_async_resume; /*!< resume asynchronous operation */ - mbedtls_ssl_async_cancel_t *f_async_cancel; /*!< cancel asynchronous operation */ - void *p_async_config_data; /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */ + mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */ + mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */ + void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */ #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - const int *sig_hashes; /*!< allowed signature hashes */ + const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */ #endif #if defined(MBEDTLS_ECP_C) - const mbedtls_ecp_group_id *curve_list; /*!< allowed curves */ + const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */ #endif #if defined(MBEDTLS_DHM_C) - mbedtls_mpi dhm_P; /*!< prime modulus for DHM */ - mbedtls_mpi dhm_G; /*!< generator for DHM */ + mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */ + mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */ #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_key_id_t psk_opaque; /*!< PSA key slot holding opaque PSK. This field + psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field * should only be set via * mbedtls_ssl_conf_psk_opaque(). * If either no PSK or a raw PSK have been @@ -1105,22 +1106,22 @@ struct mbedtls_ssl_config */ #endif /* MBEDTLS_USE_PSA_CRYPTO */ - unsigned char *psk; /*!< The raw pre-shared key. This field should + unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field should * only be set via mbedtls_ssl_conf_psk(). * If either no PSK or an opaque PSK * have been configured, this has value NULL. */ - size_t psk_len; /*!< The length of the raw pre-shared key. + size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key. * This field should only be set via * mbedtls_ssl_conf_psk(). * Its value is non-zero if and only if * \c psk is not \c NULL. */ - unsigned char *psk_identity; /*!< The PSK identity for PSK negotiation. + unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK negotiation. * This field should only be set via * mbedtls_ssl_conf_psk(). * This is set if and only if either * \c psk or \c psk_opaque are set. */ - size_t psk_identity_len;/*!< The length of PSK identity. + size_t MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity. * This field should only be set via * mbedtls_ssl_conf_psk(). * Its value is non-zero if and only if @@ -1129,279 +1130,279 @@ struct mbedtls_ssl_config #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_SSL_ALPN) - const char **alpn_list; /*!< ordered list of protocols */ + const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */ #endif #if defined(MBEDTLS_SSL_DTLS_SRTP) /*! ordered list of supported srtp profile */ - const mbedtls_ssl_srtp_profile *dtls_srtp_profile_list; + const mbedtls_ssl_srtp_profile *MBEDTLS_PRIVATE(dtls_srtp_profile_list); /*! number of supported profiles */ - size_t dtls_srtp_profile_list_len; + size_t MBEDTLS_PRIVATE(dtls_srtp_profile_list_len); #endif /* MBEDTLS_SSL_DTLS_SRTP */ /* * Numerical settings (int then char) */ - uint32_t read_timeout; /*!< timeout for mbedtls_ssl_read (ms) */ + uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read (ms) */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - uint32_t hs_timeout_min; /*!< initial value of the handshake + uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the handshake retransmission timeout (ms) */ - uint32_t hs_timeout_max; /*!< maximum value of the handshake + uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the handshake retransmission timeout (ms) */ #endif #if defined(MBEDTLS_SSL_RENEGOTIATION) - int renego_max_records; /*!< grace period for renegotiation */ - unsigned char renego_period[8]; /*!< value of the record counters + int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation */ + unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters that triggers renegotiation */ #endif #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) - unsigned int badmac_limit; /*!< limit of records with a bad MAC */ + unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad MAC */ #endif #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C) - unsigned int dhm_min_bitlen; /*!< min. bit length of the DHM prime */ + unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the DHM prime */ #endif - unsigned char max_major_ver; /*!< max. major version used */ - unsigned char max_minor_ver; /*!< max. minor version used */ - unsigned char min_major_ver; /*!< min. major version used */ - unsigned char min_minor_ver; /*!< min. minor version used */ + unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used */ + unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used */ + unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used */ + unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used */ /* * Flags (bitfields) */ - unsigned int endpoint : 1; /*!< 0: client, 1: server */ - unsigned int transport : 1; /*!< stream (TLS) or datagram (DTLS) */ - unsigned int authmode : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */ + unsigned int MBEDTLS_PRIVATE(endpoint) : 1; /*!< 0: client, 1: server */ + unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram (DTLS) */ + unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */ /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE */ - unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX */ + unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - unsigned int mfl_code : 3; /*!< desired fragment length */ + unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */ #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - unsigned int encrypt_then_mac : 1 ; /*!< negotiate encrypt-then-mac? */ + unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac? */ #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - unsigned int extended_ms : 1; /*!< negotiate extended master secret? */ + unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended master secret? */ #endif #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - unsigned int anti_replay : 1; /*!< detect and prevent replay? */ + unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent replay? */ #endif #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) - unsigned int cbc_record_splitting : 1; /*!< do cbc record splitting */ + unsigned int MBEDTLS_PRIVATE(cbc_record_splitting) : 1; /*!< do cbc record splitting */ #endif #if defined(MBEDTLS_SSL_RENEGOTIATION) - unsigned int disable_renegotiation : 1; /*!< disable renegotiation? */ + unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation? */ #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - unsigned int trunc_hmac : 1; /*!< negotiate truncated hmac? */ + unsigned int MBEDTLS_PRIVATE(trunc_hmac) : 1; /*!< negotiate truncated hmac? */ #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - unsigned int session_tickets : 1; /*!< use session tickets? */ + unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets? */ #endif #if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C) - unsigned int fallback : 1; /*!< is this a fallback? */ + unsigned int MBEDTLS_PRIVATE(fallback) : 1; /*!< is this a fallback? */ #endif #if defined(MBEDTLS_SSL_SRV_C) - unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in + unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA list in Certificate Request messages? */ #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS + unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS * record with unexpected CID * should lead to failure. */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_DTLS_SRTP) - unsigned int dtls_srtp_mki_support : 1; /* support having mki_value + unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value in the use_srtp extension */ #endif }; struct mbedtls_ssl_context { - const mbedtls_ssl_config *conf; /*!< configuration information */ + const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information */ /* * Miscellaneous */ - int state; /*!< SSL handshake: current state */ + int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - int renego_status; /*!< Initial, in progress, pending? */ - int renego_records_seen; /*!< Records since renego request, or with DTLS, + int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending? */ + int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request, or with DTLS, number of retransmissions of request if renego_max_records is < 0 */ #endif /* MBEDTLS_SSL_RENEGOTIATION */ - int major_ver; /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */ - int minor_ver; /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */ + int MBEDTLS_PRIVATE(major_ver); /*!< equal to MBEDTLS_SSL_MAJOR_VERSION_3 */ + int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */ #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) - unsigned badmac_seen; /*!< records with a bad MAC received */ + unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received */ #endif /* MBEDTLS_SSL_DTLS_BADMAC_LIMIT */ #if defined(MBEDTLS_X509_CRT_PARSE_C) /** Callback to customize X.509 certificate chain verification */ - int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *); - void *p_vrfy; /*!< context for X.509 verify callback */ + int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *); + void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */ #endif - mbedtls_ssl_send_t *f_send; /*!< Callback for network send */ - mbedtls_ssl_recv_t *f_recv; /*!< Callback for network receive */ - mbedtls_ssl_recv_timeout_t *f_recv_timeout; + mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */ + mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */ + mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout); /*!< Callback for network receive with timeout */ - void *p_bio; /*!< context for I/O operations */ + void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations */ /* * Session layer */ - mbedtls_ssl_session *session_in; /*!< current session data (in) */ - mbedtls_ssl_session *session_out; /*!< current session data (out) */ - mbedtls_ssl_session *session; /*!< negotiated session data */ - mbedtls_ssl_session *session_negotiate; /*!< session data in negotiation */ + mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!< current session data (in) */ + mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!< current session data (out) */ + mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!< negotiated session data */ + mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!< session data in negotiation */ - mbedtls_ssl_handshake_params *handshake; /*!< params required only during + mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!< params required only during the handshake process */ /* * Record layer transformations */ - mbedtls_ssl_transform *transform_in; /*!< current transform params (in) */ - mbedtls_ssl_transform *transform_out; /*!< current transform params (in) */ - mbedtls_ssl_transform *transform; /*!< negotiated transform params */ - mbedtls_ssl_transform *transform_negotiate; /*!< transform params in negotiation */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!< current transform params (in) */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!< current transform params (in) */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!< negotiated transform params */ + mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!< transform params in negotiation */ /* * Timers */ - void *p_timer; /*!< context for the timer callbacks */ + void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */ - mbedtls_ssl_set_timer_t *f_set_timer; /*!< set timer callback */ - mbedtls_ssl_get_timer_t *f_get_timer; /*!< get timer callback */ + mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer callback */ + mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer callback */ /* * Record layer (incoming data) */ - unsigned char *in_buf; /*!< input buffer */ - unsigned char *in_ctr; /*!< 64-bit incoming message counter + unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */ + unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter TLS: maintained by us DTLS: read from peer */ - unsigned char *in_hdr; /*!< start of record header */ + unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char *in_cid; /*!< The start of the CID; + unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID; * (the end is marked by in_len). */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - unsigned char *in_len; /*!< two-bytes message length field */ - unsigned char *in_iv; /*!< ivlen-byte IV */ - unsigned char *in_msg; /*!< message contents (in_iv+ivlen) */ - unsigned char *in_offt; /*!< read offset in application data */ + unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field */ + unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */ + unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen) */ + unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application data */ - int in_msgtype; /*!< record header: message type */ - size_t in_msglen; /*!< record header: message length */ - size_t in_left; /*!< amount of data read so far */ + int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type */ + size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length */ + size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far */ #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t in_buf_len; /*!< length of input buffer */ + size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer */ #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) - uint16_t in_epoch; /*!< DTLS epoch for incoming records */ - size_t next_record_offset; /*!< offset of the next record in datagram + uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records */ + size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record in datagram (equal to in_left if none) */ #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) - uint64_t in_window_top; /*!< last validated record seq_num */ - uint64_t in_window; /*!< bitmask for replay detection */ + uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num */ + uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */ #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */ - size_t in_hslen; /*!< current handshake message length, + size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length, including the handshake header */ - int nb_zero; /*!< # of 0-length encrypted messages */ + int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */ - int keep_current_message; /*!< drop or reuse current message + int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current message on next call to record layer? */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - uint8_t disable_datagram_packing; /*!< Disable packing multiple records + uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing multiple records * within a single datagram. */ #endif /* MBEDTLS_SSL_PROTO_DTLS */ /* * Record layer (outgoing data) */ - unsigned char *out_buf; /*!< output buffer */ - unsigned char *out_ctr; /*!< 64-bit outgoing message counter */ - unsigned char *out_hdr; /*!< start of record header */ + unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */ + unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message counter */ + unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - unsigned char *out_cid; /*!< The start of the CID; + unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID; * (the end is marked by in_len). */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ - unsigned char *out_len; /*!< two-bytes message length field */ - unsigned char *out_iv; /*!< ivlen-byte IV */ - unsigned char *out_msg; /*!< message contents (out_iv+ivlen) */ + unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field */ + unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */ + unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents (out_iv+ivlen) */ - int out_msgtype; /*!< record header: message type */ - size_t out_msglen; /*!< record header: message length */ - size_t out_left; /*!< amount of data not yet written */ + int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type */ + size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length */ + size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written */ #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) - size_t out_buf_len; /*!< length of output buffer */ + size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */ #endif - unsigned char cur_out_ctr[8]; /*!< Outgoing record sequence number. */ + unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!< Outgoing record sequence number. */ #if defined(MBEDTLS_SSL_PROTO_DTLS) - uint16_t mtu; /*!< path mtu, used to fragment outgoing messages */ + uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing messages */ #endif /* MBEDTLS_SSL_PROTO_DTLS */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) - signed char split_done; /*!< current record already splitted? */ + signed char MBEDTLS_PRIVATE(split_done); /*!< current record already splitted? */ #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */ /* * PKI layer */ - int client_auth; /*!< flag for client auth. */ + int MBEDTLS_PRIVATE(client_auth); /*!< flag for client auth. */ /* * User settings */ #if defined(MBEDTLS_X509_CRT_PARSE_C) - char *hostname; /*!< expected peer CN for verification + char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification (and SNI if available) */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_ALPN) - const char *alpn_chosen; /*!< negotiated protocol */ + const char *MBEDTLS_PRIVATE(alpn_chosen); /*!< negotiated protocol */ #endif /* MBEDTLS_SSL_ALPN */ #if defined(MBEDTLS_SSL_DTLS_SRTP) /* * use_srtp extension */ - mbedtls_dtls_srtp_info dtls_srtp_info; + mbedtls_dtls_srtp_info MBEDTLS_PRIVATE(dtls_srtp_info); #endif /* MBEDTLS_SSL_DTLS_SRTP */ /* * Information for DTLS hello verify */ #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C) - unsigned char *cli_id; /*!< transport-level ID of the client */ - size_t cli_id_len; /*!< length of cli_id */ + unsigned char *MBEDTLS_PRIVATE(cli_id); /*!< transport-level ID of the client */ + size_t MBEDTLS_PRIVATE(cli_id_len); /*!< length of cli_id */ #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */ /* * Secure renegotiation */ /* needed to know when to send extension on server */ - int secure_renegotiation; /*!< does peer support legacy or + int MBEDTLS_PRIVATE(secure_renegotiation); /*!< does peer support legacy or secure renegotiation */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - size_t verify_data_len; /*!< length of verify data stored */ - char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ - char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ + size_t MBEDTLS_PRIVATE(verify_data_len); /*!< length of verify data stored */ + char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ + char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!< previous handshake verify data */ #endif /* MBEDTLS_SSL_RENEGOTIATION */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -1411,9 +1412,9 @@ struct mbedtls_ssl_context * all subsequent handshakes. This may be different from the * CID currently used in case the user has re-configured the CID * after an initial handshake. */ - unsigned char own_cid[ MBEDTLS_SSL_CID_IN_LEN_MAX ]; - uint8_t own_cid_len; /*!< The length of \c own_cid. */ - uint8_t negotiate_cid; /*!< This indicates whether the CID extension should + unsigned char MBEDTLS_PRIVATE(own_cid)[ MBEDTLS_SSL_CID_IN_LEN_MAX ]; + uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */ + uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should * be negotiated in the next handshake or not. * Possible values are #MBEDTLS_SSL_CID_ENABLED * and #MBEDTLS_SSL_CID_DISABLED. */ diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h index ac7b77cfb..d995f8f6d 100644 --- a/include/mbedtls/ssl_cache.h +++ b/include/mbedtls/ssl_cache.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_SSL_CACHE_H #define MBEDTLS_SSL_CACHE_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -65,16 +66,16 @@ typedef struct mbedtls_ssl_cache_entry mbedtls_ssl_cache_entry; struct mbedtls_ssl_cache_entry { #if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t timestamp; /*!< entry timestamp */ + mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp */ #endif - unsigned char session_id[32]; /*!< session ID */ - size_t session_id_len; + unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID */ + size_t MBEDTLS_PRIVATE(session_id_len); - unsigned char *session; /*!< serialized session */ - size_t session_len; + unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */ + size_t MBEDTLS_PRIVATE(session_len); - mbedtls_ssl_cache_entry *next; /*!< chain pointer */ + mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer */ }; /** @@ -82,11 +83,11 @@ struct mbedtls_ssl_cache_entry */ struct mbedtls_ssl_cache_context { - mbedtls_ssl_cache_entry *chain; /*!< start of the chain */ - int timeout; /*!< cache entry timeout */ - int max_entries; /*!< maximum entries */ + mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */ + int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout */ + int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries */ #if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; /*!< mutex */ + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */ #endif }; diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 3eacfb5a3..093238c0b 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_SSL_CIPHERSUITES_H #define MBEDTLS_SSL_CIPHERSUITES_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -405,7 +406,7 @@ int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED) static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) { - switch( info->key_exchange ) + switch( info->MBEDTLS_PRIVATE(key_exchange) ) { case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_PSK: @@ -424,7 +425,7 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED) static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info ) { - switch( info->key_exchange ) + switch( info->MBEDTLS_PRIVATE(key_exchange) ) { case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: @@ -442,7 +443,7 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info ) { - switch( info->key_exchange ) + switch( info->MBEDTLS_PRIVATE(key_exchange) ) { case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: @@ -456,7 +457,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersui static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) { - switch( info->key_exchange ) + switch( info->MBEDTLS_PRIVATE(key_exchange) ) { case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_RSA: @@ -473,7 +474,7 @@ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ci static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info ) { - switch( info->key_exchange ) + switch( info->MBEDTLS_PRIVATE(key_exchange) ) { case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_RSA_PSK: @@ -492,7 +493,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphe #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info ) { - switch( info->key_exchange ) + switch( info->MBEDTLS_PRIVATE(key_exchange) ) { case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_PSK: @@ -507,7 +508,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuit #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info ) { - switch( info->key_exchange ) + switch( info->MBEDTLS_PRIVATE(key_exchange) ) { case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: @@ -523,7 +524,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersu #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info ) { - switch( info->key_exchange ) + switch( info->MBEDTLS_PRIVATE(key_exchange) ) { case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h index 0a238708e..6806dbddd 100644 --- a/include/mbedtls/ssl_cookie.h +++ b/include/mbedtls/ssl_cookie.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_SSL_COOKIE_H #define MBEDTLS_SSL_COOKIE_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -56,15 +57,15 @@ extern "C" { */ typedef struct mbedtls_ssl_cookie_ctx { - mbedtls_md_context_t hmac_ctx; /*!< context for the HMAC portion */ + mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */ #if !defined(MBEDTLS_HAVE_TIME) unsigned long serial; /*!< serial number for expiration */ #endif - unsigned long timeout; /*!< timeout delay, in seconds if HAVE_TIME, + unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME, or in number of tickets issued */ #if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); #endif } mbedtls_ssl_cookie_ctx; diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index a882eed23..871eec379 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_SSL_TICKET_H #define MBEDTLS_SSL_TICKET_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -50,9 +51,9 @@ extern "C" { */ typedef struct mbedtls_ssl_ticket_key { - unsigned char name[4]; /*!< random key identifier */ - uint32_t generation_time; /*!< key generation timestamp (seconds) */ - mbedtls_cipher_context_t ctx; /*!< context for auth enc/decryption */ + unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */ + uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp (seconds) */ + mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth enc/decryption */ } mbedtls_ssl_ticket_key; @@ -61,17 +62,17 @@ mbedtls_ssl_ticket_key; */ typedef struct mbedtls_ssl_ticket_context { - mbedtls_ssl_ticket_key keys[2]; /*!< ticket protection keys */ - unsigned char active; /*!< index of the currently active key */ + mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys */ + unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active key */ - uint32_t ticket_lifetime; /*!< lifetime of tickets in seconds */ + uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in seconds */ /** Callback for getting (pseudo-)random numbers */ - int (*f_rng)(void *, unsigned char *, size_t); - void *p_rng; /*!< context for the RNG function */ + int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t); + void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function */ #if defined(MBEDTLS_THREADING_C) - mbedtls_threading_mutex_t mutex; + mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); #endif } mbedtls_ssl_ticket_context; diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 1047f8f35..fae96c2d0 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_THREADING_H #define MBEDTLS_THREADING_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -41,11 +42,11 @@ extern "C" { #include typedef struct mbedtls_threading_mutex_t { - pthread_mutex_t mutex; + pthread_mutex_t MBEDTLS_PRIVATE(mutex); /* is_valid is 0 after a failed init or a free, and nonzero after a * successful init. This field is not considered part of the public * API of Mbed TLS and may change without notice. */ - char is_valid; + char MBEDTLS_PRIVATE(is_valid); } mbedtls_threading_mutex_t; #endif diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index b7290cfca..9a8b1e011 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_TIMING_H #define MBEDTLS_TIMING_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -43,7 +44,7 @@ extern "C" { */ struct mbedtls_timing_hr_time { - unsigned char opaque[32]; + unsigned char MBEDTLS_PRIVATE(opaque)[32]; }; /** @@ -52,8 +53,8 @@ struct mbedtls_timing_hr_time typedef struct mbedtls_timing_delay_context { struct mbedtls_timing_hr_time timer; - uint32_t int_ms; - uint32_t fin_ms; + uint32_t MBEDTLS_PRIVATE(int_ms); + uint32_t MBEDTLS_PRIVATE(fin_ms); } mbedtls_timing_delay_context; #else /* MBEDTLS_TIMING_ALT */ diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 3091de1d1..b7a969a3b 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_X509_H #define MBEDTLS_X509_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -229,8 +230,8 @@ typedef mbedtls_asn1_sequence mbedtls_x509_sequence; /** Container for date and time (precision in seconds). */ typedef struct mbedtls_x509_time { - int year, mon, day; /**< Date. */ - int hour, min, sec; /**< Time. */ + int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day); /**< Date. */ + int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec); /**< Time. */ } mbedtls_x509_time; diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index fcaa1495d..440da1216 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_X509_CRL_H #define MBEDTLS_X509_CRL_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -49,15 +50,15 @@ extern "C" { */ typedef struct mbedtls_x509_crl_entry { - mbedtls_x509_buf raw; + mbedtls_x509_buf MBEDTLS_PRIVATE(raw); - mbedtls_x509_buf serial; + mbedtls_x509_buf MBEDTLS_PRIVATE(serial); - mbedtls_x509_time revocation_date; + mbedtls_x509_time MBEDTLS_PRIVATE(revocation_date); - mbedtls_x509_buf entry_ext; + mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext); - struct mbedtls_x509_crl_entry *next; + struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next); } mbedtls_x509_crl_entry; @@ -67,30 +68,30 @@ mbedtls_x509_crl_entry; */ typedef struct mbedtls_x509_crl { - mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ - mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ + mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */ + mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */ - int version; /**< CRL version (1=v1, 2=v2) */ - mbedtls_x509_buf sig_oid; /**< CRL signature type identifier */ + int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */ + mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type identifier */ - mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). */ + mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). */ - mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ + mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */ - mbedtls_x509_time this_update; - mbedtls_x509_time next_update; + mbedtls_x509_time MBEDTLS_PRIVATE(this_update); + mbedtls_x509_time MBEDTLS_PRIVATE(next_update); - mbedtls_x509_crl_entry entry; /**< The CRL entries containing the certificate revocation times for this CA. */ + mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries containing the certificate revocation times for this CA. */ - mbedtls_x509_buf crl_ext; + mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext); - mbedtls_x509_buf sig_oid2; - mbedtls_x509_buf sig; - mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ + mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2); + mbedtls_x509_buf MBEDTLS_PRIVATE(sig); + mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ + mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ + void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ - struct mbedtls_x509_crl *next; + struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next); } mbedtls_x509_crl; diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 23a20d10b..015962c7c 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_X509_CRT_H #define MBEDTLS_X509_CRT_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -51,50 +52,50 @@ extern "C" { */ typedef struct mbedtls_x509_crt { - int own_buffer; /**< Indicates if \c raw is owned + int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned * by the structure or not. */ - mbedtls_x509_buf raw; /**< The raw certificate data (DER). */ - mbedtls_x509_buf tbs; /**< The raw certificate body (DER). The part that is To Be Signed. */ + mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER). */ + mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER). The part that is To Be Signed. */ - int version; /**< The X.509 version. (1=v1, 2=v2, 3=v3) */ - mbedtls_x509_buf serial; /**< Unique id for certificate issued by a specific CA. */ - mbedtls_x509_buf sig_oid; /**< Signature algorithm, e.g. sha1RSA */ + int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */ + mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate issued by a specific CA. */ + mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g. sha1RSA */ - mbedtls_x509_buf issuer_raw; /**< The raw issuer data (DER). Used for quick comparison. */ - mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). Used for quick comparison. */ + mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data (DER). Used for quick comparison. */ + mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). Used for quick comparison. */ - mbedtls_x509_name issuer; /**< The parsed issuer data (named information object). */ - mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ + mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data (named information object). */ + mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */ - mbedtls_x509_time valid_from; /**< Start time of certificate validity. */ - mbedtls_x509_time valid_to; /**< End time of certificate validity. */ + mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of certificate validity. */ + mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate validity. */ - mbedtls_x509_buf pk_raw; - mbedtls_pk_context pk; /**< Container for the public key context. */ + mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw); + mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */ - mbedtls_x509_buf issuer_id; /**< Optional X.509 v2/v3 issuer unique identifier. */ - mbedtls_x509_buf subject_id; /**< Optional X.509 v2/v3 subject unique identifier. */ - mbedtls_x509_buf v3_ext; /**< Optional X.509 v3 extensions. */ - mbedtls_x509_sequence subject_alt_names; /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */ + mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3 issuer unique identifier. */ + mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3 subject unique identifier. */ + mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions. */ + mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */ - mbedtls_x509_sequence certificate_policies; /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */ + mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */ - int ext_types; /**< Bit string containing detected and parsed extensions */ - int ca_istrue; /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ - int max_pathlen; /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */ + int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and parsed extensions */ + int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */ + int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */ - unsigned int key_usage; /**< Optional key usage extension value: See the values in x509.h */ + unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension value: See the values in x509.h */ - mbedtls_x509_sequence ext_key_usage; /**< Optional list of extended key usage OIDs. */ + mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */ - unsigned char ns_cert_type; /**< Optional Netscape certificate type extension value: See the values in x509.h */ + unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */ - mbedtls_x509_buf sig; /**< Signature: hash of the tbs part signed with the private key. */ - mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ + mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part signed with the private key. */ + mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ + mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ + void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ - struct mbedtls_x509_crt *next; /**< Next certificate in the CA-chain. */ + struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the CA-chain. */ } mbedtls_x509_crt; @@ -111,7 +112,7 @@ typedef struct mbedtls_x509_san_other_name * To check the value of the type id, you should use * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf. */ - mbedtls_x509_buf type_id; /**< The type id. */ + mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */ union { /** @@ -122,12 +123,12 @@ typedef struct mbedtls_x509_san_other_name */ struct { - mbedtls_x509_buf oid; /**< The object identifier. */ - mbedtls_x509_buf val; /**< The named value. */ + mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */ + mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */ } - hardware_module_name; + MBEDTLS_PRIVATE(hardware_module_name); } - value; + MBEDTLS_PRIVATE(value); } mbedtls_x509_san_other_name; @@ -136,12 +137,12 @@ mbedtls_x509_san_other_name; */ typedef struct mbedtls_x509_subject_alternative_name { - int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ + int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ union { - mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */ - mbedtls_x509_buf unstructured_name; /**< The buffer for the un constructed types. Only dnsName currently supported */ + mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */ + mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */ } - san; /**< A union of the supported SAN types */ + MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */ } mbedtls_x509_subject_alternative_name; @@ -158,10 +159,10 @@ mbedtls_x509_subject_alternative_name; */ typedef struct mbedtls_x509_crt_profile { - uint32_t allowed_mds; /**< MDs for signatures */ - uint32_t allowed_pks; /**< PK algs for signatures */ - uint32_t allowed_curves; /**< Elliptic curves for ECDSA */ - uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys */ + uint32_t MBEDTLS_PRIVATE(allowed_mds); /**< MDs for signatures */ + uint32_t MBEDTLS_PRIVATE(allowed_pks); /**< PK algs for signatures */ + uint32_t MBEDTLS_PRIVATE(allowed_curves); /**< Elliptic curves for ECDSA */ + uint32_t MBEDTLS_PRIVATE(rsa_min_bitlen); /**< Minimum size for RSA keys */ } mbedtls_x509_crt_profile; @@ -249,16 +250,16 @@ mbedtls_x509_crt_profile; */ typedef struct mbedtls_x509write_cert { - int version; - mbedtls_mpi serial; - mbedtls_pk_context *subject_key; - mbedtls_pk_context *issuer_key; - mbedtls_asn1_named_data *subject; - mbedtls_asn1_named_data *issuer; - mbedtls_md_type_t md_alg; - char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; - char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; - mbedtls_asn1_named_data *extensions; + int MBEDTLS_PRIVATE(version); + mbedtls_mpi MBEDTLS_PRIVATE(serial); + mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key); + mbedtls_pk_context *MBEDTLS_PRIVATE(issuer_key); + mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject); + mbedtls_asn1_named_data *MBEDTLS_PRIVATE(issuer); + mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg); + char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; + char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1]; + mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions); } mbedtls_x509write_cert; @@ -266,8 +267,8 @@ mbedtls_x509write_cert; * Item in a verification chain: cert and flags for it */ typedef struct { - mbedtls_x509_crt *crt; - uint32_t flags; + mbedtls_x509_crt *MBEDTLS_PRIVATE(crt); + uint32_t MBEDTLS_PRIVATE(flags); } mbedtls_x509_crt_verify_chain_item; /** @@ -280,15 +281,15 @@ typedef struct { */ typedef struct { - mbedtls_x509_crt_verify_chain_item items[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; - unsigned len; + mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE]; + unsigned MBEDTLS_PRIVATE(len); #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) /* This stores the list of potential trusted signers obtained from * the CA callback used for the CRT verification, if configured. * We must track it somewhere because the callback passes its * ownership to the caller. */ - mbedtls_x509_crt *trust_ca_cb_result; + mbedtls_x509_crt *MBEDTLS_PRIVATE(trust_ca_cb_result); #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ } mbedtls_x509_crt_verify_chain; diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 07a371729..fa98394e8 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_X509_CSR_H #define MBEDTLS_X509_CSR_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -48,21 +49,21 @@ extern "C" { */ typedef struct mbedtls_x509_csr { - mbedtls_x509_buf raw; /**< The raw CSR data (DER). */ - mbedtls_x509_buf cri; /**< The raw CertificateRequestInfo body (DER). */ + mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */ + mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo body (DER). */ - int version; /**< CSR version (1=v1). */ + int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */ - mbedtls_x509_buf subject_raw; /**< The raw subject data (DER). */ - mbedtls_x509_name subject; /**< The parsed subject data (named information object). */ + mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data (DER). */ + mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data (named information object). */ - mbedtls_pk_context pk; /**< Container for the public key context. */ + mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key context. */ - mbedtls_x509_buf sig_oid; - mbedtls_x509_buf sig; - mbedtls_md_type_t sig_md; /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ - mbedtls_pk_type_t sig_pk; /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ - void *sig_opts; /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ + mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); + mbedtls_x509_buf MBEDTLS_PRIVATE(sig); + mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */ + mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */ + void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */ } mbedtls_x509_csr; @@ -71,10 +72,10 @@ mbedtls_x509_csr; */ typedef struct mbedtls_x509write_csr { - mbedtls_pk_context *key; - mbedtls_asn1_named_data *subject; - mbedtls_md_type_t md_alg; - mbedtls_asn1_named_data *extensions; + mbedtls_pk_context *MBEDTLS_PRIVATE(key); + mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject); + mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg); + mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions); } mbedtls_x509write_csr; diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h index 5ce2fe48c..72c998edf 100644 --- a/include/mbedtls/xtea.h +++ b/include/mbedtls/xtea.h @@ -21,6 +21,7 @@ */ #ifndef MBEDTLS_XTEA_H #define MBEDTLS_XTEA_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -49,7 +50,7 @@ extern "C" { */ typedef struct mbedtls_xtea_context { - uint32_t k[4]; /*!< key */ + uint32_t MBEDTLS_PRIVATE(k)[4]; /*!< key */ } mbedtls_xtea_context; diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 1d11b003e..b05660f7e 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -32,6 +32,7 @@ #ifndef PSA_CRYPTO_BUILTIN_COMPOSITES_H #define PSA_CRYPTO_BUILTIN_COMPOSITES_H +#include "mbedtls/private_access.h" #include @@ -47,11 +48,11 @@ typedef struct { /** The HMAC algorithm in use */ - psa_algorithm_t alg; + psa_algorithm_t MBEDTLS_PRIVATE(alg); /** The hash context. */ struct psa_hash_operation_s hash_ctx; /** The HMAC part of the context. */ - uint8_t opad[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; + uint8_t MBEDTLS_PRIVATE(opad)[PSA_HMAC_MAX_HASH_BLOCK_SIZE]; } mbedtls_psa_hmac_operation_t; #define MBEDTLS_PSA_HMAC_OPERATION_INIT {0, PSA_HASH_OPERATION_INIT, {0}} @@ -61,17 +62,17 @@ typedef struct typedef struct { - psa_algorithm_t alg; + psa_algorithm_t MBEDTLS_PRIVATE(alg); union { - unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ + unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) || defined(PSA_CRYPTO_DRIVER_TEST) - mbedtls_psa_hmac_operation_t hmac; + mbedtls_psa_hmac_operation_t MBEDTLS_PRIVATE(hmac); #endif /* MBEDTLS_PSA_BUILTIN_ALG_HMAC */ #if defined(MBEDTLS_PSA_BUILTIN_ALG_CMAC) || defined(PSA_CRYPTO_DRIVER_TEST) - mbedtls_cipher_context_t cmac; + mbedtls_cipher_context_t MBEDTLS_PRIVATE(cmac); #endif /* MBEDTLS_PSA_BUILTIN_ALG_CMAC */ - } ctx; + } MBEDTLS_PRIVATE(ctx); } mbedtls_psa_mac_operation_t; #define MBEDTLS_PSA_MAC_OPERATION_INIT {0, {0}} diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index 75801a178..674c7d060 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -32,6 +32,7 @@ #ifndef PSA_CRYPTO_BUILTIN_PRIMITIVES_H #define PSA_CRYPTO_BUILTIN_PRIMITIVES_H +#include "mbedtls/private_access.h" #include @@ -61,32 +62,32 @@ typedef struct { - psa_algorithm_t alg; + psa_algorithm_t MBEDTLS_PRIVATE(alg); union { - unsigned dummy; /* Make the union non-empty even with no supported algorithms. */ + unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */ #if defined(MBEDTLS_MD2_C) - mbedtls_md2_context md2; + mbedtls_md2_context MBEDTLS_PRIVATE(md2); #endif #if defined(MBEDTLS_MD4_C) - mbedtls_md4_context md4; + mbedtls_md4_context MBEDTLS_PRIVATE(md4); #endif #if defined(MBEDTLS_MD5_C) - mbedtls_md5_context md5; + mbedtls_md5_context MBEDTLS_PRIVATE(md5); #endif #if defined(MBEDTLS_RIPEMD160_C) - mbedtls_ripemd160_context ripemd160; + mbedtls_ripemd160_context MBEDTLS_PRIVATE(ripemd160); #endif #if defined(MBEDTLS_SHA1_C) - mbedtls_sha1_context sha1; + mbedtls_sha1_context MBEDTLS_PRIVATE(sha1); #endif #if defined(MBEDTLS_SHA256_C) - mbedtls_sha256_context sha256; + mbedtls_sha256_context MBEDTLS_PRIVATE(sha256); #endif #if defined(MBEDTLS_SHA512_C) - mbedtls_sha512_context sha512; + mbedtls_sha512_context MBEDTLS_PRIVATE(sha512); #endif - } ctx; + } MBEDTLS_PRIVATE(ctx); } mbedtls_psa_hash_operation_t; #define MBEDTLS_PSA_HASH_OPERATION_INIT {0, {0}} @@ -110,10 +111,10 @@ typedef struct typedef struct { /* Context structure for the Mbed TLS cipher implementation. */ - psa_algorithm_t alg; - uint8_t iv_length; - uint8_t block_length; - mbedtls_cipher_context_t cipher; + psa_algorithm_t MBEDTLS_PRIVATE(alg); + uint8_t MBEDTLS_PRIVATE(iv_length); + uint8_t MBEDTLS_PRIVATE(block_length); + mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher); } mbedtls_psa_cipher_operation_t; #define MBEDTLS_PSA_CIPHER_OPERATION_INIT {0, 0, 0, {0}} diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index a7b4ab599..3611c4136 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -27,6 +27,7 @@ #ifndef PSA_CRYPTO_EXTRA_H #define PSA_CRYPTO_EXTRA_H +#include "mbedtls/private_access.h" #include "mbedtls/platform_util.h" @@ -71,7 +72,7 @@ static inline void psa_set_key_enrollment_algorithm( psa_key_attributes_t *attributes, psa_algorithm_t alg2) { - attributes->core.policy.alg2 = alg2; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2; } /** Retrieve the enrollment algorithm policy from key attributes. @@ -83,7 +84,7 @@ static inline void psa_set_key_enrollment_algorithm( static inline psa_algorithm_t psa_get_key_enrollment_algorithm( const psa_key_attributes_t *attributes) { - return( attributes->core.policy.alg2 ); + return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) ); } #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -141,8 +142,8 @@ static inline void psa_set_key_slot_number( psa_key_attributes_t *attributes, psa_key_slot_number_t slot_number ) { - attributes->core.flags |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER; - attributes->slot_number = slot_number; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER; + attributes->MBEDTLS_PRIVATE(slot_number) = slot_number; } /** Remove the slot number attribute from a key attribute structure. @@ -154,7 +155,7 @@ static inline void psa_set_key_slot_number( static inline void psa_clear_key_slot_number( psa_key_attributes_t *attributes ) { - attributes->core.flags &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &= ~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER; } /** Register a key that is already present in a secure element. @@ -226,26 +227,26 @@ void mbedtls_psa_crypto_free( void ); typedef struct mbedtls_psa_stats_s { /** Number of slots containing key material for a volatile key. */ - size_t volatile_slots; + size_t MBEDTLS_PRIVATE(volatile_slots); /** Number of slots containing key material for a key which is in * internal persistent storage. */ - size_t persistent_slots; + size_t MBEDTLS_PRIVATE(persistent_slots); /** Number of slots containing a reference to a key in a * secure element. */ - size_t external_slots; + size_t MBEDTLS_PRIVATE(external_slots); /** Number of slots which are occupied, but do not contain * key material yet. */ - size_t half_filled_slots; + size_t MBEDTLS_PRIVATE(half_filled_slots); /** Number of slots that contain cache data. */ - size_t cache_slots; + size_t MBEDTLS_PRIVATE(cache_slots); /** Number of slots that are not used for anything. */ - size_t empty_slots; + size_t MBEDTLS_PRIVATE(empty_slots); /** Number of slots that are locked. */ - size_t locked_slots; + size_t MBEDTLS_PRIVATE(locked_slots); /** Largest key id value among open keys in internal persistent storage. */ - psa_key_id_t max_open_internal_key_id; + psa_key_id_t MBEDTLS_PRIVATE(max_open_internal_key_id); /** Largest key id value among open keys in secure elements. */ - psa_key_id_t max_open_external_key_id; + psa_key_id_t MBEDTLS_PRIVATE(max_open_external_key_id); } mbedtls_psa_stats_t; /** \brief Get statistics about diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index 1dc8f9b5c..91a6d0bee 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -33,6 +33,7 @@ */ #ifndef PSA_CRYPTO_SE_DRIVER_H #define PSA_CRYPTO_SE_DRIVER_H +#include "mbedtls/private_access.h" #include "crypto_driver_common.h" @@ -97,21 +98,21 @@ typedef struct { * - psa_destroy_key() causes a call to * psa_drv_se_key_management_t::p_destroy. */ - const void *const persistent_data; + const void *const MBEDTLS_PRIVATE(persistent_data); /** The size of \c persistent_data in bytes. * * This is always equal to the value of the `persistent_data_size` field * of the ::psa_drv_se_t structure when the driver is registered. */ - const size_t persistent_data_size; + const size_t MBEDTLS_PRIVATE(persistent_data_size); /** Driver transient data. * * The core initializes this value to 0 and does not read or modify it * afterwards. The driver may store whatever it wants in this field. */ - uintptr_t transient_data; + uintptr_t MBEDTLS_PRIVATE(transient_data); } psa_drv_se_context_t; /** \brief A driver initialization function. @@ -323,28 +324,28 @@ typedef struct { /**The size in bytes of the hardware-specific secure element MAC context * structure */ - size_t context_size; + size_t MBEDTLS_PRIVATE(context_size); /** Function that performs a MAC setup operation */ - psa_drv_se_mac_setup_t p_setup; + psa_drv_se_mac_setup_t MBEDTLS_PRIVATE(p_setup); /** Function that performs a MAC update operation */ - psa_drv_se_mac_update_t p_update; + psa_drv_se_mac_update_t MBEDTLS_PRIVATE(p_update); /** Function that completes a MAC operation */ - psa_drv_se_mac_finish_t p_finish; + psa_drv_se_mac_finish_t MBEDTLS_PRIVATE(p_finish); /** Function that completes a MAC operation with a verify check */ - psa_drv_se_mac_finish_verify_t p_finish_verify; + psa_drv_se_mac_finish_verify_t MBEDTLS_PRIVATE(p_finish_verify); /** Function that aborts a previoustly started MAC operation */ - psa_drv_se_mac_abort_t p_abort; + psa_drv_se_mac_abort_t MBEDTLS_PRIVATE(p_abort); /** Function that performs a MAC operation in one call */ - psa_drv_se_mac_generate_t p_mac; + psa_drv_se_mac_generate_t MBEDTLS_PRIVATE(p_mac); /** Function that performs a MAC and verify operation in one call */ - psa_drv_se_mac_verify_t p_mac_verify; + psa_drv_se_mac_verify_t MBEDTLS_PRIVATE(p_mac_verify); } psa_drv_se_mac_t; /**@}*/ @@ -510,22 +511,22 @@ typedef struct { /** The size in bytes of the hardware-specific secure element cipher * context structure */ - size_t context_size; + size_t MBEDTLS_PRIVATE(context_size); /** Function that performs a cipher setup operation */ - psa_drv_se_cipher_setup_t p_setup; + psa_drv_se_cipher_setup_t MBEDTLS_PRIVATE(p_setup); /** Function that sets a cipher IV (if necessary) */ - psa_drv_se_cipher_set_iv_t p_set_iv; + psa_drv_se_cipher_set_iv_t MBEDTLS_PRIVATE(p_set_iv); /** Function that performs a cipher update operation */ - psa_drv_se_cipher_update_t p_update; + psa_drv_se_cipher_update_t MBEDTLS_PRIVATE(p_update); /** Function that completes a cipher operation */ - psa_drv_se_cipher_finish_t p_finish; + psa_drv_se_cipher_finish_t MBEDTLS_PRIVATE(p_finish); /** Function that aborts a cipher operation */ - psa_drv_se_cipher_abort_t p_abort; + psa_drv_se_cipher_abort_t MBEDTLS_PRIVATE(p_abort); /** Function that performs ECB mode for a cipher operation * (Danger: ECB mode should not be used directly by clients of the PSA * Crypto Client API) */ - psa_drv_se_cipher_ecb_t p_ecb; + psa_drv_se_cipher_ecb_t MBEDTLS_PRIVATE(p_ecb); } psa_drv_se_cipher_t; /**@}*/ @@ -681,13 +682,13 @@ typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *dr */ typedef struct { /** Function that performs an asymmetric sign operation */ - psa_drv_se_asymmetric_sign_t p_sign; + psa_drv_se_asymmetric_sign_t MBEDTLS_PRIVATE(p_sign); /** Function that performs an asymmetric verify operation */ - psa_drv_se_asymmetric_verify_t p_verify; + psa_drv_se_asymmetric_verify_t MBEDTLS_PRIVATE(p_verify); /** Function that performs an asymmetric encrypt operation */ - psa_drv_se_asymmetric_encrypt_t p_encrypt; + psa_drv_se_asymmetric_encrypt_t MBEDTLS_PRIVATE(p_encrypt); /** Function that performs an asymmetric decrypt operation */ - psa_drv_se_asymmetric_decrypt_t p_decrypt; + psa_drv_se_asymmetric_decrypt_t MBEDTLS_PRIVATE(p_decrypt); } psa_drv_se_asymmetric_t; /**@}*/ @@ -798,9 +799,9 @@ typedef psa_status_t (*psa_drv_se_aead_decrypt_t)(psa_drv_se_context_t *drv_cont */ typedef struct { /** Function that performs the AEAD encrypt operation */ - psa_drv_se_aead_encrypt_t p_encrypt; + psa_drv_se_aead_encrypt_t MBEDTLS_PRIVATE(p_encrypt); /** Function that performs the AEAD decrypt operation */ - psa_drv_se_aead_decrypt_t p_decrypt; + psa_drv_se_aead_decrypt_t MBEDTLS_PRIVATE(p_decrypt); } psa_drv_se_aead_t; /**@}*/ @@ -1120,19 +1121,19 @@ typedef psa_status_t (*psa_drv_se_generate_key_t)( */ typedef struct { /** Function that allocates a slot for a key. */ - psa_drv_se_allocate_key_t p_allocate; + psa_drv_se_allocate_key_t MBEDTLS_PRIVATE(p_allocate); /** Function that checks the validity of a slot for a key. */ - psa_drv_se_validate_slot_number_t p_validate_slot_number; + psa_drv_se_validate_slot_number_t MBEDTLS_PRIVATE(p_validate_slot_number); /** Function that performs a key import operation */ - psa_drv_se_import_key_t p_import; + psa_drv_se_import_key_t MBEDTLS_PRIVATE(p_import); /** Function that performs a generation */ - psa_drv_se_generate_key_t p_generate; + psa_drv_se_generate_key_t MBEDTLS_PRIVATE(p_generate); /** Function that performs a key destroy operation */ - psa_drv_se_destroy_key_t p_destroy; + psa_drv_se_destroy_key_t MBEDTLS_PRIVATE(p_destroy); /** Function that performs a key export operation */ - psa_drv_se_export_key_t p_export; + psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export); /** Function that performs a public key export operation */ - psa_drv_se_export_key_t p_export_public; + psa_drv_se_export_key_t MBEDTLS_PRIVATE(p_export_public); } psa_drv_se_key_management_t; /**@}*/ @@ -1263,16 +1264,16 @@ typedef psa_status_t (*psa_drv_se_key_derivation_export_t)(void *op_context, */ typedef struct { /** The driver-specific size of the key derivation context */ - size_t context_size; + size_t MBEDTLS_PRIVATE(context_size); /** Function that performs a key derivation setup */ - psa_drv_se_key_derivation_setup_t p_setup; + psa_drv_se_key_derivation_setup_t MBEDTLS_PRIVATE(p_setup); /** Function that sets key derivation collateral */ - psa_drv_se_key_derivation_collateral_t p_collateral; + psa_drv_se_key_derivation_collateral_t MBEDTLS_PRIVATE(p_collateral); /** Function that performs a final key derivation step */ - psa_drv_se_key_derivation_derive_t p_derive; + psa_drv_se_key_derivation_derive_t MBEDTLS_PRIVATE(p_derive); /** Function that perforsm a final key derivation or agreement and * exports the key */ - psa_drv_se_key_derivation_export_t p_export; + psa_drv_se_key_derivation_export_t MBEDTLS_PRIVATE(p_export); } psa_drv_se_key_derivation_t; /**@}*/ @@ -1293,7 +1294,7 @@ typedef struct { * a different version of this specification. * Use #PSA_DRV_SE_HAL_VERSION. */ - uint32_t hal_version; + uint32_t MBEDTLS_PRIVATE(hal_version); /** The size of the driver's persistent data in bytes. * @@ -1303,7 +1304,7 @@ typedef struct { * for more information about why and how a driver can use * persistent data. */ - size_t persistent_data_size; + size_t MBEDTLS_PRIVATE(persistent_data_size); /** The driver initialization function. * @@ -1315,14 +1316,14 @@ typedef struct { * If this field is \c NULL, it is equivalent to a function that does * nothing and returns #PSA_SUCCESS. */ - psa_drv_se_init_t p_init; + psa_drv_se_init_t MBEDTLS_PRIVATE(p_init); - const psa_drv_se_key_management_t *key_management; - const psa_drv_se_mac_t *mac; - const psa_drv_se_cipher_t *cipher; - const psa_drv_se_aead_t *aead; - const psa_drv_se_asymmetric_t *asymmetric; - const psa_drv_se_key_derivation_t *derivation; + const psa_drv_se_key_management_t *MBEDTLS_PRIVATE(key_management); + const psa_drv_se_mac_t *MBEDTLS_PRIVATE(mac); + const psa_drv_se_cipher_t *MBEDTLS_PRIVATE(cipher); + const psa_drv_se_aead_t *MBEDTLS_PRIVATE(aead); + const psa_drv_se_asymmetric_t *MBEDTLS_PRIVATE(asymmetric); + const psa_drv_se_key_derivation_t *MBEDTLS_PRIVATE(derivation); } psa_drv_se_t; /** The current version of the secure element driver HAL. diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 47012fdd0..b07ced8bd 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -60,6 +60,7 @@ #ifndef PSA_CRYPTO_STRUCT_H #define PSA_CRYPTO_STRUCT_H +#include "mbedtls/private_access.h" #ifdef __cplusplus extern "C" { @@ -88,8 +89,8 @@ struct psa_hash_operation_s * ID values are auto-generated in psa_driver_wrappers.h. * ID value zero means the context is not valid or not assigned to * any driver (i.e. the driver context is not active, in use). */ - unsigned int id; - psa_driver_hash_context_t ctx; + unsigned int MBEDTLS_PRIVATE(id); + psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx); }; #define PSA_HASH_OPERATION_INIT {0, {0}} @@ -107,14 +108,14 @@ struct psa_cipher_operation_s * ID values are auto-generated in psa_crypto_driver_wrappers.h * ID value zero means the context is not valid or not assigned to * any driver (i.e. none of the driver contexts are active). */ - unsigned int id; + unsigned int MBEDTLS_PRIVATE(id); - unsigned int iv_required : 1; - unsigned int iv_set : 1; + unsigned int MBEDTLS_PRIVATE(iv_required) : 1; + unsigned int MBEDTLS_PRIVATE(iv_set) : 1; - uint8_t default_iv_length; + uint8_t MBEDTLS_PRIVATE(default_iv_length); - psa_driver_cipher_context_t ctx; + psa_driver_cipher_context_t MBEDTLS_PRIVATE(ctx); }; #define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}} @@ -136,10 +137,10 @@ struct psa_mac_operation_s * ID values are auto-generated in psa_driver_wrappers.h * ID value zero means the context is not valid or not assigned to * any driver (i.e. none of the driver contexts are active). */ - unsigned int id; - uint8_t mac_size; - unsigned int is_sign : 1; - psa_driver_mac_context_t ctx; + unsigned int MBEDTLS_PRIVATE(id); + uint8_t MBEDTLS_PRIVATE(mac_size); + unsigned int MBEDTLS_PRIVATE(is_sign) : 1; + psa_driver_mac_context_t MBEDTLS_PRIVATE(ctx); }; #define PSA_MAC_OPERATION_INIT {0, 0, 0, {0}} @@ -151,16 +152,16 @@ static inline struct psa_mac_operation_s psa_mac_operation_init( void ) struct psa_aead_operation_s { - psa_algorithm_t alg; - unsigned int key_set : 1; - unsigned int iv_set : 1; - uint8_t iv_size; - uint8_t block_size; + psa_algorithm_t MBEDTLS_PRIVATE(alg); + unsigned int MBEDTLS_PRIVATE(key_set) : 1; + unsigned int MBEDTLS_PRIVATE(iv_set) : 1; + uint8_t MBEDTLS_PRIVATE(iv_size); + uint8_t MBEDTLS_PRIVATE(block_size); union { - unsigned dummy; /* Enable easier initializing of the union. */ - mbedtls_cipher_context_t cipher; - } ctx; + unsigned MBEDTLS_PRIVATE(dummy); /* Enable easier initializing of the union. */ + mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher); + } MBEDTLS_PRIVATE(ctx); }; #define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}} @@ -173,18 +174,18 @@ static inline struct psa_aead_operation_s psa_aead_operation_init( void ) #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) typedef struct { - uint8_t *info; - size_t info_length; - psa_mac_operation_t hmac; - uint8_t prk[PSA_HASH_MAX_SIZE]; - uint8_t output_block[PSA_HASH_MAX_SIZE]; + uint8_t *MBEDTLS_PRIVATE(info); + size_t MBEDTLS_PRIVATE(info_length); + psa_mac_operation_t MBEDTLS_PRIVATE(hmac); + uint8_t MBEDTLS_PRIVATE(prk)[PSA_HASH_MAX_SIZE]; + uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE]; #if PSA_HASH_MAX_SIZE > 0xff #error "PSA_HASH_MAX_SIZE does not fit in uint8_t" #endif - uint8_t offset_in_block; - uint8_t block_number; - unsigned int state : 2; - unsigned int info_set : 1; + uint8_t MBEDTLS_PRIVATE(offset_in_block); + uint8_t MBEDTLS_PRIVATE(block_number); + unsigned int MBEDTLS_PRIVATE(state) : 2; + unsigned int MBEDTLS_PRIVATE(info_set) : 1; } psa_hkdf_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF */ @@ -207,45 +208,45 @@ typedef struct psa_tls12_prf_key_derivation_s /* Indicates how many bytes in the current HMAC block have * not yet been read by the user. */ - uint8_t left_in_block; + uint8_t MBEDTLS_PRIVATE(left_in_block); /* The 1-based number of the block. */ - uint8_t block_number; + uint8_t MBEDTLS_PRIVATE(block_number); - psa_tls12_prf_key_derivation_state_t state; + psa_tls12_prf_key_derivation_state_t MBEDTLS_PRIVATE(state); - uint8_t *secret; - size_t secret_length; - uint8_t *seed; - size_t seed_length; - uint8_t *label; - size_t label_length; + uint8_t *MBEDTLS_PRIVATE(secret); + size_t MBEDTLS_PRIVATE(secret_length); + uint8_t *MBEDTLS_PRIVATE(seed); + size_t MBEDTLS_PRIVATE(seed_length); + uint8_t *MBEDTLS_PRIVATE(label); + size_t MBEDTLS_PRIVATE(label_length); - uint8_t Ai[PSA_HASH_MAX_SIZE]; + uint8_t MBEDTLS_PRIVATE(Ai)[PSA_HASH_MAX_SIZE]; /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */ - uint8_t output_block[PSA_HASH_MAX_SIZE]; + uint8_t MBEDTLS_PRIVATE(output_block)[PSA_HASH_MAX_SIZE]; } psa_tls12_prf_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || * MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ struct psa_key_derivation_s { - psa_algorithm_t alg; - unsigned int can_output_key : 1; - size_t capacity; + psa_algorithm_t MBEDTLS_PRIVATE(alg); + unsigned int MBEDTLS_PRIVATE(can_output_key) : 1; + size_t MBEDTLS_PRIVATE(capacity); union { /* Make the union non-empty even with no supported algorithms. */ - uint8_t dummy; + uint8_t MBEDTLS_PRIVATE(dummy); #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) - psa_hkdf_key_derivation_t hkdf; + psa_hkdf_key_derivation_t MBEDTLS_PRIVATE(hkdf); #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) - psa_tls12_prf_key_derivation_t tls12_prf; + psa_tls12_prf_key_derivation_t MBEDTLS_PRIVATE(tls12_prf); #endif - } ctx; + } MBEDTLS_PRIVATE(ctx); }; /* This only zeroes out the first byte in the union, the rest is unspecified. */ @@ -258,9 +259,9 @@ static inline struct psa_key_derivation_s psa_key_derivation_operation_init( voi struct psa_key_policy_s { - psa_key_usage_t usage; - psa_algorithm_t alg; - psa_algorithm_t alg2; + psa_key_usage_t MBEDTLS_PRIVATE(usage); + psa_algorithm_t MBEDTLS_PRIVATE(alg); + psa_algorithm_t MBEDTLS_PRIVATE(alg2); }; typedef struct psa_key_policy_s psa_key_policy_t; @@ -309,24 +310,24 @@ typedef uint16_t psa_key_attributes_flag_t; typedef struct { - psa_key_type_t type; - psa_key_bits_t bits; - psa_key_lifetime_t lifetime; - mbedtls_svc_key_id_t id; - psa_key_policy_t policy; - psa_key_attributes_flag_t flags; + psa_key_type_t MBEDTLS_PRIVATE(type); + psa_key_bits_t MBEDTLS_PRIVATE(bits); + psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime); + mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id); + psa_key_policy_t MBEDTLS_PRIVATE(policy); + psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags); } psa_core_key_attributes_t; #define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0} struct psa_key_attributes_s { - psa_core_key_attributes_t core; + psa_core_key_attributes_t MBEDTLS_PRIVATE(core); #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - psa_key_slot_number_t slot_number; + psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number); #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - void *domain_parameters; - size_t domain_parameters_size; + void *MBEDTLS_PRIVATE(domain_parameters); + size_t MBEDTLS_PRIVATE(domain_parameters_size); }; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -344,13 +345,13 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void ) static inline void psa_set_key_id( psa_key_attributes_t *attributes, mbedtls_svc_key_id_t key ) { - psa_key_lifetime_t lifetime = attributes->core.lifetime; + psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime) = attributes->MBEDTLS_PRIVATE(core).lifetime; - attributes->core.id = key; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = key; if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { - attributes->core.lifetime = + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_LIFETIME_PERSISTENT, PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) ); @@ -360,7 +361,7 @@ static inline void psa_set_key_id( psa_key_attributes_t *attributes, static inline mbedtls_svc_key_id_t psa_get_key_id( const psa_key_attributes_t *attributes) { - return( attributes->core.id ); + return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) ); } #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER @@ -374,13 +375,13 @@ static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes, static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, psa_key_lifetime_t lifetime) { - attributes->core.lifetime = lifetime; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = lifetime; if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - attributes->core.id.key_id = 0; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).key_id = 0; #else - attributes->core.id = 0; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = 0; #endif } } @@ -388,31 +389,31 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, static inline psa_key_lifetime_t psa_get_key_lifetime( const psa_key_attributes_t *attributes) { - return( attributes->core.lifetime ); + return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) ); } static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes, psa_key_usage_t usage_flags) { - attributes->core.policy.usage = usage_flags; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags; } static inline psa_key_usage_t psa_get_key_usage_flags( const psa_key_attributes_t *attributes) { - return( attributes->core.policy.usage ); + return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) ); } static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes, psa_algorithm_t alg) { - attributes->core.policy.alg = alg; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg; } static inline psa_algorithm_t psa_get_key_algorithm( const psa_key_attributes_t *attributes) { - return( attributes->core.policy.alg ); + return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) ); } /* This function is declared in crypto_extra.h, which comes after this @@ -425,10 +426,10 @@ psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, static inline void psa_set_key_type(psa_key_attributes_t *attributes, psa_key_type_t type) { - if( attributes->domain_parameters == NULL ) + if( attributes->MBEDTLS_PRIVATE(domain_parameters) == NULL ) { /* Common case: quick path */ - attributes->core.type = type; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type; } else { @@ -443,22 +444,22 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes, static inline psa_key_type_t psa_get_key_type( const psa_key_attributes_t *attributes) { - return( attributes->core.type ); + return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) ); } static inline void psa_set_key_bits(psa_key_attributes_t *attributes, size_t bits) { if( bits > PSA_MAX_KEY_BITS ) - attributes->core.bits = PSA_KEY_BITS_TOO_LARGE; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE; else - attributes->core.bits = (psa_key_bits_t) bits; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits; } static inline size_t psa_get_key_bits( const psa_key_attributes_t *attributes) { - return( attributes->core.bits ); + return( attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) ); } #ifdef __cplusplus From 88fa17d1e9fc312d848aad38f2411413a288f722 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Wed, 19 May 2021 17:32:14 +0200 Subject: [PATCH 013/236] Add missing 'common.h' include. Signed-off-by: Mateusz Starzyk --- library/psa_crypto_storage.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 773d3aaaf..0ef041d18 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -18,6 +18,8 @@ * limitations under the License. */ +#include "common.h" + #if defined(MBEDTLS_CONFIG_FILE) #include MBEDTLS_CONFIG_FILE #else From 363eb29d4b94c000c0215dc1bdcf89c85ab89627 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Wed, 19 May 2021 17:32:44 +0200 Subject: [PATCH 014/236] Fix MBEDTLS_PRIVATE wrapping in the library's headers. Signed-off-by: Mateusz Starzyk --- include/mbedtls/ecdh.h | 26 +++++++++++++------------- include/mbedtls/ecdsa.h | 8 ++++---- include/mbedtls/ecp.h | 8 ++++---- include/mbedtls/pk.h | 8 ++++---- include/mbedtls/ssl_ciphersuites.h | 20 ++++++++++---------- include/mbedtls/x509_crt.h | 16 ++++++++-------- include/psa/crypto_struct.h | 6 +++--- include/psa/crypto_types.h | 5 +++-- include/psa/crypto_values.h | 11 ++++++----- 9 files changed, 55 insertions(+), 53 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 874b4ee12..af4b273bf 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -84,13 +84,13 @@ typedef enum */ typedef struct mbedtls_ecdh_context_mbed { - mbedtls_ecp_group grp; /*!< The elliptic curve used. */ - mbedtls_mpi d; /*!< The private key. */ - mbedtls_ecp_point Q; /*!< The public key. */ - mbedtls_ecp_point Qp; /*!< The value of the public key of the peer. */ - mbedtls_mpi z; /*!< The shared secret. */ + mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */ + mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */ + mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */ + mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of the peer. */ + mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */ #if defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */ + mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */ #endif } mbedtls_ecdh_context_mbed; #endif @@ -119,21 +119,21 @@ typedef struct mbedtls_ecdh_context mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */ #endif /* MBEDTLS_ECP_RESTARTABLE */ #else - uint8_t point_format; /*!< The format of point export in TLS messages + uint8_t MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages as defined in RFC 4492. */ - mbedtls_ecp_group_id grp_id;/*!< The elliptic curve used. */ - mbedtls_ecdh_variant var; /*!< The ECDH implementation/structure used. */ + mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id);/*!< The elliptic curve used. */ + mbedtls_ecdh_variant MBEDTLS_PRIVATE(var); /*!< The ECDH implementation/structure used. */ union { - mbedtls_ecdh_context_mbed mbed_ecdh; + mbedtls_ecdh_context_mbed MBEDTLS_PRIVATE(mbed_ecdh); #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) - mbedtls_ecdh_context_everest everest_ecdh; + mbedtls_ecdh_context_everest MBEDTLS_PRIVATE(everest_ecdh); #endif - } ctx; /*!< Implementation-specific context. The + } MBEDTLS_PRIVATE(ctx); /*!< Implementation-specific context. The context in use is specified by the \c var field. */ #if defined(MBEDTLS_ECP_RESTARTABLE) - uint8_t restart_enabled; /*!< The flag for restartable mode. Functions of + uint8_t MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. Functions of an alternative implementation not supporting restartable mode must return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 525de5da1..cf063a0b5 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -107,12 +107,12 @@ typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx; */ typedef struct { - mbedtls_ecp_restart_ctx ecp; /*!< base context for ECP restart and + mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!< base context for ECP restart and shared administrative info */ - mbedtls_ecdsa_restart_ver_ctx *ver; /*!< ecdsa_verify() sub-context */ - mbedtls_ecdsa_restart_sig_ctx *sig; /*!< ecdsa_sign() sub-context */ + mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!< ecdsa_verify() sub-context */ + mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!< ecdsa_sign() sub-context */ #if defined(MBEDTLS_ECDSA_DETERMINISTIC) - mbedtls_ecdsa_restart_det_ctx *det; /*!< ecdsa_sign_det() sub-context */ + mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!< ecdsa_sign_det() sub-context */ #endif } mbedtls_ecdsa_restart_ctx; diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 913e323f1..a3b442478 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -317,10 +317,10 @@ typedef struct mbedtls_ecp_restart_muladd mbedtls_ecp_restart_muladd_ctx; */ typedef struct { - unsigned ops_done; /*!< current ops count */ - unsigned depth; /*!< call depth (0 = top-level) */ - mbedtls_ecp_restart_mul_ctx *rsm; /*!< ecp_mul_comb() sub-context */ - mbedtls_ecp_restart_muladd_ctx *ma; /*!< ecp_muladd() sub-context */ + unsigned MBEDTLS_PRIVATE(ops_done); /*!< current ops count */ + unsigned MBEDTLS_PRIVATE(depth); /*!< call depth (0 = top-level) */ + mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!< ecp_mul_comb() sub-context */ + mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!< ecp_muladd() sub-context */ } mbedtls_ecp_restart_ctx; /* diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 06da076fb..6f88db43a 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -192,8 +192,8 @@ typedef struct mbedtls_pk_context */ typedef struct { - const mbedtls_pk_info_t * pk_info; /**< Public key information */ - void * rs_ctx; /**< Underlying restart context */ + const mbedtls_pk_info_t * MBEDTLS_PRIVATE(pk_info); /**< Public key information */ + void * MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context */ } mbedtls_pk_restart_ctx; #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ /* Now we can declare functions that take a pointer to that */ @@ -209,7 +209,7 @@ typedef void mbedtls_pk_restart_ctx; */ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk ) { - return( (mbedtls_rsa_context *) (pk).pk_ctx ); + return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) ); } #endif /* MBEDTLS_RSA_C */ @@ -222,7 +222,7 @@ static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk ) */ static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk ) { - return( (mbedtls_ecp_keypair *) (pk).pk_ctx ); + return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) ); } #endif /* MBEDTLS_ECP_C */ diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 093238c0b..00a1aaec9 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -375,19 +375,19 @@ typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t; */ struct mbedtls_ssl_ciphersuite_t { - int id; - const char * name; + int MBEDTLS_PRIVATE(id); + const char * MBEDTLS_PRIVATE(name); - mbedtls_cipher_type_t cipher; - mbedtls_md_type_t mac; - mbedtls_key_exchange_type_t key_exchange; + mbedtls_cipher_type_t MBEDTLS_PRIVATE(cipher); + mbedtls_md_type_t MBEDTLS_PRIVATE(mac); + mbedtls_key_exchange_type_t MBEDTLS_PRIVATE(key_exchange); - int min_major_ver; - int min_minor_ver; - int max_major_ver; - int max_minor_ver; + int MBEDTLS_PRIVATE(min_major_ver); + int MBEDTLS_PRIVATE(min_minor_ver); + int MBEDTLS_PRIVATE(max_major_ver); + int MBEDTLS_PRIVATE(max_minor_ver); - unsigned char flags; + unsigned char MBEDTLS_PRIVATE(flags); }; const int *mbedtls_ssl_list_ciphersuites( void ); diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 015962c7c..f25db4455 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -301,23 +301,23 @@ typedef struct typedef struct { /* for check_signature() */ - mbedtls_pk_restart_ctx pk; + mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk); /* for find_parent_in() */ - mbedtls_x509_crt *parent; /* non-null iff parent_in in progress */ - mbedtls_x509_crt *fallback_parent; - int fallback_signature_is_good; + mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */ + mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent); + int MBEDTLS_PRIVATE(fallback_signature_is_good); /* for find_parent() */ - int parent_is_trusted; /* -1 if find_parent is not in progress */ + int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */ /* for verify_chain() */ enum { x509_crt_rs_none, x509_crt_rs_find_parent, - } in_progress; /* none if no operation is in progress */ - int self_cnt; - mbedtls_x509_crt_verify_chain ver_chain; + } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */ + int MBEDTLS_PRIVATE(self_cnt); + mbedtls_x509_crt_verify_chain MBEDTLS_PRIVATE(ver_chain); } mbedtls_x509_crt_restart_ctx; diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index b07ced8bd..598a9a774 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -345,7 +345,7 @@ static inline struct psa_key_attributes_s psa_key_attributes_init( void ) static inline void psa_set_key_id( psa_key_attributes_t *attributes, mbedtls_svc_key_id_t key ) { - psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime) = attributes->MBEDTLS_PRIVATE(core).lifetime; + psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime); attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = key; @@ -368,7 +368,7 @@ static inline mbedtls_svc_key_id_t psa_get_key_id( static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes, mbedtls_key_owner_id_t owner ) { - attributes->core.id.owner = owner; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner; } #endif @@ -379,7 +379,7 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { #ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER - attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).key_id = 0; + attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0; #else attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = 0; #endif diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 386c7d794..2cf965d81 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -32,6 +32,7 @@ #ifndef PSA_CRYPTO_TYPES_H #define PSA_CRYPTO_TYPES_H +#include "mbedtls/private_access.h" #include "crypto_platform.h" @@ -234,8 +235,8 @@ typedef psa_key_id_t mbedtls_svc_key_id_t; */ typedef struct { - psa_key_id_t key_id; - mbedtls_key_owner_id_t owner; + psa_key_id_t MBEDTLS_PRIVATE(key_id); + mbedtls_key_owner_id_t MBEDTLS_PRIVATE(owner); } mbedtls_svc_key_id_t; #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 497bd8f01..31a64647e 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -33,6 +33,7 @@ #ifndef PSA_CRYPTO_VALUES_H #define PSA_CRYPTO_VALUES_H +#include "mbedtls/private_access.h" /** \defgroup error Error codes * @{ @@ -2124,8 +2125,8 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make( mbedtls_key_owner_id_t owner_id, psa_key_id_t key_id ) { - return( (mbedtls_svc_key_id_t){ .key_id = key_id, - .owner = owner_id } ); + return( (mbedtls_svc_key_id_t){ .MBEDTLS_PRIVATE(key_id) = key_id, + .MBEDTLS_PRIVATE(owner) = owner_id } ); } /** Compare two key identifiers. @@ -2138,8 +2139,8 @@ static inline mbedtls_svc_key_id_t mbedtls_svc_key_id_make( static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1, mbedtls_svc_key_id_t id2 ) { - return( ( id1.key_id == id2.key_id ) && - mbedtls_key_owner_id_equal( id1.owner, id2.owner ) ); + return( ( id1.MBEDTLS_PRIVATE(key_id) == id2.MBEDTLS_PRIVATE(key_id) ) && + mbedtls_key_owner_id_equal( id1.MBEDTLS_PRIVATE(owner), id2.MBEDTLS_PRIVATE(owner) ) ); } /** Check whether a key identifier is null. @@ -2150,7 +2151,7 @@ static inline int mbedtls_svc_key_id_equal( mbedtls_svc_key_id_t id1, */ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) { - return( ( key.key_id == 0 ) && ( key.owner == 0 ) ); + return( ( key.MBEDTLS_PRIVATE(key_id) == 0 ) && ( key.MBEDTLS_PRIVATE(owner) == 0 ) ); } #endif /* !MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */ From 6c2e9b6048cc688b33bd59c5ae5472e4838021a5 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Wed, 19 May 2021 17:54:54 +0200 Subject: [PATCH 015/236] Add MBEDTLS_ALLOW_PRIVATE_ACCESS to test programs Signed-off-by: Mateusz Starzyk --- programs/fuzz/fuzz_client.c | 2 ++ programs/fuzz/fuzz_dtlsclient.c | 2 ++ programs/fuzz/fuzz_dtlsserver.c | 2 ++ programs/fuzz/fuzz_privkey.c | 2 ++ programs/fuzz/fuzz_pubkey.c | 2 ++ programs/fuzz/fuzz_server.c | 2 ++ programs/fuzz/fuzz_x509crl.c | 2 ++ programs/fuzz/fuzz_x509crt.c | 2 ++ programs/fuzz/fuzz_x509csr.c | 2 ++ programs/ssl/ssl_client2.c | 2 ++ programs/ssl/ssl_context_info.c | 2 ++ programs/ssl/ssl_server2.c | 2 ++ programs/ssl/ssl_test_lib.c | 2 ++ programs/test/benchmark.c | 2 ++ programs/test/selftest.c | 2 ++ programs/test/udp_proxy.c | 2 ++ 16 files changed, 32 insertions(+) diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 618eda265..40ca90a91 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -1,3 +1,5 @@ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 29c8672f7..16f601470 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -1,3 +1,5 @@ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include #include #include diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index b6dc52ed6..34ff63ede 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -1,3 +1,5 @@ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include #include #include diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index 6c968fd54..f76afd1c5 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -1,3 +1,5 @@ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include #include #include "mbedtls/pk.h" diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c index 9e8035045..655d5d615 100644 --- a/programs/fuzz/fuzz_pubkey.c +++ b/programs/fuzz/fuzz_pubkey.c @@ -1,3 +1,5 @@ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include #include #include "mbedtls/pk.h" diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 16b800c99..5480e3e87 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -1,3 +1,5 @@ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include "mbedtls/ssl.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 15affb59b..65fc37fb3 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -1,3 +1,5 @@ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include #include "mbedtls/x509_crl.h" diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index dbc153c49..bd8bdffdb 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -1,3 +1,5 @@ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include #include "mbedtls/x509_crt.h" diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index a270742a9..a9205be53 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -1,3 +1,5 @@ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include #include "mbedtls/x509_csr.h" diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 2ce858837..80b0ce0ee 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include "ssl_test_lib.h" #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index ec24fa8e0..bc9c6bd52 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 1ff27fb8b..f7a424a5a 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include "ssl_test_lib.h" #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c index 1bb9d6162..04e127a85 100644 --- a/programs/ssl/ssl_test_lib.c +++ b/programs/ssl/ssl_test_lib.c @@ -20,6 +20,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include "ssl_test_lib.h" #if defined(MBEDTLS_TEST_HOOKS) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 3e4ac8b61..3320bbf7d 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/test/selftest.c b/programs/test/selftest.c index e160febe1..a3e306ce9 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index afe0118d0..91c231f9b 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -23,6 +23,8 @@ * example of good general usage. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else From 5dd4f6e9ceaa5d7f1af77db770d1108ca208b81d Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Wed, 19 May 2021 19:35:35 +0200 Subject: [PATCH 016/236] Add MBEDTLS_PRIVATE wrapping to sample programs. Signed-off-by: Mateusz Starzyk --- programs/aes/crypt_and_hash.c | 8 ++++---- programs/pkey/dh_client.c | 14 +++++++------- programs/pkey/dh_server.c | 16 ++++++++-------- programs/pkey/ecdh_curve25519.c | 30 +++++++++++++++--------------- programs/pkey/ecdsa.c | 10 +++++----- programs/pkey/gen_key.c | 18 +++++++++--------- programs/pkey/key_app.c | 14 +++++++------- programs/pkey/key_app_writer.c | 14 +++++++------- programs/pkey/rsa_decrypt.c | 2 +- programs/pkey/rsa_encrypt.c | 2 +- programs/pkey/rsa_sign.c | 2 +- programs/pkey/rsa_verify.c | 8 ++++---- programs/ssl/dtls_client.c | 2 ++ programs/ssl/dtls_server.c | 2 ++ programs/ssl/mini_client.c | 2 ++ programs/ssl/ssl_client1.c | 2 ++ programs/ssl/ssl_fork_server.c | 2 ++ programs/ssl/ssl_mail_client.c | 3 +++ programs/ssl/ssl_server.c | 2 ++ programs/ssl/ssl_server2.c | 4 ++-- programs/x509/cert_app.c | 2 +- programs/x509/cert_write.c | 8 ++++---- 22 files changed, 91 insertions(+), 76 deletions(-) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 63a12480f..0f97867fa 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -128,7 +128,7 @@ int main( int argc, char *argv[] ) while( *list ) { cipher_info = mbedtls_cipher_info_from_type( *list ); - mbedtls_printf( " %s\n", cipher_info->name ); + mbedtls_printf( " %s\n", cipher_info->MBEDTLS_PRIVATE(name) ); list++; } @@ -313,7 +313,7 @@ int main( int argc, char *argv[] ) } - if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen, + if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen), MBEDTLS_ENCRYPT ) != 0 ) { mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n"); @@ -412,7 +412,7 @@ int main( int argc, char *argv[] ) /* * Check the file size. */ - if( cipher_info->mode != MBEDTLS_MODE_GCM && + if( cipher_info->MBEDTLS_PRIVATE(mode) != MBEDTLS_MODE_GCM && ( ( filesize - mbedtls_md_get_size( md_info ) ) % mbedtls_cipher_get_block_size( &cipher_ctx ) ) != 0 ) { @@ -452,7 +452,7 @@ int main( int argc, char *argv[] ) mbedtls_md_finish( &md_ctx, digest ); } - if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen, + if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->MBEDTLS_PRIVATE(key_bitlen), MBEDTLS_DECRYPT ) != 0 ) { mbedtls_fprintf( stderr, "mbedtls_cipher_setkey() returned error\n" ); diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index d6e4990a9..f37df4a9f 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -127,15 +127,15 @@ int main( void ) mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) + if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); fclose( f ); goto exit; } - rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; + rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3; fclose( f ); @@ -193,7 +193,7 @@ int main( void ) goto exit; } - if( dhm.len < 64 || dhm.len > 512 ) + if( dhm.MBEDTLS_PRIVATE(len) < 64 || dhm.MBEDTLS_PRIVATE(len) > 512 ) { mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" ); goto exit; @@ -208,7 +208,7 @@ int main( void ) p += 2; - if( ( n = (size_t) ( end - p ) ) != rsa.len ) + if( ( n = (size_t) ( end - p ) ) != rsa.MBEDTLS_PRIVATE(len) ) { mbedtls_printf( " failed\n ! Invalid RSA signature size\n\n" ); goto exit; @@ -233,8 +233,8 @@ int main( void ) mbedtls_printf( "\n . Sending own public value to server" ); fflush( stdout ); - n = dhm.len; - if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, n, + n = dhm.MBEDTLS_PRIVATE(len); + if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.MBEDTLS_PRIVATE(len), buf, n, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret ); diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index dccf0951c..d19ddad25 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -173,8 +173,8 @@ int main( void ) goto exit; } - if( mbedtls_mpi_read_file( &dhm.P, 16, f ) != 0 || - mbedtls_mpi_read_file( &dhm.G, 16, f ) != 0 ) + if( mbedtls_mpi_read_file( &dhm.MBEDTLS_PRIVATE(P), 16, f ) != 0 || + mbedtls_mpi_read_file( &dhm.MBEDTLS_PRIVATE(G), 16, f ) != 0 ) { mbedtls_printf( " failed\n ! Invalid DH parameter file\n\n" ); fclose( f ); @@ -210,7 +210,7 @@ int main( void ) memset( buf, 0, sizeof( buf ) ); - if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.P ), buf, &n, + if( ( ret = mbedtls_dhm_make_params( &dhm, (int) mbedtls_mpi_size( &dhm.MBEDTLS_PRIVATE(P) ), buf, &n, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_dhm_make_params returned %d\n\n", ret ); @@ -226,8 +226,8 @@ int main( void ) goto exit; } - buf[n ] = (unsigned char)( rsa.len >> 8 ); - buf[n + 1] = (unsigned char)( rsa.len ); + buf[n ] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) >> 8 ); + buf[n + 1] = (unsigned char)( rsa.MBEDTLS_PRIVATE(len) ); if( ( ret = mbedtls_rsa_pkcs1_sign( &rsa, NULL, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA256, 0, hash, buf + n + 2 ) ) != 0 ) @@ -236,7 +236,7 @@ int main( void ) goto exit; } - buflen = n + 2 + rsa.len; + buflen = n + 2 + rsa.MBEDTLS_PRIVATE(len); buf2[0] = (unsigned char)( buflen >> 8 ); buf2[1] = (unsigned char)( buflen ); @@ -255,14 +255,14 @@ int main( void ) memset( buf, 0, sizeof( buf ) ); - n = dhm.len; + n = dhm.MBEDTLS_PRIVATE(len); if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n ) { mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); goto exit; } - if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.len ) ) != 0 ) + if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.MBEDTLS_PRIVATE(len) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret ); goto exit; diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index 67f136360..1f4b8bc3f 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -91,14 +91,14 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting up client context..." ); fflush( stdout ); - ret = mbedtls_ecp_group_load( &ctx_cli.grp, MBEDTLS_ECP_DP_CURVE25519 ); + ret = mbedtls_ecp_group_load( &ctx_cli.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519 ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret ); goto exit; } - ret = mbedtls_ecdh_gen_public( &ctx_cli.grp, &ctx_cli.d, &ctx_cli.Q, + ret = mbedtls_ecdh_gen_public( &ctx_cli.MBEDTLS_PRIVATE(grp), &ctx_cli.MBEDTLS_PRIVATE(d), &ctx_cli.MBEDTLS_PRIVATE(Q), mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { @@ -106,7 +106,7 @@ int main( int argc, char *argv[] ) goto exit; } - ret = mbedtls_mpi_write_binary( &ctx_cli.Q.X, cli_to_srv, 32 ); + ret = mbedtls_mpi_write_binary( &ctx_cli.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), cli_to_srv, 32 ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret ); @@ -121,14 +121,14 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting up server context..." ); fflush( stdout ); - ret = mbedtls_ecp_group_load( &ctx_srv.grp, MBEDTLS_ECP_DP_CURVE25519 ); + ret = mbedtls_ecp_group_load( &ctx_srv.MBEDTLS_PRIVATE(grp), MBEDTLS_ECP_DP_CURVE25519 ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ecp_group_load returned %d\n", ret ); goto exit; } - ret = mbedtls_ecdh_gen_public( &ctx_srv.grp, &ctx_srv.d, &ctx_srv.Q, + ret = mbedtls_ecdh_gen_public( &ctx_srv.MBEDTLS_PRIVATE(grp), &ctx_srv.MBEDTLS_PRIVATE(d), &ctx_srv.MBEDTLS_PRIVATE(Q), mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { @@ -136,7 +136,7 @@ int main( int argc, char *argv[] ) goto exit; } - ret = mbedtls_mpi_write_binary( &ctx_srv.Q.X, srv_to_cli, 32 ); + ret = mbedtls_mpi_write_binary( &ctx_srv.MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), srv_to_cli, 32 ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_write_binary returned %d\n", ret ); @@ -151,22 +151,22 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Server reading client key and computing secret..." ); fflush( stdout ); - ret = mbedtls_mpi_lset( &ctx_srv.Qp.Z, 1 ); + ret = mbedtls_mpi_lset( &ctx_srv.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1 ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret ); goto exit; } - ret = mbedtls_mpi_read_binary( &ctx_srv.Qp.X, cli_to_srv, 32 ); + ret = mbedtls_mpi_read_binary( &ctx_srv.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), cli_to_srv, 32 ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret ); goto exit; } - ret = mbedtls_ecdh_compute_shared( &ctx_srv.grp, &ctx_srv.z, - &ctx_srv.Qp, &ctx_srv.d, + ret = mbedtls_ecdh_compute_shared( &ctx_srv.MBEDTLS_PRIVATE(grp), &ctx_srv.MBEDTLS_PRIVATE(z), + &ctx_srv.MBEDTLS_PRIVATE(Qp), &ctx_srv.MBEDTLS_PRIVATE(d), mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { @@ -182,22 +182,22 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Client reading server key and computing secret..." ); fflush( stdout ); - ret = mbedtls_mpi_lset( &ctx_cli.Qp.Z, 1 ); + ret = mbedtls_mpi_lset( &ctx_cli.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(Z), 1 ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_lset returned %d\n", ret ); goto exit; } - ret = mbedtls_mpi_read_binary( &ctx_cli.Qp.X, srv_to_cli, 32 ); + ret = mbedtls_mpi_read_binary( &ctx_cli.MBEDTLS_PRIVATE(Qp).MBEDTLS_PRIVATE(X), srv_to_cli, 32 ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_binary returned %d\n", ret ); goto exit; } - ret = mbedtls_ecdh_compute_shared( &ctx_cli.grp, &ctx_cli.z, - &ctx_cli.Qp, &ctx_cli.d, + ret = mbedtls_ecdh_compute_shared( &ctx_cli.MBEDTLS_PRIVATE(grp), &ctx_cli.MBEDTLS_PRIVATE(z), + &ctx_cli.MBEDTLS_PRIVATE(Qp), &ctx_cli.MBEDTLS_PRIVATE(d), mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { @@ -213,7 +213,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Checking if both computed secrets are equal..." ); fflush( stdout ); - ret = mbedtls_mpi_cmp_mpi( &ctx_cli.z, &ctx_srv.z ); + ret = mbedtls_mpi_cmp_mpi( &ctx_cli.MBEDTLS_PRIVATE(z), &ctx_srv.MBEDTLS_PRIVATE(z) ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ecdh_compute_shared returned %d\n", ret ); diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 1bbf8268c..3dacd75d3 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -55,7 +55,7 @@ #define ECPARAMS MBEDTLS_ECP_DP_SECP192R1 #if !defined(ECPARAMS) -#define ECPARAMS mbedtls_ecp_curve_list()->grp_id +#define ECPARAMS mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id) #endif #if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \ @@ -84,7 +84,7 @@ static void dump_pubkey( const char *title, mbedtls_ecdsa_context *key ) unsigned char buf[300]; size_t len; - if( mbedtls_ecp_point_write_binary( &key->grp, &key->Q, + if( mbedtls_ecp_point_write_binary( &key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q), MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf ) != 0 ) { mbedtls_printf("internal error\n"); @@ -156,7 +156,7 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.grp.pbits ); + mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).MBEDTLS_PRIVATE(pbits) ); dump_pubkey( " + Public key: ", &ctx_sign ); @@ -204,13 +204,13 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Preparing verification context..." ); fflush( stdout ); - if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.grp, &ctx_sign.grp ) ) != 0 ) + if( ( ret = mbedtls_ecp_group_copy( &ctx_verify.MBEDTLS_PRIVATE(grp), &ctx_sign.MBEDTLS_PRIVATE(grp) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ecp_group_copy returned %d\n", ret ); goto exit; } - if( ( ret = mbedtls_ecp_copy( &ctx_verify.Q, &ctx_sign.Q ) ) != 0 ) + if( ( ret = mbedtls_ecp_copy( &ctx_verify.MBEDTLS_PRIVATE(Q), &ctx_sign.MBEDTLS_PRIVATE(Q) ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ecp_copy returned %d\n", ret ); goto exit; diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 63cc11ed5..9ad1190fc 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -90,7 +90,7 @@ int dev_random_entropy_poll( void *data, unsigned char *output, #endif #if defined(MBEDTLS_ECP_C) -#define DFL_EC_CURVE mbedtls_ecp_curve_list()->grp_id +#define DFL_EC_CURVE mbedtls_ecp_curve_list()->MBEDTLS_PRIVATE(grp_id) #else #define DFL_EC_CURVE 0 #endif @@ -223,9 +223,9 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_ECP_C) mbedtls_printf( " available ec_curve values:\n" ); curve_info = mbedtls_ecp_curve_list(); - mbedtls_printf( " %s (default)\n", curve_info->name ); - while( ( ++curve_info )->name != NULL ) - mbedtls_printf( " %s\n", curve_info->name ); + mbedtls_printf( " %s (default)\n", curve_info->MBEDTLS_PRIVATE(name) ); + while( ( ++curve_info )->MBEDTLS_PRIVATE(name) != NULL ) + mbedtls_printf( " %s\n", curve_info->MBEDTLS_PRIVATE(name) ); #endif /* MBEDTLS_ECP_C */ goto exit; } @@ -274,7 +274,7 @@ int main( int argc, char *argv[] ) { if( ( curve_info = mbedtls_ecp_curve_info_from_name( q ) ) == NULL ) goto usage; - opt.ec_curve = curve_info->grp_id; + opt.ec_curve = curve_info->MBEDTLS_PRIVATE(grp_id); } #endif else if( strcmp( p, "filename" ) == 0 ) @@ -395,10 +395,10 @@ int main( int argc, char *argv[] ) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key ); mbedtls_printf( "curve: %s\n", - mbedtls_ecp_curve_info_from_grp_id( ecp->grp.id )->name ); - mbedtls_mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL ); - mbedtls_mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL ); - mbedtls_mpi_write_file( "D: ", &ecp->d , 16, NULL ); + mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).MBEDTLS_PRIVATE(id) )->MBEDTLS_PRIVATE(name) ); + mbedtls_mpi_write_file( "X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ); + mbedtls_mpi_write_file( "Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ); + mbedtls_mpi_write_file( "D: ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL ); } else #endif diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 7f39e5ce3..7bd93c72b 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -222,10 +222,10 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY ) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "D : ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL ) ); } else #endif @@ -273,9 +273,9 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY ) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ) ); } else #endif diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 6a4d0e4ce..4b65262d0 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -335,10 +335,10 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY ) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key ); - mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ); - mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ); - mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ); - mbedtls_mpi_write_file( "D : ", &ecp->d , 16, NULL ); + mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ); + mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ); + mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ); + mbedtls_mpi_write_file( "D : ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL ); } else #endif @@ -389,9 +389,9 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_ECKEY ) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key ); - mbedtls_mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL ); - mbedtls_mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL ); - mbedtls_mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL ); + mbedtls_mpi_write_file( "Q(X): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ); + mbedtls_mpi_write_file( "Q(Y): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ); + mbedtls_mpi_write_file( "Q(Z): ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Z), 16, NULL ); } else #endif diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 1ba8c735d..b13bb310e 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -164,7 +164,7 @@ int main( int argc, char *argv[] ) fclose( f ); - if( i != rsa.len ) + if( i != rsa.MBEDTLS_PRIVATE(len) ) { mbedtls_printf( "\n ! Invalid RSA signature format\n\n" ); goto exit; diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index ba0120172..03a6e894f 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -161,7 +161,7 @@ int main( int argc, char *argv[] ) goto exit; } - for( i = 0; i < rsa.len; i++ ) + for( i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++ ) mbedtls_fprintf( f, "%02X%s", buf[i], ( i + 1 ) % 16 == 0 ? "\r\n" : " " ); diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index c9522c8c2..8e657a792 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -164,7 +164,7 @@ int main( int argc, char *argv[] ) goto exit; } - for( i = 0; i < rsa.len; i++ ) + for( i = 0; i < rsa.MBEDTLS_PRIVATE(len); i++ ) mbedtls_fprintf( f, "%02X%s", buf[i], ( i + 1 ) % 16 == 0 ? "\r\n" : " " ); diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index fbc0779b2..e7e347c70 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -89,15 +89,15 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) + if( ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(N), 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &rsa.MBEDTLS_PRIVATE(E), 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); fclose( f ); goto exit; } - rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; + rsa.MBEDTLS_PRIVATE(len) = ( mbedtls_mpi_bitlen( &rsa.MBEDTLS_PRIVATE(N) ) + 7 ) >> 3; fclose( f ); @@ -119,7 +119,7 @@ int main( int argc, char *argv[] ) fclose( f ); - if( i != rsa.len ) + if( i != rsa.MBEDTLS_PRIVATE(len) ) { mbedtls_printf( "\n ! Invalid RSA signature format\n\n" ); goto exit; diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index 1e9779533..c3c73bb14 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index bd2dc12de..34419db7c 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 0a9cc284d..a067a8fd5 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -18,6 +18,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 6624224af..3e479d00a 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index d181c01da..38a68831e 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 428c64362..5d395c25f 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -20,6 +20,9 @@ /* Enable definition of gethostname() even when compiling with -std=c99. Must * be set before config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ + +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #define _POSIX_C_SOURCE 200112L #define _XOPEN_SOURCE 600 diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 11147b092..8458a22b4 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index f7a424a5a..da145a92c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -805,7 +805,7 @@ int sni_callback( void *p_info, mbedtls_ssl_context *ssl, return( mbedtls_ssl_set_hs_own_cert( ssl, cur->cert, cur->key ) ); } - cur = cur->next; + cur = cur->MBEDTLS_PRIVATE(next); } return( -1 ); @@ -921,7 +921,7 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl, return( mbedtls_ssl_set_hs_psk( ssl, cur->key, cur->key_len ) ); } - cur = cur->next; + cur = cur->MBEDTLS_PRIVATE(next); } return( -1 ); diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index fb2484337..2adef3904 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -335,7 +335,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "%s\n", buf ); - cur = cur->next; + cur = cur->MBEDTLS_PRIVATE(next); } /* diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 18174d804..ff7cf9807 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -518,7 +518,7 @@ int main( int argc, char *argv[] ) } ret = mbedtls_x509_dn_gets( issuer_name, sizeof(issuer_name), - &issuer_crt.subject ); + &issuer_crt.MBEDTLS_PRIVATE(subject) ); if( ret < 0 ) { mbedtls_strerror( ret, buf, 1024 ); @@ -552,7 +552,7 @@ int main( int argc, char *argv[] ) } ret = mbedtls_x509_dn_gets( subject_name, sizeof(subject_name), - &csr.subject ); + &csr.MBEDTLS_PRIVATE(subject) ); if( ret < 0 ) { mbedtls_strerror( ret, buf, 1024 ); @@ -562,7 +562,7 @@ int main( int argc, char *argv[] ) } opt.subject_name = subject_name; - subject_key = &csr.pk; + subject_key = &csr.MBEDTLS_PRIVATE(pk); mbedtls_printf( " ok\n" ); } @@ -606,7 +606,7 @@ int main( int argc, char *argv[] ) // if( strlen( opt.issuer_crt ) ) { - if( mbedtls_pk_check_pair( &issuer_crt.pk, issuer_key ) != 0 ) + if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key ) != 0 ) { mbedtls_printf( " failed\n ! issuer_key does not match " "issuer certificate\n\n" ); From beb95b4d251f2072b2f4f15357f7b85f831f05f9 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Thu, 20 May 2021 14:41:22 +0200 Subject: [PATCH 017/236] Adjust doxyfile to expand MBEDTLS_PRIVATE macro. Signed-off-by: Mateusz Starzyk --- doxygen/mbedtls.doxyfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 0205dcfef..dd84c2871 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1577,13 +1577,13 @@ ENABLE_PREPROCESSING = YES # compilation will be performed. Macro expansion can be done in a controlled # way by setting EXPAND_ONLY_PREDEF to YES. -MACRO_EXPANSION = NO +MACRO_EXPANSION = YES # If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES # then the macro expansion is limited to the macros specified with the # PREDEFINED and EXPAND_AS_DEFINED tags. -EXPAND_ONLY_PREDEF = NO +EXPAND_ONLY_PREDEF = YES # If the SEARCH_INCLUDES tag is set to YES (the default) the includes files # pointed to by INCLUDE_PATH will be searched when a #include is found. @@ -1630,7 +1630,7 @@ PREDEFINED = WIN32 \ # Use the PREDEFINED tag if you want to use a different macro definition that # overrules the definition found in the source code. -EXPAND_AS_DEFINED = +EXPAND_AS_DEFINED = MBEDTLS_PRIVATE # If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then # doxygen's preprocessor will remove all references to function-like macros From f2b11a9a77ca2b80952890e72ebe38de7169a441 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Fri, 21 May 2021 09:33:46 +0200 Subject: [PATCH 018/236] Add MBEDTLS_ALLOW_PRIVATE_ACCESS to tests drivers Signed-off-by: Mateusz Starzyk --- tests/src/drivers/hash.c | 2 ++ tests/src/drivers/platform_builtin_keys.c | 2 ++ tests/src/drivers/test_driver_aead.c | 2 ++ tests/src/drivers/test_driver_cipher.c | 2 ++ tests/src/drivers/test_driver_key_management.c | 2 ++ tests/src/drivers/test_driver_mac.c | 2 ++ tests/src/drivers/test_driver_signature.c | 2 ++ tests/src/drivers/test_driver_size.c | 2 ++ 8 files changed, 16 insertions(+) diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c index f95aa6b61..a9c475a82 100644 --- a/tests/src/drivers/hash.c +++ b/tests/src/drivers/hash.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c index 759fa7830..a3c5796da 100644 --- a/tests/src/drivers/platform_builtin_keys.c +++ b/tests/src/drivers/platform_builtin_keys.c @@ -20,6 +20,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #include #include diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index a14716324..c247bab08 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 4827946b0..51c1abc1a 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -18,6 +18,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 19e103331..b1096cb6f 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -18,6 +18,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c index 69af10780..439943cca 100644 --- a/tests/src/drivers/test_driver_mac.c +++ b/tests/src/drivers/test_driver_mac.c @@ -17,6 +17,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index fdfba165f..e48670415 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -19,6 +19,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/tests/src/drivers/test_driver_size.c b/tests/src/drivers/test_driver_size.c index d8bcaee38..af899c689 100644 --- a/tests/src/drivers/test_driver_size.c +++ b/tests/src/drivers/test_driver_size.c @@ -18,6 +18,8 @@ * limitations under the License. */ +#define MBEDTLS_ALLOW_PRIVATE_ACCESS + #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else From 28c8cce051fc90141453a85d16f84527926ffbf5 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Fri, 21 May 2021 09:48:03 +0200 Subject: [PATCH 019/236] Add conditional error.h include to test helpers function. `mbedtls_test_hook_error_add` is referenced inside main_test.function. Including the `error.h` is necessary to build suites which define both MBEDTLS_TEST_HOOKS and MBEDTLS_ERROR_C, such as: build_psa_accel_alg_ecdh Signed-off-by: Mateusz Starzyk --- tests/suites/helpers.function | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index ca03532ba..ae1bc888d 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -11,6 +11,9 @@ #include +#if defined (MBEDTLS_ERROR_C) +#include "mbedtls/error.h" +#endif #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else From 9752aadd85e61a58da6eaa7c59f6dd7ff47f78a7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 21 Apr 2021 05:54:33 +0100 Subject: [PATCH 020/236] Make query API for state of MFL extension internal This commit makes the API - mbedtls_ssl_get_output_max_frag_len() - mbedtls_ssl_get_input_max_frag_len() - mbedtls_ssl_get__max_frag_len() for querying the state of the Maximum Fragment Length extension internal. Rationale: The value those APIs provide to the user is in upper bounds for the size of incoming and outgoing records, which can be used to size application data buffers apporpriately before passing them to mbedtls_ssl_{read,write}(). However, there are other factors which influence such upper bounds, such as the MTU or other extensions (specifically, the record_size_limit extension which is still to be implemented) which should be taken into account. There should be more general APIs for querying the maximum size of incoming and outgoing records. For the maximum size of outgoing records, we already have such, namely mbedtls_ssl_get_max_out_record_payload(). For the maximum size of incoming records, a new API will be added in a subsequent commit. Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 33 --------------------------------- library/ssl_misc.h | 33 +++++++++++++++++++++++++++++++++ programs/ssl/ssl_client2.c | 7 ------- programs/ssl/ssl_server2.c | 7 ------- 4 files changed, 33 insertions(+), 47 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 88a599c18..905b5679c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3645,39 +3645,6 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl ); */ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -/** - * \brief Return the maximum fragment length (payload, in bytes) for - * the output buffer. For the client, this is the configured - * value. For the server, it is the minimum of two - the - * configured value and the negotiated one. - * - * \sa mbedtls_ssl_conf_max_frag_len() - * \sa mbedtls_ssl_get_max_record_payload() - * - * \param ssl SSL context - * - * \return Current maximum fragment length for the output buffer. - */ -size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ); - -/** - * \brief Return the maximum fragment length (payload, in bytes) for - * the input buffer. This is the negotiated maximum fragment - * length, or, if there is none, MBEDTLS_SSL_IN_CONTENT_LEN. - * If it is not defined either, the value is 2^14. This function - * works as its predecessor, \c mbedtls_ssl_get_max_frag_len(). - * - * \sa mbedtls_ssl_conf_max_frag_len() - * \sa mbedtls_ssl_get_max_record_payload() - * - * \param ssl SSL context - * - * \return Current maximum fragment length for the output buffer. - */ -size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ); -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ - /** * \brief Return the current maximum outgoing record payload in bytes. * This takes into account the config.h setting \c diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 180f4d8dc..ecbeb8ba8 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -270,6 +270,39 @@ + ( MBEDTLS_SSL_CID_OUT_LEN_MAX ) ) #endif +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) +/** + * \brief Return the maximum fragment length (payload, in bytes) for + * the output buffer. For the client, this is the configured + * value. For the server, it is the minimum of two - the + * configured value and the negotiated one. + * + * \sa mbedtls_ssl_conf_max_frag_len() + * \sa mbedtls_ssl_get_max_out_record_payload() + * + * \param ssl SSL context + * + * \return Current maximum fragment length for the output buffer. + */ +size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ); + +/** + * \brief Return the maximum fragment length (payload, in bytes) for + * the input buffer. This is the negotiated maximum fragment + * length, or, if there is none, MBEDTLS_SSL_MAX_CONTENT_LEN. + * If it is not defined either, the value is 2^14. This function + * works as its predecessor, \c mbedtls_ssl_get_max_frag_len(). + * + * \sa mbedtls_ssl_conf_max_frag_len() + * \sa mbedtls_ssl_get_max_in_record_payload() + * + * \param ssl SSL context + * + * \return Current maximum fragment length for the output buffer. + */ +size_t mbedtls_ssl_get_input_max_frag_len( const mbedtls_ssl_context *ssl ); +#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ + #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) static inline size_t mbedtls_ssl_get_output_buflen( const mbedtls_ssl_context *ctx ) { diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 2ce858837..3cbf13000 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2083,13 +2083,6 @@ int main( int argc, char *argv[] ) else mbedtls_printf( " [ Record expansion is unknown ]\n" ); -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - mbedtls_printf( " [ Maximum input fragment length is %u ]\n", - (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) ); - mbedtls_printf( " [ Maximum output fragment length is %u ]\n", - (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) ); -#endif - #if defined(MBEDTLS_SSL_ALPN) if( opt.alpn_string != NULL ) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 1ff27fb8b..1ec8f09f7 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3164,13 +3164,6 @@ handshake: else mbedtls_printf( " [ Record expansion is unknown ]\n" ); -#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - mbedtls_printf( " [ Maximum input fragment length is %u ]\n", - (unsigned int) mbedtls_ssl_get_input_max_frag_len( &ssl ) ); - mbedtls_printf( " [ Maximum output fragment length is %u ]\n", - (unsigned int) mbedtls_ssl_get_output_max_frag_len( &ssl ) ); -#endif - #if defined(MBEDTLS_SSL_ALPN) if( opt.alpn_string != NULL ) { From be746949c4bf8f701a8a7c5c8cb44d61394bb5da Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 21 Apr 2021 06:18:37 +0100 Subject: [PATCH 021/236] Relax documentation of mbedtls_ssl_get_max_out_record_payload() The previous documentation could be read as exhaustively listing the factors that go into computing the maximum outgoing record plaintext size -- we should give examples, but allow ourselves to add more factors in the future. Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 905b5679c..9583dcaf8 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3647,10 +3647,10 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); /** * \brief Return the current maximum outgoing record payload in bytes. - * This takes into account the config.h setting \c - * MBEDTLS_SSL_OUT_CONTENT_LEN, the configured and negotiated - * max fragment length extension if used, and for DTLS the - * path MTU as configured and current record expansion. + * This takes into account various factors, such as the config.h + * setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions such as the + * max fragment length or record size limit extension if used, and + * for DTLS the path MTU as configured and current record expansion. * * \note With DTLS, \c mbedtls_ssl_write() will return an error if * called with a larger length value. From 2d8e99b0972de4a88217911a4664fbec64d776a4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 21 Apr 2021 06:19:50 +0100 Subject: [PATCH 022/236] Add API to query maximum plaintext size of incoming records Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 26 ++++++++++++++++++++++++++ library/ssl_tls.c | 18 ++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 9583dcaf8..194aee5fa 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3671,6 +3671,32 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); */ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ); +/** + * \brief Return the current maximum incoming record payload in bytes. + * This takes into account various factors, such as the + * config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions + * such as the max fragment length extension or record size limit + * extension if used, and the current record expansion. + * + * \note With DTLS, \c mbedtls_ssl_read() will return an error if + * called with a larger length value. + * With TLS, \c mbedtls_ssl_write() will fragment the input if + * necessary and return the number of bytes written; it is up + * to the caller to call \c mbedtls_ssl_write() again in + * order to send the remaining bytes if any. + * + * \sa mbedtls_ssl_set_mtu() + * \sa mbedtls_ssl_get_output_max_frag_len() + * \sa mbedtls_ssl_get_input_max_frag_len() + * \sa mbedtls_ssl_get_record_expansion() + * + * \param ssl SSL context + * + * \return Current maximum payload for an outgoing record, + * or a negative error code. + */ +int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl ); + #if defined(MBEDTLS_X509_CRT_PARSE_C) /** * \brief Return the peer certificate from the current connection. diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 170d563bd..fd6050c77 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4767,6 +4767,24 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ) return( (int) max_len ); } +int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl ) +{ + size_t max_len = MBEDTLS_SSL_IN_CONTENT_LEN; + +#if !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + (void) ssl; +#endif + +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + const size_t mfl = mbedtls_ssl_get_input_max_frag_len( ssl ); + + if( max_len > mfl ) + max_len = mfl; +#endif + + return( (int) max_len ); +} + #if defined(MBEDTLS_X509_CRT_PARSE_C) const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl ) { From 80d163d496b66ca9e065a0a4f3a9e5a2ab85b9e1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 21 Apr 2021 06:28:18 +0100 Subject: [PATCH 023/236] Remove Doxygen references to now-internal MFL query API Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 194aee5fa..83df11769 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3659,9 +3659,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); * to the caller to call \c mbedtls_ssl_write() again in * order to send the remaining bytes if any. * - * \sa mbedtls_ssl_set_mtu() - * \sa mbedtls_ssl_get_output_max_frag_len() - * \sa mbedtls_ssl_get_input_max_frag_len() + * \sa mbedtls_ssl_get_max_out_record_payload() * \sa mbedtls_ssl_get_record_expansion() * * \param ssl SSL context @@ -3686,8 +3684,7 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ); * order to send the remaining bytes if any. * * \sa mbedtls_ssl_set_mtu() - * \sa mbedtls_ssl_get_output_max_frag_len() - * \sa mbedtls_ssl_get_input_max_frag_len() + * \sa mbedtls_ssl_get_max_in_record_payload() * \sa mbedtls_ssl_get_record_expansion() * * \param ssl SSL context @@ -3995,7 +3992,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) * or negotiated with the peer), then: * - with TLS, less bytes than requested are written. * - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned. - * \c mbedtls_ssl_get_output_max_frag_len() may be used to + * \c mbedtls_ssl_get_max_out_record_payload() may be used to * query the active maximum fragment length. * * \note Attempting to write 0 bytes will result in an empty TLS From b2efc4d4648082058461c664ca597cf661074902 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sat, 15 May 2021 06:26:24 +0100 Subject: [PATCH 024/236] Add migration guide Signed-off-by: Hanno Becker --- docs/3.0-migration-guide.d/max-record-payload-api.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 docs/3.0-migration-guide.d/max-record-payload-api.md diff --git a/docs/3.0-migration-guide.d/max-record-payload-api.md b/docs/3.0-migration-guide.d/max-record-payload-api.md new file mode 100644 index 000000000..0b34915f4 --- /dev/null +++ b/docs/3.0-migration-guide.d/max-record-payload-api.md @@ -0,0 +1,11 @@ +Remove MaximumFragmentLength (MFL) query API +----------------------------------------------------------------- + +This affects users which use the MFL query APIs +`mbedtls_ssl_get_{input,output}_max_frag_len()` to +infer upper bounds on the plaintext size of incoming and +outgoing record. + +Users should switch to `mbedtls_ssl_get_max_{in,out}_record_payload()` +instead, which also provides such upper bounds but takes more factors +than just the MFL configuration into account. From 24628b69be04b547982f401fa48230a33a993df0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sat, 15 May 2021 06:29:41 +0100 Subject: [PATCH 025/236] Add ChangeLog entry Signed-off-by: Hanno Becker --- ChangeLog.d/max-record-payload-api.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/max-record-payload-api.txt diff --git a/ChangeLog.d/max-record-payload-api.txt b/ChangeLog.d/max-record-payload-api.txt new file mode 100644 index 000000000..af49fd96d --- /dev/null +++ b/ChangeLog.d/max-record-payload-api.txt @@ -0,0 +1,6 @@ +API changes + * Remove `mbedtls_ssl_get_{input,output}_max_frag_len()` + and add `mbedtls_ssl_get_max_in_record_payload()`, + complementing the existing `mbedtls_ssl_get_max_out_record_payload()`. + Uses of `mbedtls_ssl_get_{input,output}_max_frag_len()` + should be replaced by `mbedtls_ssl_get_max_{in,out}_record_payload()`. From ebd6ab7f6e1eb2d421b1441b25b12395d6a10da0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 May 2021 05:59:46 +0100 Subject: [PATCH 026/236] Improve documentation of record expansion API Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 83df11769..02cb6da91 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3647,10 +3647,13 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ); /** * \brief Return the current maximum outgoing record payload in bytes. - * This takes into account various factors, such as the config.h - * setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions such as the - * max fragment length or record size limit extension if used, and - * for DTLS the path MTU as configured and current record expansion. + * + * \note The logic to determine the maximum outgoing record payload is + * version-specific. It takes into account various factors, such as + * the config.h setting \c MBEDTLS_SSL_OUT_CONTENT_LEN, extensions + * such as the max fragment length or record size limit extension if + * used, and for DTLS the path MTU as configured and current + * record expansion. * * \note With DTLS, \c mbedtls_ssl_write() will return an error if * called with a larger length value. @@ -3671,8 +3674,10 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ); /** * \brief Return the current maximum incoming record payload in bytes. - * This takes into account various factors, such as the - * config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions + * + * \note The logic to determine the maximum outgoing record payload is + * version-specific. It takes into account various factors, such as + * the config.h setting \c MBEDTLS_SSL_IN_CONTENT_LEN, extensions * such as the max fragment length extension or record size limit * extension if used, and the current record expansion. * From 88f86f7f37092ede28c3e5647c29f44e4749e78d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 May 2021 06:00:28 +0100 Subject: [PATCH 027/236] Remove copy-pasta from record API documentation Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 7 ------- 1 file changed, 7 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 02cb6da91..cf3b44bc3 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3681,13 +3681,6 @@ int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl ); * such as the max fragment length extension or record size limit * extension if used, and the current record expansion. * - * \note With DTLS, \c mbedtls_ssl_read() will return an error if - * called with a larger length value. - * With TLS, \c mbedtls_ssl_write() will fragment the input if - * necessary and return the number of bytes written; it is up - * to the caller to call \c mbedtls_ssl_write() again in - * order to send the remaining bytes if any. - * * \sa mbedtls_ssl_set_mtu() * \sa mbedtls_ssl_get_max_in_record_payload() * \sa mbedtls_ssl_get_record_expansion() From fb1add76fdc62d857dcf43c74e231ea6415a4597 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 May 2021 06:02:48 +0100 Subject: [PATCH 028/236] Don't use markdown formatting in ChangeLog Signed-off-by: Hanno Becker --- ChangeLog.d/max-record-payload-api.txt | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/ChangeLog.d/max-record-payload-api.txt b/ChangeLog.d/max-record-payload-api.txt index af49fd96d..02b47e4e1 100644 --- a/ChangeLog.d/max-record-payload-api.txt +++ b/ChangeLog.d/max-record-payload-api.txt @@ -1,6 +1,9 @@ API changes - * Remove `mbedtls_ssl_get_{input,output}_max_frag_len()` - and add `mbedtls_ssl_get_max_in_record_payload()`, - complementing the existing `mbedtls_ssl_get_max_out_record_payload()`. - Uses of `mbedtls_ssl_get_{input,output}_max_frag_len()` - should be replaced by `mbedtls_ssl_get_max_{in,out}_record_payload()`. + * Remove the SSL APIs mbedtls_ssl_get_input_max_frag_len() and + mbedtls_ssl_get_output_max_frag_len(), and add a new API + mbedtls_ssl_get_max_in_record_payload(), complementing the existing + mbedtls_ssl_get_max_out_record_payload(). + Uses of mbedtls_ssl_get_input_max_frag_len() and + mbedtls_ssl_get_input_max_frag_len() should be replaced by + mbedtls_ssl_get_max_in_record_payload() and + mbedtls_ssl_get_max_out_record_payload(), respectively. From 3bbf4c058fed6b27a469ae50f779f8250b9b1ee6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 May 2021 06:20:23 +0100 Subject: [PATCH 029/236] Fix typo in migration guide for ticket API change Signed-off-by: Hanno Becker --- docs/3.0-migration-guide.d/ssl-ticket-api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/3.0-migration-guide.d/ssl-ticket-api.md b/docs/3.0-migration-guide.d/ssl-ticket-api.md index ce95e2f24..23c53d671 100644 --- a/docs/3.0-migration-guide.d/ssl-ticket-api.md +++ b/docs/3.0-migration-guide.d/ssl-ticket-api.md @@ -2,7 +2,7 @@ Modified semantics of mbedtls_ssl_{get,set}_session() ----------------------------------------------------------------- This affects users who call `mbedtls_ssl_get_session()` or -`mbedtls_ssl_session_set()` multiple times on the same SSL context +`mbedtls_ssl_set_session()` multiple times on the same SSL context representing an established TLS 1.2 connection. Those users will now observe the second call to fail with `MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE`. From ef5235bc2e611cf83457d857b4ea53e99387a518 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 24 May 2021 06:39:41 +0100 Subject: [PATCH 030/236] Add TLS 1.3 second level key derivations This commit adds helper functions to ssl_tls13_keys.[ch] allowing to derive the secrets specific to each stage of a TLS 1.3 handshake (early, handshake, application) from the corresponding master secret (early secret, handshake secret, master secret). Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 219 +++++++++++++++++++++++++++++++++++++++ library/ssl_tls13_keys.h | 194 ++++++++++++++++++++++++++++++++++ 2 files changed, 413 insertions(+) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 4e8fb433b..ce551f6fc 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -24,6 +24,7 @@ #include "mbedtls/hkdf.h" #include "ssl_misc.h" #include "ssl_tls13_keys.h" +#include "mbedtls/debug.h" #include #include @@ -346,4 +347,222 @@ int mbedtls_ssl_tls1_3_evolve_secret( return( ret ); } +int mbedtls_ssl_tls1_3_derive_early_secrets( + mbedtls_md_type_t md_type, + unsigned char const *early_secret, + unsigned char const *transcript, size_t transcript_len, + mbedtls_ssl_tls1_3_early_secrets *derived ) +{ + int ret; + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); + + /* We should never call this function with an unknown hash, + * but add an assertion anyway. */ + if( md_info == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + /* + * 0 + * | + * v + * PSK -> HKDF-Extract = Early Secret + * | + * +-----> Derive-Secret(., "ext binder" | "res binder", "") + * | = binder_key + * | + * +-----> Derive-Secret(., "c e traffic", ClientHello) + * | = client_early_traffic_secret + * | + * +-----> Derive-Secret(., "e exp master", ClientHello) + * | = early_exporter_master_secret + * v + */ + + /* Create client_early_traffic_secret */ + ret = mbedtls_ssl_tls1_3_derive_secret( md_type, + early_secret, md_size, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_e_traffic ), + transcript, transcript_len, + MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, + derived->client_early_traffic_secret, + md_size ); + if( ret != 0 ) + return( ret ); + + /* Create early exporter */ + ret = mbedtls_ssl_tls1_3_derive_secret( md_type, + early_secret, md_size, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( e_exp_master ), + transcript, transcript_len, + MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, + derived->early_exporter_master_secret, + md_size ); + if( ret != 0 ) + return( ret ); + + return( 0 ); +} + +int mbedtls_ssl_tls1_3_derive_handshake_secrets( + mbedtls_md_type_t md_type, + unsigned char const *handshake_secret, + unsigned char const *transcript, size_t transcript_len, + mbedtls_ssl_tls1_3_handshake_secrets *derived ) +{ + int ret; + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); + + /* We should never call this function with an unknown hash, + * but add an assertion anyway. */ + if( md_info == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + /* + * + * Handshake Secret + * | + * +-----> Derive-Secret( ., "c hs traffic", + * | ClientHello...ServerHello ) + * | = client_handshake_traffic_secret + * | + * +-----> Derive-Secret( ., "s hs traffic", + * | ClientHello...ServerHello ) + * | = server_handshake_traffic_secret + * + */ + + /* + * Compute client_handshake_traffic_secret with + * Derive-Secret( ., "c hs traffic", ClientHello...ServerHello ) + */ + + ret = mbedtls_ssl_tls1_3_derive_secret( md_type, + handshake_secret, md_size, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_hs_traffic ), + transcript, transcript_len, + MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, + derived->client_handshake_traffic_secret, + md_size ); + if( ret != 0 ) + return( ret ); + + /* + * Compute server_handshake_traffic_secret with + * Derive-Secret( ., "s hs traffic", ClientHello...ServerHello ) + */ + + ret = mbedtls_ssl_tls1_3_derive_secret( md_type, + handshake_secret, md_size, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_hs_traffic ), + transcript, transcript_len, + MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, + derived->server_handshake_traffic_secret, + md_size ); + if( ret != 0 ) + return( ret ); + + return( 0 ); +} + +int mbedtls_ssl_tls1_3_derive_application_secrets( + mbedtls_md_type_t md_type, + unsigned char const *application_secret, + unsigned char const *transcript, size_t transcript_len, + mbedtls_ssl_tls1_3_application_secrets *derived ) +{ + int ret; + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); + + /* We should never call this function with an unknown hash, + * but add an assertion anyway. */ + if( md_info == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + /* Generate {client,server}_application_traffic_secret_0 + * + * Master Secret + * | + * +-----> Derive-Secret( ., "c ap traffic", + * | ClientHello...server Finished ) + * | = client_application_traffic_secret_0 + * | + * +-----> Derive-Secret( ., "s ap traffic", + * | ClientHello...Server Finished ) + * | = server_application_traffic_secret_0 + * | + * +-----> Derive-Secret( ., "exp master", + * | ClientHello...server Finished) + * | = exporter_master_secret + * + */ + + ret = mbedtls_ssl_tls1_3_derive_secret( md_type, + application_secret, md_size, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( c_ap_traffic ), + transcript, transcript_len, + MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, + derived->client_application_traffic_secret_N, + md_size ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_ssl_tls1_3_derive_secret( md_type, + application_secret, md_size, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( s_ap_traffic ), + transcript, transcript_len, + MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, + derived->server_application_traffic_secret_N, + md_size ); + if( ret != 0 ) + return( ret ); + + ret = mbedtls_ssl_tls1_3_derive_secret( md_type, + application_secret, md_size, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( exp_master ), + transcript, transcript_len, + MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, + derived->exporter_master_secret, + md_size ); + if( ret != 0 ) + return( ret ); + + return( 0 ); +} + +/* Generate resumption_master_secret for use with the ticket exchange. + * + * This is not integrated with mbedtls_ssl_tls1_3_derive_application_secrets() + * because it uses the transcript hash up to and including ClientFinished. */ +int mbedtls_ssl_tls1_3_derive_resumption_master_secret( + mbedtls_md_type_t md_type, + unsigned char const *application_secret, + unsigned char const *transcript, size_t transcript_len, + mbedtls_ssl_tls1_3_application_secrets *derived ) +{ + int ret; + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); + + /* We should never call this function with an unknown hash, + * but add an assertion anyway. */ + if( md_info == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + ret = mbedtls_ssl_tls1_3_derive_secret( md_type, + application_secret, md_size, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_master ), + transcript, transcript_len, + MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED, + derived->resumption_master_secret, + md_size ); + + if( ret != 0 ) + return( ret ); + + return( 0 ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 7089049ce..cb45cc909 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -70,6 +70,27 @@ extern const struct mbedtls_ssl_tls1_3_labels_struct mbedtls_ssl_tls1_3_labels; #define MBEDTLS_SSL_TLS1_3_KEY_SCHEDULE_MAX_CONTEXT_LEN \ MBEDTLS_MD_MAX_SIZE +typedef struct +{ + unsigned char binder_key [ MBEDTLS_MD_MAX_SIZE ]; + unsigned char client_early_traffic_secret [ MBEDTLS_MD_MAX_SIZE ]; + unsigned char early_exporter_master_secret[ MBEDTLS_MD_MAX_SIZE ]; +} mbedtls_ssl_tls1_3_early_secrets; + +typedef struct +{ + unsigned char client_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ]; + unsigned char server_handshake_traffic_secret[ MBEDTLS_MD_MAX_SIZE ]; +} mbedtls_ssl_tls1_3_handshake_secrets; + +typedef struct +{ + unsigned char client_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ]; + unsigned char server_application_traffic_secret_N[ MBEDTLS_MD_MAX_SIZE ]; + unsigned char exporter_master_secret [ MBEDTLS_MD_MAX_SIZE ]; + unsigned char resumption_master_secret [ MBEDTLS_MD_MAX_SIZE ]; +} mbedtls_ssl_tls1_3_application_secrets; + /* Maximum desired length for expanded key material generated * by HKDF-Expand-Label. * @@ -198,6 +219,179 @@ int mbedtls_ssl_tls1_3_derive_secret( int ctx_hashed, unsigned char *dstbuf, size_t buflen ); +/** + * \brief Derive TLS 1.3 early data key material from early secret. + * + * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret() + * with the appropriate labels. + * + * + * Early Secret + * | + * +-----> Derive-Secret(., "c e traffic", ClientHello) + * | = client_early_traffic_secret + * | + * +-----> Derive-Secret(., "e exp master", ClientHello) + * . = early_exporter_master_secret + * . + * . + * + * + * \note To obtain the actual key and IV for the early data traffic, + * the client secret derived by this function need to be + * further processed by mbedtls_ssl_tls1_3_make_traffic_keys(). + * + * \note The binder key, which is also generated from the early secret, + * is omitted here. Its calculation is part of the separate routine + * mbedtls_ssl_tls1_3_create_psk_binder(). + * + * \param md_type The hash algorithm associated with the PSK for which + * early data key material is being derived. + * \param early_secret The early secret from which the early data key material + * should be derived. This must be a readable buffer whose + * length is the digest size of the hash algorithm + * represented by \p md_size. + * \param transcript The transcript of the handshake so far, calculated with + * respect to \p md_type. This must be a readable buffer + * whose length is the digest size of the hash algorithm + * represented by \p md_size. + * \param derived The address of the structure in which to store + * the early data key material. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +int mbedtls_ssl_tls1_3_derive_early_secrets( + mbedtls_md_type_t md_type, + unsigned char const *early_secret, + unsigned char const *transcript, size_t transcript_len, + mbedtls_ssl_tls1_3_early_secrets *derived ); + +/** + * \brief Derive TLS 1.3 handshake key material from the handshake secret. + * + * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret() + * with the appropriate labels from the standard. + * + * + * Handshake Secret + * | + * +-----> Derive-Secret( ., "c hs traffic", + * | ClientHello...ServerHello ) + * | = client_handshake_traffic_secret + * | + * +-----> Derive-Secret( ., "s hs traffic", + * . ClientHello...ServerHello ) + * . = server_handshake_traffic_secret + * . + * + * + * \note To obtain the actual key and IV for the encrypted handshake traffic, + * the client and server secret derived by this function need to be + * further processed by mbedtls_ssl_tls1_3_make_traffic_keys(). + * + * \param md_type The hash algorithm associated with the ciphersuite + * that's being used for the connection. + * \param handshake_secret The handshake secret from which the handshake key + * material should be derived. This must be a readable + * buffer whose length is the digest size of the hash + * algorithm represented by \p md_size. + * \param transcript The transcript of the handshake so far, calculated + * with respect to \p md_type. This must be a readable + * buffer whose length is the digest size of the hash + * algorithm represented by \p md_size. + * \param derived The address of the structure in which to + * store the handshake key material. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +int mbedtls_ssl_tls1_3_derive_handshake_secrets( + mbedtls_md_type_t md_type, + unsigned char const *handshake_secret, + unsigned char const *transcript, size_t transcript_len, + mbedtls_ssl_tls1_3_handshake_secrets *derived ); + +/** + * \brief Derive TLS 1.3 application key material from the master secret. + * + * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret() + * with the appropriate labels from the standard. + * + * + * Master Secret + * | + * +-----> Derive-Secret( ., "c ap traffic", + * | ClientHello...server Finished ) + * | = client_application_traffic_secret_0 + * | + * +-----> Derive-Secret( ., "s ap traffic", + * | ClientHello...Server Finished ) + * | = server_application_traffic_secret_0 + * | + * +-----> Derive-Secret( ., "exp master", + * . ClientHello...server Finished) + * . = exporter_master_secret + * . + * + * + * \note To obtain the actual key and IV for the (0-th) application traffic, + * the client and server secret derived by this function need to be + * further processed by mbedtls_ssl_tls1_3_make_traffic_keys(). + * + * \param md_type The hash algorithm associated with the ciphersuite + * that's being used for the connection. + * \param master_secret The master secret from which the application key + * material should be derived. This must be a readable + * buffer whose length is the digest size of the hash + * algorithm represented by \p md_size. + * \param transcript The transcript of the handshake up to and including + * the ServerFinished message, calculated with respect + * to \p md_type. This must be a readable buffer whose + * length is the digest size of the hash algorithm + * represented by \p md_type. + * \param derived The address of the structure in which to + * store the application key material. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +int mbedtls_ssl_tls1_3_derive_application_secrets( + mbedtls_md_type_t md_type, + unsigned char const *master_secret, + unsigned char const *transcript, size_t transcript_len, + mbedtls_ssl_tls1_3_application_secrets *derived ); + +/** + * \brief Derive TLS 1.3 resumption master secret from the master secret. + * + * This is a small wrapper invoking mbedtls_ssl_tls1_3_derive_secret() + * with the appropriate labels from the standard. + * + * \param md_type The hash algorithm used in the application for which + * key material is being derived. + * \param application_secret The application secret from which the resumption master + * secret should be derived. This must be a readable + * buffer whose length is the digest size of the hash + * algorithm represented by \p md_size. + * \param transcript The transcript of the handshake up to and including + * the ClientFinished message, calculated with respect + * to \p md_type. This must be a readable buffer whose + * length is the digest size of the hash algorithm + * represented by \p md_type. + * \param transcript_len The length of \p transcript in Bytes. + * \param derived The address of the structure in which to + * store the resumption master secret. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +int mbedtls_ssl_tls1_3_derive_resumption_master_secret( + mbedtls_md_type_t md_type, + unsigned char const *application_secret, + unsigned char const *transcript, size_t transcript_len, + mbedtls_ssl_tls1_3_application_secrets *derived ); + /** * \brief Compute the next secret in the TLS 1.3 key schedule * From a4f40a0f48990d4169494d4031947951f1c636b4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 24 May 2021 06:42:11 +0100 Subject: [PATCH 031/236] Test TLS 1.3 second level key derivation helpers Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 16 ++++ tests/suites/test_suite_ssl.function | 120 +++++++++++++++++++++++++++ 2 files changed, 136 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index ab001306d..606034044 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -9241,6 +9241,22 @@ SSL TLS 1.3 Key schedule: Derive-Secret( ., "res master", hash) # Vector from RFC 8448 ssl_tls1_3_derive_secret:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":tls1_3_label_res_master:"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":32:MBEDTLS_SSL_TLS1_3_CONTEXT_HASHED:"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" +SSL TLS 1.3 Key schedule: Early secrets derivation helper +# Vector from RFC 8448 +ssl_tls1_3_derive_early_secrets:MBEDTLS_MD_SHA256:"9b2188e9b2fc6d64d71dc329900e20bb41915000f678aa839cbb797cb7d8332c":"08ad0fa05d7c7233b1775ba2ff9f4c5b8b59276b7f227f13a976245f5d960913":"3fbbe6a60deb66c30a32795aba0eff7eaa10105586e7be5c09678d63b6caab62":"b2026866610937d7423e5be90862ccf24c0e6091186d34f812089ff5be2ef7df" + +SSL TLS 1.3 Key schedule: Handshake secrets derivation helper +# Vector from RFC 8448 +ssl_tls1_3_derive_handshake_secrets:MBEDTLS_MD_SHA256:"005cb112fd8eb4ccc623bb88a07c64b3ede1605363fc7d0df8c7ce4ff0fb4ae6":"f736cb34fe25e701551bee6fd24c1cc7102a7daf9405cb15d97aafe16f757d03":"2faac08f851d35fea3604fcb4de82dc62c9b164a70974d0462e27f1ab278700f":"fe927ae271312e8bf0275b581c54eef020450dc4ecffaa05a1a35d27518e7803" + +SSL TLS 1.3 Key schedule: Application secrets derivation helper +# Vector from RFC 8448 +ssl_tls1_3_derive_application_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" + +SSL TLS 1.3 Key schedule: Resumption secrets derivation helper +# Vector from RFC 8448 +ssl_tls1_3_derive_resumption_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" + SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d9261d1a2..59fae70e2 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3793,6 +3793,126 @@ MBEDTLS_SSL_TLS1_3_LABEL_LIST } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_derive_early_secrets( int hash_alg, + data_t *secret, + data_t *transcript, + data_t *traffic_expected, + data_t *exporter_expected ) +{ + mbedtls_ssl_tls1_3_early_secrets secrets; + + /* Double-check that we've passed sane parameters. */ + mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg; + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); + TEST_ASSERT( md_info != 0 && + secret->len == md_size && + transcript->len == md_size && + traffic_expected->len == md_size && + exporter_expected->len == md_size ); + + TEST_ASSERT( mbedtls_ssl_tls1_3_derive_early_secrets( + md_type, secret->x, transcript->x, transcript->len, + &secrets ) == 0 ); + + ASSERT_COMPARE( secrets.client_early_traffic_secret, md_size, + traffic_expected->x, traffic_expected->len ); + ASSERT_COMPARE( secrets.early_exporter_master_secret, md_size, + exporter_expected->x, exporter_expected->len ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_derive_handshake_secrets( int hash_alg, + data_t *secret, + data_t *transcript, + data_t *client_expected, + data_t *server_expected ) +{ + mbedtls_ssl_tls1_3_handshake_secrets secrets; + + /* Double-check that we've passed sane parameters. */ + mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg; + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); + TEST_ASSERT( md_info != 0 && + secret->len == md_size && + transcript->len == md_size && + client_expected->len == md_size && + server_expected->len == md_size ); + + TEST_ASSERT( mbedtls_ssl_tls1_3_derive_handshake_secrets( + md_type, secret->x, transcript->x, transcript->len, + &secrets ) == 0 ); + + ASSERT_COMPARE( secrets.client_handshake_traffic_secret, md_size, + client_expected->x, client_expected->len ); + ASSERT_COMPARE( secrets.server_handshake_traffic_secret, md_size, + server_expected->x, server_expected->len ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_derive_application_secrets( int hash_alg, + data_t *secret, + data_t *transcript, + data_t *client_expected, + data_t *server_expected, + data_t *exporter_expected ) +{ + mbedtls_ssl_tls1_3_application_secrets secrets; + + /* Double-check that we've passed sane parameters. */ + mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg; + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); + TEST_ASSERT( md_info != 0 && + secret->len == md_size && + transcript->len == md_size && + client_expected->len == md_size && + server_expected->len == md_size && + exporter_expected->len == md_size ); + + TEST_ASSERT( mbedtls_ssl_tls1_3_derive_application_secrets( + md_type, secret->x, transcript->x, transcript->len, + &secrets ) == 0 ); + + ASSERT_COMPARE( secrets.client_application_traffic_secret_N, md_size, + client_expected->x, client_expected->len ); + ASSERT_COMPARE( secrets.server_application_traffic_secret_N, md_size, + server_expected->x, server_expected->len ); + ASSERT_COMPARE( secrets.exporter_master_secret, md_size, + exporter_expected->x, exporter_expected->len ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_derive_resumption_secrets( int hash_alg, + data_t *secret, + data_t *transcript, + data_t *resumption_expected ) +{ + mbedtls_ssl_tls1_3_application_secrets secrets; + + /* Double-check that we've passed sane parameters. */ + mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg; + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); + TEST_ASSERT( md_info != 0 && + secret->len == md_size && + transcript->len == md_size && + resumption_expected->len == md_size ); + + TEST_ASSERT( mbedtls_ssl_tls1_3_derive_resumption_master_secret( + md_type, secret->x, transcript->x, transcript->len, + &secrets ) == 0 ); + + ASSERT_COMPARE( secrets.resumption_master_secret, md_size, + resumption_expected->x, resumption_expected->len ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ void ssl_tls1_3_key_evolution( int hash_alg, data_t *secret, From b7d9bad6bedd147f45f1972a35d27e837ab1e565 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 24 May 2021 06:44:14 +0100 Subject: [PATCH 032/236] Add helper function for calculation of TLS 1.3 PSK binder Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 132 +++++++++++++++++++++++++++++++++++++++ library/ssl_tls13_keys.h | 33 ++++++++++ 2 files changed, 165 insertions(+) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index ce551f6fc..950d32cb9 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -565,4 +565,136 @@ int mbedtls_ssl_tls1_3_derive_resumption_master_secret( return( 0 ); } +static int ssl_tls1_3_calc_finished_core( mbedtls_md_type_t md_type, + unsigned char const *base_key, + unsigned char const *transcript, + unsigned char *dst ) +{ + const mbedtls_md_info_t* const md_info = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); + unsigned char finished_key[MBEDTLS_MD_MAX_SIZE]; + int ret; + + /* We should never call this function with an unknown hash, + * but add an assertion anyway. */ + if( md_info == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + /* TLS 1.3 Finished message + * + * struct { + * opaque verify_data[Hash.length]; + * } Finished; + * + * verify_data = + * HMAC( finished_key, + * Hash( Handshake Context + + * Certificate* + + * CertificateVerify* ) + * ) + * + * finished_key = + * HKDF-Expand-Label( BaseKey, "finished", "", Hash.length ) + */ + + ret = mbedtls_ssl_tls1_3_hkdf_expand_label( + md_type, base_key, md_size, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( finished ), + NULL, 0, + finished_key, md_size ); + if( ret != 0 ) + goto exit; + + ret = mbedtls_md_hmac( md_info, finished_key, md_size, transcript, md_size, dst ); + if( ret != 0 ) + goto exit; + +exit: + + mbedtls_platform_zeroize( finished_key, sizeof( finished_key ) ); + return( ret ); +} + +int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl, + const mbedtls_md_type_t md_type, + unsigned char const *psk, size_t psk_len, + int psk_type, + unsigned char const *transcript, + unsigned char *result ) +{ + int ret = 0; + unsigned char binder_key[MBEDTLS_MD_MAX_SIZE]; + unsigned char early_secret[MBEDTLS_MD_MAX_SIZE]; + mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); + + /* We should never call this function with an unknown hash, + * but add an assertion anyway. */ + if( md_info == 0 ) + return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); + + /* + * 0 + * | + * v + * PSK -> HKDF-Extract = Early Secret + * | + * +-----> Derive-Secret(., "ext binder" | "res binder", "") + * | = binder_key + * v + */ + + ret = mbedtls_ssl_tls1_3_evolve_secret( md_type, + NULL, /* Old secret */ + psk, psk_len, /* Input */ + early_secret ); + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_evolve_secret", ret ); + goto exit; + } + + if( psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION ) + { + ret = mbedtls_ssl_tls1_3_derive_secret( md_type, + early_secret, md_size, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( res_binder ), + NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, + binder_key, md_size ); + MBEDTLS_SSL_DEBUG_MSG( 4, ( "Derive Early Secret with 'res binder'" ) ); + } + else + { + ret = mbedtls_ssl_tls1_3_derive_secret( md_type, + early_secret, md_size, + MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( ext_binder ), + NULL, 0, MBEDTLS_SSL_TLS1_3_CONTEXT_UNHASHED, + binder_key, md_size ); + MBEDTLS_SSL_DEBUG_MSG( 4, ( "Derive Early Secret with 'ext binder'" ) ); + } + + if( ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_tls1_3_derive_secret", ret ); + goto exit; + } + + /* + * The binding_value is computed in the same way as the Finished message + * but with the BaseKey being the binder_key. + */ + + ret = ssl_tls1_3_calc_finished_core( md_type, binder_key, transcript, result ); + if( ret != 0 ) + goto exit; + + MBEDTLS_SSL_DEBUG_BUF( 3, "psk binder", result, md_size ); + +exit: + + mbedtls_platform_zeroize( early_secret, sizeof( early_secret ) ); + mbedtls_platform_zeroize( binder_key, sizeof( binder_key ) ); + return( ret ); +} + #endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index cb45cc909..4b9c68e72 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -465,4 +465,37 @@ int mbedtls_ssl_tls1_3_evolve_secret( const unsigned char *input, size_t input_len, unsigned char *secret_new ); +#define MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL 0 +#define MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION 1 + +/** + * \brief Calculate a TLS 1.3 PSK binder. + * + * \param ssl The SSL context. This is used for debugging only and may + * be \c NULL if MBEDTLS_DEBUG_C is disabled. + * \param md_type The hash algorithm associated to the PSK \p psk. + * \param psk The buffer holding the PSK for which to create a binder. + * \param psk_len The size of \p psk in bytes. + * \param is_external This indicates whether the PSK \p psk is externally + * provisioned (#MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL) or a + * resumption PSK (#MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION). + * \param transcript The handshake transcript up to the point where the + * PSK binder calculation happens. This must be readable, + * and its size must be equal to the digest size of + * the hash algorithm represented by \p md_type. + * \param result The address at which to store the PSK binder on success. + * This must be writable, and its size must be equal to the + * digest size of the hash algorithm represented by + * \p md_type. + * + * \returns \c 0 on success. + * \returns A negative error code on failure. + */ +int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl, + const mbedtls_md_type_t md_type, + unsigned char const *psk, size_t psk_len, + int psk_type, + unsigned char const *transcript, + unsigned char *result ); + #endif /* MBEDTLS_SSL_TLS1_3_KEYS_H */ From 55bc2c53af7d3ec19b84399d2d0c1f7dfd331322 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 24 May 2021 06:53:52 +0100 Subject: [PATCH 033/236] Test TLS 1.3 PSK binder calculation helper Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 6 ++++++ tests/suites/test_suite_ssl.function | 30 ++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 606034044..abc33b125 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -9257,6 +9257,12 @@ SSL TLS 1.3 Key schedule: Resumption secrets derivation helper # Vector from RFC 8448 ssl_tls1_3_derive_resumption_secrets:MBEDTLS_MD_SHA256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"c3c122e0bd907a4a3ff6112d8fd53dbf89c773d9552e8b6b9d56d361b3a97bf6":"5e95bdf1f89005ea2e9aa0ba85e728e3c19c5fe0c699e3f5bee59faebd0b5406" +SSL TLS 1.3 Key schedule: PSK binder +# Vector from RFC 8448 +# For the resumption PSK, see Section 3, 'generate resumption secret "tls13 resumption"' +# For all other data, see Section 4, 'construct a ClientHello handshake message:' +ssl_tls1_3_create_psk_binder:MBEDTLS_MD_SHA256:"4ecd0eb6ec3b4d87f5d6028f922ca4c5851a277fd41311c9e62d2c9492e1c4f3":MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:"63224b2e4573f2d3454ca84b9d009a04f6be9e05711a8396473aefa01e924a14":"3add4fb2d8fdf822a0ca3cf7678ef5e88dae990141c5924d57bb6fa31b9e5f9d" + SSL TLS_PRF MBEDTLS_SSL_TLS_PRF_NONE ssl_tls_prf:MBEDTLS_SSL_TLS_PRF_NONE:"":"":"test tls_prf label":"":MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 59fae70e2..d23949c5d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3913,6 +3913,36 @@ void ssl_tls1_3_derive_resumption_secrets( int hash_alg, } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ +void ssl_tls1_3_create_psk_binder( int hash_alg, + data_t *psk, + int psk_type, + data_t *transcript, + data_t *binder_expected ) +{ + unsigned char binder[ MBEDTLS_MD_MAX_SIZE ]; + + /* Double-check that we've passed sane parameters. */ + mbedtls_md_type_t md_type = (mbedtls_md_type_t) hash_alg; + mbedtls_md_info_t const * const md_info = mbedtls_md_info_from_type( md_type ); + size_t const md_size = mbedtls_md_get_size( md_info ); + TEST_ASSERT( md_info != 0 && + transcript->len == md_size && + binder_expected->len == md_size ); + + TEST_ASSERT( mbedtls_ssl_tls1_3_create_psk_binder( + NULL, /* SSL context for debugging only */ + md_type, + psk->x, psk->len, + psk_type, + transcript->x, + binder ) == 0 ); + + ASSERT_COMPARE( binder, md_size, + binder_expected->x, binder_expected->len ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ void ssl_tls1_3_key_evolution( int hash_alg, data_t *secret, From c8d3ccd67b89f23307badb11f6d6f1409da21eab Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 26 May 2021 04:47:29 +0100 Subject: [PATCH 034/236] Fix Doxygen for TLS 1.3 PSK binder helper Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls13_keys.h b/library/ssl_tls13_keys.h index 4b9c68e72..3b96998ae 100644 --- a/library/ssl_tls13_keys.h +++ b/library/ssl_tls13_keys.h @@ -476,7 +476,7 @@ int mbedtls_ssl_tls1_3_evolve_secret( * \param md_type The hash algorithm associated to the PSK \p psk. * \param psk The buffer holding the PSK for which to create a binder. * \param psk_len The size of \p psk in bytes. - * \param is_external This indicates whether the PSK \p psk is externally + * \param psk_type This indicates whether the PSK \p psk is externally * provisioned (#MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL) or a * resumption PSK (#MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION). * \param transcript The handshake transcript up to the point where the From 28e5f1ed579b41d189a00f4a765f6e5a170db542 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 26 May 2021 09:29:49 +0100 Subject: [PATCH 035/236] Avoid unused variable warning in TLS 1.3 PSK binder calculation Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 950d32cb9..78a55812d 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -628,6 +628,11 @@ int mbedtls_ssl_tls1_3_create_psk_binder( mbedtls_ssl_context *ssl, mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type( md_type ); size_t const md_size = mbedtls_md_get_size( md_info ); +#if !defined(MBEDTLS_DEBUG_C) + ssl = NULL; /* make sure we don't use it except for debug */ + ((void) ssl); +#endif + /* We should never call this function with an unknown hash, * but add an assertion anyway. */ if( md_info == 0 ) From 1c77edda15f244a32fae435cf061597623f39374 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 May 2021 11:55:02 +0200 Subject: [PATCH 036/236] More explicit names for some bad-workflow key derivation tests Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.data | 12 ++++++------ tests/suites/test_suite_psa_crypto.function | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index cb0cb9cd4..4b20ba078 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2897,16 +2897,16 @@ PSA key derivation: ECDH on P256 with HKDF-SHA256, key output depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_SUCCESS -PSA key derivation: HKDF invalid state (double generate + read past capacity) +PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -test_derive_invalid_key_derivation_state:PSA_ALG_HKDF(PSA_ALG_SHA_256) +derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256) -PSA key derivation: TLS 1.2 PRF invalid state (double generate + read past capacity) +PSA key derivation over capacity: TLS 1.2 PRF depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF -test_derive_invalid_key_derivation_state:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256) +derive_over_capacity:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256) -PSA key derivation: invalid state (call read/get_capacity after init and abort) -test_derive_invalid_key_derivation_tests: +PSA key derivation: actions without setup +derive_actions_without_setup: PSA key derivation: HKDF SHA-256, RFC5869 #1, output 42+0 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5b5531f03..948c43707 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -4086,7 +4086,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void test_derive_invalid_key_derivation_state( int alg_arg ) +void derive_over_capacity( int alg_arg ) { psa_algorithm_t alg = alg_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; @@ -4137,7 +4137,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void test_derive_invalid_key_derivation_tests( ) +void derive_actions_without_setup( ) { uint8_t output_buffer[16]; size_t buffer_size = 16; From 284471c236f3edce4e2ccab6e77ad0e4893e5d6c Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Thu, 27 May 2021 12:42:32 +0200 Subject: [PATCH 037/236] Clarify python script's comments Signed-off-by: Mateusz Starzyk --- apply_MBEDTLS_PRIVATE.py | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/apply_MBEDTLS_PRIVATE.py b/apply_MBEDTLS_PRIVATE.py index 4160287f2..4d87384ff 100644 --- a/apply_MBEDTLS_PRIVATE.py +++ b/apply_MBEDTLS_PRIVATE.py @@ -6,32 +6,41 @@ import os import xml.etree.ElementTree as ET +# Create dictionary with following structre +# files_to_visit = { +# "filepath1" : { "variable_name1": (1, 2, 40, 61), # line numbers +# "variable_name2": (60, 64), +# }, +# "filepath2" : { "variable_name1": (1, 2, 40, 61), # line numbers +# "variable_name2": (60, 64), +# }, ... +# } files_to_visit = {} +# find xml models for structs parsed by doxygen struct_files = glob.glob("apidoc/xml/structmbedtls*.xml") + glob.glob("apidoc/xml/structpsa*.xml") for struct_file in struct_files: + # get all variables from currently processed struct struct_file_tree = ET.parse(struct_file) all_struct_members_definitions = struct_file_tree.getroot().findall(".//memberdef[@kind='variable']") - # Create dictionary with following structre - # "filepath" : { "variable_name1": (1, 2, 40, 61), # line numbers - # "variable_name2": (60, 64), - # } for struct_member_def in all_struct_members_definitions: - # find file path for this variable + # get unique id by which this variable is referenced member_id = struct_member_def.attrib["id"] + # find file path for this variable's definition location = struct_member_def.find("location") file_path = location.attrib["file"] + # get variable name variable_name = struct_member_def.find("name").text - # if path not yet in dictionary, create empty record to initialize + # if file path is not yet in dictionary, create empty sub-dictionary to initialize if file_path not in files_to_visit: files_to_visit[file_path] = {} # if variable is not yet in this file's dictionary, create empty set to initialize if variable_name not in files_to_visit[file_path]: files_to_visit[file_path][variable_name] = set() - # add variable definition + # add variable's definition line number files_to_visit[file_path][variable_name].add(int(location.attrib["line"])) # check where the variable was referenced @@ -39,13 +48,13 @@ for struct_file in struct_files: for reference in references: refid = reference.attrib["refid"] # assuming that compound name is related to header's xml file - header_file = "apidoc/xml/" + reference.attrib["compoundref"] + ".xml" - header_file_tree = ET.parse(header_file) + header_file_xml = "apidoc/xml/" + reference.attrib["compoundref"] + ".xml" + header_file_tree = ET.parse(header_file_xml) # check if this reference is created by static inline function static_inline_function_definition = header_file_tree.getroot().find(f".//memberdef[@id='{refid}'][@kind='function'][@static='yes'][@inline='yes']") if static_inline_function_definition: static_inline_function_file_path = static_inline_function_definition.find("location").attrib["file"] - # if path not yet in dictionary, create empty record to initialize. + # if file path not yet in dictionary, create empty sub-dictionary to initialize. # This could happen if reference is inside header file which was not yet processed in search for variable definitions if static_inline_function_file_path not in files_to_visit: files_to_visit[static_inline_function_file_path] = {} @@ -55,26 +64,30 @@ for struct_file in struct_files: # function block scope function_lines_from = int(reference.attrib["startline"]) function_lines_to = int(reference.attrib["endline"]) - # find codelines referencing struct's variable + # find codelines referencing currently processed variable. This is using the code listing inside header's xml model. codelines_xml = header_file_tree.getroot().findall(f".//ref[@refid='{member_id}']/../..") # filter by function's scope codelines = [int(line.attrib["lineno"]) for line in codelines_xml if int(line.attrib["lineno"]) >= function_lines_from and int(line.attrib["lineno"]) <= function_lines_to] - # add variable reference + # add lines referencing currently processed variable files_to_visit[static_inline_function_file_path][variable_name].update(codelines) pp = pprint.PrettyPrinter(indent=4) pp.pprint(files_to_visit) for file_path, variables in files_to_visit.items(): + # FileInput redirects stdout to to 'file', so every print in this block will be put inside 'file' with fileinput.FileInput(file_path, inplace=True) as file: output_line_number = 1 + # compile regex matching the header's include guard. re_include_guard = re.compile(r"^#define.*{name}$".format(name=os.path.basename(file_path).replace('.','_').upper())) for line in file: insert_allow_private_include = False if re_include_guard.match(line): insert_allow_private_include = True + # every line in file is checked against variables and lines in which they occur for variable, var_lines in variables.items(): for var_line in var_lines: + # wrap variable with MBEDTLS_PRIVATE(...) macro if output_line_number == var_line: line = re.sub(r"(^.*?\W+)({var})(\W+.*$)".format(var=variable), r"\1MBEDTLS_PRIVATE(\2)\3", line) output_line_number += 1 From 4023c0153d65d533f2e5ee00e2c1b1f2afbe496c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 May 2021 13:21:20 +0200 Subject: [PATCH 038/236] Add bad-workflow key derivation tests Add HKDF tests where the sequence of inputs differs from the nominal case: missing step, duplicate step, step out of order, or invalid step. There were already similar tests for TLS 1.2 PRF. Add one with a key agreement which has slightly different code. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.data | 84 +++++++++++++++++++++ tests/suites/test_suite_psa_crypto.function | 10 ++- 2 files changed, 93 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 4b20ba078..c0146879d 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2777,6 +2777,22 @@ PSA key derivation: HKDF-SHA-256, good case, direct output depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +PSA key derivation: HKDF-SHA-256, good case, omitted salt +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:0:"":UNUSED:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: HKDF-SHA-256, good case, info first +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:0:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: HKDF-SHA-256, good case, info after salt +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:0:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: HKDF-SHA-256, good case, omitted salt, info first +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:0:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_SUCCESS + PSA key derivation: HKDF-SHA-256, good case, key output depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS @@ -2833,6 +2849,54 @@ PSA key derivation: HKDF-SHA-256, DERIVE key as info depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_DERIVE:"4120696e666f":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +PSA key derivation: HKDF-SHA-256, salt after secret +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: HKDF-SHA-256, missing secret +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: HKDF-SHA-256, missing info +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: HKDF-SHA-256, duplicate salt step +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: HKDF-SHA-256, duplicate secret step (direct, direct) +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: HKDF-SHA-256, duplicate secret step (direct, key) +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: HKDF-SHA-256, duplicate secret step (key, direct) +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0a0a0a0a":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: HKDF-SHA-256, duplicate secret step (key, key) +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0a0a0a0a":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: HKDF-SHA-256, duplicate info step (non-consecutive) +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: HKDF-SHA-256, duplicate info step (consecutive) +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: HKDF-SHA-256, reject label step +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: HKDF-SHA-256, reject seed step +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation: TLS 1.2 PRF SHA-256, good case depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS @@ -2841,6 +2905,10 @@ PSA key derivation: TLS 1.2 PRF SHA-256, key first depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE +PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, key first +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 +derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation: TLS 1.2 PRF SHA-256, label first depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE @@ -2893,10 +2961,26 @@ PSA key derivation: ECDH on P256 with HKDF-SHA256, raw output depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +PSA key derivation: ECDH on P256 with HKDF-SHA256, omitted salt +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: ECDH on P256 with HKDF-SHA256, info first +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + PSA key derivation: ECDH on P256 with HKDF-SHA256, key output depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_SUCCESS +PSA key derivation: ECDH on P256 with HKDF-SHA256, salt after secret +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: ECDH on P256 with HKDF-SHA256, missing info +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation over capacity: HKDF depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 948c43707..7a774e51e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -16,6 +16,9 @@ #include "test/psa_crypto_helpers.h" #include "test/psa_exercise_key.h" +/* If this comes up, it's a bug in the test code or in the test data. */ +#define UNUSED 0xdeadbeef + /** An invalid export length that will never be set by psa_export_key(). */ static const size_t INVALID_EXPORT_LENGTH = ~0U; @@ -4027,7 +4030,12 @@ void derive_input( int alg_arg, for( i = 0; i < ARRAY_LENGTH( steps ); i++ ) { - if( key_types[i] != PSA_KEY_TYPE_NONE ) + mbedtls_test_set_step( i ); + if( steps[i] == 0 ) + { + /* Skip this step */ + } + else if( key_types[i] != PSA_KEY_TYPE_NONE ) { psa_set_key_type( &attributes, key_types[i] ); PSA_ASSERT( psa_import_key( &attributes, From cad24bb5d84ee842b58d9529fd918ede25f3debb Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Thu, 27 May 2021 13:50:40 +0200 Subject: [PATCH 039/236] Make python script idempotent. Signed-off-by: Mateusz Starzyk --- apply_MBEDTLS_PRIVATE.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/apply_MBEDTLS_PRIVATE.py b/apply_MBEDTLS_PRIVATE.py index 4d87384ff..d2bc7c06a 100644 --- a/apply_MBEDTLS_PRIVATE.py +++ b/apply_MBEDTLS_PRIVATE.py @@ -74,24 +74,33 @@ for struct_file in struct_files: pp = pprint.PrettyPrinter(indent=4) pp.pprint(files_to_visit) +mbedtls_private_access_include = "#include \"mbedtls/private_access.h\"" + for file_path, variables in files_to_visit.items(): + # check if this file has "mbedtls/private_access.h" include + file_has_private_access_include = False + with open(file_path, 'r') as file: + for line in file: + if mbedtls_private_access_include in line: + file_has_private_access_include = True + break + # FileInput redirects stdout to to 'file', so every print in this block will be put inside 'file' with fileinput.FileInput(file_path, inplace=True) as file: output_line_number = 1 # compile regex matching the header's include guard. re_include_guard = re.compile(r"^#define.*{name}$".format(name=os.path.basename(file_path).replace('.','_').upper())) for line in file: - insert_allow_private_include = False + insert_private_access_include = False if re_include_guard.match(line): - insert_allow_private_include = True + insert_private_access_include = not file_has_private_access_include # every line in file is checked against variables and lines in which they occur for variable, var_lines in variables.items(): for var_line in var_lines: # wrap variable with MBEDTLS_PRIVATE(...) macro if output_line_number == var_line: - line = re.sub(r"(^.*?\W+)({var})(\W+.*$)".format(var=variable), r"\1MBEDTLS_PRIVATE(\2)\3", line) + line = re.sub(r"(^.*?\W+)((?!MBEDTLS_PRIVATE\(){var})(\W+.*$)".format(var=variable), r"\1MBEDTLS_PRIVATE(\2)\3", line) output_line_number += 1 print(line, end='') # fileinput redirects stdout to the target file - if insert_allow_private_include: - insert_allow_private_include = False + if insert_private_access_include: print("#include \"mbedtls/private_access.h\"") From 57d1d198ef5d4468ec555ef6c35542ed1d79cf86 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Thu, 27 May 2021 14:39:53 +0200 Subject: [PATCH 040/236] Fix typo Signed-off-by: Mateusz Starzyk --- library/common.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/common.h b/library/common.h index c31ac1e1c..0f61f9452 100644 --- a/library/common.h +++ b/library/common.h @@ -50,7 +50,7 @@ #define MBEDTLS_STATIC_TESTABLE static #endif -/** Allow library to access it's structs' private members. +/** Allow library to access its structs' private members. * * Although structs defined in header files are publicly available, * their members are private and should not be accessed by the user. From 03f00307a28efdd2cd40f9193180bf5b5d7aa623 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Thu, 27 May 2021 14:40:40 +0200 Subject: [PATCH 041/236] Add missing common.h include. Remove obsolete config.h include when common.h is included. Signed-off-by: Mateusz Starzyk --- library/psa_crypto_storage.c | 6 ------ library/psa_its_file.c | 6 +----- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 0ef041d18..575e9925a 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -20,12 +20,6 @@ #include "common.h" -#if defined(MBEDTLS_CONFIG_FILE) -#include MBEDTLS_CONFIG_FILE -#else -#include "mbedtls/config.h" -#endif - #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) #include diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 7798da615..492be1c71 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -18,11 +18,7 @@ * limitations under the License. */ -#if defined(MBEDTLS_CONFIG_FILE) -#include MBEDTLS_CONFIG_FILE -#else -#include "mbedtls/config.h" -#endif +#include "common.h" #if defined(MBEDTLS_PSA_ITS_FILE_C) From 3911e70eaaf63d12aeb6e314598742507a07e64b Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Thu, 27 May 2021 14:44:31 +0200 Subject: [PATCH 042/236] Remove obsolete MBEDTLS_ALLOW_PRIVATE_ACCESS from helpers function. MBEDTLS_ALLOW_PRIVATE_ACCESS is already defined inside test/helpers.h Signed-off-by: Mateusz Starzyk --- tests/suites/helpers.function | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index ae1bc888d..2a7575217 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -2,10 +2,8 @@ /*----------------------------------------------------------------------------*/ /* Headers */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#include #include +#include #include #include From b1982728a51fbaa7b912834d1bfc01b5efd1bc18 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Thu, 27 May 2021 14:46:48 +0200 Subject: [PATCH 043/236] Document MBEDTLS_ALLOW_PRIVATE_ACCESS inside test/helpers.h. Signed-off-by: Mateusz Starzyk --- tests/include/test/helpers.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 0f82a9040..a1098c555 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -25,6 +25,9 @@ #ifndef TEST_HELPERS_H #define TEST_HELPERS_H +/* Most fields of publicly available structs are private and are wrapped with + * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields + * directly (without using the MBEDTLS_PRIVATE wrapper). */ #define MBEDTLS_ALLOW_PRIVATE_ACCESS #if !defined(MBEDTLS_CONFIG_FILE) From b4a012929da8a3119caefa82fe25d673fefab2de Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Thu, 27 May 2021 14:49:25 +0200 Subject: [PATCH 044/236] Add test/helpers include to test drivers. Remove config.h include. "test/helpers.h" defines MBEDTLS_ALLOW_PRIVATE_ACCESS. Drivers can include that header instead of defining the MBEDTLS_ALLOW_PRIVATE_ACCESS themselves. "test/helpers.h" includes config header as well. Remove obsolete config includes from src/drivers. Signed-off-by: Mateusz Starzyk --- tests/src/drivers/hash.c | 8 +------- tests/src/drivers/platform_builtin_keys.c | 2 +- tests/src/drivers/test_driver_aead.c | 8 -------- tests/src/drivers/test_driver_cipher.c | 8 -------- tests/src/drivers/test_driver_key_management.c | 8 +------- tests/src/drivers/test_driver_mac.c | 8 +------- tests/src/drivers/test_driver_signature.c | 8 -------- tests/src/drivers/test_driver_size.c | 8 +------- 8 files changed, 5 insertions(+), 53 deletions(-) diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c index a9c475a82..b1880f778 100644 --- a/tests/src/drivers/hash.c +++ b/tests/src/drivers/hash.c @@ -17,13 +17,7 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa_crypto_hash.h" diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c index a3c5796da..da5865d86 100644 --- a/tests/src/drivers/platform_builtin_keys.c +++ b/tests/src/drivers/platform_builtin_keys.c @@ -20,7 +20,7 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS +#include #include #include diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index c247bab08..ce9ce3779 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -17,14 +17,6 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - #include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 51c1abc1a..9c95cc8f8 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -18,14 +18,6 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - #include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index b1096cb6f..afa1fc261 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -18,13 +18,7 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa/crypto.h" diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c index 439943cca..3b766dcb5 100644 --- a/tests/src/drivers/test_driver_mac.c +++ b/tests/src/drivers/test_driver_mac.c @@ -17,13 +17,7 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) #include "psa_crypto_mac.h" diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index e48670415..2d58756aa 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -19,14 +19,6 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - #include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) diff --git a/tests/src/drivers/test_driver_size.c b/tests/src/drivers/test_driver_size.c index af899c689..033cf32de 100644 --- a/tests/src/drivers/test_driver_size.c +++ b/tests/src/drivers/test_driver_size.c @@ -18,13 +18,7 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) From 55768f26fc999b560efc2b13b0d33faa43b24bbf Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Thu, 27 May 2021 14:57:03 +0200 Subject: [PATCH 045/236] Fix MBEDTLS_PRIVATE wrapping in tests and sample programs. Signed-off-by: Mateusz Starzyk --- programs/ssl/dtls_client.c | 2 -- programs/ssl/dtls_server.c | 4 +--- programs/ssl/mini_client.c | 6 ++---- programs/ssl/ssl_client1.c | 2 -- programs/ssl/ssl_fork_server.c | 4 +--- programs/ssl/ssl_mail_client.c | 2 -- programs/ssl/ssl_server.c | 4 +--- programs/ssl/ssl_server2.c | 4 ++-- 8 files changed, 7 insertions(+), 21 deletions(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index c3c73bb14..1e9779533 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -17,8 +17,6 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 34419db7c..de47aab25 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -17,8 +17,6 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else @@ -231,7 +229,7 @@ int main( void ) mbedtls_ssl_cache_set ); #endif - mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); + mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) { printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index a067a8fd5..42dbeac9e 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -18,8 +18,6 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else @@ -252,13 +250,13 @@ int main( void ) addr.sin_addr.s_addr = *((char *) &ret) == ret ? ADDR_LE : ADDR_BE; ret = 0; - if( ( server_fd.fd = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 ) + if( ( server_fd.MBEDTLS_PRIVATE(fd) = socket( AF_INET, SOCK_STREAM, 0 ) ) < 0 ) { ret = socket_failed; goto exit; } - if( connect( server_fd.fd, + if( connect( server_fd.MBEDTLS_PRIVATE(fd), (const struct sockaddr *) &addr, sizeof( addr ) ) < 0 ) { ret = connect_failed; diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 3e479d00a..6624224af 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -17,8 +17,6 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 38a68831e..573210870 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -17,8 +17,6 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else @@ -195,7 +193,7 @@ int main( void ) mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); - mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); + mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) { mbedtls_printf( " failed! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 5d395c25f..09bbc3d69 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -21,8 +21,6 @@ * be set before config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #define _POSIX_C_SOURCE 200112L #define _XOPEN_SOURCE 600 diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 8458a22b4..42196ffc0 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -17,8 +17,6 @@ * limitations under the License. */ -#define MBEDTLS_ALLOW_PRIVATE_ACCESS - #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" #else @@ -217,7 +215,7 @@ int main( void ) mbedtls_ssl_cache_set ); #endif - mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); + mbedtls_ssl_conf_ca_chain( &conf, srvcert.MBEDTLS_PRIVATE(next), NULL ); if( ( ret = mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_ssl_conf_own_cert returned %d\n\n", ret ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index da145a92c..f7a424a5a 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -805,7 +805,7 @@ int sni_callback( void *p_info, mbedtls_ssl_context *ssl, return( mbedtls_ssl_set_hs_own_cert( ssl, cur->cert, cur->key ) ); } - cur = cur->MBEDTLS_PRIVATE(next); + cur = cur->next; } return( -1 ); @@ -921,7 +921,7 @@ int psk_callback( void *p_info, mbedtls_ssl_context *ssl, return( mbedtls_ssl_set_hs_psk( ssl, cur->key, cur->key_len ) ); } - cur = cur->MBEDTLS_PRIVATE(next); + cur = cur->next; } return( -1 ); From 875b5fb7faaecfc9a9d516fae1b0f8e61a80a909 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 21 May 2021 08:50:00 +0200 Subject: [PATCH 046/236] Refactor optional parameter check tests Remove tests related to NULL pointers, keep tests related to invalid enum values. Remove test code related to MBEDTLS_CHECK_PARAMS. Signed-off-by: Ronald Cron Signed-off-by: TRodziewicz --- tests/include/test/helpers.h | 89 ----- tests/include/test/macros.h | 82 +---- tests/scripts/all.sh | 32 -- tests/src/helpers.c | 76 +---- tests/suites/helpers.function | 9 - tests/suites/main_test.function | 19 -- tests/suites/test_suite_aes.function | 189 +---------- tests/suites/test_suite_aes.rest.data | 4 +- tests/suites/test_suite_aria.function | 147 +-------- tests/suites/test_suite_blowfish.function | 121 +------ tests/suites/test_suite_camellia.function | 129 +------- tests/suites/test_suite_ccm.data | 3 - tests/suites/test_suite_ccm.function | 204 ------------ tests/suites/test_suite_chacha20.data | 3 - tests/suites/test_suite_chacha20.function | 46 --- tests/suites/test_suite_chachapoly.data | 3 - tests/suites/test_suite_chachapoly.function | 131 -------- tests/suites/test_suite_cipher.function | 293 +---------------- tests/suites/test_suite_dhm.data | 3 - tests/suites/test_suite_dhm.function | 107 ------ tests/suites/test_suite_ecdh.function | 119 +------ tests/suites/test_suite_ecdsa.data | 3 - tests/suites/test_suite_ecdsa.function | 197 ----------- tests/suites/test_suite_ecjpake.function | 80 +---- tests/suites/test_suite_ecp.function | 309 +---------------- tests/suites/test_suite_gcm.function | 147 +-------- tests/suites/test_suite_mpi.data | 3 - tests/suites/test_suite_mpi.function | 208 ------------ tests/suites/test_suite_pk.data | 3 - tests/suites/test_suite_pk.function | 269 --------------- tests/suites/test_suite_poly1305.data | 3 - tests/suites/test_suite_poly1305.function | 39 --- tests/suites/test_suite_rsa.data | 3 - tests/suites/test_suite_rsa.function | 346 -------------------- 34 files changed, 42 insertions(+), 3377 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 9bfe08547..087f2de8d 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -175,95 +175,6 @@ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ); int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); -#if defined(MBEDTLS_CHECK_PARAMS) - -typedef struct -{ - const char *failure_condition; - const char *file; - int line; -} -mbedtls_test_param_failed_location_record_t; - -/** - * \brief Get the location record of the last call to - * mbedtls_test_param_failed(). - * - * \note The call expectation is set up and active until the next call to - * mbedtls_test_param_failed_check_expected_call() or - * mbedtls_param_failed() that cancels it. - */ -void mbedtls_test_param_failed_get_location_record( - mbedtls_test_param_failed_location_record_t *location_record ); - -/** - * \brief State that a call to mbedtls_param_failed() is expected. - * - * \note The call expectation is set up and active until the next call to - * mbedtls_test_param_failed_check_expected_call() or - * mbedtls_param_failed that cancel it. - */ -void mbedtls_test_param_failed_expect_call( void ); - -/** - * \brief Check whether mbedtls_param_failed() has been called as expected. - * - * \note Check whether mbedtls_param_failed() has been called between the - * last call to mbedtls_test_param_failed_expect_call() and the call - * to this function. - * - * \return \c 0 Since the last call to mbedtls_param_failed_expect_call(), - * mbedtls_param_failed() has been called. - * \c -1 Otherwise. - */ -int mbedtls_test_param_failed_check_expected_call( void ); - -/** - * \brief Get the address of the object of type jmp_buf holding the execution - * state information used by mbedtls_param_failed() to do a long jump. - * - * \note If a call to mbedtls_param_failed() is not expected in the sense - * that there is no call to mbedtls_test_param_failed_expect_call() - * preceding it, then mbedtls_param_failed() will try to restore the - * execution to the state stored in the jmp_buf object whose address - * is returned by the present function. - * - * \note This function is intended to provide the parameter of the - * setjmp() function to set-up where mbedtls_param_failed() should - * long-jump if it has to. It is foreseen to be used as: - * - * setjmp( mbedtls_test_param_failed_get_state_buf() ). - * - * \note The type of the returned value is not jmp_buf as jmp_buf is an - * an array type (C specification) and a function cannot return an - * array type. - * - * \note The type of the returned value is not jmp_buf* as then the return - * value couldn't be used by setjmp(), as its parameter's type is - * jmp_buf. - * - * \return Address of the object of type jmp_buf holding the execution state - * information used by mbedtls_param_failed() to do a long jump. - */ -void* mbedtls_test_param_failed_get_state_buf( void ); - -/** - * \brief Reset the execution state used by mbedtls_param_failed() to do a - * long jump. - * - * \note If a call to mbedtls_param_failed() is not expected in the sense - * that there is no call to mbedtls_test_param_failed_expect_call() - * preceding it, then mbedtls_param_failed() will try to restore the - * execution state that this function reset. - * - * \note It is recommended to reset the execution state when the state - * is not relevant anymore. That way an unexpected call to - * mbedtls_param_failed() will not trigger a long jump with - * undefined behavior but rather a long jump that will rather fault. - */ -void mbedtls_test_param_failed_reset_state( void ); -#endif /* MBEDTLS_CHECK_PARAMS */ - #if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) #include "test/fake_external_rng_for_test.h" #endif diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 450bc2cc3..cad39aaca 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -58,10 +58,6 @@ * It allows a library function to return a value and return an error * code that can be tested. * - * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAILED(), will be assumed to be a test - * failure. - * * This macro is not suitable for negative parameter validation tests, * as it assumes the test step will not create an error. * @@ -182,70 +178,11 @@ } while( 0 ) #if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT) -/** - * \brief This macro tests the statement passed to it as a test step or - * individual test in a test case. The macro assumes the test will fail - * and will generate an error. - * - * It allows a library function to return a value and tests the return - * code on return to confirm the given error code was returned. - * - * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the - * expected failure, and the test will pass. - * - * This macro is intended for negative parameter validation tests, - * where the failing function may return an error value or call - * MBEDTLS_PARAM_FAILED() to indicate the error. - * - * \param PARAM_ERROR_VALUE The expected error code. - * - * \param TEST The test expression to be tested. - */ -#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ - do { \ - mbedtls_test_param_failed_expect_call( ); \ - if( ( ( TEST ) != ( PARAM_ERR_VALUE ) ) || \ - ( mbedtls_test_param_failed_check_expected_call( ) != 0 ) ) \ - { \ - mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - mbedtls_test_param_failed_check_expected_call( ); \ - } while( 0 ) +#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ + do { if( ( TEST ) != ( PARAM_ERR_VALUE ) ) goto exit; } while( 0 ) -/** - * \brief This macro tests the statement passed to it as a test step or - * individual test in a test case. The macro assumes the test will fail - * and will generate an error. - * - * It assumes the library function under test cannot return a value and - * assumes errors can only be indicated byt calls to - * MBEDTLS_PARAM_FAILED(). - * - * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the - * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test - * can be made. - * - * This macro is intended for negative parameter validation tests, - * where the failing function can only return an error by calling - * MBEDTLS_PARAM_FAILED() to indicate the error. - * - * \param TEST The test expression to be tested. - */ -#define TEST_INVALID_PARAM( TEST ) \ - do { \ - memcpy( jmp_tmp, mbedtls_test_param_failed_get_state_buf( ), \ - sizeof( jmp_tmp ) ); \ - if( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 ) \ - { \ - TEST; \ - mbedtls_test_fail( #TEST, __LINE__, __FILE__ ); \ - goto exit; \ - } \ - mbedtls_test_param_failed_reset_state( ); \ - } while( 0 ) +#define TEST_INVALID_PARAM( TEST ) \ + do { TEST; } while( 0 ) #endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ /** @@ -256,11 +193,6 @@ * assumes errors can only be indicated by calls to * MBEDTLS_PARAM_FAILED(). * - * When MBEDTLS_CHECK_PARAMS is enabled, calls to the parameter failure - * callback, MBEDTLS_PARAM_FAILED(), are assumed to indicate the - * expected failure. If MBEDTLS_CHECK_PARAMS is not enabled, no test - * can be made. - * * This macro is intended to test that functions returning void * accept all of the parameter values they're supposed to accept - eg * that they don't call MBEDTLS_PARAM_FAILED() when a parameter @@ -271,12 +203,6 @@ * accept is best done by using TEST_ASSERT() and checking the return * value as well. * - * Note: this macro is available even when #MBEDTLS_CHECK_PARAMS is - * disabled, as it makes sense to check that the functions accept all - * legal values even if this option is disabled - only in that case, - * the test is more about whether the function segfaults than about - * whether it invokes MBEDTLS_PARAM_FAILED(). - * * \param TEST The test expression to be tested. */ #define TEST_VALID_PARAM( TEST ) \ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8e163a947..9b0d5fe4a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1853,38 +1853,6 @@ component_build_psa_accel_key_type_rsa_public_key() { make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } -component_test_check_params_functionality () { - msg "build+test: MBEDTLS_CHECK_PARAMS functionality" - scripts/config.py full # includes CHECK_PARAMS - # Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed(). - scripts/config.py unset MBEDTLS_CHECK_PARAMS_ASSERT - make CC=gcc CFLAGS='-Werror -O1' all test -} - -component_test_check_params_without_platform () { - msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C" - scripts/config.py full # includes CHECK_PARAMS - # Keep MBEDTLS_PARAM_FAILED as assert. - scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT - scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT - scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT - scripts/config.py unset MBEDTLS_PLATFORM_MEMORY - scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT - scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT - scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT - scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED - scripts/config.py unset MBEDTLS_PLATFORM_C - make CC=gcc CFLAGS='-Werror -O1' all test -} - -component_test_check_params_silent () { - msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()" - scripts/config.py full # includes CHECK_PARAMS - # Set MBEDTLS_PARAM_FAILED to nothing. - sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H" - make CC=gcc CFLAGS='-Werror -O1' all test -} - component_test_no_platform () { # Full configuration build, without platform support, file IO and net sockets. # This should catch missing mbedtls_printf definitions, and by disabling file diff --git a/tests/src/helpers.c b/tests/src/helpers.c index b7c9867b0..ece046513 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -19,27 +19,9 @@ #include #include -#if defined(MBEDTLS_CHECK_PARAMS) -#include -#endif - /*----------------------------------------------------------------------------*/ /* Static global variables */ -#if defined(MBEDTLS_CHECK_PARAMS) -typedef struct -{ - uint8_t expected_call; - uint8_t expected_call_happened; - - jmp_buf state; - - mbedtls_test_param_failed_location_record_t location_record; -} -param_failed_ctx_t; -static param_failed_ctx_t param_failed_ctx; -#endif - #if defined(MBEDTLS_PLATFORM_C) static mbedtls_platform_context platform_ctx; #endif @@ -222,66 +204,14 @@ int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, return ret; } -#if defined(MBEDTLS_CHECK_PARAMS) -void mbedtls_test_param_failed_get_location_record( - mbedtls_test_param_failed_location_record_t *location_record ) -{ - *location_record = param_failed_ctx.location_record; -} - -void mbedtls_test_param_failed_expect_call( void ) -{ - param_failed_ctx.expected_call_happened = 0; - param_failed_ctx.expected_call = 1; -} - -int mbedtls_test_param_failed_check_expected_call( void ) -{ - param_failed_ctx.expected_call = 0; - - if( param_failed_ctx.expected_call_happened != 0 ) - return( 0 ); - - return( -1 ); -} - -void* mbedtls_test_param_failed_get_state_buf( void ) -{ - return ¶m_failed_ctx.state; -} - -void mbedtls_test_param_failed_reset_state( void ) -{ - memset( param_failed_ctx.state, 0, sizeof( param_failed_ctx.state ) ); -} - void mbedtls_param_failed( const char *failure_condition, const char *file, int line ) { - /* Record the location of the failure */ - param_failed_ctx.location_record.failure_condition = failure_condition; - param_failed_ctx.location_record.file = file; - param_failed_ctx.location_record.line = line; - - /* If we are testing the callback function... */ - if( param_failed_ctx.expected_call != 0 ) - { - param_failed_ctx.expected_call = 0; - param_failed_ctx.expected_call_happened = 1; - } - else - { - /* ...else try a long jump. If the execution state has not been set-up - * or reset then the long jump buffer is all zero's and the call will - * with high probability fault, emphasizing there is something to look - * at. - */ - - longjmp( param_failed_ctx.state, 1 ); - } + (void) failure_condition; + (void) file; + (void) line; } -#endif /* MBEDTLS_CHECK_PARAMS */ #if defined(MBEDTLS_TEST_HOOKS) void mbedtls_test_err_add_check( int high, int low, diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 2ef07fa62..89ba0b093 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -28,11 +28,6 @@ #include "mbedtls/memory_buffer_alloc.h" #endif -#if defined(MBEDTLS_CHECK_PARAMS) -#include "mbedtls/platform_util.h" -#include -#endif - #ifdef _MSC_VER #include typedef UINT8 uint8_t; @@ -78,10 +73,6 @@ typedef struct data_tag /*----------------------------------------------------------------------------*/ /* Global variables */ -#if defined(MBEDTLS_CHECK_PARAMS) -jmp_buf jmp_tmp; -#endif - /*----------------------------------------------------------------------------*/ /* Helper flags for complex dependencies */ diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index ac00f45e5..13d032c4a 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -176,26 +176,7 @@ void execute_function_ptr(TestWrapper_t fp, void **params) mbedtls_test_enable_insecure_external_rng( ); #endif -#if defined(MBEDTLS_CHECK_PARAMS) - mbedtls_test_param_failed_location_record_t location_record; - - if ( setjmp( mbedtls_test_param_failed_get_state_buf( ) ) == 0 ) - { - fp( params ); - } - else - { - /* Unexpected parameter validation error */ - mbedtls_test_param_failed_get_location_record( &location_record ); - mbedtls_test_fail( location_record.failure_condition, - location_record.line, - location_record.file ); - } - - mbedtls_test_param_failed_reset_state( ); -#else fp( params ); -#endif #if defined(MBEDTLS_TEST_MUTEX_USAGE) mbedtls_test_mutex_usage_check( ); diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 754a16702..a74039103 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -360,193 +360,40 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ -void aes_check_params( ) +void aes_invalid_mode( ) { mbedtls_aes_context aes_ctx; -#if defined(MBEDTLS_CIPHER_MODE_XTS) - mbedtls_aes_xts_context xts_ctx; -#endif - const unsigned char key[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; const unsigned char in[16] = { 0 }; unsigned char out[16]; - size_t size; - const int valid_mode = MBEDTLS_AES_ENCRYPT; const int invalid_mode = 42; - TEST_INVALID_PARAM( mbedtls_aes_init( NULL ) ); -#if defined(MBEDTLS_CIPHER_MODE_XTS) - TEST_INVALID_PARAM( mbedtls_aes_xts_init( NULL ) ); -#endif - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_setkey_enc( NULL, key, 128 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_setkey_enc( &aes_ctx, NULL, 128 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_setkey_dec( NULL, key, 128 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_setkey_dec( &aes_ctx, NULL, 128 ) ); - -#if defined(MBEDTLS_CIPHER_MODE_XTS) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_xts_setkey_enc( NULL, key, 128 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_xts_setkey_enc( &xts_ctx, NULL, 128 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_xts_setkey_dec( NULL, key, 128 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_xts_setkey_dec( &xts_ctx, NULL, 128 ) ); -#endif - - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ecb( NULL, - valid_mode, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ecb( &aes_ctx, - invalid_mode, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ecb( &aes_ctx, - valid_mode, NULL, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ecb( &aes_ctx, - valid_mode, in, NULL ) ); + TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_ecb( &aes_ctx, invalid_mode, in, out ) ); #if defined(MBEDTLS_CIPHER_MODE_CBC) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cbc( NULL, - valid_mode, 16, - out, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cbc( &aes_ctx, - invalid_mode, 16, - out, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cbc( &aes_ctx, - valid_mode, 16, - NULL, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cbc( &aes_ctx, - valid_mode, 16, - out, NULL, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cbc( &aes_ctx, - valid_mode, 16, - out, in, NULL ) ); + TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cbc( &aes_ctx, invalid_mode, 16, + out, in, out ) ); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_XTS) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_xts( NULL, - valid_mode, 16, - in, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_xts( &xts_ctx, - invalid_mode, 16, - in, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_xts( &xts_ctx, - valid_mode, 16, - NULL, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_xts( &xts_ctx, - valid_mode, 16, - in, NULL, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_xts( &xts_ctx, - valid_mode, 16, - in, in, NULL ) ); + mbedtls_aes_xts_context xts_ctx; + + TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_xts( &xts_ctx, invalid_mode, 16, + in, in, out ) ); #endif /* MBEDTLS_CIPHER_MODE_XTS */ #if defined(MBEDTLS_CIPHER_MODE_CFB) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cfb128( NULL, - valid_mode, 16, - &size, out, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cfb128( &aes_ctx, - invalid_mode, 16, - &size, out, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cfb128( &aes_ctx, - valid_mode, 16, - NULL, out, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cfb128( &aes_ctx, - valid_mode, 16, - &size, NULL, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cfb128( &aes_ctx, - valid_mode, 16, - &size, out, NULL, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cfb128( &aes_ctx, - valid_mode, 16, - &size, out, in, NULL ) ); + size_t size; - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cfb8( NULL, - valid_mode, 16, - out, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cfb8( &aes_ctx, - invalid_mode, 16, - out, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cfb8( &aes_ctx, - valid_mode, 16, - NULL, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cfb8( &aes_ctx, - valid_mode, 16, - out, NULL, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_cfb8( &aes_ctx, - valid_mode, 16, - out, in, NULL ) ); + TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cfb128( &aes_ctx, invalid_mode, 16, + &size, out, in, out ) ); + TEST_EQUAL( MBEDTLS_ERR_AES_BAD_INPUT_DATA, + mbedtls_aes_crypt_cfb8( &aes_ctx, invalid_mode, 16, + out, in, out ) ); #endif /* MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_OFB) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ofb( NULL, 16, - &size, out, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ofb( &aes_ctx, 16, - NULL, out, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ofb( &aes_ctx, 16, - &size, NULL, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ofb( &aes_ctx, 16, - &size, out, NULL, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ofb( &aes_ctx, 16, - &size, out, in, NULL ) ); -#endif /* MBEDTLS_CIPHER_MODE_OFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ctr( NULL, 16, &size, out, - out, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ctr( &aes_ctx, 16, NULL, out, - out, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, NULL, - out, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out, - NULL, in, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out, - out, NULL, out ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_AES_BAD_INPUT_DATA, - mbedtls_aes_crypt_ctr( &aes_ctx, 16, &size, out, - out, in, NULL ) ); -#endif /* MBEDTLS_CIPHER_MODE_CTR */ } /* END_CASE */ diff --git a/tests/suites/test_suite_aes.rest.data b/tests/suites/test_suite_aes.rest.data index 6a76b43eb..3b43c90cd 100644 --- a/tests/suites/test_suite_aes.rest.data +++ b/tests/suites/test_suite_aes.rest.data @@ -10,8 +10,8 @@ aes_encrypt_cbc:"000000000000000000000000000000000000000000000000000000000000000 AES-256-CBC Decrypt (Invalid input length) aes_decrypt_cbc:"0000000000000000000000000000000000000000000000000000000000000000":"00000000000000000000000000000000":"623a52fcea5d443e48d9181ab32c74":"":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -AES - Optional Parameter Validation (MBEDTLS_CHECK_PARAMS) -aes_check_params: +AES - Mode Parameter Validation +aes_invalid_mode: AES - Mandatory Parameter Validation and Valid Parameters aes_misc_params: diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 6d6a20335..b24e4984e 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -27,7 +27,6 @@ void aria_valid_param( ) void aria_invalid_param( ) { mbedtls_aria_context ctx; - unsigned char key[128 / 8] = { 0 }; unsigned char input[MBEDTLS_ARIA_BLOCKSIZE] = { 0 }; unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] = { 0 }; unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE] = { 0 }; @@ -36,77 +35,18 @@ void aria_invalid_param( ) ((void) iv_off); ((void) iv); - TEST_INVALID_PARAM( mbedtls_aria_init( NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_setkey_enc( NULL, key, - sizeof( key ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_setkey_enc( &ctx, NULL, - sizeof( key ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_setkey_dec( NULL, key, - sizeof( key ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_setkey_dec( &ctx, NULL, - sizeof( key ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_ecb( NULL, input, output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_ecb( &ctx, NULL, output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_ecb( &ctx, input, NULL ) ); - #if defined(MBEDTLS_CIPHER_MODE_CBC) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_cbc( NULL, - MBEDTLS_ARIA_ENCRYPT, - sizeof( input ), - iv, - input, - output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, mbedtls_aria_crypt_cbc( &ctx, 42 /* invalid mode */, sizeof( input ), iv, input, output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_cbc( &ctx, - MBEDTLS_ARIA_ENCRYPT, - sizeof( input ), - NULL, - input, - output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_cbc( &ctx, - MBEDTLS_ARIA_ENCRYPT, - sizeof( input ), - iv, - NULL, - output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_cbc( &ctx, - MBEDTLS_ARIA_ENCRYPT, - sizeof( input ), - iv, - input, - NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_cfb128( NULL, - MBEDTLS_ARIA_ENCRYPT, - sizeof( input ), - &iv_off, - iv, - input, - output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, mbedtls_aria_crypt_cfb128( &ctx, 42, /* invalid mode */ sizeof( input ), @@ -114,91 +54,8 @@ void aria_invalid_param( ) iv, input, output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_cfb128( &ctx, - MBEDTLS_ARIA_ENCRYPT, - sizeof( input ), - NULL, - iv, - input, - output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_cfb128( &ctx, - MBEDTLS_ARIA_ENCRYPT, - sizeof( input ), - &iv_off, - NULL, - input, - output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_cfb128( &ctx, - MBEDTLS_ARIA_ENCRYPT, - sizeof( input ), - &iv_off, - iv, - NULL, - output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_cfb128( &ctx, - MBEDTLS_ARIA_ENCRYPT, - sizeof( input ), - &iv_off, - iv, - input, - NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_CFB */ -#if defined(MBEDTLS_CIPHER_MODE_CTR) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_ctr( NULL, - sizeof( input ), - &iv_off, - iv, - iv, - input, - output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_ctr( &ctx, - sizeof( input ), - NULL, - iv, - iv, - input, - output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_ctr( &ctx, - sizeof( input ), - &iv_off, - NULL, - iv, - input, - output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_ctr( &ctx, - sizeof( input ), - &iv_off, - iv, - NULL, - input, - output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_ctr( &ctx, - sizeof( input ), - &iv_off, - iv, - iv, - NULL, - output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, - mbedtls_aria_crypt_ctr( &ctx, - sizeof( input ), - &iv_off, - iv, - iv, - input, - NULL ) ); -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - exit: return; diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index f89353ce9..5681a9e94 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -19,147 +19,32 @@ void blowfish_invalid_param( ) { mbedtls_blowfish_context ctx; unsigned char buf[16] = { 0 }; - size_t const valid_keylength = sizeof( buf ) * 8; - size_t valid_mode = MBEDTLS_BLOWFISH_ENCRYPT; size_t invalid_mode = 42; size_t off; ((void) off); - TEST_INVALID_PARAM( mbedtls_blowfish_init( NULL ) ); - TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_setkey( NULL, - buf, - valid_keylength ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_setkey( &ctx, - NULL, - valid_keylength ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_ecb( NULL, - valid_mode, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_ecb( &ctx, invalid_mode, buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_ecb( &ctx, - valid_mode, - NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_ecb( &ctx, - valid_mode, - buf, NULL ) ); #if defined(MBEDTLS_CIPHER_MODE_CBC) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_cbc( NULL, - valid_mode, - sizeof( buf ), - buf, buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_cbc( &ctx, invalid_mode, sizeof( buf ), buf, buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_cbc( &ctx, - valid_mode, - sizeof( buf ), - NULL, buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_cbc( &ctx, - valid_mode, - sizeof( buf ), - buf, NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_cbc( &ctx, - valid_mode, - sizeof( buf ), - buf, buf, NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_cfb64( NULL, - valid_mode, - sizeof( buf ), - &off, buf, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, mbedtls_blowfish_crypt_cfb64( &ctx, invalid_mode, sizeof( buf ), &off, buf, buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_cfb64( &ctx, - valid_mode, - sizeof( buf ), - NULL, buf, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_cfb64( &ctx, - valid_mode, - sizeof( buf ), - &off, NULL, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_cfb64( &ctx, - valid_mode, - sizeof( buf ), - &off, buf, - NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_cfb64( &ctx, - valid_mode, - sizeof( buf ), - &off, buf, - buf, NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_CFB */ -#if defined(MBEDTLS_CIPHER_MODE_CTR) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_ctr( NULL, - sizeof( buf ), - &off, - buf, buf, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_ctr( &ctx, - sizeof( buf ), - NULL, - buf, buf, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_ctr( &ctx, - sizeof( buf ), - &off, - NULL, buf, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_ctr( &ctx, - sizeof( buf ), - &off, - buf, NULL, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_ctr( &ctx, - sizeof( buf ), - &off, - buf, buf, - NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_ctr( &ctx, - sizeof( buf ), - &off, - buf, buf, - buf, NULL ) ); -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - exit: return; } diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 312495c9a..fb0a34917 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -19,155 +19,32 @@ void camellia_invalid_param( ) { mbedtls_camellia_context ctx; unsigned char buf[16] = { 0 }; - const size_t valid_keybits = 128; const int invalid_mode = 42; - const int valid_mode = MBEDTLS_CAMELLIA_ENCRYPT; size_t off; ((void) off); - TEST_INVALID_PARAM( mbedtls_camellia_init( NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_setkey_enc( NULL, - buf, - valid_keybits ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_setkey_enc( &ctx, - NULL, - valid_keybits ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_setkey_dec( NULL, - buf, - valid_keybits ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_setkey_dec( &ctx, - NULL, - valid_keybits ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_ecb( NULL, - valid_mode, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_ecb( &ctx, invalid_mode, buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_ecb( &ctx, - valid_mode, - NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_ecb( &ctx, - valid_mode, - buf, NULL ) ); #if defined(MBEDTLS_CIPHER_MODE_CBC) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_cbc( NULL, - valid_mode, - sizeof( buf ), - buf, buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_cbc( &ctx, invalid_mode, sizeof( buf ), buf, buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_cbc( &ctx, - valid_mode, - sizeof( buf ), - NULL, buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_cbc( &ctx, - valid_mode, - sizeof( buf ), - buf, NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_cbc( &ctx, - valid_mode, - sizeof( buf ), - buf, buf, NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_cfb128( NULL, - valid_mode, - sizeof( buf ), - &off, buf, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, mbedtls_camellia_crypt_cfb128( &ctx, invalid_mode, sizeof( buf ), &off, buf, buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_cfb128( &ctx, - valid_mode, - sizeof( buf ), - NULL, buf, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_cfb128( &ctx, - valid_mode, - sizeof( buf ), - &off, NULL, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_cfb128( &ctx, - valid_mode, - sizeof( buf ), - &off, buf, - NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_cfb128( &ctx, - valid_mode, - sizeof( buf ), - &off, buf, - buf, NULL ) ); #endif /* MBEDTLS_CIPHER_MODE_CFB */ -#if defined(MBEDTLS_CIPHER_MODE_CTR) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_ctr( NULL, - sizeof( buf ), - &off, - buf, buf, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_ctr( &ctx, - sizeof( buf ), - NULL, - buf, buf, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_ctr( &ctx, - sizeof( buf ), - &off, - NULL, buf, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_ctr( &ctx, - sizeof( buf ), - &off, - buf, NULL, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_ctr( &ctx, - sizeof( buf ), - &off, - buf, buf, - NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA, - mbedtls_camellia_crypt_ctr( &ctx, - sizeof( buf ), - &off, - buf, buf, - buf, NULL ) ); -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - exit: return; } diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index 4f83468ac..63af5aa04 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -1,9 +1,6 @@ CCM self test mbedtls_ccm_self_test: -CCM - Invalid parameters -ccm_invalid_param: - CCM - Valid parameters ccm_valid_param: diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 5a3726e07..1b00560ec 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -292,210 +292,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ -void ccm_invalid_param( ) -{ - struct mbedtls_ccm_context ctx; - unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; - mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES; - int valid_len = sizeof(valid_buffer); - int valid_bitlen = valid_len * 8; - - mbedtls_ccm_init( &ctx ); - - /* mbedtls_ccm_init() */ - TEST_INVALID_PARAM( mbedtls_ccm_init( NULL ) ); - - /* mbedtls_ccm_setkey() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) ); - - /* mbedtls_ccm_encrypt_and_tag() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_encrypt_and_tag( NULL, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, - NULL, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, - valid_buffer, valid_len, - NULL, valid_len, - valid_buffer, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - NULL, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, NULL, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - NULL, valid_len ) ); - - /* mbedtls_ccm_star_encrypt_and_tag() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_star_encrypt_and_tag( NULL, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - valid_buffer, valid_len) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, - NULL, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, - valid_buffer, valid_len, - NULL, valid_len, - valid_buffer, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - NULL, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, NULL, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - NULL, valid_len ) ); - - /* mbedtls_ccm_auth_decrypt() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_auth_decrypt( NULL, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_auth_decrypt( &ctx, valid_len, - NULL, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_auth_decrypt( &ctx, valid_len, - valid_buffer, valid_len, - NULL, valid_len, - valid_buffer, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_auth_decrypt( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - NULL, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_auth_decrypt( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, NULL, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_auth_decrypt( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - NULL, valid_len ) ); - - /* mbedtls_ccm_star_auth_decrypt() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_star_auth_decrypt( NULL, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, - NULL, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, - valid_buffer, valid_len, - NULL, valid_len, - valid_buffer, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - NULL, valid_buffer, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, NULL, - valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CCM_BAD_INPUT, - mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - NULL, valid_len ) ); - -exit: - mbedtls_ccm_free( &ctx ); - return; -} -/* END_CASE */ - /* BEGIN_CASE */ void ccm_valid_param( ) { diff --git a/tests/suites/test_suite_chacha20.data b/tests/suites/test_suite_chacha20.data index 3f9033eeb..86094604b 100644 --- a/tests/suites/test_suite_chacha20.data +++ b/tests/suites/test_suite_chacha20.data @@ -22,8 +22,5 @@ chacha20_crypt:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0 ChaCha20 RFC 7539 Test Vector #3 (Decrypt) chacha20_crypt:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc207075c0":"000000000000000000000002":42:"62e6347f95ed87a45ffae7426f27a1df5fb69110044c0d73118effa95b01e5cf166d3df2d721caf9b21e5fb14c616871fd84c54f9d65b283196c7fe4f60553ebf39c6402c42234e32a356b3e764312a61a5532055716ead6962568f87d3f3f7704c6a8d1bcd1bf4d50d6154b6da731b187b58dfd728afa36757a797ac188d1":"2754776173206272696c6c69672c20616e642074686520736c6974687920746f7665730a446964206779726520616e642067696d626c6520696e2074686520776162653a0a416c6c206d696d737920776572652074686520626f726f676f7665732c0a416e6420746865206d6f6d65207261746873206f757467726162652e" -ChaCha20 Paremeter Validation -chacha20_bad_params: - ChaCha20 Selftest chacha20_self_test: diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index 67c8de2ec..9afadb773 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -66,52 +66,6 @@ void chacha20_crypt( data_t *key_str, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ -void chacha20_bad_params() -{ - unsigned char key[32]; - unsigned char nonce[12]; - unsigned char src[1]; - unsigned char dst[1]; - uint32_t counter = 0; - size_t len = sizeof( src ); - mbedtls_chacha20_context ctx; - - TEST_INVALID_PARAM( mbedtls_chacha20_init( NULL ) ); - TEST_VALID_PARAM( mbedtls_chacha20_free( NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, - mbedtls_chacha20_setkey( NULL, key ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, - mbedtls_chacha20_setkey( &ctx, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, - mbedtls_chacha20_starts( NULL, nonce, counter ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, - mbedtls_chacha20_starts( &ctx, NULL, counter ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, - mbedtls_chacha20_update( NULL, 0, src, dst ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, - mbedtls_chacha20_update( &ctx, len, NULL, dst ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, - mbedtls_chacha20_update( &ctx, len, src, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, - mbedtls_chacha20_crypt( NULL, nonce, counter, 0, src, dst ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, - mbedtls_chacha20_crypt( key, NULL, counter, 0, src, dst ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, - mbedtls_chacha20_crypt( key, nonce, counter, len, NULL, dst ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA, - mbedtls_chacha20_crypt( key, nonce, counter, len, src, NULL ) ); - -exit: - return; - -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void chacha20_self_test() { diff --git a/tests/suites/test_suite_chachapoly.data b/tests/suites/test_suite_chachapoly.data index 34cb56831..02c7bf3d2 100644 --- a/tests/suites/test_suite_chachapoly.data +++ b/tests/suites/test_suite_chachapoly.data @@ -19,9 +19,6 @@ mbedtls_chachapoly_dec:"1c9240a5eb55d38af333888604f6b5f0473917c1402b80099dca5cbc ChaCha20-Poly1305 State Flow chachapoly_state: -ChaCha20-Poly1305 Parameter Validation -chachapoly_bad_params: - ChaCha20-Poly1305 Selftest depends_on:MBEDTLS_SELF_TEST chachapoly_selftest: diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function index 96128e4ec..2e1e7b2dc 100644 --- a/tests/suites/test_suite_chachapoly.function +++ b/tests/suites/test_suite_chachapoly.function @@ -66,137 +66,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ -void chachapoly_bad_params() -{ - unsigned char key[32]; - unsigned char nonce[12]; - unsigned char aad[1]; - unsigned char input[1]; - unsigned char output[1]; - unsigned char mac[16]; - size_t input_len = sizeof( input ); - size_t aad_len = sizeof( aad ); - mbedtls_chachapoly_context ctx; - - memset( key, 0x00, sizeof( key ) ); - memset( nonce, 0x00, sizeof( nonce ) ); - memset( aad, 0x00, sizeof( aad ) ); - memset( input, 0x00, sizeof( input ) ); - memset( output, 0x00, sizeof( output ) ); - memset( mac, 0x00, sizeof( mac ) ); - - TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) ); - TEST_VALID_PARAM( mbedtls_chachapoly_free( NULL ) ); - - /* setkey */ - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_setkey( NULL, key ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_setkey( &ctx, NULL ) ); - - /* encrypt_and_tag */ - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_encrypt_and_tag( NULL, - 0, nonce, - aad, 0, - input, output, mac ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_encrypt_and_tag( &ctx, - 0, NULL, - aad, 0, - input, output, mac ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_encrypt_and_tag( &ctx, - 0, nonce, - NULL, aad_len, - input, output, mac ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_encrypt_and_tag( &ctx, - input_len, nonce, - aad, 0, - NULL, output, mac ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_encrypt_and_tag( &ctx, - input_len, nonce, - aad, 0, - input, NULL, mac ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_encrypt_and_tag( &ctx, - 0, nonce, - aad, 0, - input, output, NULL ) ); - - /* auth_decrypt */ - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_auth_decrypt( NULL, - 0, nonce, - aad, 0, - mac, input, output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_auth_decrypt( &ctx, - 0, NULL, - aad, 0, - mac, input, output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_auth_decrypt( &ctx, - 0, nonce, - NULL, aad_len, - mac, input, output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_auth_decrypt( &ctx, - 0, nonce, - aad, 0, - NULL, input, output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_auth_decrypt( &ctx, - input_len, nonce, - aad, 0, - mac, NULL, output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_auth_decrypt( &ctx, - input_len, nonce, - aad, 0, - mac, input, NULL ) ); - - /* starts */ - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_starts( NULL, nonce, - MBEDTLS_CHACHAPOLY_ENCRYPT ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_starts( &ctx, NULL, - MBEDTLS_CHACHAPOLY_ENCRYPT ) ); - - /* update_aad */ - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_update_aad( NULL, aad, - aad_len ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_update_aad( &ctx, NULL, - aad_len ) ); - - /* update */ - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_update( NULL, input_len, - input, output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_update( &ctx, input_len, - NULL, output ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_update( &ctx, input_len, - input, NULL ) ); - - /* finish */ - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_finish( NULL, mac ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_chachapoly_finish( &ctx, NULL ) ); - -exit: - return; -} -/* END_CASE */ - /* BEGIN_CASE */ void chachapoly_state() { diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 3d3f6a329..ea5fa2e5e 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -212,7 +212,6 @@ void cipher_invalid_param_conditional( ) { mbedtls_cipher_context_t valid_ctx; - mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; mbedtls_operation_t invalid_operation = 100; mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; @@ -221,311 +220,21 @@ void cipher_invalid_param_conditional( ) const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( *( mbedtls_cipher_list() ) ); - size_t size_t_var; - (void)valid_mode; /* In some configurations this is unused */ /* mbedtls_cipher_init() */ TEST_VALID_PARAM( mbedtls_cipher_init( &valid_ctx ) ); - TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) ); /* mbedtls_cipher_setup() */ TEST_VALID_PARAM( mbedtls_cipher_setup( &valid_ctx, valid_info ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_setup( NULL, valid_info ) ); - /* mbedtls_cipher_get_block_size() */ - TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( NULL ) ); - - /* mbedtls_cipher_get_cipher_mode() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_MODE_NONE, - mbedtls_cipher_get_cipher_mode( NULL ) ); - - /* mbedtls_cipher_get_iv_size() */ - TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( NULL ) ); - - /* mbedtls_cipher_get_type() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_CIPHER_NONE, - mbedtls_cipher_get_type( NULL ) ); - - /* mbedtls_cipher_get_name() */ - TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( NULL ) ); - - /* mbedtls_cipher_get_key_bitlen() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_KEY_LENGTH_NONE, - mbedtls_cipher_get_key_bitlen( NULL ) ); - - /* mbedtls_cipher_get_operation() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_OPERATION_NONE, - mbedtls_cipher_get_operation( NULL ) ); - - /* mbedtls_cipher_setkey() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_setkey( NULL, - valid_buffer, - valid_bitlen, - valid_operation ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_setkey( &valid_ctx, - NULL, - valid_bitlen, - valid_operation ) ); - TEST_INVALID_PARAM_RET( + TEST_EQUAL( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_setkey( &valid_ctx, valid_buffer, valid_bitlen, invalid_operation ) ); - /* mbedtls_cipher_set_iv() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_set_iv( NULL, - valid_buffer, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_set_iv( &valid_ctx, - NULL, - valid_size ) ); - - /* mbedtls_cipher_reset() */ - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_reset( NULL ) ); - -#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) - /* mbedtls_cipher_update_ad() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_update_ad( NULL, - valid_buffer, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_update_ad( &valid_ctx, - NULL, - valid_size ) ); -#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ - -#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) - /* mbedtls_cipher_set_padding_mode() */ - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_set_padding_mode( NULL, valid_mode ) ); -#endif - - /* mbedtls_cipher_update() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_update( NULL, - valid_buffer, - valid_size, - valid_buffer, - &size_t_var ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_update( &valid_ctx, - NULL, valid_size, - valid_buffer, - &size_t_var ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_update( &valid_ctx, - valid_buffer, valid_size, - NULL, - &size_t_var ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_update( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, - NULL ) ); - - /* mbedtls_cipher_finish() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_finish( NULL, - valid_buffer, - &size_t_var ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_finish( &valid_ctx, - NULL, - &size_t_var ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_finish( &valid_ctx, - valid_buffer, - NULL ) ); - -#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) - /* mbedtls_cipher_write_tag() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_write_tag( NULL, - valid_buffer, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_write_tag( &valid_ctx, - NULL, - valid_size ) ); - - /* mbedtls_cipher_check_tag() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_check_tag( NULL, - valid_buffer, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_check_tag( &valid_ctx, - NULL, - valid_size ) ); -#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ - - /* mbedtls_cipher_crypt() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_crypt( NULL, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, &size_t_var ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_crypt( &valid_ctx, - NULL, valid_size, - valid_buffer, valid_size, - valid_buffer, &size_t_var ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_crypt( &valid_ctx, - valid_buffer, valid_size, - NULL, valid_size, - valid_buffer, &size_t_var ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_crypt( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - NULL, &size_t_var ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_crypt( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, NULL ) ); - -#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) - /* mbedtls_cipher_auth_encrypt_ext */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_encrypt_ext( NULL, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, &size_t_var, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_encrypt_ext( &valid_ctx, - NULL, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, &size_t_var, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_encrypt_ext( &valid_ctx, - valid_buffer, valid_size, - NULL, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, &size_t_var, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_encrypt_ext( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - NULL, valid_size, - valid_buffer, valid_size, &size_t_var, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_encrypt_ext( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - NULL, valid_size, &size_t_var, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_encrypt_ext( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, NULL, - valid_size ) ); - - /* mbedtls_cipher_auth_decrypt_ext */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_decrypt_ext( NULL, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, &size_t_var, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_decrypt_ext( &valid_ctx, - NULL, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, &size_t_var, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_decrypt_ext( &valid_ctx, - valid_buffer, valid_size, - NULL, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, &size_t_var, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_decrypt_ext( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - NULL, valid_size, - valid_buffer, valid_size, &size_t_var, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_decrypt_ext( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - NULL, valid_size, &size_t_var, - valid_size ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, - mbedtls_cipher_auth_decrypt_ext( &valid_ctx, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, - valid_buffer, valid_size, NULL, - valid_size ) ); -#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ - - /* mbedtls_cipher_free() */ - TEST_VALID_PARAM( mbedtls_cipher_free( NULL ) ); exit: TEST_VALID_PARAM( mbedtls_cipher_free( &valid_ctx ) ); } diff --git a/tests/suites/test_suite_dhm.data b/tests/suites/test_suite_dhm.data index c4795b6d3..3b71c3569 100644 --- a/tests/suites/test_suite_dhm.data +++ b/tests/suites/test_suite_dhm.data @@ -1,6 +1,3 @@ -Diffie-Hellman parameter validation -dhm_invalid_params: - Diffie-Hellman full exchange #1 dhm_do_dhm:10:"23":10:"5":0 diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index 1726b9eb7..2d54e8189 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -7,113 +7,6 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ -void dhm_invalid_params( ) -{ - mbedtls_dhm_context ctx; - unsigned char buf[42] = { 0 }; - unsigned char *buf_null = NULL; - mbedtls_mpi X; - size_t const buflen = sizeof( buf ); - size_t len; - - TEST_INVALID_PARAM( mbedtls_dhm_init( NULL ) ); - TEST_VALID_PARAM( mbedtls_dhm_free( NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_read_params( NULL, - (unsigned char**) &buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_read_params( &ctx, &buf_null, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_read_params( &ctx, NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_read_params( &ctx, - (unsigned char**) &buf, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_params( NULL, buflen, - buf, &len, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_params( &ctx, buflen, - NULL, &len, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_params( &ctx, buflen, - buf, NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_params( &ctx, buflen, - buf, &len, - NULL, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_set_group( NULL, &X, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_set_group( &ctx, NULL, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_set_group( &ctx, &X, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_read_public( NULL, buf, buflen ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_read_public( &ctx, NULL, buflen ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_public( NULL, buflen, - buf, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_public( &ctx, buflen, - NULL, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_make_public( &ctx, buflen, - buf, buflen, - NULL, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_calc_secret( NULL, buf, buflen, &len, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_calc_secret( &ctx, NULL, buflen, &len, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_calc_secret( &ctx, buf, buflen, NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); - -#if defined(MBEDTLS_ASN1_PARSE_C) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_parse_dhm( NULL, buf, buflen ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_parse_dhm( &ctx, NULL, buflen ) ); - -#if defined(MBEDTLS_FS_IO) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_parse_dhmfile( NULL, "" ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_parse_dhmfile( &ctx, NULL ) ); -#endif /* MBEDTLS_FS_IO */ -#endif /* MBEDTLS_ASN1_PARSE_C */ - -exit: - return; -} -/* END_CASE */ - /* BEGIN_CASE */ void dhm_do_dhm( int radix_P, char *input_P, int radix_G, char *input_G, int result ) diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 3ab96fa11..5fced62d4 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -53,131 +53,14 @@ void ecdh_valid_param( ) /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void ecdh_invalid_param( ) { - mbedtls_ecp_group grp; mbedtls_ecdh_context ctx; - mbedtls_mpi m; - mbedtls_ecp_point P; mbedtls_ecp_keypair kp; - size_t olen; - unsigned char buf[42] = { 0 }; - const unsigned char *buf_null = NULL; - size_t const buflen = sizeof( buf ); int invalid_side = 42; - mbedtls_ecp_group_id valid_grp = MBEDTLS_ECP_DP_SECP192R1; - TEST_INVALID_PARAM( mbedtls_ecdh_init( NULL ) ); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - TEST_INVALID_PARAM( mbedtls_ecdh_enable_restart( NULL ) ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_gen_public( NULL, &m, &P, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_gen_public( &grp, NULL, &P, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_gen_public( &grp, &m, NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_gen_public( &grp, &m, &P, - NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_compute_shared( NULL, &m, &P, &m, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_setup( NULL, valid_grp ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_params( NULL, &olen, buf, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_params( &ctx, NULL, buf, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_params( &ctx, &olen, NULL, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_params( &ctx, &olen, buf, buflen, NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_read_params( NULL, - (const unsigned char**) &buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_read_params( &ctx, &buf_null, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_read_params( &ctx, NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_read_params( &ctx, - (const unsigned char**) &buf, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_get_params( NULL, &kp, - MBEDTLS_ECDH_OURS ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_get_params( &ctx, NULL, - MBEDTLS_ECDH_OURS ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_get_params( &ctx, &kp, invalid_side ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_public( NULL, &olen, buf, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_public( &ctx, NULL, buf, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_public( &ctx, &olen, NULL, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_public( &ctx, &olen, buf, buflen, NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_read_public( NULL, buf, buflen ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_read_public( &ctx, NULL, buflen ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); - exit: return; } diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index e510c504e..95efc73a3 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -1,6 +1,3 @@ -ECDSA Parameter validation -ecdsa_invalid_param: - ECDSA primitive hash zero #1 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecdsa_prim_zero:MBEDTLS_ECP_DP_SECP192R1 diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 58cedc13c..e066b14e9 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -7,203 +7,6 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ -void ecdsa_invalid_param( ) -{ - mbedtls_ecdsa_context ctx; - mbedtls_ecp_keypair key; - mbedtls_ecp_group grp; - mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1; - mbedtls_ecp_point P; - mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; - mbedtls_mpi m; - size_t slen; - unsigned char buf[42] = { 0 }; - - TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) ); - TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) ); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - TEST_INVALID_PARAM( mbedtls_ecdsa_restart_init( NULL ) ); - TEST_VALID_PARAM( mbedtls_ecdsa_restart_free( NULL ) ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_sign( NULL, &m, &m, &m, - buf, sizeof( buf ), - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_sign( &grp, NULL, &m, &m, - buf, sizeof( buf ), - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_sign( &grp, &m, NULL, &m, - buf, sizeof( buf ), - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_sign( &grp, &m, &m, NULL, - buf, sizeof( buf ), - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_sign( &grp, &m, &m, &m, - NULL, sizeof( buf ), - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_sign( &grp, &m, &m, &m, - buf, sizeof( buf ), - NULL, NULL ) ); - -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m, - buf, sizeof( buf ), - valid_md, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m, - buf, sizeof( buf ), - valid_md, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m, - buf, sizeof( buf ), - valid_md, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL, - buf, sizeof( buf ), - valid_md, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m, - NULL, sizeof( buf ), - valid_md, - mbedtls_test_rnd_std_rand, - NULL ) ); -#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_verify( NULL, - buf, sizeof( buf ), - &P, &m, &m ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_verify( &grp, - NULL, sizeof( buf ), - &P, &m, &m ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_verify( &grp, - buf, sizeof( buf ), - NULL, &m, &m ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_verify( &grp, - buf, sizeof( buf ), - &P, NULL, &m ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_verify( &grp, - buf, sizeof( buf ), - &P, &m, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature( NULL, valid_md, buf, sizeof( buf ), - buf, &slen, mbedtls_test_rnd_std_rand, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature( &ctx, valid_md, NULL, sizeof( buf ), - buf, &slen, mbedtls_test_rnd_std_rand, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), - NULL, &slen, mbedtls_test_rnd_std_rand, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), - buf, NULL, mbedtls_test_rnd_std_rand, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_restartable( NULL, valid_md, buf, - sizeof( buf ), buf, &slen, - mbedtls_test_rnd_std_rand, - NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, NULL, - sizeof( buf ), buf, &slen, - mbedtls_test_rnd_std_rand, - NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, - sizeof( buf ), NULL, &slen, - mbedtls_test_rnd_std_rand, - NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, - sizeof( buf ), buf, NULL, - mbedtls_test_rnd_std_rand, - NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_read_signature( NULL, - buf, sizeof( buf ), - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_read_signature( &ctx, - NULL, sizeof( buf ), - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_read_signature( &ctx, - buf, sizeof( buf ), - NULL, sizeof( buf ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_read_signature_restartable( NULL, - buf, sizeof( buf ), - buf, sizeof( buf ), - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_read_signature_restartable( &ctx, - NULL, sizeof( buf ), - buf, sizeof( buf ), - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_read_signature_restartable( &ctx, - buf, sizeof( buf ), - NULL, sizeof( buf ), - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_genkey( NULL, valid_group, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_genkey( &ctx, valid_group, - NULL, NULL ) ); - - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_from_keypair( NULL, &key ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_from_keypair( &ctx, NULL ) ); - -exit: - return; -} -/* END_CASE */ - /* BEGIN_CASE */ void ecdsa_prim_zero( int id ) { diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function index ab672a8dc..2a6d8935e 100644 --- a/tests/suites/test_suite_ecjpake.function +++ b/tests/suites/test_suite_ecjpake.function @@ -103,95 +103,17 @@ void ecjpake_invalid_param( ) { mbedtls_ecjpake_context ctx; unsigned char buf[42] = { 0 }; - size_t olen; size_t const len = sizeof( buf ); - mbedtls_ecjpake_role valid_role = MBEDTLS_ECJPAKE_SERVER; mbedtls_ecjpake_role invalid_role = (mbedtls_ecjpake_role) 42; mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP256R1; - TEST_INVALID_PARAM( mbedtls_ecjpake_init( NULL ) ); - TEST_VALID_PARAM( mbedtls_ecjpake_free( NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_setup( NULL, - valid_role, - valid_md, - valid_group, - buf, len ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_setup( &ctx, invalid_role, valid_md, valid_group, buf, len ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_setup( &ctx, - valid_role, - valid_md, - valid_group, - NULL, len ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_check( NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_one( NULL, buf, len, &olen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_one( &ctx, NULL, len, &olen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_one( &ctx, buf, len, NULL, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_one( &ctx, buf, len, &olen, NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_two( NULL, buf, len, &olen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_two( &ctx, NULL, len, &olen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_two( &ctx, buf, len, NULL, - mbedtls_test_rnd_std_rand, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_two( &ctx, buf, len, &olen, NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_read_round_one( NULL, - buf, len ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_read_round_one( &ctx, - NULL, len ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_read_round_two( NULL, - buf, len ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_read_round_two( &ctx, - NULL, len ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_derive_secret( NULL, buf, len, &olen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_derive_secret( &ctx, NULL, len, &olen, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_derive_secret( &ctx, buf, len, NULL, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_derive_secret( &ctx, buf, len, &olen, NULL, NULL ) ); exit: return; diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 6d23377f3..9b8ba8201 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -42,327 +42,22 @@ exit: void ecp_invalid_param( ) { mbedtls_ecp_group grp; - mbedtls_ecp_keypair kp; mbedtls_ecp_point P; - mbedtls_mpi m; - const char *x = "deadbeef"; - int valid_fmt = MBEDTLS_ECP_PF_UNCOMPRESSED; int invalid_fmt = 42; size_t olen; unsigned char buf[42] = { 0 }; - const unsigned char *null_buf = NULL; - mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1; -#if defined(MBEDTLS_ECP_RESTARTABLE) - mbedtls_ecp_restart_ctx restart_ctx; -#endif /* MBEDTLS_ECP_RESTARTABLE */ - TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) ); - TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) ); - TEST_INVALID_PARAM( mbedtls_ecp_group_init( NULL ) ); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - TEST_INVALID_PARAM( mbedtls_ecp_restart_init( NULL ) ); - TEST_INVALID_PARAM( mbedtls_ecp_check_budget( NULL, &restart_ctx, 42 ) ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_copy( NULL, &P ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_copy( &P, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_group_copy( NULL, &grp ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_group_copy( &grp, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_privkey( NULL, - &m, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_privkey( &grp, - NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_privkey( &grp, - &m, - NULL, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_set_zero( NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_is_zero( NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_point_cmp( NULL, &P ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_point_cmp( &P, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_point_read_string( NULL, 2, - x, x ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_point_read_string( &P, 2, - NULL, x ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_point_read_string( &P, 2, - x, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_point_write_binary( NULL, &P, - valid_fmt, - &olen, - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_point_write_binary( &grp, NULL, - valid_fmt, - &olen, - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_point_write_binary( &grp, &P, invalid_fmt, &olen, buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_point_write_binary( &grp, &P, - valid_fmt, - NULL, - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_point_write_binary( &grp, &P, - valid_fmt, - &olen, - NULL, sizeof( buf ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_point_read_binary( NULL, &P, buf, - sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_point_read_binary( &grp, NULL, buf, - sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_point_read_binary( &grp, &P, NULL, - sizeof( buf ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_read_point( NULL, &P, - (const unsigned char **) &buf, - sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_read_point( &grp, NULL, - (const unsigned char **) &buf, - sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_read_point( &grp, &P, &null_buf, - sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_read_point( &grp, &P, NULL, - sizeof( buf ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_write_point( NULL, &P, - valid_fmt, - &olen, - buf, - sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_write_point( &grp, NULL, - valid_fmt, - &olen, - buf, - sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_tls_write_point( &grp, &P, invalid_fmt, &olen, buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_write_point( &grp, &P, - valid_fmt, - NULL, - buf, - sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_write_point( &grp, &P, - valid_fmt, - &olen, - NULL, - sizeof( buf ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_group_load( NULL, valid_group ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_read_group( NULL, - (const unsigned char **) &buf, - sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_read_group( &grp, NULL, - sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_read_group( &grp, &null_buf, - sizeof( buf ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_read_group_id( NULL, - (const unsigned char **) &buf, - sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_read_group_id( &valid_group, NULL, - sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_read_group_id( &valid_group, - &null_buf, - sizeof( buf ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_write_group( NULL, &olen, - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_write_group( &grp, NULL, - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_tls_write_group( &grp, &olen, - NULL, sizeof( buf ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_mul( NULL, &P, &m, &P, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_mul( &grp, NULL, &m, &P, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_mul( &grp, &P, NULL, &P, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_mul( &grp, &P, &m, NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_mul_restartable( NULL, &P, &m, &P, - mbedtls_test_rnd_std_rand, - NULL , NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_mul_restartable( &grp, NULL, &m, &P, - mbedtls_test_rnd_std_rand, - NULL , NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_mul_restartable( &grp, &P, NULL, &P, - mbedtls_test_rnd_std_rand, - NULL , NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_mul_restartable( &grp, &P, &m, NULL, - mbedtls_test_rnd_std_rand, - NULL , NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_muladd( NULL, &P, &m, &P, - &m, &P ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_muladd( &grp, NULL, &m, &P, - &m, &P ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_muladd( &grp, &P, NULL, &P, - &m, &P ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_muladd( &grp, &P, &m, NULL, - &m, &P ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_muladd( &grp, &P, &m, &P, - NULL, &P ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_muladd( &grp, &P, &m, &P, - &m, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_muladd_restartable( NULL, &P, &m, &P, - &m, &P, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_muladd_restartable( &grp, NULL, &m, &P, - &m, &P, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_muladd_restartable( &grp, &P, NULL, &P, - &m, &P, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_muladd_restartable( &grp, &P, &m, NULL, - &m, &P, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P, - NULL, &P, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_muladd_restartable( &grp, &P, &m, &P, - &m, NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_check_pubkey( NULL, &P ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_check_pubkey( &grp, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_check_pub_priv( NULL, &kp ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_check_pub_priv( &kp, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_check_privkey( NULL, &m ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_check_privkey( &grp, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( NULL, &P, &m, &P, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( &grp, NULL, &m, &P, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( &grp, &P, NULL, &P, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( &grp, &P, &m, NULL, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( &grp, &P, &m, &P, NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair( NULL, - &m, &P, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair( &grp, - NULL, &P, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair( &grp, - &m, NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair( &grp, - &m, &P, - NULL, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_key( valid_group, NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_key( valid_group, &kp, - NULL, NULL ) ); exit: return; diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 9733eb235..35691f725 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -187,158 +187,15 @@ void gcm_invalid_param( ) mbedtls_gcm_context ctx; unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES; - int valid_mode = MBEDTLS_GCM_ENCRYPT; - int valid_len = sizeof(valid_buffer); - int valid_bitlen = 128, invalid_bitlen = 1; - size_t olen; + int invalid_bitlen = 1; mbedtls_gcm_init( &ctx ); - /* mbedtls_gcm_init() */ - TEST_INVALID_PARAM( mbedtls_gcm_init( NULL ) ); - /* mbedtls_gcm_setkey */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) ); - TEST_INVALID_PARAM_RET( + TEST_EQUAL( MBEDTLS_ERR_GCM_BAD_INPUT, mbedtls_gcm_setkey( &ctx, valid_cipher, valid_buffer, invalid_bitlen ) ); - /* mbedtls_gcm_crypt_and_tag() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_crypt_and_tag( NULL, valid_mode, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - valid_len, valid_buffer ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len, - NULL, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - valid_len, valid_buffer ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len, - valid_buffer, valid_len, - NULL, valid_len, - valid_buffer, valid_buffer, - valid_len, valid_buffer ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - NULL, valid_buffer, - valid_len, valid_buffer ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, NULL, - valid_len, valid_buffer ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer, - valid_len, NULL ) ); - - /* mbedtls_gcm_auth_decrypt() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_auth_decrypt( NULL, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_auth_decrypt( &ctx, valid_len, - NULL, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_auth_decrypt( &ctx, valid_len, - valid_buffer, valid_len, - NULL, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_buffer) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_auth_decrypt( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - NULL, valid_len, - valid_buffer, valid_buffer) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_auth_decrypt( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - NULL, valid_buffer) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_auth_decrypt( &ctx, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, valid_len, - valid_buffer, NULL) ); - - /* mbedtls_gcm_starts() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_starts( NULL, valid_mode, - valid_buffer, valid_len ) ); - - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_starts( &ctx, valid_mode, - NULL, valid_len ) ); - - /* mbedtls_gcm_update_ad() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_update_ad( &ctx, - NULL, valid_len ) ); - - /* mbedtls_gcm_update() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_update( NULL, valid_buffer, valid_len, - valid_buffer, valid_len, &olen ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_update( &ctx, NULL, valid_len, - valid_buffer, valid_len, &olen ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_update( &ctx, valid_buffer, valid_len, - NULL, valid_len, &olen ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_update( &ctx, valid_buffer, valid_len, - valid_buffer, valid_len, NULL ) ); - - /* mbedtls_gcm_finish() */ - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_finish( NULL, NULL, 0, valid_buffer, valid_len ) ); - TEST_INVALID_PARAM_RET( - MBEDTLS_ERR_GCM_BAD_INPUT, - mbedtls_gcm_finish( &ctx, NULL, 0, NULL, valid_len ) ); - exit: mbedtls_gcm_free( &ctx ); } diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 59fd7824b..8e09ee5bd 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -1,9 +1,6 @@ MPI - Valid parameters mpi_valid_param: -MPI - Invalid parameters -mpi_invalid_param: - Arguments with no value mpi_null: diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index c5bb5a678..8c20258c5 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -78,214 +78,6 @@ void mpi_valid_param( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ -void mpi_invalid_param( ) -{ - mbedtls_mpi X; - const char *s_in = "00101000101010"; - char s_out[16] = { 0 }; - unsigned char u_out[16] = { 0 }; - unsigned char u_in[16] = { 0 }; - size_t olen; - mbedtls_mpi_uint mpi_uint; - - TEST_INVALID_PARAM( mbedtls_mpi_init( NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_grow( NULL, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_copy( NULL, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_copy( &X, NULL ) ); - - TEST_INVALID_PARAM( mbedtls_mpi_swap( NULL, &X ) ); - TEST_INVALID_PARAM( mbedtls_mpi_swap( &X, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_safe_cond_assign( NULL, &X, 0 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_safe_cond_assign( &X, NULL, 0 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_safe_cond_swap( NULL, &X, 0 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_safe_cond_swap( &X, NULL, 0 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_lset( NULL, 42 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_get_bit( NULL, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_set_bit( NULL, 42, 0 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_read_string( NULL, 2, s_in ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_read_string( &X, 2, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_write_string( NULL, 2, - s_out, sizeof( s_out ), - &olen ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_write_string( &X, 2, - NULL, sizeof( s_out ), - &olen ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_write_string( &X, 2, - s_out, sizeof( s_out ), - NULL ) ); - -#if defined(MBEDTLS_FS_IO) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_read_file( NULL, 2, stdin ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_read_file( &X, 2, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_write_file( "", NULL, 2, NULL ) ); -#endif /* MBEDTLS_FS_IO */ - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_read_binary( NULL, u_in, - sizeof( u_in ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_read_binary( &X, NULL, - sizeof( u_in ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_write_binary( NULL, u_out, - sizeof( u_out ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_write_binary( &X, NULL, - sizeof( u_out ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_shift_l( NULL, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_shift_r( NULL, 42 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_cmp_abs( NULL, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_cmp_abs( &X, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_cmp_mpi( NULL, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_cmp_mpi( &X, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_cmp_int( NULL, 42 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_add_abs( NULL, &X, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_add_abs( &X, NULL, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_add_abs( &X, &X, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_sub_abs( NULL, &X, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_sub_abs( &X, NULL, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_sub_abs( &X, &X, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_add_mpi( NULL, &X, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_add_mpi( &X, NULL, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_add_mpi( &X, &X, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_sub_mpi( NULL, &X, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_sub_mpi( &X, NULL, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_sub_mpi( &X, &X, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_add_int( NULL, &X, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_add_int( &X, NULL, 42 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_sub_int( NULL, &X, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_sub_int( &X, NULL, 42 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mul_mpi( NULL, &X, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mul_mpi( &X, NULL, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mul_mpi( &X, &X, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mul_int( NULL, &X, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mul_int( &X, NULL, 42 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_div_mpi( &X, &X, NULL, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_div_mpi( &X, &X, &X, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_div_int( &X, &X, NULL, 42 ) ); - - TEST_INVALID_PARAM_RET( 0, mbedtls_mpi_lsb( NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_mpi( NULL, &X, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_mpi( &X, NULL, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_mpi( &X, &X, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_int( NULL, &X, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_mod_int( &mpi_uint, NULL, 42 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_exp_mod( NULL, &X, &X, &X, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_exp_mod( &X, NULL, &X, &X, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_exp_mod( &X, &X, NULL, &X, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_fill_random( NULL, 42, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_gcd( NULL, &X, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_gcd( &X, NULL, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_gcd( &X, &X, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_inv_mod( NULL, &X, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_inv_mod( &X, NULL, &X ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_inv_mod( &X, &X, NULL ) ); - -exit: - return; -} -/* END_CASE */ - /* BEGIN_CASE */ void mpi_null( ) { diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 9ebdc7e5f..5eb145dda 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -1,6 +1,3 @@ -PK invalid parameters -invalid_parameters: - PK valid parameters valid_parameters: diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index ddef83604..06e40d814 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -323,275 +323,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ -void invalid_parameters( ) -{ - size_t len; - unsigned char *null_buf = NULL; - unsigned char buf[1]; - unsigned char *p = buf; - char str[1] = {0}; - mbedtls_pk_context pk; - mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256; - void *options = buf; - - (void) null_buf; - (void) p; - (void) str; - - mbedtls_pk_init( &pk ); - - TEST_INVALID_PARAM( mbedtls_pk_init( NULL ) ); - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - TEST_INVALID_PARAM( mbedtls_pk_restart_init( NULL ) ); -#endif - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_setup( NULL, NULL ) ); - -#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_setup_rsa_alt( NULL, buf, - NULL, NULL, NULL ) ); -#endif - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_verify_restartable( NULL, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - buf, sizeof( buf ), - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_verify_restartable( &pk, - MBEDTLS_MD_NONE, - NULL, sizeof( buf ), - buf, sizeof( buf ), - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_verify_restartable( &pk, - valid_md, - NULL, 0, - buf, sizeof( buf ), - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_verify_restartable( &pk, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - NULL, sizeof( buf ), - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_verify( NULL, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_verify( &pk, - MBEDTLS_MD_NONE, - NULL, sizeof( buf ), - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_verify( &pk, - valid_md, - NULL, 0, - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_verify( &pk, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - NULL, sizeof( buf ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, - NULL, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, - &pk, - MBEDTLS_MD_NONE, - NULL, sizeof( buf ), - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, - &pk, - valid_md, - NULL, 0, - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_verify_ext( MBEDTLS_PK_NONE, options, - &pk, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - NULL, sizeof( buf ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign_restartable( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ), - buf, &len, mbedtls_test_rnd_std_rand, - NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ), - buf, &len, mbedtls_test_rnd_std_rand, - NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign_restartable( &pk, valid_md, NULL, 0, buf, &len, - mbedtls_test_rnd_std_rand, NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), - NULL, &len, mbedtls_test_rnd_std_rand, - NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ), - buf, &len, mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ), - buf, &len, mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign( &pk, valid_md, NULL, 0, buf, &len, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), NULL, &len, - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_decrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_decrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_encrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_encrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_check_pair( NULL, &pk ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_check_pair( &pk, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_debug( NULL, NULL ) ); - -#if defined(MBEDTLS_PK_PARSE_C) -#if defined(MBEDTLS_FS_IO) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_load_file( NULL, &p, &len ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_load_file( str, NULL, &len ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_load_file( str, &p, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_parse_keyfile( NULL, str, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_parse_keyfile( &pk, NULL, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_parse_public_keyfile( NULL, str ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_parse_public_keyfile( &pk, NULL ) ); -#endif - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_parse_subpubkey( NULL, buf, &pk ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_parse_subpubkey( &null_buf, buf, &pk ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_parse_subpubkey( &p, NULL, &pk ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_parse_subpubkey( &p, buf, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_parse_key( NULL, - buf, sizeof( buf ), - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_parse_key( &pk, - NULL, sizeof( buf ), - buf, sizeof( buf ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_parse_public_key( NULL, - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_parse_public_key( &pk, - NULL, sizeof( buf ) ) ); -#endif /* MBEDTLS_PK_PARSE_C */ - -#if defined(MBEDTLS_PK_WRITE_C) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_write_pubkey( NULL, p, &pk ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_write_pubkey( &null_buf, p, &pk ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_write_pubkey( &p, NULL, &pk ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_write_pubkey( &p, p, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_write_pubkey_der( NULL, - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_write_pubkey_der( &pk, - NULL, sizeof( buf ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_write_key_der( NULL, - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_write_key_der( &pk, - NULL, sizeof( buf ) ) ); - -#if defined(MBEDTLS_PEM_WRITE_C) - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_write_pubkey_pem( NULL, - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_write_pubkey_pem( &pk, - NULL, sizeof( buf ) ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_write_key_pem( NULL, - buf, sizeof( buf ) ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_write_key_pem( &pk, - NULL, sizeof( buf ) ) ); -#endif /* MBEDTLS_PEM_WRITE_C */ - -#endif /* MBEDTLS_PK_WRITE_C */ -} -/* END_CASE */ - /* BEGIN_CASE */ void pk_utils( int type, int parameter, int bitlen, int len, char * name ) { diff --git a/tests/suites/test_suite_poly1305.data b/tests/suites/test_suite_poly1305.data index 13912e997..eb9712c49 100644 --- a/tests/suites/test_suite_poly1305.data +++ b/tests/suites/test_suite_poly1305.data @@ -34,9 +34,6 @@ mbedtls_poly1305:"01000000000000000400000000000000000000000000000000000000000000 Poly1305 RFC 7539 Test Vector #11 mbedtls_poly1305:"0100000000000000040000000000000000000000000000000000000000000000":"13000000000000000000000000000000":"e33594d7505e43b900000000000000003394d7505e4379cd010000000000000000000000000000000000000000000000" -Poly1305 Parameter validation -poly1305_bad_params: - Poly1305 Selftest depends_on:MBEDTLS_SELF_TEST poly1305_selftest: diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index 4b8995b60..59e927734 100644 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -79,45 +79,6 @@ void mbedtls_poly1305( data_t *key, data_t *expected_mac, data_t *src_str ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ -void poly1305_bad_params() -{ - unsigned char src[1]; - unsigned char key[32]; - unsigned char mac[16]; - size_t src_len = sizeof( src ); - mbedtls_poly1305_context ctx; - - TEST_INVALID_PARAM( mbedtls_poly1305_init( NULL ) ); - TEST_VALID_PARAM( mbedtls_poly1305_free( NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_poly1305_starts( NULL, key ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_poly1305_starts( &ctx, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_poly1305_update( NULL, src, 0 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_poly1305_update( &ctx, NULL, src_len ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_poly1305_finish( NULL, mac ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_poly1305_finish( &ctx, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_poly1305_mac( NULL, src, 0, mac ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_poly1305_mac( key, NULL, src_len, mac ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, - mbedtls_poly1305_mac( key, src, 0, NULL ) ); - -exit: - return; -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void poly1305_selftest() { diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index cc5a04779..2512ef24c 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -1,6 +1,3 @@ -RSA parameter validation -rsa_invalid_param: - RSA init-free-free rsa_init_free:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index efea5c169..9cf2fcf34 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -17,352 +17,6 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ -void rsa_invalid_param( ) -{ - mbedtls_rsa_context ctx; - const int valid_padding = MBEDTLS_RSA_PKCS_V21; - const int invalid_padding = 42; - unsigned char buf[42] = { 0 }; - size_t olen; - - TEST_INVALID_PARAM( mbedtls_rsa_init( NULL, valid_padding, 0 ) ); - TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) ); - TEST_VALID_PARAM( mbedtls_rsa_free( NULL ) ); - - /* No more variants because only the first argument must be non-NULL. */ - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_import( NULL, NULL, NULL, - NULL, NULL, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_import_raw( NULL, - NULL, 0, - NULL, 0, - NULL, 0, - NULL, 0, - NULL, 0 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_complete( NULL ) ); - - /* No more variants because only the first argument must be non-NULL. */ - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_export( NULL, NULL, NULL, - NULL, NULL, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_export_raw( NULL, - NULL, 0, - NULL, 0, - NULL, 0, - NULL, 0, - NULL, 0 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_export_crt( NULL, NULL, NULL, NULL ) ); - - TEST_INVALID_PARAM( mbedtls_rsa_set_padding( NULL, - valid_padding, 0 ) ); - TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx, - invalid_padding, 0 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_gen_key( NULL, - mbedtls_test_rnd_std_rand, - NULL, 0, 0 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_gen_key( &ctx, NULL, - NULL, 0, 0 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_check_pubkey( NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_check_privkey( NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_check_pub_priv( NULL, &ctx ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_check_pub_priv( &ctx, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_public( NULL, buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_public( &ctx, NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_public( &ctx, buf, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_private( NULL, NULL, NULL, - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_private( &ctx, NULL, NULL, - NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_private( &ctx, NULL, NULL, - buf, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_encrypt( NULL, NULL, NULL, - sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - sizeof( buf ), NULL, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_encrypt( &ctx, NULL, NULL, - sizeof( buf ), buf, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_pkcs1_v15_encrypt( NULL, NULL, - NULL, sizeof( buf ), - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, - NULL, sizeof( buf ), - NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, NULL, - NULL, sizeof( buf ), - buf, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_oaep_encrypt( NULL, NULL, NULL, - buf, sizeof( buf ), - sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - NULL, sizeof( buf ), - sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - buf, sizeof( buf ), - sizeof( buf ), NULL, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_oaep_encrypt( &ctx, NULL, NULL, - buf, sizeof( buf ), - sizeof( buf ), buf, - NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_decrypt( NULL, NULL, NULL, - &olen, - buf, buf, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, - NULL, - buf, buf, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, - &olen, - NULL, buf, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_decrypt( &ctx, NULL, NULL, - &olen, - buf, NULL, 42 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt( NULL, NULL, - NULL, &olen, - buf, buf, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, - NULL, NULL, - buf, buf, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, - NULL, &olen, - NULL, buf, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, - NULL, &olen, - buf, NULL, 42 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_oaep_decrypt( NULL, NULL, NULL, - buf, sizeof( buf ), - &olen, - buf, buf, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, - NULL, sizeof( buf ), - NULL, - buf, buf, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, - buf, sizeof( buf ), - &olen, - NULL, buf, 42 ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsaes_oaep_decrypt( &ctx, NULL, NULL, - buf, sizeof( buf ), - &olen, - buf, NULL, 42 ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_sign( NULL, NULL, NULL, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - 0, sizeof( buf ), NULL, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - 0, sizeof( buf ), buf, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_sign( &ctx, NULL, NULL, - MBEDTLS_MD_SHA1, - 0, NULL, - buf ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_sign( NULL, NULL, NULL, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - 0, sizeof( buf ), NULL, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - 0, sizeof( buf ), buf, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_sign( &ctx, NULL, NULL, - MBEDTLS_MD_SHA1, - 0, NULL, - buf ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_sign( NULL, NULL, NULL, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - 0, sizeof( buf ), NULL, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - 0, sizeof( buf ), buf, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_sign( &ctx, NULL, NULL, - MBEDTLS_MD_SHA1, - 0, NULL, - buf ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_sign_ext( NULL, NULL, NULL, - 0, sizeof( buf ), buf, - MBEDTLS_RSA_SALT_LEN_ANY, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL, - 0, sizeof( buf ), NULL, - MBEDTLS_RSA_SALT_LEN_ANY, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL, - 0, sizeof( buf ), buf, - MBEDTLS_RSA_SALT_LEN_ANY, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_sign_ext( &ctx, NULL, NULL, - MBEDTLS_MD_SHA1, - 0, NULL, - MBEDTLS_RSA_SALT_LEN_ANY, - buf ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( NULL, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, - 0, sizeof( buf ), NULL, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, - 0, sizeof( buf ), buf, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_pkcs1_verify( &ctx, - MBEDTLS_MD_SHA1, 0, NULL, - buf ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( NULL, - 0, sizeof( buf ), buf, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, - 0, sizeof( buf ), - NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, - 0, sizeof( buf ), buf, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pkcs1_v15_verify( &ctx, - MBEDTLS_MD_SHA1, - 0, NULL, - buf ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( NULL, - 0, sizeof( buf ), - buf, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, - 0, sizeof( buf ), - NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, - 0, sizeof( buf ), - buf, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify( &ctx, - MBEDTLS_MD_SHA1, - 0, NULL, - buf ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( NULL, - 0, sizeof( buf ), - buf, - 0, 0, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, - 0, sizeof( buf ), - NULL, 0, 0, - buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, - 0, sizeof( buf ), - buf, 0, 0, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_rsassa_pss_verify_ext( &ctx, - MBEDTLS_MD_SHA1, - 0, NULL, - 0, 0, - buf ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_copy( NULL, &ctx ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_copy( &ctx, NULL ) ); - -exit: - return; -} -/* END_CASE */ - /* BEGIN_CASE */ void rsa_init_free( int reinit ) { From cc7074128a437cbca66dcc0f710c764d0021d0cd Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 14 May 2021 15:08:04 +0200 Subject: [PATCH 047/236] Remove MBEDTLS_CHECK_PARAMS option Signed-off-by: TRodziewicz --- include/mbedtls/check_config.h | 4 ++ include/mbedtls/config.h | 102 --------------------------- include/mbedtls/platform_util.h | 68 ------------------ library/psa_crypto.c | 3 - library/psa_crypto_slot_management.c | 11 --- scripts/generate_query_config.pl | 1 - 6 files changed, 4 insertions(+), 185 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index ae23602a0..5a39cb3a7 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -836,6 +836,10 @@ #error "MBEDTLS_SSL_PROTO_TLS1_1 (TLS v1.1 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4286" #endif +#if defined(MBEDTLS_CHECK_PARAMS) //no-check-names +#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4313" +#endif + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 10140915e..466927349 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -255,72 +255,6 @@ */ //#define MBEDTLS_DEPRECATED_REMOVED -/** - * \def MBEDTLS_CHECK_PARAMS - * - * This configuration option controls whether the library validates more of - * the parameters passed to it. - * - * When this flag is not defined, the library only attempts to validate an - * input parameter if: (1) they may come from the outside world (such as the - * network, the filesystem, etc.) or (2) not validating them could result in - * internal memory errors such as overflowing a buffer controlled by the - * library. On the other hand, it doesn't attempt to validate parameters whose - * values are fully controlled by the application (such as pointers). - * - * When this flag is defined, the library additionally attempts to validate - * parameters that are fully controlled by the application, and should always - * be valid if the application code is fully correct and trusted. - * - * For example, when a function accepts as input a pointer to a buffer that may - * contain untrusted data, and its documentation mentions that this pointer - * must not be NULL: - * - The pointer is checked to be non-NULL only if this option is enabled. - * - The content of the buffer is always validated. - * - * When this flag is defined, if a library function receives a parameter that - * is invalid: - * 1. The function will invoke the macro MBEDTLS_PARAM_FAILED(). - * 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function - * will immediately return. If the function returns an Mbed TLS error code, - * the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA. - * - * When defining this flag, you also need to arrange a definition for - * MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods: - * - By default, the library defines MBEDTLS_PARAM_FAILED() to call a - * function mbedtls_param_failed(), but the library does not define this - * function. If you do not make any other arrangements, you must provide - * the function mbedtls_param_failed() in your application. - * See `platform_util.h` for its prototype. - * - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the - * library defines MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`. - * You can still supply an alternative definition of - * MBEDTLS_PARAM_FAILED(), which may call `assert`. - * - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h` - * or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`, - * the library will call the macro that you defined and will not supply - * its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`, - * you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source - * files include ``. - * - * Uncomment to enable validation of application-controlled parameters. - */ -//#define MBEDTLS_CHECK_PARAMS - -/** - * \def MBEDTLS_CHECK_PARAMS_ASSERT - * - * Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to - * `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined. - * - * If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to - * calling a function mbedtls_param_failed(). See the documentation of - * #MBEDTLS_CHECK_PARAMS for details. - * - * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`. - */ -//#define MBEDTLS_CHECK_PARAMS_ASSERT - /* \} name SECTION: System support */ /** @@ -3385,42 +3319,6 @@ //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */ //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */ -/** - * \brief This macro is invoked by the library when an invalid parameter - * is detected that is only checked with #MBEDTLS_CHECK_PARAMS - * (see the documentation of that option for context). - * - * When you leave this undefined here, the library provides - * a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT - * is defined, the default definition is `assert(cond)`, - * otherwise the default definition calls a function - * mbedtls_param_failed(). This function is declared in - * `platform_util.h` for the benefit of the library, but - * you need to define in your application. - * - * When you define this here, this replaces the default - * definition in platform_util.h (which no longer declares the - * function mbedtls_param_failed()) and it is your responsibility - * to make sure this macro expands to something suitable (in - * particular, that all the necessary declarations are visible - * from within the library - you can ensure that by providing - * them in this file next to the macro definition). - * If you define this macro to call `assert`, also define - * #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files - * include ``. - * - * Note that you may define this macro to expand to nothing, in - * which case you don't have to worry about declarations or - * definitions. However, you will then be notified about invalid - * parameters only in non-void functions, and void function will - * just silently return early on invalid parameters, which - * partially negates the benefits of enabling - * #MBEDTLS_CHECK_PARAMS in the first place, so is discouraged. - * - * \param cond The expression that should evaluate to true, but doesn't. - */ -//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) - /* PSA options */ /** * Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index fbc2a0d1c..6d9cfecfa 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -39,78 +39,10 @@ extern "C" { #endif -#if defined(MBEDTLS_CHECK_PARAMS) - -#if defined(MBEDTLS_CHECK_PARAMS_ASSERT) -/* Allow the user to define MBEDTLS_PARAM_FAILED to something like assert - * (which is what our config.h suggests). */ -#include -#endif /* MBEDTLS_CHECK_PARAMS_ASSERT */ - -#if defined(MBEDTLS_PARAM_FAILED) -/** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h. - * - * This flag can be used to check whether it is safe to assume that - * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed(). - */ -#define MBEDTLS_PARAM_FAILED_ALT - -#elif defined(MBEDTLS_CHECK_PARAMS_ASSERT) -#define MBEDTLS_PARAM_FAILED( cond ) assert( cond ) -#define MBEDTLS_PARAM_FAILED_ALT - -#else /* MBEDTLS_PARAM_FAILED */ -#define MBEDTLS_PARAM_FAILED( cond ) \ - mbedtls_param_failed( #cond, __FILE__, __LINE__ ) - -/** - * \brief User supplied callback function for parameter validation failure. - * See #MBEDTLS_CHECK_PARAMS for context. - * - * This function will be called unless an alternative treatement - * is defined through the #MBEDTLS_PARAM_FAILED macro. - * - * This function can return, and the operation will be aborted, or - * alternatively, through use of setjmp()/longjmp() can resume - * execution in the application code. - * - * \param failure_condition The assertion that didn't hold. - * \param file The file where the assertion failed. - * \param line The line in the file where the assertion failed. - */ -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ); -#endif /* MBEDTLS_PARAM_FAILED */ - -/* Internal macro meant to be called only from within the library. */ -#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) \ - do { \ - if( !(cond) ) \ - { \ - MBEDTLS_PARAM_FAILED( cond ); \ - return( ret ); \ - } \ - } while( 0 ) - -/* Internal macro meant to be called only from within the library. */ -#define MBEDTLS_INTERNAL_VALIDATE( cond ) \ - do { \ - if( !(cond) ) \ - { \ - MBEDTLS_PARAM_FAILED( cond ); \ - return; \ - } \ - } while( 0 ) - -#else /* MBEDTLS_CHECK_PARAMS */ - /* Internal macros meant to be called only from within the library. */ #define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret ) do { } while( 0 ) #define MBEDTLS_INTERNAL_VALIDATE( cond ) do { } while( 0 ) -#endif /* MBEDTLS_CHECK_PARAMS */ - /* Internal helper macros for deprecating API constants. */ #if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_DEPRECATED_WARNING) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3fe2a883b..552750ce3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1028,9 +1028,6 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) */ if( slot->lock_count != 1 ) { -#ifdef MBEDTLS_CHECK_PARAMS - MBEDTLS_PARAM_FAILED( slot->lock_count == 1 ); -#endif status = PSA_ERROR_CORRUPTION_DETECTED; } diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 0b1a3c166..4cf32db2b 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -409,17 +409,6 @@ psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot ) return( PSA_SUCCESS ); } - /* - * As the return error code may not be handled in case of multiple errors, - * do our best to report if the lock counter is equal to zero: if - * available call MBEDTLS_PARAM_FAILED that may terminate execution (if - * called as part of the execution of a unit test suite this will stop the - * test suite execution). - */ -#ifdef MBEDTLS_CHECK_PARAMS - MBEDTLS_PARAM_FAILED( slot->lock_count > 0 ); -#endif - return( PSA_ERROR_CORRUPTION_DETECTED ); } diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 8c8c1880e..727604982 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -50,7 +50,6 @@ unless( -f $config_file && -f $query_config_format_file ) { # throw errors. my @excluded = qw( MBEDTLS_SSL_CIPHERSUITES -MBEDTLS_PARAM_FAILED ); my $excluded_re = join '|', @excluded; From caf2ae04b885551ddc83e0ec4905fc012694b9fc Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Tue, 18 May 2021 12:49:59 +0200 Subject: [PATCH 048/236] ChangeLog and migration guide added. Signed-off-by: TRodziewicz --- ChangeLog.d/issue4313.txt | 25 ++++++++++ .../remove_mbedtls_check_params_option.md | 49 +++++++++++++++++++ 2 files changed, 74 insertions(+) create mode 100644 ChangeLog.d/issue4313.txt create mode 100644 docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md diff --git a/ChangeLog.d/issue4313.txt b/ChangeLog.d/issue4313.txt new file mode 100644 index 000000000..026a190bd --- /dev/null +++ b/ChangeLog.d/issue4313.txt @@ -0,0 +1,25 @@ +Removals + * Remove the following macros: MBEDTLS_CHECK_PARAMS, + MBEDTLS_CHECK_PARAMS_ASSERT, MBEDTLS_PARAM_FAILED, + MBEDTLS_PARAM_FAILED_ALT, TEST_INVALID_PARAM, TEST_INVALID_PARAM_RET, + the following macros have been inactivated MBEDTLS_INTERNAL_VALIDATE_RET + and MBEDTLS_INTERNAL_VALIDATE, structures: param_failed_ctx_t, + mbedtls_test_param_failed_location_record_t, functions: + mbedtls_test_param_failed_get_location_record(), + mbedtls_test_param_failed_expect_call(), + mbedtls_test_param_failed_check_expected_call(), + mbedtls_test_param_failed_get_state_buf(), + mbedtls_test_param_failed_reset_state(), + mbedtls_param_failed(). Remove the following functions from all.sh: + component_test_check_params_functionality(), + component_test_check_params_without_platform(), + component_test_check_params_silent(). + Remove the following test functions from test_suite_*.function files: + aes_check_params(), aria_invalid_param(), blowfish_invalid_param(), + camellia_invalid_param(), ccm_invalid_param(), chacha20_bad_params(), + chachapoly_bad_params(), cipher_invalid_param_conditional(), + dhm_invalid_params(), ecdh_invalid_param(), ecdsa_invalid_param(), + ecjpake_invalid_param(), ecp_invalid_param(), gcm_invalid_param(), + mpi_invalid_param(), invalid_parameters() (pk), poly1305_bad_params(), + rsa_invalid_param(), sha1_invalid_param(), sha256_invalid_param(), + sha512_invalid_param(). Fixes #4313. diff --git a/docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md b/docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md new file mode 100644 index 000000000..146b1c759 --- /dev/null +++ b/docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md @@ -0,0 +1,49 @@ +Remove MBEDTLS_CHECK_PARAMS option +---------------------------------- + +This change affects the way of how parameters are validated. + +The option `MBEDTLS_CHECK_PARAMS` (disabled by default) enables certain kinds of +“parameter validation”. It covers two kinds of validations: + +- In some functions that require a valid pointer, “parameter validation” checks +that the pointer is non-null. With the feature disabled, a null pointer is not +treated differently from any other invalid pointer, and typically leads to a +runtime crash. 90% of the uses of the feature are of this kind. +- In some functions that take an enum-like argument, “parameter validation” +checks that the value is a valid one. With the feature disabled, an invalid +value causes a silent default to one of the valid values. + +The default reaction to a failed check is to call a function mbedtls_param_failed +which the application must provide. If this function returns, its caller returns +an error `MBEDTLS_ERR_xxx_BAD_INPUT_DATA`. + +This feature is only used in some classic (non-PSA) cryptography modules. It is +not used in X.509, TLS or in PSA crypto, and it has not been implemented in all +classic crypto modules. + +Removal of `MBEDTLS_CHECK_PARAMS` and all dependent features means changing +code that does something like this: +``` +#if MBEDTLS_CHECK_PARAMS +#define VALIDATE(cond) do {if(cond) return BAD_INPUT_DATA;} while (0) +#else +#define VALIDATE(cond) do {} while (0) +#endif +... +VALIDATE(coin == HEADS || coin == TAILS); +VALIDATE(data != NULL); +if (coin == HEADS) heads(); +else tails(); +``` +to something like this: +``` +if (coin == HEADS) heads(); +else if (coin == TAILS) tails(); +else return BAD_INPUT_DATA; +``` + +Validation of enum-like values is somewhat useful, but not extremely important, +because the parameters concerned are usually constants in applications. + +For more information see issue #4313. From 062f353804db3faa67f49cc0f5b8bf10beba3a06 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Tue, 25 May 2021 15:15:57 +0200 Subject: [PATCH 049/236] Changes after code review Signed-off-by: TRodziewicz --- ChangeLog.d/issue4313.txt | 23 +--- .../remove_mbedtls_check_params_option.md | 40 ++----- library/psa_crypto.c | 5 +- tests/include/test/macros.h | 8 -- tests/suites/test_suite_aes.function | 5 +- tests/suites/test_suite_aria.function | 2 +- tests/suites/test_suite_blowfish.function | 2 +- tests/suites/test_suite_camellia.function | 2 +- tests/suites/test_suite_cipher.function | 2 +- tests/suites/test_suite_ecdh.function | 2 +- tests/suites/test_suite_ecjpake.function | 2 +- tests/suites/test_suite_ecp.function | 2 +- tests/suites/test_suite_gcm.function | 2 +- tests/suites/test_suite_shax.data | 3 - tests/suites/test_suite_shax.function | 108 +----------------- 15 files changed, 29 insertions(+), 179 deletions(-) diff --git a/ChangeLog.d/issue4313.txt b/ChangeLog.d/issue4313.txt index 026a190bd..1fb61234b 100644 --- a/ChangeLog.d/issue4313.txt +++ b/ChangeLog.d/issue4313.txt @@ -1,25 +1,4 @@ Removals * Remove the following macros: MBEDTLS_CHECK_PARAMS, MBEDTLS_CHECK_PARAMS_ASSERT, MBEDTLS_PARAM_FAILED, - MBEDTLS_PARAM_FAILED_ALT, TEST_INVALID_PARAM, TEST_INVALID_PARAM_RET, - the following macros have been inactivated MBEDTLS_INTERNAL_VALIDATE_RET - and MBEDTLS_INTERNAL_VALIDATE, structures: param_failed_ctx_t, - mbedtls_test_param_failed_location_record_t, functions: - mbedtls_test_param_failed_get_location_record(), - mbedtls_test_param_failed_expect_call(), - mbedtls_test_param_failed_check_expected_call(), - mbedtls_test_param_failed_get_state_buf(), - mbedtls_test_param_failed_reset_state(), - mbedtls_param_failed(). Remove the following functions from all.sh: - component_test_check_params_functionality(), - component_test_check_params_without_platform(), - component_test_check_params_silent(). - Remove the following test functions from test_suite_*.function files: - aes_check_params(), aria_invalid_param(), blowfish_invalid_param(), - camellia_invalid_param(), ccm_invalid_param(), chacha20_bad_params(), - chachapoly_bad_params(), cipher_invalid_param_conditional(), - dhm_invalid_params(), ecdh_invalid_param(), ecdsa_invalid_param(), - ecjpake_invalid_param(), ecp_invalid_param(), gcm_invalid_param(), - mpi_invalid_param(), invalid_parameters() (pk), poly1305_bad_params(), - rsa_invalid_param(), sha1_invalid_param(), sha256_invalid_param(), - sha512_invalid_param(). Fixes #4313. + MBEDTLS_PARAM_FAILED_ALT. Fixes #4313. diff --git a/docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md b/docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md index 146b1c759..6f43aa37a 100644 --- a/docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md +++ b/docs/3.0-migration-guide.d/remove_mbedtls_check_params_option.md @@ -1,10 +1,11 @@ Remove MBEDTLS_CHECK_PARAMS option ---------------------------------- -This change affects the way of how parameters are validated. +This change does not affect users who use the default configuration; it only +affects users who enabled that option. -The option `MBEDTLS_CHECK_PARAMS` (disabled by default) enables certain kinds of -“parameter validation”. It covers two kinds of validations: +The option `MBEDTLS_CHECK_PARAMS` (disabled by default) enabled certain kinds +of “parameter validation”. It covered two kinds of validations: - In some functions that require a valid pointer, “parameter validation” checks that the pointer is non-null. With the feature disabled, a null pointer is not @@ -14,34 +15,17 @@ runtime crash. 90% of the uses of the feature are of this kind. checks that the value is a valid one. With the feature disabled, an invalid value causes a silent default to one of the valid values. -The default reaction to a failed check is to call a function mbedtls_param_failed -which the application must provide. If this function returns, its caller returns -an error `MBEDTLS_ERR_xxx_BAD_INPUT_DATA`. +The default reaction to a failed check was to call a function +`mbedtls_param_failed()` which the application had to provide. If this function +returned, its caller returned an error `MBEDTLS_ERR_xxx_BAD_INPUT_DATA`. -This feature is only used in some classic (non-PSA) cryptography modules. It is -not used in X.509, TLS or in PSA crypto, and it has not been implemented in all +This feature was only used in some classic (non-PSA) cryptography modules. It was +not used in X.509, TLS or in PSA crypto, and it was not implemented in all classic crypto modules. -Removal of `MBEDTLS_CHECK_PARAMS` and all dependent features means changing -code that does something like this: -``` -#if MBEDTLS_CHECK_PARAMS -#define VALIDATE(cond) do {if(cond) return BAD_INPUT_DATA;} while (0) -#else -#define VALIDATE(cond) do {} while (0) -#endif -... -VALIDATE(coin == HEADS || coin == TAILS); -VALIDATE(data != NULL); -if (coin == HEADS) heads(); -else tails(); -``` -to something like this: -``` -if (coin == HEADS) heads(); -else if (coin == TAILS) tails(); -else return BAD_INPUT_DATA; -``` +This feature has been removed. The library no longer checks for NULL pointers; +checks for enum-like arguments will be kept or re-introduced on a case-by-case +basis, but their presence will no longer be dependent on a compile-time option. Validation of enum-like values is somewhat useful, but not extremely important, because the parameters concerned are usually constants in applications. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 552750ce3..c3dc6e754 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1021,10 +1021,7 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) /* * As the return error code may not be handled in case of multiple errors, - * do our best to report an unexpected lock counter: if available - * call MBEDTLS_PARAM_FAILED that may terminate execution (if called as - * part of the execution of a test suite this will stop the test suite - * execution). + * do our best to report an unexpected lock counter. */ if( slot->lock_count != 1 ) { diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index cad39aaca..1c0e2bdd6 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -177,14 +177,6 @@ } \ } while( 0 ) -#if defined(MBEDTLS_CHECK_PARAMS) && !defined(MBEDTLS_PARAM_FAILED_ALT) -#define TEST_INVALID_PARAM_RET( PARAM_ERR_VALUE, TEST ) \ - do { if( ( TEST ) != ( PARAM_ERR_VALUE ) ) goto exit; } while( 0 ) - -#define TEST_INVALID_PARAM( TEST ) \ - do { TEST; } while( 0 ) -#endif /* MBEDTLS_CHECK_PARAMS && !MBEDTLS_PARAM_FAILED_ALT */ - /** * \brief This macro tests the statement passed to it as a test step or * individual test in a test case. The macro assumes the test will not fail. diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index a74039103..fe4dd3e82 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -206,9 +206,6 @@ void aes_crypt_xts_size( int size, int retval ) mbedtls_aes_xts_init( &ctx ); memset( data_unit, 0x00, sizeof( data_unit ) ); - - /* Valid pointers are passed for builds with MBEDTLS_CHECK_PARAMS, as - * otherwise we wouldn't get to the size check we're interested in. */ TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, length, data_unit, src, output ) == retval ); } /* END_CASE */ @@ -359,7 +356,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +/* BEGIN_CASE depends_on:NOT_DEFINED */ void aes_invalid_mode( ) { mbedtls_aes_context aes_ctx; diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index b24e4984e..514706455 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -23,7 +23,7 @@ void aria_valid_param( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +/* BEGIN_CASE depends_on:NOT_DEFINED */ void aria_invalid_param( ) { mbedtls_aria_context ctx; diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index 5681a9e94..fdecfb6f9 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -14,7 +14,7 @@ void blowfish_valid_param( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +/* BEGIN_CASE depends_on:NOT_DEFINED */ void blowfish_invalid_param( ) { mbedtls_blowfish_context ctx; diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index fb0a34917..0633b73d1 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -14,7 +14,7 @@ void camellia_valid_param( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +/* BEGIN_CASE depends_on:NOT_DEFINED */ void camellia_invalid_param( ) { mbedtls_camellia_context ctx; diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index ea5fa2e5e..f1095b1f0 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -207,7 +207,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +/* BEGIN_CASE depends_on:NOT_DEFINED */ void cipher_invalid_param_conditional( ) { mbedtls_cipher_context_t valid_ctx; diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 5fced62d4..5fa5b6781 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -50,7 +50,7 @@ void ecdh_valid_param( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +/* BEGIN_CASE depends_on:NOT_DEFINED */ void ecdh_invalid_param( ) { mbedtls_ecdh_context ctx; diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function index 2a6d8935e..311733b0d 100644 --- a/tests/suites/test_suite_ecjpake.function +++ b/tests/suites/test_suite_ecjpake.function @@ -98,7 +98,7 @@ cleanup: * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +/* BEGIN_CASE depends_on:NOT_DEFINED */ void ecjpake_invalid_param( ) { mbedtls_ecjpake_context ctx; diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 9b8ba8201..81a6514cb 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -38,7 +38,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +/* BEGIN_CASE depends_on:NOT_DEFINED */ void ecp_invalid_param( ) { mbedtls_ecp_group grp; diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 35691f725..ae306b5e3 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -181,7 +181,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +/* BEGIN_CASE depends_on:NOT_DEFINED */ void gcm_invalid_param( ) { mbedtls_gcm_context ctx; diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index 12eec84ef..1cc58af41 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -1,9 +1,6 @@ SHA-1 - Valid parameters sha1_valid_param: -SHA-1 - Invalid parameters -sha1_invalid_param: - # Test the operation of SHA-1 and SHA-2 SHA-1 Test Vector NIST CAVS #1 depends_on:MBEDTLS_SHA1_C diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 1d4cf7192..a8f5b1848 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -11,46 +11,6 @@ void sha1_valid_param( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ -void sha1_invalid_param( ) -{ - mbedtls_sha1_context ctx; - unsigned char buf[64] = { 0 }; - size_t const buflen = sizeof( buf ); - - TEST_INVALID_PARAM( mbedtls_sha1_init( NULL ) ); - - TEST_INVALID_PARAM( mbedtls_sha1_clone( NULL, &ctx ) ); - TEST_INVALID_PARAM( mbedtls_sha1_clone( &ctx, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, - mbedtls_sha1_starts_ret( NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, - mbedtls_sha1_update_ret( NULL, buf, buflen ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, - mbedtls_sha1_update_ret( &ctx, NULL, buflen ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, - mbedtls_sha1_finish_ret( NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, - mbedtls_sha1_finish_ret( &ctx, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, - mbedtls_internal_sha1_process( NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, - mbedtls_internal_sha1_process( &ctx, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, - mbedtls_sha1_ret( NULL, buflen, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA1_BAD_INPUT_DATA, - mbedtls_sha1_ret( buf, buflen, NULL ) ); - -exit: - return; -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */ void mbedtls_sha1( data_t * src_str, data_t * hash ) { @@ -72,7 +32,7 @@ void sha256_valid_param( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:NOT_DEFINED */ void sha256_invalid_param( ) { mbedtls_sha256_context ctx; @@ -81,38 +41,10 @@ void sha256_invalid_param( ) int valid_type = 0; int invalid_type = 42; - TEST_INVALID_PARAM( mbedtls_sha256_init( NULL ) ); - - TEST_INVALID_PARAM( mbedtls_sha256_clone( NULL, &ctx ) ); - TEST_INVALID_PARAM( mbedtls_sha256_clone( &ctx, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, - mbedtls_sha256_starts_ret( NULL, valid_type ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, mbedtls_sha256_starts_ret( &ctx, invalid_type ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, - mbedtls_sha256_update_ret( NULL, buf, buflen ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, - mbedtls_sha256_update_ret( &ctx, NULL, buflen ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, - mbedtls_sha256_finish_ret( NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, - mbedtls_sha256_finish_ret( &ctx, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, - mbedtls_internal_sha256_process( NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, - mbedtls_internal_sha256_process( &ctx, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, - mbedtls_sha256_ret( NULL, buflen, - buf, valid_type ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, - mbedtls_sha256_ret( buf, buflen, - NULL, valid_type ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, mbedtls_sha256_ret( buf, buflen, buf, invalid_type ) ); @@ -156,7 +88,7 @@ void sha512_valid_param( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ +/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:NOT_DEFINED */ void sha512_invalid_param( ) { mbedtls_sha512_context ctx; @@ -165,38 +97,10 @@ void sha512_invalid_param( ) int valid_type = 0; int invalid_type = 42; - TEST_INVALID_PARAM( mbedtls_sha512_init( NULL ) ); - - TEST_INVALID_PARAM( mbedtls_sha512_clone( NULL, &ctx ) ); - TEST_INVALID_PARAM( mbedtls_sha512_clone( &ctx, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, - mbedtls_sha512_starts_ret( NULL, valid_type ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, mbedtls_sha512_starts_ret( &ctx, invalid_type ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, - mbedtls_sha512_update_ret( NULL, buf, buflen ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, - mbedtls_sha512_update_ret( &ctx, NULL, buflen ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, - mbedtls_sha512_finish_ret( NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, - mbedtls_sha512_finish_ret( &ctx, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, - mbedtls_internal_sha512_process( NULL, buf ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, - mbedtls_internal_sha512_process( &ctx, NULL ) ); - - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, - mbedtls_sha512_ret( NULL, buflen, - buf, valid_type ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, - mbedtls_sha512_ret( buf, buflen, - NULL, valid_type ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, + TEST_EQUAL( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, mbedtls_sha512_ret( buf, buflen, buf, invalid_type ) ); From 7019955c767c8d6305a9fbbb26278e1627e7b747 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Thu, 27 May 2021 13:52:59 +0200 Subject: [PATCH 050/236] Removal of the TEST_VALID_PARAM macro and its usages Signed-off-by: TRodziewicz --- tests/include/test/macros.h | 23 ----------------------- tests/suites/test_suite_aes.function | 6 ------ tests/suites/test_suite_aria.data | 3 --- tests/suites/test_suite_aria.function | 7 ------- tests/suites/test_suite_blowfish.data | 3 --- tests/suites/test_suite_blowfish.function | 7 ------- tests/suites/test_suite_camellia.data | 3 --- tests/suites/test_suite_camellia.function | 7 ------- tests/suites/test_suite_ccm.data | 3 --- tests/suites/test_suite_ccm.function | 9 --------- tests/suites/test_suite_cipher.function | 8 +------- tests/suites/test_suite_ecdh.data | 3 --- tests/suites/test_suite_ecdh.function | 7 ------- tests/suites/test_suite_ecp.data | 3 --- tests/suites/test_suite_ecp.function | 16 ---------------- tests/suites/test_suite_gcm.function | 9 --------- tests/suites/test_suite_gcm.misc.data | 3 --- tests/suites/test_suite_mpi.data | 3 --- tests/suites/test_suite_mpi.function | 7 ------- tests/suites/test_suite_pk.function | 6 ------ tests/suites/test_suite_shax.data | 9 --------- tests/suites/test_suite_shax.function | 21 --------------------- 22 files changed, 1 insertion(+), 165 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 1c0e2bdd6..a8a01ce47 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -177,29 +177,6 @@ } \ } while( 0 ) -/** - * \brief This macro tests the statement passed to it as a test step or - * individual test in a test case. The macro assumes the test will not fail. - * - * It assumes the library function under test cannot return a value and - * assumes errors can only be indicated by calls to - * MBEDTLS_PARAM_FAILED(). - * - * This macro is intended to test that functions returning void - * accept all of the parameter values they're supposed to accept - eg - * that they don't call MBEDTLS_PARAM_FAILED() when a parameter - * that's allowed to be NULL happens to be NULL. - * - * Note: for functions that return something other that void, - * checking that they accept all the parameters they're supposed to - * accept is best done by using TEST_ASSERT() and checking the return - * value as well. - * - * \param TEST The test expression to be tested. - */ -#define TEST_VALID_PARAM( TEST ) \ - TEST_ASSERT( ( TEST, 1 ) ); - /** Allocate memory dynamically and fail the test case if this fails. * * You must set \p pointer to \c NULL before calling this macro and diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index fe4dd3e82..3e07c9cf9 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -413,12 +413,6 @@ void aes_misc_params( ) size_t size; #endif - /* These calls accept NULL */ - TEST_VALID_PARAM( mbedtls_aes_free( NULL ) ); -#if defined(MBEDTLS_CIPHER_MODE_XTS) - TEST_VALID_PARAM( mbedtls_aes_xts_free( NULL ) ); -#endif - #if defined(MBEDTLS_CIPHER_MODE_CBC) TEST_ASSERT( mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_ENCRYPT, 15, diff --git a/tests/suites/test_suite_aria.data b/tests/suites/test_suite_aria.data index 8848978e2..94b6e7e22 100644 --- a/tests/suites/test_suite_aria.data +++ b/tests/suites/test_suite_aria.data @@ -1,6 +1,3 @@ -ARIA - Valid parameters -aria_valid_param: - ARIA - Invalid parameters aria_invalid_param: diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 514706455..6432df081 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -16,13 +16,6 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE */ -void aria_valid_param( ) -{ - TEST_VALID_PARAM( mbedtls_aria_free( NULL ) ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:NOT_DEFINED */ void aria_invalid_param( ) { diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data index c9639f6e7..0ebb64234 100644 --- a/tests/suites/test_suite_blowfish.data +++ b/tests/suites/test_suite_blowfish.data @@ -1,6 +1,3 @@ -BLOWFISH - Valid parameters -blowfish_valid_param: - BLOWFISH - Invalid parameters blowfish_invalid_param: diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index fdecfb6f9..1fa59ee6e 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -7,13 +7,6 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE */ -void blowfish_valid_param( ) -{ - TEST_VALID_PARAM( mbedtls_blowfish_free( NULL ) ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:NOT_DEFINED */ void blowfish_invalid_param( ) { diff --git a/tests/suites/test_suite_camellia.data b/tests/suites/test_suite_camellia.data index 3d11b8cb0..3f73abcea 100644 --- a/tests/suites/test_suite_camellia.data +++ b/tests/suites/test_suite_camellia.data @@ -1,6 +1,3 @@ -Camellia - Valid parameters -camellia_valid_param: - Camellia - Invalid parameters camellia_invalid_param: diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 0633b73d1..cc18d5b38 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -7,13 +7,6 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE */ -void camellia_valid_param( ) -{ - TEST_VALID_PARAM( mbedtls_camellia_free( NULL ) ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:NOT_DEFINED */ void camellia_invalid_param( ) { diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index 63af5aa04..459683bd2 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -1,9 +1,6 @@ CCM self test mbedtls_ccm_self_test: -CCM - Valid parameters -ccm_valid_param: - CCM init #1 AES-128: OK depends_on:MBEDTLS_AES_C mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:128:0 diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 1b00560ec..840583c5c 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -291,12 +291,3 @@ exit: mbedtls_ccm_free( &ctx ); } /* END_CASE */ - -/* BEGIN_CASE */ -void ccm_valid_param( ) -{ - TEST_VALID_PARAM( mbedtls_ccm_free( NULL ) ); -exit: - return; -} -/* END_CASE */ diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index f1095b1f0..2ef8f5f63 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -222,12 +222,6 @@ void cipher_invalid_param_conditional( ) (void)valid_mode; /* In some configurations this is unused */ - /* mbedtls_cipher_init() */ - TEST_VALID_PARAM( mbedtls_cipher_init( &valid_ctx ) ); - - /* mbedtls_cipher_setup() */ - TEST_VALID_PARAM( mbedtls_cipher_setup( &valid_ctx, valid_info ) ); - TEST_EQUAL( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_setkey( &valid_ctx, @@ -236,7 +230,7 @@ void cipher_invalid_param_conditional( ) invalid_operation ) ); exit: - TEST_VALID_PARAM( mbedtls_cipher_free( &valid_ctx ) ); + ; } /* END_CASE */ diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data index fb4a232fc..3711e5531 100644 --- a/tests/suites/test_suite_ecdh.data +++ b/tests/suites/test_suite_ecdh.data @@ -1,6 +1,3 @@ -ECDH - Valid parameters -ecdh_valid_param: - ECDH - Invalid parameters ecdh_invalid_param: diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 5fa5b6781..63dc22175 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -43,13 +43,6 @@ exit: * END_DEPENDENCIES */ -/* BEGIN_CASE */ -void ecdh_valid_param( ) -{ - TEST_VALID_PARAM( mbedtls_ecdh_free( NULL ) ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:NOT_DEFINED */ void ecdh_invalid_param( ) { diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 106791cb8..88d801fb6 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1,6 +1,3 @@ -ECP valid params -ecp_valid_param: - ECP invalid params ecp_invalid_param: diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 81a6514cb..50792b710 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -22,22 +22,6 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE */ -void ecp_valid_param( ) -{ - TEST_VALID_PARAM( mbedtls_ecp_group_free( NULL ) ); - TEST_VALID_PARAM( mbedtls_ecp_keypair_free( NULL ) ); - TEST_VALID_PARAM( mbedtls_ecp_point_free( NULL ) ); - -#if defined(MBEDTLS_ECP_RESTARTABLE) - TEST_VALID_PARAM( mbedtls_ecp_restart_free( NULL ) ); -#endif /* MBEDTLS_ECP_RESTARTABLE */ - -exit: - return; -} -/* END_CASE */ - /* BEGIN_CASE depends_on:NOT_DEFINED */ void ecp_invalid_param( ) { diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index ae306b5e3..a6b0a4c11 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -201,15 +201,6 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ -void gcm_valid_param( ) -{ - TEST_VALID_PARAM( mbedtls_gcm_free( NULL ) ); -exit: - return; -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void gcm_selftest( ) { diff --git a/tests/suites/test_suite_gcm.misc.data b/tests/suites/test_suite_gcm.misc.data index cf0152653..f22b7a3b7 100644 --- a/tests/suites/test_suite_gcm.misc.data +++ b/tests/suites/test_suite_gcm.misc.data @@ -1,5 +1,2 @@ GCM - Invalid parameters gcm_invalid_param: - -GCM - Valid parameters -gcm_valid_param: diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 8e09ee5bd..a542267e4 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -1,6 +1,3 @@ -MPI - Valid parameters -mpi_valid_param: - Arguments with no value mpi_null: diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 8c20258c5..d9a44a6e0 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -71,13 +71,6 @@ static int f_rng_bytes_left( void *state, unsigned char *buf, size_t len ) * END_DEPENDENCIES */ -/* BEGIN_CASE */ -void mpi_valid_param( ) -{ - TEST_VALID_PARAM( mbedtls_mpi_free( NULL ) ); -} -/* END_CASE */ - /* BEGIN_CASE */ void mpi_null( ) { diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 06e40d814..2e24aecc7 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -211,12 +211,6 @@ void valid_parameters( ) mbedtls_pk_init( &pk ); - TEST_VALID_PARAM( mbedtls_pk_free( NULL ) ); - -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) - TEST_VALID_PARAM( mbedtls_pk_restart_free( NULL ) ); -#endif - TEST_ASSERT( mbedtls_pk_setup( &pk, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index 1cc58af41..3552346e4 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -1,6 +1,3 @@ -SHA-1 - Valid parameters -sha1_valid_param: - # Test the operation of SHA-1 and SHA-2 SHA-1 Test Vector NIST CAVS #1 depends_on:MBEDTLS_SHA1_C @@ -42,9 +39,6 @@ SHA-1 Test Vector NIST CAVS #10 depends_on:MBEDTLS_SHA1_C mbedtls_sha1:"8236153781bd2f1b81ffe0def1beb46f5a70191142926651503f1b3bb1016acdb9e7f7acced8dd168226f118ff664a01a8800116fd023587bfba52a2558393476f5fc69ce9c65001f23e70476d2cc81c97ea19caeb194e224339bcb23f77a83feac5096f9b3090c51a6ee6d204b735aa71d7e996d380b80822e4dfd43683af9c7442498cacbea64842dfda238cb099927c6efae07fdf7b23a4e4456e0152b24853fe0d5de4179974b2b9d4a1cdbefcbc01d8d311b5dda059136176ea698ab82acf20dd490be47130b1235cb48f8a6710473cfc923e222d94b582f9ae36d4ca2a32d141b8e8cc36638845fbc499bce17698c3fecae2572dbbd470552430d7ef30c238c2124478f1f780483839b4fb73d63a9460206824a5b6b65315b21e3c2f24c97ee7c0e78faad3df549c7ca8ef241876d9aafe9a309f6da352bec2caaa92ee8dca392899ba67dfed90aef33d41fc2494b765cb3e2422c8e595dabbfaca217757453fb322a13203f425f6073a9903e2dc5818ee1da737afc345f0057744e3a56e1681c949eb12273a3bfc20699e423b96e44bd1ff62e50a848a890809bfe1611c6787d3d741103308f849a790f9c015098286dbacfc34c1718b2c2b77e32194a75dda37954a320fa68764027852855a7e5b5274eb1e2cbcd27161d98b59ad245822015f48af82a45c0ed59be94f9af03d9736048570d6e3ef63b1770bc98dfb77de84b1bb1708d872b625d9ab9b06c18e5dbbf34399391f0f8aa26ec0dac7ff4cb8ec97b52bcb942fa6db2385dcd1b3b9d567aaeb425d567b0ebe267235651a1ed9bf78fd93d3c1dd077fe340bb04b00529c58f45124b717c168d07e9826e33376988bc5cf62845c2009980a4dfa69fbc7e5a0b1bb20a5958ca967aec68eb31dd8fccca9afcd30a26bab26279f1bf6724ff":"11863b483809ef88413ca9b0084ac4a5390640af" -SHA-256 Valid parameters -sha256_valid_param: - SHA-256 Invalid parameters sha256_invalid_param: @@ -107,9 +101,6 @@ mbedtls_sha256:"8390cf0be07661cc7669aac54ce09a37733a629d45f5d983ef201f9b2d13800e SHA-512 Invalid parameters sha512_invalid_param: -SHA-512 Valid parameters -sha512_valid_param: - SHA-384 Test Vector NIST CAVS #1 depends_on:MBEDTLS_SHA384_C sha384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b" diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index a8f5b1848..35fecce6c 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -4,13 +4,6 @@ #include "mbedtls/sha512.h" /* END_HEADER */ -/* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */ -void sha1_valid_param( ) -{ - TEST_VALID_PARAM( mbedtls_sha1_free( NULL ) ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_SHA1_C */ void mbedtls_sha1( data_t * src_str, data_t * hash ) { @@ -25,13 +18,6 @@ void mbedtls_sha1( data_t * src_str, data_t * hash ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */ -void sha256_valid_param( ) -{ - TEST_VALID_PARAM( mbedtls_sha256_free( NULL ) ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:NOT_DEFINED */ void sha256_invalid_param( ) { @@ -81,13 +67,6 @@ void mbedtls_sha256( data_t * src_str, data_t * hash ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C */ -void sha512_valid_param( ) -{ - TEST_VALID_PARAM( mbedtls_sha512_free( NULL ) ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:NOT_DEFINED */ void sha512_invalid_param( ) { From 2d0769d1491aa2b8882dab1408b0b5fdf778436d Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Thu, 27 May 2021 15:24:33 +0200 Subject: [PATCH 051/236] Simplification of the tests Signed-off-by: TRodziewicz --- tests/include/test/macros.h | 3 -- tests/src/helpers.c | 9 ------ tests/suites/main_test.function | 37 ++++++++----------------- tests/suites/test_suite_cipher.function | 3 -- tests/suites/test_suite_rsa.data | 3 ++ tests/suites/test_suite_rsa.function | 19 +++++++++++++ 6 files changed, 33 insertions(+), 41 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index a8a01ce47..df961aa04 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -58,9 +58,6 @@ * It allows a library function to return a value and return an error * code that can be tested. * - * This macro is not suitable for negative parameter validation tests, - * as it assumes the test step will not create an error. - * * Failing the test means: * - Mark this test case as failed. * - Print a message identifying the failure. diff --git a/tests/src/helpers.c b/tests/src/helpers.c index ece046513..cac6d4cc0 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -204,15 +204,6 @@ int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, return ret; } -void mbedtls_param_failed( const char *failure_condition, - const char *file, - int line ) -{ - (void) failure_condition; - (void) file; - (void) line; -} - #if defined(MBEDTLS_TEST_HOOKS) void mbedtls_test_err_add_check( int high, int low, const char *file, int line ) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 13d032c4a..491de6d2f 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -158,31 +158,6 @@ $dispatch_code #line $line_no "suites/main_test.function" }; -/** - * \brief Execute the test function. - * - * This is a wrapper function around the test function execution - * to allow the setjmp() call used to catch any calls to the - * parameter failure callback, to be used. Calls to setjmp() - * can invalidate the state of any local auto variables. - * - * \param fp Function pointer to the test function. - * \param params Parameters to pass to the #TestWrapper_t wrapper function. - * - */ -void execute_function_ptr(TestWrapper_t fp, void **params) -{ -#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) - mbedtls_test_enable_insecure_external_rng( ); -#endif - - fp( params ); - -#if defined(MBEDTLS_TEST_MUTEX_USAGE) - mbedtls_test_mutex_usage_check( ); -#endif /* MBEDTLS_TEST_MUTEX_USAGE */ -} - /** * \brief Dispatches test functions based on function index. * @@ -203,7 +178,17 @@ int dispatch_test( size_t func_idx, void ** params ) { fp = test_funcs[func_idx]; if ( fp ) - execute_function_ptr(fp, params); + { + #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) + mbedtls_test_enable_insecure_external_rng( ); + #endif + + fp( params ); + + #if defined(MBEDTLS_TEST_MUTEX_USAGE) + mbedtls_test_mutex_usage_check( ); + #endif /* MBEDTLS_TEST_MUTEX_USAGE */ + } else ret = DISPATCH_UNSUPPORTED_SUITE; } diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 2ef8f5f63..674349f76 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -213,15 +213,12 @@ void cipher_invalid_param_conditional( ) mbedtls_cipher_context_t valid_ctx; mbedtls_operation_t invalid_operation = 100; - mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; int valid_size = sizeof(valid_buffer); int valid_bitlen = valid_size * 8; const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( *( mbedtls_cipher_list() ) ); - (void)valid_mode; /* In some configurations this is unused */ - TEST_EQUAL( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, mbedtls_cipher_setkey( &valid_ctx, diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 2512ef24c..cc5a04779 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -1,3 +1,6 @@ +RSA parameter validation +rsa_invalid_param: + RSA init-free-free rsa_init_free:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 9cf2fcf34..bc5036c5c 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -17,6 +17,25 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE depends_on:NOT_DEFINED */ +void rsa_invalid_param( ) +{ + mbedtls_rsa_context ctx; + const int valid_padding = MBEDTLS_RSA_PKCS_V21; + const int invalid_padding = 42; + unsigned char buf[42] = { 0 }; + size_t olen; + + TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) ); + + TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx, + invalid_padding, 0 ) ); + +exit: + return; +} +/* END_CASE */ + /* BEGIN_CASE */ void rsa_init_free( int reinit ) { From 9b279f98bcd5eab3898610327e2f731eef5eff47 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Thu, 27 May 2021 17:20:41 +0200 Subject: [PATCH 052/236] Removal of the rsa_invalid_param() from the test Signed-off-by: TRodziewicz --- tests/suites/test_suite_rsa.data | 3 --- tests/suites/test_suite_rsa.function | 19 ------------------- 2 files changed, 22 deletions(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index cc5a04779..2512ef24c 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -1,6 +1,3 @@ -RSA parameter validation -rsa_invalid_param: - RSA init-free-free rsa_init_free:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index bc5036c5c..9cf2fcf34 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -17,25 +17,6 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:NOT_DEFINED */ -void rsa_invalid_param( ) -{ - mbedtls_rsa_context ctx; - const int valid_padding = MBEDTLS_RSA_PKCS_V21; - const int invalid_padding = 42; - unsigned char buf[42] = { 0 }; - size_t olen; - - TEST_INVALID_PARAM( mbedtls_rsa_init( &ctx, invalid_padding, 0 ) ); - - TEST_INVALID_PARAM( mbedtls_rsa_set_padding( &ctx, - invalid_padding, 0 ) ); - -exit: - return; -} -/* END_CASE */ - /* BEGIN_CASE */ void rsa_init_free( int reinit ) { From bcd2b4b9725e64b806b9b92d07c1a12c45b9e9d7 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 28 May 2021 12:56:57 +0200 Subject: [PATCH 053/236] Addition of ommited part of code review follow-up Signed-off-by: TRodziewicz --- tests/suites/test_suite_aria.function | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 6432df081..04263247e 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -27,6 +27,9 @@ void aria_invalid_param( ) ((void) iv_off); ((void) iv); + ((void) ctx); + ((void) input); + ((void) output); #if defined(MBEDTLS_CIPHER_MODE_CBC) TEST_EQUAL( MBEDTLS_ERR_ARIA_BAD_INPUT_DATA, From 358e588b323fa9ec29e386c5197db3d46c5303b8 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 28 May 2021 12:58:46 +0200 Subject: [PATCH 054/236] Temporary addition of an empty assert to satisfy the compiler Signed-off-by: TRodziewicz --- tests/suites/test_suite_aes.function | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 3e07c9cf9..aa3df92fa 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -447,6 +447,14 @@ void aes_misc_params( ) TEST_ASSERT( mbedtls_aes_crypt_ofb( &aes_ctx, 16, &size, out, in, out ) == MBEDTLS_ERR_AES_BAD_INPUT_DATA ); #endif + +/* + * The following line needs to be added to make the code compilable + * when all the conditions above will be not define in a specific + * choice of features. + */ + TEST_ASSERT( 1 ); +/* TODO: It will be removed when the whole test will be reworked */ } /* END_CASE */ From cd817b06303bf43547ed6fe855e712c529de7e63 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 31 May 2021 19:40:45 +0100 Subject: [PATCH 055/236] Remove misleading comment in TLS 1.3 key schedule code The implementation documentation of ``` mbedtls_ssl_tls1_3_derive_early_secrets() ``` mentioned the PSK binder key, which is misleading because the function doesn't actually calculate it. Signed-off-by: Hanno Becker --- library/ssl_tls13_keys.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 78a55812d..f1c8a12d8 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -368,9 +368,6 @@ int mbedtls_ssl_tls1_3_derive_early_secrets( * v * PSK -> HKDF-Extract = Early Secret * | - * +-----> Derive-Secret(., "ext binder" | "res binder", "") - * | = binder_key - * | * +-----> Derive-Secret(., "c e traffic", ClientHello) * | = client_early_traffic_secret * | From 1483fe4c217786f530fda73931738a9a75d5d8a9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 1 Jun 2021 22:29:06 +0200 Subject: [PATCH 056/236] Document what we mean by backward compatibility Signed-off-by: Gilles Peskine --- BRANCHES.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/BRANCHES.md b/BRANCHES.md index 8486ef063..dbdc1738e 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -28,6 +28,15 @@ undocumented features, then you should be able to re-compile it without modification with any later release x.y'.z' with the same major version number, and your code will still build, be secure, and work. +Note that new releases of Mbed TLS may extend the API. Here are some example of changes that are common in minor releases of Mbed TLS, and are not considered compatibility breaks: + +* Adding or reordering fields in a structure or union. +* Removing a field from a structure, unless the field is documented as public. +* Adding items to an enum. +* Returning an error code that was not previously documented for a function when a new error condition arises. +* Changing which error code is returned in a case where multiple error conditions apply. +* Changing the behavior of a function from failing to succeeding, when the change is a reasonable extension of the current behavior, i.e. the addition of a new feature. + There are rare exceptions: code that was relying on something that became insecure in the meantime (for example, crypto that was found to be weak) may need to be changed. In case security comes in conflict with backwards From 58d6eb5024ff23a887798feb411b77b7d4469a4f Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 2 Jun 2021 14:43:11 +0200 Subject: [PATCH 057/236] Removing unneeded comment Signed-off-by: TRodziewicz --- library/psa_crypto.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c3dc6e754..214c405b3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1019,10 +1019,6 @@ psa_status_t psa_wipe_key_slot( psa_key_slot_t *slot ) { psa_status_t status = psa_remove_key_data_from_memory( slot ); - /* - * As the return error code may not be handled in case of multiple errors, - * do our best to report an unexpected lock counter. - */ if( slot->lock_count != 1 ) { status = PSA_ERROR_CORRUPTION_DETECTED; From 5e5dcaced3276417a8fd25f9023b0c34e3577eeb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 20 Mar 2021 14:35:20 +0000 Subject: [PATCH 058/236] PSA PAKE: Add function declarations Add function declarations for the draft version of PSA Crypto API PAKE interface. Signed-off-by: Janos Follath --- include/psa/crypto.h | 359 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 359 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 6aa7ccc92..0992a6510 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4126,6 +4126,365 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, /**@}*/ + +/** \defgroup Password-authenticated key agreement + * @{ + */ + +/** The type of the state data structure for PAKE operations. + * + * Before calling any function on a PAKE operation object, the application + * must initialize it by any of the following means: + * - Set the structure to all-bits-zero, for example: + * \code + * psa_pake_operation_t operation; + * memset(&operation, 0, sizeof(operation)); + * \endcode + * - Initialize the structure to logical zero values, for example: + * \code + * psa_pake_operation_t operation = {0}; + * \endcode + * - Initialize the structure to the initializer #PSA_PAKE_OPERATION_INIT, + * for example: + * \code + * psa_pake_operation_t operation = PSA_PAKE_OPERATION_INIT; + * \endcode + * - Assign the result of the function psa_pake_operation_init() + * to the structure, for example: + * \code + * psa_pake_operation_t operation; + * operation = psa_pake_operation_init(); + * \endcode + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure except + * as directed by the documentation of a specific implementation. */ +typedef struct psa_pake_operation_s psa_pake_operation_t; + +/** \def PSA_PAKE_OPERATION_INIT + * + * This macro returns a suitable initializer for an PAKE operation object of + * type #psa_pake_operation_t. + */ +#ifdef __DOXYGEN_ONLY__ +/* This is an example definition for documentation purposes. + * Implementations should define a suitable value in `crypto_struct.h`. + */ +#define PSA_PAKE_OPERATION_INIT {0} +#endif + +/** Return an initial value for an PAKE operation object. + */ +static psa_pake_operation_t psa_pake_operation_init(void); + +/** Set the session information for a password-authenticated key exchange. + * + * The sequence of operations to set up a password-authenticated key exchange + * is as follows: + * -# Allocate an operation object which will be passed to all the functions + * listed here. + * -# Initialize the operation object with one of the methods described in the + * documentation for #psa_pake_operation_t, e.g. + * #PSA_PAKE_OPERATION_INIT. + * -# Call psa_pake_setup() to specify the algorithm, the key, cipher suite, + * identities and additional session information. + * + * A typical sequence of calls to perform a password-authenticated key + * exchange: + * -# Call psa_pake_get_key_share() to get the key share that needs to be sent + * to the peer. + * -# Call psa_pake_set_key_share() to provide the key share that was received + * from the peer. + * -# Call psa_pake_get_implicit_key() for accessing the shared secret. + * + * The exact sequence of calls to perform a password-authenticated key exchange + * depends on the protocol in use: + * -# Some protocols exchange more data than just a single key share. When using + * such a protocol, call psa_pake_output() and psa_pake_input() one or more + * times to exchange any further data that is needed to derive the shared + * secret. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * If an error occurs at any step after a call to psa_pake_setup(), + * the operation will need to be reset by a call to psa_pake_abort(). The + * application may call psa_pake_abort() at any time after the operation + * has been initialized. + * + * After a successful call to psa_pake_setup(), the application must + * eventually terminate the operation. The following events terminate an + * operation: + * - A call to psa_pake_abort(). + * - A successful call to psa_pake_get_implicit_key(). + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #psa_pake_operation_t and not yet in use. + * \param password Identifier of the key holding the password or a + * value derived from the password (eg. by a + * memory-hard function). It must remain valid + * until the operation terminates. It must allow + * the usage #PSA_KEY_USAGE_PAKE. + * \param alg The PAKE protocol to use + * (\c PSA_ALG_XXX value such that + * #PSA_ALG_IS_PAKE(\p alg) is true). + * \param cipher_suite The cipher suite to use with the PAKE algorithm. + * \param[in] user_id The user ID to authenticate with. + * \param user_id_length Size of the \p user_id buffer in bytes. + * \param[in] peer_id The peer's ID to authenticate. + * \param peer_id_length Size of the \p peer_id buffer in bytes. + * \param[in] session_data Additional session related data if it is allowed + * or required by the protocol. This must be empty + * if additional session data is not used by the + * protocol. + * \param session_data_length Size of the \p session_data buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive). + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with \p alg. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p session_data is not empty and is not allowed in \p alg. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p cipher_suite is not compatible with \p alg. (Eg. \p cipher_suite + * mandates algorithms or sets options that do not make sense for \p alg + * or are not supported with \p alg.) + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p alg is not supported or is not a PAKE algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_setup(psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password, + psa_algorithm_t alg, + psa_pake_cipher_suite_t cipher_suite, + psa_pake_side_t side, + const uint8_t *user_id, + size_t user_id_len, + const uint8_t *peer_id, + size_t peer_id_len, + const uint8_t *session_data, + size_t session_data_len); + +/** Get the key share from a password-authenticated key exchange operation. + * + * This function returns a simple key share (eg. group element). + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the protocol in use. Refer to the documentation of + * individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_pake_abort(). + * + * \param[in,out] operation Active PAKE operation. + * \param[out] key_share Buffer where the key share is to be written. + * \param key_share_size Size of the \p key_share buffer in bytes. + * \param[out] key_share_length On success, the number of bytes of the + * returned key_share. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, but beyond that + * validity is specific to the protocol). + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p key_share buffer is too small. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_get_key_share(psa_pake_operation_t *operation, + uint8_t *key_share, + size_t key_share_size, + size_t *key_share_length); + +/** Get additional key share from a password-authenticated key exchange. + * + * Depending on the protocol being executed, you might need to call this + * function several times or you might not need to call this at all. + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the protocol in use. Refer to the documentation of + * individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_pake_abort(). + * + * \param[in,out] operation Active PAKE operation. + * \param type The type of the data that is requested. + * \param[out] output Buffer where the output is to be written. + * \param output_size Size of the \p output buffer in bytes. + * \param[out] output_length On success, the number of bytes of the returned + * output. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, but beyond that + * validity is specific to the protocol). + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_output(psa_pake_operation_t *operation, + psa_pake_data_t type, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/** Provide peer key share to a password-authenticated key exchange operation. + * + * This function inputs a simple key share (eg. group element). + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the protocol in use. Refer to the documentation of + * individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * \param[in,out] operation Active PAKE operation. + * \param[in] key_share Buffer containing the peer's key share. + * \param key_share_length Size of the \p key_share buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, but beyond that + * validity is specific to the protocol). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_set_key_share(psa_pake_operation_t *operation, + const uint8_t *key_share, + size_t key_share_length); + +/** Provide additional peer key share for a password-authenticated key exchange. + * + * Depending on the protocol being executed, you might need to call this + * function several times or you might not need to call this at all. + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the protocol in use. Refer to the documentation of + * individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_pake_abort(). + * + * \param[in,out] operation Active PAKE operation. + * \param type The type of the data provided. + * \param[out] input Buffer containing the input. + * \param[out] input_length Size of the \p input buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, but beyond that + * validity is specific to the protocol). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_input(psa_pake_operation_t *operation, + psa_pake_data_t type, + uint8_t *input, + size_t input_length); + +/** Get implicitly confirmed shared secret from a PAKE. + * + * This function can be called after the key exchange phase of the operation + * has completed. It imports the shared secret output of the PAKE into the + * provided derivation operation. The input step + * #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key + * material in the key derivation operation. + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the protocol in use. Refer to the documentation of + * individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * When this function returns successfully, the operation becomes inactive. + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_pake_abort(). + * + * \param[in,out] operation Active PAKE operation. + * \param[out] output A key derivation operation that has been + * initialized and set up. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, but beyond that + * validity is specific to the protocol). + * \retval #PSA_ERROR_BAD_STATE + * The state of \p output is not valid for + * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the + * step is out of order or the application has done this step already + * and it may not be repeated. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the output’s + * algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, + psa_key_derivation_operation_t *output); +/**@}*/ + #ifdef __cplusplus } #endif From b86273a6dc60a450a21841b2b9dc7c825619773a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sat, 20 Mar 2021 14:58:52 +0000 Subject: [PATCH 059/236] PSA PAKE: Add integral types Add integral types for the draft version of PSA Crypto API PAKE interface. Signed-off-by: Janos Follath --- include/psa/crypto_types.h | 11 +++++++++++ include/psa/crypto_values.h | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 386c7d794..cd8ac4b1c 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -380,4 +380,15 @@ typedef uint16_t psa_key_derivation_step_t; /**@}*/ +/** \defgroup pake Password-authenticated key exchange + * @{ + */ + +/** \brief Encoding of the side of PAKE */ +typedef uint16_t psa_pake_side_t; + +/** \brief Encoding of the type of input/output for PAKE */ +typedef uint16_t psa_pake_data_t; + +/**@}*/ #endif /* PSA_CRYPTO_TYPES_H */ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 497bd8f01..3c2b7bec2 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2381,4 +2381,38 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /**@}*/ +/** \defgroup pake Password-authenticated key exchange + * @{ + */ + +/** The first peer in a balanced PAKE. + * + * Although balanced PAKE protocols are symmetric, some of them needs an + * ordering of peers for the transcript calculations. If the protocol does not + * need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are + * accepted. + */ +#define PSA_PAKE_SIDE_FIRST ((psa_pake_side_t)0x0001) + +/** The second peer in a balanced PAKE. + * + * Although balanced PAKE protocols are symmetric, some of them needs an + * ordering of peers for the transcript calculations. If the protocol does not + * need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are + * accepted. + */ +#define PSA_PAKE_SIDE_SECOND ((psa_pake_side_t)0x0002) + +/** The client in an augmented PAKE. + * + * Augmented PAKE protocols need to differentiate between client and server. + */ +#define PSA_PAKE_SIDE_CLIENT ((psa_pake_side_t)0x0101) + +/** The server in an augmented PAKE. + * + * Augmented PAKE protocols need to differentiate between client and server. + */ +#define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x0102) +/**@}*/ #endif /* PSA_CRYPTO_VALUES_H */ From 38a5d3564633f1e74aff0124f05d1f8e9895f74b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 21 Mar 2021 07:01:53 +0000 Subject: [PATCH 060/236] PSA PAKE: Add type for representing primitives In most of the PAKEs the primitives are prime order groups, but some of them might need the ring structure or just are using completely different algebraic structures (eg. SRP or PQC schemes). Signed-off-by: Janos Follath --- include/psa/crypto_types.h | 22 ++++++++++++++++++++++ include/psa/crypto_values.h | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 59 insertions(+) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index cd8ac4b1c..1c40f5bf7 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -390,5 +390,27 @@ typedef uint16_t psa_pake_side_t; /** \brief Encoding of the type of input/output for PAKE */ typedef uint16_t psa_pake_data_t; +/** Encoding of the type of the PAKE's primitive. + * + * Values defined by this standard will never be in the range 0x80-0xff. + * Vendors who define additional types must use an encoding in this range. + */ +typedef uint8_t psa_pake_primitive_type_t; + +/** Encoding of the bitsize for the PAKE's primitive. + * + * The type and family is not enough to identify the primitive to use in the + * PAKE, the implementation needs to know the bitsize too. + */ +typedef uint16_t psa_pake_bits_t; + +/** Encoding of the PAKE's primitive. + * + * In most of the PAKEs the primitives are prime order groups, but some of + * them might need the ring structure or just are using completely different + * algebraic structures (eg. SRP or PQC schemes). + */ +typedef uint32_t psa_pake_primitive_t; + /**@}*/ #endif /* PSA_CRYPTO_TYPES_H */ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 3c2b7bec2..afdcaa9f6 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2414,5 +2414,42 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * Augmented PAKE protocols need to differentiate between client and server. */ #define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x0102) + +/** The pake uses finite fields. + * + * The corresponding family type is ::psa_dh_family_t. In determining a + * specific curve in the family ::psa_pake_bits_t values are interpreted in the + * exact same way as ::psa_key_bits_t would. + */ +#define PSA_PAKE_PRIMITIVE_TYPE_FIELD ((psa_pake_primitive_type_t)0x01) + +/** The pake uses elliptic curves. + * + * The corresponding family type is ::psa_ecc_family_t. in determining a + * specific curve in the family ::psa_pake_bits_t values are interpreted in the + * exact same way as ::psa_key_bits_t would. + */ +#define PSA_PAKE_PRIMITIVE_TYPE_CURVE ((psa_pake_primitive_type_t)0x02) + +/** Construct a PAKE primitive from type, family and bitsize. + * + * \param type The type of the primitive + * (value of type ::psa_pake_primitive_type_t). + * \param family The family of the primitive + * (the type and interpretation of this parameter depends + * on \p type, for more information consult the + * documentation of individual ::psa_pake_primitive_type_t + * constants). + * \param bits The bitwise of the primitive + * (Value of type ::psa_pake_bits_t. The interpretation + * of this parameter depends on \p family, for more + * information consult the documentation of individual + * ::psa_pake_primitive_type_t constants). + * + * \return The constructed primitive value. + */ +#define PSA_PAKE_PRIMITIVE(type, family, bits) \ + ((psa_pake_primitive_t) (((type) << 24 | (persistence) << 16) | (bits))) + /**@}*/ #endif /* PSA_CRYPTO_VALUES_H */ From 508afeca67799a11631f68d8c45e846c7fc76dbc Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 21 Mar 2021 09:42:37 +0000 Subject: [PATCH 061/236] PSA PAKE: Add cipher suite structure PAKE protocols make use of a range of cryptographic schemes and primitives. Standards allow for several options to use for each of them. They call the combination of specific algorithms cipher suites, configurations or options. Cipher suites are represented by a separate data type for several reasons: 1. To allow for individual PAKE protocols to provide pre-defined cipher suites. 2. To organise cipher suites into a unit that can be handled separately from the operation context. The PAKE operation flow is already complex, will be even more so when key confirmation is added. Handling them separately should reduce the surface of the interface the application developer needs to pay attention at any given time. Signed-off-by: Janos Follath --- include/psa/crypto.h | 41 +++++++++++++++++++++++++++++++++++++ include/psa/crypto_struct.h | 33 +++++++++++++++++++++++++++++ include/psa/crypto_types.h | 10 ++++++++- 3 files changed, 83 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 0992a6510..a0f5b135e 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4131,6 +4131,47 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, * @{ */ +/** The type of the data strucure for PAKE cipher suites. + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure except + * as directed by the documentation of a specific implementation. + */ +typedef struct psa_pake_cipher_suite_s psa_pake_cipher_suite_t; + +/** Construct a cipher suite for a password-authenticated key exchange. + * + * \param primitive The primitive used in the cipher suite. + * \param hash The hash involved in the cipher suite. + * (`PSA_ALG_XXX` values of type ::psa_algorithm_t + * such that #PSA_ALG_IS_HASH(\c alg) is true.) + * \param algorithm1 Additional algorithm if needed in the cipher suite, + * 0 otherwise. + * \param bits1 A bit size qualifier if needed for \p algorithm1, + * 0 otherwise. + * \param algorithm2 Additional algorithm if needed in the cipher suite, + * 0 otherwise. + * \param bits2 A bit size qualifier if needed for \p algorithm2, + * 0 otherwise. + * \param options Additional options to be included with the cipher + * suite if needed, 0 otherwise. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \retval The constructed cipher suite. + */ +static psa_pake_cipher_suite_t psa_pake_cipher_suite( + psa_pake_primitive_t primitive, + psa_algorithm_t hash, + psa_algorithm_t algorithm1, + psa_pake_bits_t bits1, + psa_algorithm_t algorithm2, + psa_pake_bits_t bits2, + psa_pake_cipher_suite_options_t options + ); + /** The type of the state data structure for PAKE operations. * * Before calling any function on a PAKE operation object, the application diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 47012fdd0..a4e6cca8e 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -461,6 +461,39 @@ static inline size_t psa_get_key_bits( return( attributes->core.bits ); } +struct psa_pake_cipher_suite_s +{ + psa_pake_primitive_t primitive; + psa_algorithm_t hash; + psa_algorithm_t algorithm1; + psa_pake_bits_t bits1; + psa_algorithm_t algorithm2; + psa_pake_bits_t bits2; + psa_pake_cipher_suite_options_t options; +}; + +static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite( + psa_pake_primitive_t primitive, + psa_algorithm_t hash, + psa_algorithm_t algorithm1, + psa_pake_bits_t bits1, + psa_algorithm_t algorithm2, + psa_pake_bits_t bits2, + psa_pake_cipher_suite_options_t options + ) +{ + struct psa_pake_cipher_suite_s cipher_suite; + + cipher_suite.primitive = primitive; + cipher_suite.hash = hash; + cipher_suite.algorithm1 = algorithm1; + cipher_suite.bits1 = bits1; + cipher_suite.algorithm2 = algorithm2; + cipher_suite.bits2 = bits2; + cipher_suite.options = options; + + return cipher_suite; +} #ifdef __cplusplus } #endif diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 1c40f5bf7..8031c9d27 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -380,7 +380,7 @@ typedef uint16_t psa_key_derivation_step_t; /**@}*/ -/** \defgroup pake Password-authenticated key exchange +/** \defgroup pake Password-authenticated key exchange (PAKE) * @{ */ @@ -412,5 +412,13 @@ typedef uint16_t psa_pake_bits_t; */ typedef uint32_t psa_pake_primitive_t; +/** Encoding of additional options for PAKE. + * + * This type is for encoding additional options into PAKE cipher suites. + * (Options like for example EnvelopeMode in OPAQUE or "Per-User M and N" in + * SPAKE2.) + */ +typedef uint32_t psa_pake_cipher_suite_options_t; + /**@}*/ #endif /* PSA_CRYPTO_TYPES_H */ From 8a09ca9d94da0963e003b7f28ddfc48e5fff5359 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 21 Mar 2021 10:14:08 +0000 Subject: [PATCH 062/236] PSA PAKE: Add dummy operation context Signed-off-by: Janos Follath --- include/psa/crypto_struct.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index a4e6cca8e..f289caf16 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -494,6 +494,25 @@ static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite( return cipher_suite; } + +struct psa_pake_operation_s +{ + psa_algorithm_t alg; + union + { + /* Make the union non-empty even with no supported algorithms. */ + uint8_t dummy; + } ctx; +}; + +/* This only zeroes out the first byte in the union, the rest is unspecified. */ +#define PSA_PAKE_OPERATION_INIT {0, {0}} +static inline struct psa_pake_operation_s psa_pake_operation_init( void ) +{ + const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT; + return( v ); +} + #ifdef __cplusplus } #endif From 9c6b147d98fac6a12ea0be7337fb4c679432d2ae Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Sun, 21 Mar 2021 15:11:01 +0000 Subject: [PATCH 063/236] PSA PAKE: Add J-PAKE to the interface Signed-off-by: Janos Follath --- include/psa/crypto.h | 6 + include/psa/crypto_types.h | 9 +- include/psa/crypto_values.h | 185 +++++++++++++++++- .../test_suite_psa_crypto_metadata.data | 3 + .../test_suite_psa_crypto_metadata.function | 26 +++ 5 files changed, 217 insertions(+), 12 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index a0f5b135e..88cc2d149 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4366,6 +4366,9 @@ psa_status_t psa_pake_get_key_share(psa_pake_operation_t *operation, * Depending on the protocol being executed, you might need to call this * function several times or you might not need to call this at all. * + * Calling this function with PSA_PAKE_DATA_KEY_SHARE as \p type is equivalent + * to calling psa_pake_get_key_share(). + * * The exact sequence of calls to perform a password-authenticated key * exchange depends on the protocol in use. Refer to the documentation of * individual PAKE algorithm types (`PSA_ALG_XXX` values of type @@ -4443,6 +4446,9 @@ psa_status_t psa_pake_set_key_share(psa_pake_operation_t *operation, * Depending on the protocol being executed, you might need to call this * function several times or you might not need to call this at all. * + * Calling this function with PSA_PAKE_DATA_KEY_SHARE as \p type is equivalent + * to calling psa_pake_set_key_share(). + * * The exact sequence of calls to perform a password-authenticated key * exchange depends on the protocol in use. Refer to the documentation of * individual PAKE algorithm types (`PSA_ALG_XXX` values of type diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 8031c9d27..4fa739547 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -387,8 +387,13 @@ typedef uint16_t psa_key_derivation_step_t; /** \brief Encoding of the side of PAKE */ typedef uint16_t psa_pake_side_t; -/** \brief Encoding of the type of input/output for PAKE */ -typedef uint16_t psa_pake_data_t; +/** Encoding of input and output indicators for PAKE. + * + * Some PAKE protocols need to exchange more data than just a single key share. + * This type is for encoding additional input and output data for such + * protocols. + */ +typedef uint8_t psa_pake_data_t; /** Encoding of the type of the PAKE's primitive. * diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index afdcaa9f6..be3325890 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -731,6 +731,7 @@ #define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x07000000) #define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x08000000) #define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x09000000) +#define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t)0x0a000000) /** Whether an algorithm is vendor-defined. * @@ -848,6 +849,18 @@ (PSA_ALG_IS_KEY_DERIVATION(alg) && \ (alg) & PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG) +/** Whether the specified algorithm is a password-authenticated key exchange. + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \p alg is a password-authenticated key exchange (PAKE) + * algorithm, 0 otherwise. + * This macro may return either 0 or 1 if \p alg is not a supported + * algorithm identifier. + */ +#define PSA_ALG_IS_PAKE(alg) \ + (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_PAKE) + #define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff) /** MD2 */ #define PSA_ALG_MD2 ((psa_algorithm_t)0x02000001) @@ -1953,6 +1966,58 @@ #define PSA_ALG_GET_HASH(alg) \ (((alg) & 0x000000ff) == 0 ? ((psa_algorithm_t)0) : 0x02000000 | ((alg) & 0x000000ff)) +/** The Password-authenticated key exchange by juggling (J-PAKE) protocol. + * + * J-PAKE can be instantiated over finite fields or elliptic curves. This can + * be achieved by passing either #PSA_PAKE_PRIMITIVE_TYPE_FIELD or + * #PSA_PAKE_PRIMITIVE_TYPE_CURVE to #PSA_PAKE_PRIMITIVE respectively, when + * creating the cipher suite. + * + * In theory the protocol works with any non-interactive zero-knowledge proof. + * Implementations of the present specification use Schnorr NIZK and this does + * not need to be configured in the cipher suites. + * + * J-PAKE can be used with any secure cryptographic hash function, the choice + * of hash must be supplied to the psa_pake_cipher_suite() as the second + * parameter (\p hash). + * + * All the remaining parameters passed to psa_pake_cipher_suite() when creating + * the cipher suite must be 0. + * + * The key exchange flow for JPAKE is as follows: + * -# To get the first round data that needs to be sent to the peer, call + * psa_pake_get_key_share(operation, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE_2, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC_2, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF_2, ...); + * -# To provide the first round data received from the peer to the operation, + * call + * psa_pake_set_key_share(operation, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE_2, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC_2, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF_2, ...); + * -# To get the second round data that needs to be sent to the peer, call + * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE_3, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC_3, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF_3, ...); + * -# To provide the second round data received from the peer to the operation, + * call + * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE_3, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC_3, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF_3, ...); + * -# Call psa_pake_get_implicit_key() for accessing the shared secret. + * + * For more information consult the documentation of the individual + * PSA_PAKE_DATA_XXX constants. + * + * J-PAKE is standardised for example in RFC 8236 and in THREAD. + */ +#define PSA_ALG_PAKE_JPAKE ((psa_algorithm_t)0x0a000001) + /**@}*/ /** \defgroup key_lifetimes Key lifetimes @@ -2415,21 +2480,39 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x0102) -/** The pake uses finite fields. - * - * The corresponding family type is ::psa_dh_family_t. In determining a - * specific curve in the family ::psa_pake_bits_t values are interpreted in the - * exact same way as ::psa_key_bits_t would. - */ -#define PSA_PAKE_PRIMITIVE_TYPE_FIELD ((psa_pake_primitive_type_t)0x01) - -/** The pake uses elliptic curves. +/** The PAKE uses elliptic curves. * * The corresponding family type is ::psa_ecc_family_t. in determining a * specific curve in the family ::psa_pake_bits_t values are interpreted in the * exact same way as ::psa_key_bits_t would. + * + * Input and output during the operation can involve group elements and scalar + * values: + * -# The format for group elements is the same as for public keys on the + * specific curve would be. For more information, consult the documentation of + * psa_export_public_key(). + * -# The format for scalars is the same as for private keys on the specific + * curve would be. For more information, consult the documentation of + * psa_export_key(). */ -#define PSA_PAKE_PRIMITIVE_TYPE_CURVE ((psa_pake_primitive_type_t)0x02) +#define PSA_PAKE_PRIMITIVE_TYPE_CURVE ((psa_pake_primitive_type_t)0x01) + +/** The PAKE uses finite fields based Diffie-Hellman groups. + * + * The corresponding family type is ::psa_dh_family_t. In determining a + * specific group in the family ::psa_pake_bits_t values are interpreted in the + * exact same way as ::psa_key_bits_t would. + * + * Input and output during the operation can involve group elements and scalar + * values: + * -# The format for group elements is the same as for public keys on the + * specific group would be. For more information, consult the documentation of + * psa_export_public_key(). + * -# The format for scalars is the same as for private keys on the specific + * group would be. For more information, consult the documentation of + * psa_export_key(). + */ +#define PSA_PAKE_PRIMITIVE_TYPE_FIELD_DH ((psa_pake_primitive_type_t)0x02) /** Construct a PAKE primitive from type, family and bitsize. * @@ -2451,5 +2534,87 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) #define PSA_PAKE_PRIMITIVE(type, family, bits) \ ((psa_pake_primitive_t) (((type) << 24 | (persistence) << 16) | (bits))) + +/** The key share being sent to or received from the peer. + * + * Unless the documentation of the PAKE algorithm says otherwise this is a + * group element. + * + * For information regarding representation consult the documentation of + * individual ::psa_pake_primitive_type_t constants. + * + * Some PAKE protocols need to exchange several key shares. If that is the + * case, this value marks the first key share sent and the first key share + * received. For values sent or received afterwards, use + * #PSA_PAKE_DATA_KEY_SHARE_2 and #PSA_PAKE_DATA_KEY_SHARE_3. + */ +#define PSA_PAKE_DATA_KEY_SHARE ((psa_pake_data_t)0x01) + + +/** A Schnorr NIZKP public key. + * + * This is a group element. + * + * For information regarding representation consult the documentation of + * individual ::psa_pake_primitive_type_t constants. + * + * Some PAKE protocols need to perform several zero-knowledge proofs. If that + * is the case, this value marks the first public key sent and the first public + * key received. For values sent or received afterwards, use + * #PSA_PAKE_DATA_ZK_PUBLIC_2 and #PSA_PAKE_DATA_ZK_PUBLIC_3. + */ +#define PSA_PAKE_DATA_ZK_PUBLIC ((psa_pake_data_t)0x02) + + +/** A Schnorr NIZKP proof. + * + * This is a skalar value. + * + * For information regarding representation consult the documentation of + * individual ::psa_pake_primitive_type_t constants. + * + * Some PAKE protocols need to perform several zero-knowledge proofs. If that + * is the case, this value marks the first proof sent and the first proof + * received. For values sent or received afterwards, use + * #PSA_PAKE_DATA_ZK_PROOF_2 and #PSA_PAKE_DATA_ZK_PROOF_3. + */ +#define PSA_PAKE_DATA_ZK_PROOF ((psa_pake_data_t)0x03) + +/** Marks the second key share sent and received. + * + * See #PSA_PAKE_DATA_KEY_SHARE. + */ +#define PSA_PAKE_DATA_KEY_SHARE_2 ((psa_pake_data_t)0x04) + +/** Marks the second Schnorr NIZKP public key sent and received. + * + * See #PSA_PAKE_DATA_ZK_PUBLIC. + */ +#define PSA_PAKE_DATA_ZK_PUBLIC_2 ((psa_pake_data_t)0x05) + +/** Marks the second Schnorr NIZKP proof sent and received. + * + * See #PSA_PAKE_DATA_ZK_PROOF. + */ +#define PSA_PAKE_DATA_ZK_PROOF_2 ((psa_pake_data_t)0x06) + +/** Marks the third key share sent and received. + * + * See #PSA_PAKE_DATA_KEY_SHARE. + */ +#define PSA_PAKE_DATA_KEY_SHARE_3 ((psa_pake_data_t)0x07) + +/** Marks the third Schnorr NIZKP public key sent and received. + * + * See #PSA_PAKE_DATA_ZK_PUBLIC. + */ +#define PSA_PAKE_DATA_ZK_PUBLIC_3 ((psa_pake_data_t)0x08) + +/** Marks the third Schnorr NIZKP proof sent and received. + * + * See #PSA_PAKE_DATA_ZK_PROOF. + */ +#define PSA_PAKE_DATA_ZK_PROOF_3 ((psa_pake_data_t)0x09) + /**@}*/ #endif /* PSA_CRYPTO_VALUES_H */ diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 4e2f4d5af..0845b55d7 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -294,6 +294,9 @@ Key agreement: ECDH, HKDF using SHA-384 depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_384 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_384 ) +PAKE: J-PAKE +pake_algorithm:PSA_ALG_PAKE_JPAKE + Key type: raw data key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index 8134f4471..3ed08a6a0 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -156,6 +156,7 @@ void mac_algorithm_core( psa_algorithm_t alg, int classification_flags, TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); algorithm_classification( alg, classification_flags ); /* Length */ @@ -181,6 +182,7 @@ void aead_algorithm_core( psa_algorithm_t alg, int classification_flags, TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); algorithm_classification( alg, classification_flags ); /* Tag length */ @@ -220,6 +222,7 @@ void hash_algorithm( int alg_arg, int length_arg ) TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); algorithm_classification( alg, 0 ); /* Dependent algorithms */ @@ -362,6 +365,7 @@ void cipher_algorithm( int alg_arg, int classification_flags ) TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); algorithm_classification( alg, classification_flags ); } /* END_CASE */ @@ -462,6 +466,7 @@ void asymmetric_signature_algorithm( int alg_arg, int classification_flags ) TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); algorithm_classification( alg, classification_flags ); } /* END_CASE */ @@ -491,6 +496,7 @@ void asymmetric_encryption_algorithm( int alg_arg, int classification_flags ) TEST_ASSERT( PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); algorithm_classification( alg, classification_flags ); } /* END_CASE */ @@ -511,6 +517,7 @@ void key_derivation_algorithm( int alg_arg, int classification_flags ) TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( PSA_ALG_IS_KEY_DERIVATION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); algorithm_classification( alg, classification_flags ); /* Check combinations with key agreements */ @@ -540,6 +547,7 @@ void key_agreement_algorithm( int alg_arg, int classification_flags, TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); TEST_ASSERT( PSA_ALG_IS_KEY_AGREEMENT( alg ) ); TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_PAKE( alg ) ); algorithm_classification( alg, classification_flags ); /* Shared secret derivation properties */ @@ -548,6 +556,24 @@ void key_agreement_algorithm( int alg_arg, int classification_flags, } /* END_CASE */ +/* BEGIN_CASE */ +void pake_algorithm( int alg_arg ) +{ + psa_algorithm_t alg = alg_arg; + + /* Algorithm classification */ + TEST_ASSERT( ! PSA_ALG_IS_HASH( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_MAC( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_CIPHER( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_AEAD( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_SIGN( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_ASYMMETRIC_ENCRYPTION( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_AGREEMENT( alg ) ); + TEST_ASSERT( ! PSA_ALG_IS_KEY_DERIVATION( alg ) ); + TEST_ASSERT( PSA_ALG_IS_PAKE( alg ) ); +} + +/* END_CASE */ /* BEGIN_CASE */ void key_type( int type_arg, int classification_flags ) { From b378d5784021405fb9801eed17a81714798532ae Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 8 Apr 2021 13:53:12 +0100 Subject: [PATCH 064/236] PSA PAKE: add output size macros Signed-off-by: Janos Follath --- include/psa/crypto_sizes.h | 50 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 79f96739b..8497b14d0 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -1132,4 +1132,54 @@ #define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \ (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE) +/** A sufficient output buffer size for psa_pake_get_key_share(). + * + * If the size of the ciphertext buffer is at least this large, it is + * guaranteed that psa_pake_get_key_share() will not fail due to an + * insufficient ciphertext buffer size. The actual size of the output might be + * smaller in any given call. + * + * See also #PSA_PAKE_OUTPUT_MAX_SIZE + * + * \param alg A PAKE algorithm (PSA_ALG_XXX value such that + * #PSA_ALG_IS_PAKE(\p alg) is true). + * \param cipher_suite A cipher suite that is compatible with algorithm \p alg. + * \return A sufficient key share buffer size for the specified + * cipher suite and algorithm. If the cipher suite or PAKE + * algorithm is not recognized, or the parameters are + * incompatible, return 0. + */ +#define PSA_PAKE_KEY_SHARE_SIZE(alg, cipher_suite) \ + (PSA_PAKE_OUTPUT_SIZE(alg, cipher_suite, PSA_PAKE_DATA_KEY_SHARE) + +/** A sufficient output buffer size for psa_pake_output(). + * + * If the size of the ciphertext buffer is at least this large, it is + * guaranteed that psa_pake_output() will not fail due to an + * insufficient ciphertext buffer size. The actual size of the output might be + * smaller in any given call. + * + * See also #PSA_PAKE_OUTPUT_MAX_SIZE + * + * \param alg A PAKE algorithm (PSA_ALG_XXX value such that + * #PSA_ALG_IS_PAKE(\p alg) is true). + * \param cipher_suite A cipher suite that is compatible with algorithm \p alg. + * \param output An output type used with algorithm \p alg. + * \return A sufficient output buffer size for the specified + * output, cipher suite and algorithm. If the cipher suite, + * the output type or PAKE algorithm is not recognized, or + * the parameters are incompatible, return 0. + */ +#define PSA_PAKE_OUTPUT_SIZE(alg, cipher_suite, output) + +/** Output buffer size for psa_pake_output() and psa_pake_get_key_share(), + * for any of the supported cipher suites and PAKE algorithms. + * + * This macro must expand to a compile-time constant integer. + * + * See also #PSA_PAKE_KEY_SHARE_SIZE(\p alg, \p cipher_suite) and + * #PSA_PAKE_OUTPUT_SIZE(\p alg, \p cipher_suite, \p output). + */ +#define PSA_PAKE_OUTPUT_MAX_SIZE + #endif /* PSA_CRYPTO_SIZES_H */ From 7f1e81a98dd783edf1d572883d11e2de5ffd9bce Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 8 Apr 2021 14:20:55 +0100 Subject: [PATCH 065/236] PSA PAKE: specify key type and usage The PSA_KEY_TYPE_PASSWORD key type to which this documentation change refers to is not yet present in the code and will be introduced by a parallel line of work. Signed-off-by: Janos Follath --- include/psa/crypto.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 88cc2d149..79d997672 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4266,8 +4266,10 @@ static psa_pake_operation_t psa_pake_operation_init(void); * \param password Identifier of the key holding the password or a * value derived from the password (eg. by a * memory-hard function). It must remain valid - * until the operation terminates. It must allow - * the usage #PSA_KEY_USAGE_PAKE. + * until the operation terminates. It must be of + * type #PSA_KEY_TYPE_PASSWORD or + * #PSA_KEY_TYPE_DERIVE. It has to allow the usage + * #PSA_KEY_USAGE_DERIVE. * \param alg The PAKE protocol to use * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_PAKE(\p alg) is true). From ca2c167dcbb1e46c904f32fb24c219c16a7e64ab Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 12 Apr 2021 10:00:43 +0100 Subject: [PATCH 066/236] PSA PAKE: fix doxygen warnings Signed-off-by: Janos Follath --- include/psa/crypto.h | 12 ++++++++---- include/psa/crypto_types.h | 6 +++++- include/psa/crypto_values.h | 4 ++-- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 79d997672..8bc92e1f6 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4267,22 +4267,26 @@ static psa_pake_operation_t psa_pake_operation_init(void); * value derived from the password (eg. by a * memory-hard function). It must remain valid * until the operation terminates. It must be of - * type #PSA_KEY_TYPE_PASSWORD or + * type PSA_KEY_TYPE_PASSWORD or * #PSA_KEY_TYPE_DERIVE. It has to allow the usage * #PSA_KEY_USAGE_DERIVE. * \param alg The PAKE protocol to use * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_PAKE(\p alg) is true). * \param cipher_suite The cipher suite to use with the PAKE algorithm. + * \param side A value of type ::psa_pake_side_t signaling the + * side of the protocol that is being set up. For + * more information see the documentation of \c + * PSA_PAKE_SIDE_XXX constants. * \param[in] user_id The user ID to authenticate with. - * \param user_id_length Size of the \p user_id buffer in bytes. + * \param user_id_len Size of the \p user_id buffer in bytes. * \param[in] peer_id The peer's ID to authenticate. - * \param peer_id_length Size of the \p peer_id buffer in bytes. + * \param peer_id_len Size of the \p peer_id buffer in bytes. * \param[in] session_data Additional session related data if it is allowed * or required by the protocol. This must be empty * if additional session data is not used by the * protocol. - * \param session_data_length Size of the \p session_data buffer in bytes. + * \param session_data_len Size of the \p session_data buffer in bytes. * * \retval #PSA_SUCCESS * Success. diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 4fa739547..e434e01e3 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -384,7 +384,11 @@ typedef uint16_t psa_key_derivation_step_t; * @{ */ -/** \brief Encoding of the side of PAKE */ +/** \brief Encoding of the side of PAKE + * + * Encodes which side of the protocol is being executed. For more information + * see the documentation of individual PSA_PAKE_SIDE_XXX constants. + */ typedef uint16_t psa_pake_side_t; /** Encoding of input and output indicators for PAKE. diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index be3325890..3650fd772 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1969,7 +1969,7 @@ /** The Password-authenticated key exchange by juggling (J-PAKE) protocol. * * J-PAKE can be instantiated over finite fields or elliptic curves. This can - * be achieved by passing either #PSA_PAKE_PRIMITIVE_TYPE_FIELD or + * be achieved by passing either #PSA_PAKE_PRIMITIVE_TYPE_FIELD_DH or * #PSA_PAKE_PRIMITIVE_TYPE_CURVE to #PSA_PAKE_PRIMITIVE respectively, when * creating the cipher suite. * @@ -2446,7 +2446,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /**@}*/ -/** \defgroup pake Password-authenticated key exchange +/** \defgroup pake Password-authenticated key exchange (PAKE) * @{ */ From 1101edb948fbe1e172eeb5a24233075e317b3b75 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 19 Apr 2021 09:34:44 +0100 Subject: [PATCH 067/236] PSA PAKE: typo fixes in documentation Also removes the mention of THREAD as we can't give a publicly available reference for it. Signed-off-by: Janos Follath --- include/psa/crypto_values.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 3650fd772..04b0303e8 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1974,7 +1974,7 @@ * creating the cipher suite. * * In theory the protocol works with any non-interactive zero-knowledge proof. - * Implementations of the present specification use Schnorr NIZK and this does + * Implementations of the present specification use Schnorr NIZKP and this does * not need to be configured in the cipher suites. * * J-PAKE can be used with any secure cryptographic hash function, the choice @@ -2014,7 +2014,7 @@ * For more information consult the documentation of the individual * PSA_PAKE_DATA_XXX constants. * - * J-PAKE is standardised for example in RFC 8236 and in THREAD. + * J-PAKE is standardised for example in RFC 8236. */ #define PSA_ALG_PAKE_JPAKE ((psa_algorithm_t)0x0a000001) @@ -2482,7 +2482,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /** The PAKE uses elliptic curves. * - * The corresponding family type is ::psa_ecc_family_t. in determining a + * The corresponding family type is ::psa_ecc_family_t. In determining a * specific curve in the family ::psa_pake_bits_t values are interpreted in the * exact same way as ::psa_key_bits_t would. * @@ -2523,7 +2523,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * on \p type, for more information consult the * documentation of individual ::psa_pake_primitive_type_t * constants). - * \param bits The bitwise of the primitive + * \param bits The bitsize of the primitive * (Value of type ::psa_pake_bits_t. The interpretation * of this parameter depends on \p family, for more * information consult the documentation of individual @@ -2568,7 +2568,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /** A Schnorr NIZKP proof. * - * This is a skalar value. + * This is a scalar value. * * For information regarding representation consult the documentation of * individual ::psa_pake_primitive_type_t constants. From 020da462d27b3a1de288a93a4ad0cee215eb46b7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 19 Apr 2021 09:43:45 +0100 Subject: [PATCH 068/236] Fix PSA_PAKE_PRIMITIVE macro Fix the typo in the macro definition and more specific parameter names allow for future scripts to check validity of arguments. Signed-off-by: Janos Follath --- include/psa/crypto_values.h | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 04b0303e8..2d86136e0 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2516,14 +2516,14 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /** Construct a PAKE primitive from type, family and bitsize. * - * \param type The type of the primitive + * \param pake_type The type of the primitive * (value of type ::psa_pake_primitive_type_t). - * \param family The family of the primitive + * \param pake_family The family of the primitive * (the type and interpretation of this parameter depends * on \p type, for more information consult the * documentation of individual ::psa_pake_primitive_type_t * constants). - * \param bits The bitsize of the primitive + * \param pake_bits The bitsize of the primitive * (Value of type ::psa_pake_bits_t. The interpretation * of this parameter depends on \p family, for more * information consult the documentation of individual @@ -2531,8 +2531,9 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * * \return The constructed primitive value. */ -#define PSA_PAKE_PRIMITIVE(type, family, bits) \ - ((psa_pake_primitive_t) (((type) << 24 | (persistence) << 16) | (bits))) +#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \ + ((psa_pake_primitive_t) (((pake_type) << 24 | \ + (pake_family) << 16) | (pake_bits))) /** The key share being sent to or received from the peer. From fb4203dcffafeb5eb047373f9e550671673933b2 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 19 Apr 2021 09:53:17 +0100 Subject: [PATCH 069/236] PSA PAKE: Call the scheme algorithm The documentation is calling PAKEs protocols but it has an psa_algorithm_t identifier. To align the terminology, the documentation should call them algorithms as well. Signed-off-by: Janos Follath --- include/psa/crypto.h | 38 ++++++++++++++++++------------------- include/psa/crypto_types.h | 6 +++--- include/psa/crypto_values.h | 22 ++++++++++----------- 3 files changed, 33 insertions(+), 33 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 8bc92e1f6..e6e78eb1c 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4239,9 +4239,9 @@ static psa_pake_operation_t psa_pake_operation_init(void); * -# Call psa_pake_get_implicit_key() for accessing the shared secret. * * The exact sequence of calls to perform a password-authenticated key exchange - * depends on the protocol in use: - * -# Some protocols exchange more data than just a single key share. When using - * such a protocol, call psa_pake_output() and psa_pake_input() one or more + * depends on the algorithm in use: + * -# Some algorithms exchange more data than just a single key share. When using + * such a algorithm, call psa_pake_output() and psa_pake_input() one or more * times to exchange any further data that is needed to derive the shared * secret. * @@ -4270,12 +4270,12 @@ static psa_pake_operation_t psa_pake_operation_init(void); * type PSA_KEY_TYPE_PASSWORD or * #PSA_KEY_TYPE_DERIVE. It has to allow the usage * #PSA_KEY_USAGE_DERIVE. - * \param alg The PAKE protocol to use + * \param alg The PAKE algorithm to use * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_PAKE(\p alg) is true). * \param cipher_suite The cipher suite to use with the PAKE algorithm. * \param side A value of type ::psa_pake_side_t signaling the - * side of the protocol that is being set up. For + * side of the algorithm that is being set up. For * more information see the documentation of \c * PSA_PAKE_SIDE_XXX constants. * \param[in] user_id The user ID to authenticate with. @@ -4283,9 +4283,9 @@ static psa_pake_operation_t psa_pake_operation_init(void); * \param[in] peer_id The peer's ID to authenticate. * \param peer_id_len Size of the \p peer_id buffer in bytes. * \param[in] session_data Additional session related data if it is allowed - * or required by the protocol. This must be empty + * or required by the algorithm. This must be empty * if additional session data is not used by the - * protocol. + * algorithm. * \param session_data_len Size of the \p session_data buffer in bytes. * * \retval #PSA_SUCCESS @@ -4331,7 +4331,7 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, * This function returns a simple key share (eg. group element). * * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the protocol in use. Refer to the documentation of + * exchange depends on the algorithm in use. Refer to the documentation of * individual PAKE algorithm types (`PSA_ALG_XXX` values of type * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more * information. @@ -4349,7 +4349,7 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, but beyond that - * validity is specific to the protocol). + * validity is specific to the algorithm). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p key_share buffer is too small. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -4369,14 +4369,14 @@ psa_status_t psa_pake_get_key_share(psa_pake_operation_t *operation, /** Get additional key share from a password-authenticated key exchange. * - * Depending on the protocol being executed, you might need to call this + * Depending on the algorithm being executed, you might need to call this * function several times or you might not need to call this at all. * * Calling this function with PSA_PAKE_DATA_KEY_SHARE as \p type is equivalent * to calling psa_pake_get_key_share(). * * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the protocol in use. Refer to the documentation of + * exchange depends on the algorithm in use. Refer to the documentation of * individual PAKE algorithm types (`PSA_ALG_XXX` values of type * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more * information. @@ -4395,7 +4395,7 @@ psa_status_t psa_pake_get_key_share(psa_pake_operation_t *operation, * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, but beyond that - * validity is specific to the protocol). + * validity is specific to the algorithm). * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -4419,7 +4419,7 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * This function inputs a simple key share (eg. group element). * * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the protocol in use. Refer to the documentation of + * exchange depends on the algorithm in use. Refer to the documentation of * individual PAKE algorithm types (`PSA_ALG_XXX` values of type * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more * information. @@ -4432,7 +4432,7 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, but beyond that - * validity is specific to the protocol). + * validity is specific to the algorithm). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE @@ -4449,14 +4449,14 @@ psa_status_t psa_pake_set_key_share(psa_pake_operation_t *operation, /** Provide additional peer key share for a password-authenticated key exchange. * - * Depending on the protocol being executed, you might need to call this + * Depending on the algorithm being executed, you might need to call this * function several times or you might not need to call this at all. * * Calling this function with PSA_PAKE_DATA_KEY_SHARE as \p type is equivalent * to calling psa_pake_set_key_share(). * * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the protocol in use. Refer to the documentation of + * exchange depends on the algorithm in use. Refer to the documentation of * individual PAKE algorithm types (`PSA_ALG_XXX` values of type * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more * information. @@ -4473,7 +4473,7 @@ psa_status_t psa_pake_set_key_share(psa_pake_operation_t *operation, * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, but beyond that - * validity is specific to the protocol). + * validity is specific to the algorithm). * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE @@ -4498,7 +4498,7 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, * material in the key derivation operation. * * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the protocol in use. Refer to the documentation of + * exchange depends on the algorithm in use. Refer to the documentation of * individual PAKE algorithm types (`PSA_ALG_XXX` values of type * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more * information. @@ -4515,7 +4515,7 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, but beyond that - * validity is specific to the protocol). + * validity is specific to the algorithm). * \retval #PSA_ERROR_BAD_STATE * The state of \p output is not valid for * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index e434e01e3..8635afd74 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -386,16 +386,16 @@ typedef uint16_t psa_key_derivation_step_t; /** \brief Encoding of the side of PAKE * - * Encodes which side of the protocol is being executed. For more information + * Encodes which side of the algorithm is being executed. For more information * see the documentation of individual PSA_PAKE_SIDE_XXX constants. */ typedef uint16_t psa_pake_side_t; /** Encoding of input and output indicators for PAKE. * - * Some PAKE protocols need to exchange more data than just a single key share. + * Some PAKE algorithms need to exchange more data than just a single key share. * This type is for encoding additional input and output data for such - * protocols. + * algorithms. */ typedef uint8_t psa_pake_data_t; diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 2d86136e0..4a6b06c76 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1966,14 +1966,14 @@ #define PSA_ALG_GET_HASH(alg) \ (((alg) & 0x000000ff) == 0 ? ((psa_algorithm_t)0) : 0x02000000 | ((alg) & 0x000000ff)) -/** The Password-authenticated key exchange by juggling (J-PAKE) protocol. +/** The Password-authenticated key exchange by juggling (J-PAKE) algorithm. * * J-PAKE can be instantiated over finite fields or elliptic curves. This can * be achieved by passing either #PSA_PAKE_PRIMITIVE_TYPE_FIELD_DH or * #PSA_PAKE_PRIMITIVE_TYPE_CURVE to #PSA_PAKE_PRIMITIVE respectively, when * creating the cipher suite. * - * In theory the protocol works with any non-interactive zero-knowledge proof. + * In theory the algorithm works with any non-interactive zero-knowledge proof. * Implementations of the present specification use Schnorr NIZKP and this does * not need to be configured in the cipher suites. * @@ -2452,8 +2452,8 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /** The first peer in a balanced PAKE. * - * Although balanced PAKE protocols are symmetric, some of them needs an - * ordering of peers for the transcript calculations. If the protocol does not + * Although balanced PAKE algorithms are symmetric, some of them needs an + * ordering of peers for the transcript calculations. If the algorithm does not * need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are * accepted. */ @@ -2461,8 +2461,8 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /** The second peer in a balanced PAKE. * - * Although balanced PAKE protocols are symmetric, some of them needs an - * ordering of peers for the transcript calculations. If the protocol does not + * Although balanced PAKE algorithms are symmetric, some of them needs an + * ordering of peers for the transcript calculations. If the algorithm does not * need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are * accepted. */ @@ -2470,13 +2470,13 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /** The client in an augmented PAKE. * - * Augmented PAKE protocols need to differentiate between client and server. + * Augmented PAKE algorithms need to differentiate between client and server. */ #define PSA_PAKE_SIDE_CLIENT ((psa_pake_side_t)0x0101) /** The server in an augmented PAKE. * - * Augmented PAKE protocols need to differentiate between client and server. + * Augmented PAKE algorithms need to differentiate between client and server. */ #define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x0102) @@ -2544,7 +2544,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * For information regarding representation consult the documentation of * individual ::psa_pake_primitive_type_t constants. * - * Some PAKE protocols need to exchange several key shares. If that is the + * Some PAKE algorithms need to exchange several key shares. If that is the * case, this value marks the first key share sent and the first key share * received. For values sent or received afterwards, use * #PSA_PAKE_DATA_KEY_SHARE_2 and #PSA_PAKE_DATA_KEY_SHARE_3. @@ -2559,7 +2559,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * For information regarding representation consult the documentation of * individual ::psa_pake_primitive_type_t constants. * - * Some PAKE protocols need to perform several zero-knowledge proofs. If that + * Some PAKE algorithms need to perform several zero-knowledge proofs. If that * is the case, this value marks the first public key sent and the first public * key received. For values sent or received afterwards, use * #PSA_PAKE_DATA_ZK_PUBLIC_2 and #PSA_PAKE_DATA_ZK_PUBLIC_3. @@ -2574,7 +2574,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * For information regarding representation consult the documentation of * individual ::psa_pake_primitive_type_t constants. * - * Some PAKE protocols need to perform several zero-knowledge proofs. If that + * Some PAKE algorithms need to perform several zero-knowledge proofs. If that * is the case, this value marks the first proof sent and the first proof * received. For values sent or received afterwards, use * #PSA_PAKE_DATA_ZK_PROOF_2 and #PSA_PAKE_DATA_ZK_PROOF_3. From 7ebcbf34f99c62581f83c32e2dc294418c3af8cd Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 19 Apr 2021 13:57:13 +0100 Subject: [PATCH 070/236] Remove psa_pake_get/set_key_share() functions The main purpose of psa_pake_get_key_share() is to provide a more straightforward and convenient call flow for regular PAKEs. Most PAKEs have a single key share and need a flow like this: op=PSA_PAKE_OPERATION_INIT; psa_pake_setup(); psa_pake_get_key_share(); psa_pake_set_key_share(); psa_pake_get_implicit_key(); Adding psa_pake_get/set_key_share() functions cuts out the psa_pake_data_t constants from the users vision, hiding complexity that exists only for unrelated PAKEs that aren't relevant for the user. This comes with the cost of the two additional API functions that we need to maintain. Since the current stream of work focuses on enabling J-PAKE, there are no benefits to these functions for now. Once algorithms that can benefit from this simplification are added, adding back these functions can be reconsidered. Signed-off-by: Janos Follath --- include/psa/crypto.h | 88 ++----------------------------------- include/psa/crypto_sizes.h | 24 +--------- include/psa/crypto_values.h | 4 +- 3 files changed, 8 insertions(+), 108 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index e6e78eb1c..632006dfb 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4232,10 +4232,10 @@ static psa_pake_operation_t psa_pake_operation_init(void); * * A typical sequence of calls to perform a password-authenticated key * exchange: - * -# Call psa_pake_get_key_share() to get the key share that needs to be sent - * to the peer. - * -# Call psa_pake_set_key_share() to provide the key share that was received - * from the peer. + * -# Call psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE, ...) to get the + * key share that needs to be sent to the peer. + * -# Call psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE, ...) to provide + * the key share that was received from the peer. * -# Call psa_pake_get_implicit_key() for accessing the shared secret. * * The exact sequence of calls to perform a password-authenticated key exchange @@ -4326,55 +4326,11 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, const uint8_t *session_data, size_t session_data_len); -/** Get the key share from a password-authenticated key exchange operation. - * - * This function returns a simple key share (eg. group element). - * - * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the algorithm in use. Refer to the documentation of - * individual PAKE algorithm types (`PSA_ALG_XXX` values of type - * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more - * information. - * - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling psa_pake_abort(). - * - * \param[in,out] operation Active PAKE operation. - * \param[out] key_share Buffer where the key share is to be written. - * \param key_share_size Size of the \p key_share buffer in bytes. - * \param[out] key_share_length On success, the number of bytes of the - * returned key_share. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, but beyond that - * validity is specific to the algorithm). - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * The size of the \p key_share buffer is too small. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_get_key_share(psa_pake_operation_t *operation, - uint8_t *key_share, - size_t key_share_size, - size_t *key_share_length); - /** Get additional key share from a password-authenticated key exchange. * * Depending on the algorithm being executed, you might need to call this * function several times or you might not need to call this at all. * - * Calling this function with PSA_PAKE_DATA_KEY_SHARE as \p type is equivalent - * to calling psa_pake_get_key_share(). - * * The exact sequence of calls to perform a password-authenticated key * exchange depends on the algorithm in use. Refer to the documentation of * individual PAKE algorithm types (`PSA_ALG_XXX` values of type @@ -4414,47 +4370,11 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, size_t output_size, size_t *output_length); -/** Provide peer key share to a password-authenticated key exchange operation. - * - * This function inputs a simple key share (eg. group element). - * - * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the algorithm in use. Refer to the documentation of - * individual PAKE algorithm types (`PSA_ALG_XXX` values of type - * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more - * information. - * - * \param[in,out] operation Active PAKE operation. - * \param[in] key_share Buffer containing the peer's key share. - * \param key_share_length Size of the \p key_share buffer in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, but beyond that - * validity is specific to the algorithm). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_set_key_share(psa_pake_operation_t *operation, - const uint8_t *key_share, - size_t key_share_length); - /** Provide additional peer key share for a password-authenticated key exchange. * * Depending on the algorithm being executed, you might need to call this * function several times or you might not need to call this at all. * - * Calling this function with PSA_PAKE_DATA_KEY_SHARE as \p type is equivalent - * to calling psa_pake_set_key_share(). - * * The exact sequence of calls to perform a password-authenticated key * exchange depends on the algorithm in use. Refer to the documentation of * individual PAKE algorithm types (`PSA_ALG_XXX` values of type diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 8497b14d0..482ff6806 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -1132,26 +1132,6 @@ #define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \ (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE) -/** A sufficient output buffer size for psa_pake_get_key_share(). - * - * If the size of the ciphertext buffer is at least this large, it is - * guaranteed that psa_pake_get_key_share() will not fail due to an - * insufficient ciphertext buffer size. The actual size of the output might be - * smaller in any given call. - * - * See also #PSA_PAKE_OUTPUT_MAX_SIZE - * - * \param alg A PAKE algorithm (PSA_ALG_XXX value such that - * #PSA_ALG_IS_PAKE(\p alg) is true). - * \param cipher_suite A cipher suite that is compatible with algorithm \p alg. - * \return A sufficient key share buffer size for the specified - * cipher suite and algorithm. If the cipher suite or PAKE - * algorithm is not recognized, or the parameters are - * incompatible, return 0. - */ -#define PSA_PAKE_KEY_SHARE_SIZE(alg, cipher_suite) \ - (PSA_PAKE_OUTPUT_SIZE(alg, cipher_suite, PSA_PAKE_DATA_KEY_SHARE) - /** A sufficient output buffer size for psa_pake_output(). * * If the size of the ciphertext buffer is at least this large, it is @@ -1172,8 +1152,8 @@ */ #define PSA_PAKE_OUTPUT_SIZE(alg, cipher_suite, output) -/** Output buffer size for psa_pake_output() and psa_pake_get_key_share(), - * for any of the supported cipher suites and PAKE algorithms. +/** Output buffer size for psa_pake_output() for any of the supported cipher + * suites and PAKE algorithms. * * This macro must expand to a compile-time constant integer. * diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 4a6b06c76..1e8c9fe38 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1986,7 +1986,7 @@ * * The key exchange flow for JPAKE is as follows: * -# To get the first round data that needs to be sent to the peer, call - * psa_pake_get_key_share(operation, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE_2, ...); @@ -1994,7 +1994,7 @@ * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF_2, ...); * -# To provide the first round data received from the peer to the operation, * call - * psa_pake_set_key_share(operation, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE_2, ...); From ef1b8c9a76167937dd7e79f538250c3a309c9c7f Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 19 Apr 2021 14:35:03 +0100 Subject: [PATCH 071/236] PSA PAKE: Relate JPAKE documentation to RFC8236 Signed-off-by: Janos Follath --- include/psa/crypto_values.h | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 1e8c9fe38..21d0202ff 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1986,30 +1986,50 @@ * * The key exchange flow for JPAKE is as follows: * -# To get the first round data that needs to be sent to the peer, call + * // Get g1 * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); + * // Get the ZKP public key for x1 * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); + * // Get the ZKP proof for x1 * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); + * // Get g2 * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE_2, ...); + * // Get the ZKP public key for x2 * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC_2, ...); + * // Get the ZKP proof for x2 * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF_2, ...); * -# To provide the first round data received from the peer to the operation, * call + * // Set g3 * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); + * // Set the ZKP public key for x3 * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); + * // Set the ZKP proof for x3 * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); + * // Set g4 * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE_2, ...); + * // Set the ZKP public key for x4 * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC_2, ...); + * // Set the ZKP proof for x4 * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF_2, ...); * -# To get the second round data that needs to be sent to the peer, call + * // Get A * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE_3, ...); + * // Get ZKP public key for x2*s * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC_3, ...); + * // Get ZKP proof for x2*s * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF_3, ...); * -# To provide the second round data received from the peer to the operation, * call + * // Set B * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE_3, ...); + * // Set ZKP public key for x4*s * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC_3, ...); + * // Set ZKP proof for x4*s * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF_3, ...); - * -# Call psa_pake_get_implicit_key() for accessing the shared secret. + * -# To access the shared secret call + * // Get Ka=Kb=K + * psa_pake_get_implicit_key() * * For more information consult the documentation of the individual * PSA_PAKE_DATA_XXX constants. From 8005e8a167c196f1b10bdaf924c14eadc47bf629 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 19 Apr 2021 14:46:54 +0100 Subject: [PATCH 072/236] Shrink psa_pake_side_t to uint8_t Signed-off-by: Janos Follath --- include/psa/crypto_types.h | 2 +- include/psa/crypto_values.h | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 8635afd74..3ec77f28f 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -389,7 +389,7 @@ typedef uint16_t psa_key_derivation_step_t; * Encodes which side of the algorithm is being executed. For more information * see the documentation of individual PSA_PAKE_SIDE_XXX constants. */ -typedef uint16_t psa_pake_side_t; +typedef uint8_t psa_pake_side_t; /** Encoding of input and output indicators for PAKE. * diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 21d0202ff..0e3d9231a 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2477,7 +2477,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are * accepted. */ -#define PSA_PAKE_SIDE_FIRST ((psa_pake_side_t)0x0001) +#define PSA_PAKE_SIDE_FIRST ((psa_pake_side_t)0x01) /** The second peer in a balanced PAKE. * @@ -2486,19 +2486,19 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are * accepted. */ -#define PSA_PAKE_SIDE_SECOND ((psa_pake_side_t)0x0002) +#define PSA_PAKE_SIDE_SECOND ((psa_pake_side_t)0x02) /** The client in an augmented PAKE. * * Augmented PAKE algorithms need to differentiate between client and server. */ -#define PSA_PAKE_SIDE_CLIENT ((psa_pake_side_t)0x0101) +#define PSA_PAKE_SIDE_CLIENT ((psa_pake_side_t)0x11) /** The server in an augmented PAKE. * * Augmented PAKE algorithms need to differentiate between client and server. */ -#define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x0102) +#define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x12) /** The PAKE uses elliptic curves. * From 8603fb09fe6864ad2be31ab996c6524bff129045 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 19 Apr 2021 15:12:46 +0100 Subject: [PATCH 073/236] PSA PAKE: add to PSA constant name test Signed-off-by: Janos Follath --- scripts/mbedtls_dev/macro_collector.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/mbedtls_dev/macro_collector.py b/scripts/mbedtls_dev/macro_collector.py index 0e76435f3..395e038ca 100644 --- a/scripts/mbedtls_dev/macro_collector.py +++ b/scripts/mbedtls_dev/macro_collector.py @@ -95,6 +95,7 @@ class PSAMacroEnumerator: self.mac_algorithms = set() #type: Set[str] self.ka_algorithms = set() #type: Set[str] self.kdf_algorithms = set() #type: Set[str] + self.pake_algorithms = set() #type: Set[str] self.aead_algorithms = set() #type: Set[str] # macro name -> list of argument names self.argspecs = {} #type: Dict[str, List[str]] @@ -364,6 +365,7 @@ enumerate 'asymmetric_signature_algorithm': [], 'asymmetric_signature_wildcard': [self.algorithms], 'asymmetric_encryption_algorithm': [], + 'pake_algorithm': [self.pake_algorithms], 'other_algorithm': [], } #type: Dict[str, List[Set[str]]] self.arguments_for['mac_length'] += ['1', '63'] @@ -389,6 +391,7 @@ enumerate self.mac_algorithms.add('0x03007fff') self.ka_algorithms.add('0x09fc0000') self.kdf_algorithms.add('0x080000ff') + self.pake_algorithms.add('0x0a0000ff') # For AEAD algorithms, the only variability is over the tag length, # and this only applies to known algorithms, so don't test an # unknown algorithm. From 2ba6079d473971b7271ca469b68ac2e4b72ff1a9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 28 Apr 2021 09:37:34 +0100 Subject: [PATCH 074/236] PSA: fix wording for implementation defined types There were remnants of the PSA specification wording in the documentation that can be confusing in Mbed TLS. We need to make it clear what the consequences of being implementation defined are in Mbed TLS. Signed-off-by: Janos Follath --- include/psa/crypto.h | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 632006dfb..074cc93e1 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -938,8 +938,8 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg, * \endcode * * This is an implementation-defined \c struct. Applications should not - * make any assumptions about the content of this structure except - * as directed by the documentation of a specific implementation. */ + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ typedef struct psa_hash_operation_s psa_hash_operation_t; /** \def PSA_HASH_OPERATION_INIT @@ -1307,9 +1307,10 @@ psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key, * operation = psa_mac_operation_init(); * \endcode * + * * This is an implementation-defined \c struct. Applications should not - * make any assumptions about the content of this structure except - * as directed by the documentation of a specific implementation. */ + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ typedef struct psa_mac_operation_s psa_mac_operation_t; /** \def PSA_MAC_OPERATION_INIT @@ -1732,8 +1733,8 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key, * \endcode * * This is an implementation-defined \c struct. Applications should not - * make any assumptions about the content of this structure except - * as directed by the documentation of a specific implementation. */ + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ typedef struct psa_cipher_operation_s psa_cipher_operation_t; /** \def PSA_CIPHER_OPERATION_INIT @@ -2261,8 +2262,8 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key, * \endcode * * This is an implementation-defined \c struct. Applications should not - * make any assumptions about the content of this structure except - * as directed by the documentation of a specific implementation. */ + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ typedef struct psa_aead_operation_s psa_aead_operation_t; /** \def PSA_AEAD_OPERATION_INIT @@ -3260,8 +3261,8 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key, * \endcode * * This is an implementation-defined \c struct. Applications should not - * make any assumptions about the content of this structure except - * as directed by the documentation of a specific implementation. + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ typedef struct psa_key_derivation_s psa_key_derivation_operation_t; @@ -4134,8 +4135,8 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, /** The type of the data strucure for PAKE cipher suites. * * This is an implementation-defined \c struct. Applications should not - * make any assumptions about the content of this structure except - * as directed by the documentation of a specific implementation. + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ typedef struct psa_pake_cipher_suite_s psa_pake_cipher_suite_t; @@ -4198,8 +4199,8 @@ static psa_pake_cipher_suite_t psa_pake_cipher_suite( * \endcode * * This is an implementation-defined \c struct. Applications should not - * make any assumptions about the content of this structure except - * as directed by the documentation of a specific implementation. */ + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ typedef struct psa_pake_operation_s psa_pake_operation_t; /** \def PSA_PAKE_OPERATION_INIT From fc3577daae6058b01c89cebb1b067c9712e85c62 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 28 Apr 2021 09:51:55 +0100 Subject: [PATCH 075/236] Remove reference to PSA_PAKE_KEY_SHARE_SIZE The macro PSA_PAKE_KEY_SHARE_SIZE has been removed, we need to remove references to it from the documentation as well. Signed-off-by: Janos Follath --- include/psa/crypto_sizes.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 482ff6806..bb01d5315 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -1157,8 +1157,7 @@ * * This macro must expand to a compile-time constant integer. * - * See also #PSA_PAKE_KEY_SHARE_SIZE(\p alg, \p cipher_suite) and - * #PSA_PAKE_OUTPUT_SIZE(\p alg, \p cipher_suite, \p output). + * See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p cipher_suite, \p output). */ #define PSA_PAKE_OUTPUT_MAX_SIZE From 82b54b96d3e5be4d491a17e9e369a973bd51cbff Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 28 Apr 2021 13:47:12 +0100 Subject: [PATCH 076/236] PSA PAKE: Align macro names In the key types API, PSA Crypto uses ECC to denote Elliptic curve cryptography and DH to denote Finite Field Diffie-Hellman. Change PSA_PAKE_PRIMITIVE_TYPE_XXX macros to be aligned. Signed-off-by: Janos Follath --- include/psa/crypto_values.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 0e3d9231a..9a9f69e61 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1969,8 +1969,8 @@ /** The Password-authenticated key exchange by juggling (J-PAKE) algorithm. * * J-PAKE can be instantiated over finite fields or elliptic curves. This can - * be achieved by passing either #PSA_PAKE_PRIMITIVE_TYPE_FIELD_DH or - * #PSA_PAKE_PRIMITIVE_TYPE_CURVE to #PSA_PAKE_PRIMITIVE respectively, when + * be achieved by passing either #PSA_PAKE_PRIMITIVE_TYPE_DH or + * #PSA_PAKE_PRIMITIVE_TYPE_ECC to #PSA_PAKE_PRIMITIVE respectively, when * creating the cipher suite. * * In theory the algorithm works with any non-interactive zero-knowledge proof. @@ -2515,7 +2515,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * curve would be. For more information, consult the documentation of * psa_export_key(). */ -#define PSA_PAKE_PRIMITIVE_TYPE_CURVE ((psa_pake_primitive_type_t)0x01) +#define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t)0x01) /** The PAKE uses finite fields based Diffie-Hellman groups. * @@ -2532,7 +2532,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * group would be. For more information, consult the documentation of * psa_export_key(). */ -#define PSA_PAKE_PRIMITIVE_TYPE_FIELD_DH ((psa_pake_primitive_type_t)0x02) +#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02) /** Construct a PAKE primitive from type, family and bitsize. * From cd56ff9c596d591e738b54ee274ff6082d0d6b81 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 30 Apr 2021 11:51:55 +0100 Subject: [PATCH 077/236] PSA PAKE: make cipher suite opaque Hiding the structure of the cipher suite implementation allows for greater flexibility. To preserve maximum flexibility, the constructor is replaced by individual setter/getter functions. Convenience macros and or functions can be added later. Signed-off-by: Janos Follath --- include/psa/crypto.h | 200 +++++++++++++++++++++++++++++++----- include/psa/crypto_struct.h | 94 ++++++++++++----- include/psa/crypto_values.h | 21 ++-- 3 files changed, 256 insertions(+), 59 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 074cc93e1..9220b2ea7 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4140,38 +4140,188 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, */ typedef struct psa_pake_cipher_suite_s psa_pake_cipher_suite_t; -/** Construct a cipher suite for a password-authenticated key exchange. +/** Retrieve the PAKE algorithm from a PAKE cipher suite. * - * \param primitive The primitive used in the cipher suite. - * \param hash The hash involved in the cipher suite. - * (`PSA_ALG_XXX` values of type ::psa_algorithm_t - * such that #PSA_ALG_IS_HASH(\c alg) is true.) - * \param algorithm1 Additional algorithm if needed in the cipher suite, - * 0 otherwise. - * \param bits1 A bit size qualifier if needed for \p algorithm1, - * 0 otherwise. - * \param algorithm2 Additional algorithm if needed in the cipher suite, - * 0 otherwise. - * \param bits2 A bit size qualifier if needed for \p algorithm2, - * 0 otherwise. - * \param options Additional options to be included with the cipher - * suite if needed, 0 otherwise. + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate its argument exactly once. + * + * \param[in] cipher_suite The cipher suite structure to query. + * + * \return The PAKE algorithm stored in the cipher suite structure. + */ +static psa_algorithm_t psa_pake_cs_get_algorithm( + const psa_pake_cipher_suite_t* cipher_suite + ); + +/** Declare the PAKE algorithm for the cipher suite. + * + * This function overwrites any PAKE algorithm + * previously set in \p cipher_suite. + * + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate each of its arguments exactly once. + * + * \param[out] cipher_suite The cipher suite structure to write to. + * \param algorithm The PAKE algorithm to write. + * (`PSA_ALG_XXX` values of type ::psa_algorithm_t + * such that #PSA_ALG_IS_PAKE(\c alg) is true.) + * If this is 0, the PAKE algorithm in + * \p cipher_suite becomes unspecified. + */ +static void psa_pake_cs_set_algorithm( + psa_pake_cipher_suite_t* cipher_suite, + psa_algorithm_t algorithm + ); + +/** Retrieve the primitive type from a PAKE cipher suite. + * + * This function may be declared as `static` (i.e. without external linkage). + * This function may be provided as a function-like macro, but in this case it + * must evaluate its argument exactly once. * * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) * for more information. * - * \retval The constructed cipher suite. + * \param[in] cipher_suite The cipher suite structure to query. + * + * \return The primitive type stored in the cipher suite structure. */ -static psa_pake_cipher_suite_t psa_pake_cipher_suite( - psa_pake_primitive_t primitive, - psa_algorithm_t hash, - psa_algorithm_t algorithm1, - psa_pake_bits_t bits1, - psa_algorithm_t algorithm2, - psa_pake_bits_t bits2, - psa_pake_cipher_suite_options_t options - ); +static psa_pake_primitive_type_t psa_pake_cs_get_type( + const psa_pake_cipher_suite_t* cipher_suite + ); + +/** Declare the primitive type for a PAKE cipher suite. + * + * This function overwrites any primitive type + * previously set in \p cipher_suite. + * + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate each of its arguments exactly once. + * + * \param[out] cipher_suite The cipher suite structure to write to. + * \param type The primitive type to write. + * If this is 0, the primitive type in + * \p cipher_suite becomes unspecified. + */ +static void psa_pake_cs_set_type( + psa_pake_cipher_suite_t* cipher_suite, + psa_pake_primitive_type_t type + ); + +/** Retrieve the primitive family from a PAKE cipher suite. + * + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate its argument exactly once. + * + * \param[in] cipher_suite The cipher suite structure to query. + * + * \return The primitive family stored in the cipher suite structure. + */ +static uint8_t psa_pake_cs_get_family( + const psa_pake_cipher_suite_t* cipher_suite + ); + +/** Declare the primitive family for a PAKE cipher suite. + * + * This function overwrites any primitive family + * previously set in \p cipher_suite. + * + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate each of its arguments exactly once. + * + * \param[out] cipher_suite The cipher suite structure to write to. + * \param family The primitive family to write. + * If this is 0, the primitive family in + * \p cipher_suite becomes unspecified. The + * interpretation of this parameter depends on + * the primitive type, for more information consult the + * documentation of individual + * ::psa_pake_primitive_type_t constants). + */ +static void psa_pake_cs_set_family( + psa_pake_cipher_suite_t* cipher_suite, + uint8_t family + ); + +/** Retrieve the primitive bits from a PAKE cipher suite. + * + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate its argument exactly once. + * + * \param[in] cipher_suite The cipher suite structure to query. + * + * \return The primitive bits stored in the cipher suite structure. + */ +static size_t psa_pake_cs_get_bits(const psa_pake_cipher_suite_t* cipher_suite); + +/** Declare the primitive bits for a PAKE cipher suite. + * + * This function overwrites any primitive bits + * previously set in \p cipher_suite. + * + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate each of its arguments exactly once. + * + * \param[out] cipher_suite The cipher suite structure to write to. + * \param bits The primitive bits to write. + * If this is 0, the primitive bits in + * \p cipher_suite becomes unspecified. The + * interpretation of this parameter depends on + * the family, for more information consult the + * documentation of individual + * ::psa_pake_primitive_type_t constants). + */ +static void psa_pake_cs_set_bits( + psa_pake_cipher_suite_t* cipher_suite, + size_t bits + ); + +/** Retrieve the hash algorithm from a PAKE cipher suite. + * + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate its argument exactly once. + * + * \param[in] cipher_suite The cipher suite structure to query. + * + * \return The hash algorithm stored in the cipher suite structure. + */ +static psa_algorithm_t psa_pake_cs_get_hash( + const psa_pake_cipher_suite_t* cipher_suite + ); + +/** Declare the hash algorithm for a PAKE cipher suite. + * + * This function overwrites any hash algorithm + * previously set in \p cipher_suite. + * + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate each of its arguments exactly once. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param[out] cipher_suite The cipher suite structure to write to. + * \param hash The hash involved in the cipher suite. + * (`PSA_ALG_XXX` values of type ::psa_algorithm_t + * such that #PSA_ALG_IS_HASH(\c alg) is true.) + * If this is 0, the hash algorithm in + * \p cipher_suite becomes unspecified. + */ +static void psa_pake_cs_set_hash( + psa_pake_cipher_suite_t* cipher_suite, + psa_algorithm_t hash + ); /** The type of the state data structure for PAKE operations. * diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index f289caf16..881abcb2a 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -463,36 +463,82 @@ static inline size_t psa_get_key_bits( struct psa_pake_cipher_suite_s { - psa_pake_primitive_t primitive; + psa_algorithm_t algorithm; + psa_pake_primitive_type_t type; + uint8_t family; + size_t bits; psa_algorithm_t hash; - psa_algorithm_t algorithm1; - psa_pake_bits_t bits1; - psa_algorithm_t algorithm2; - psa_pake_bits_t bits2; - psa_pake_cipher_suite_options_t options; }; -static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite( - psa_pake_primitive_t primitive, - psa_algorithm_t hash, - psa_algorithm_t algorithm1, - psa_pake_bits_t bits1, - psa_algorithm_t algorithm2, - psa_pake_bits_t bits2, - psa_pake_cipher_suite_options_t options - ) +static inline void psa_pake_cs_set_algorithm( + psa_pake_cipher_suite_t *cipher_suite, + psa_algorithm_t algorithm) { - struct psa_pake_cipher_suite_s cipher_suite; + if( !PSA_ALG_IS_PAKE(algorithm) ) + cipher_suite->algorithm = 0; + else + cipher_suite->algorithm = algorithm; +} - cipher_suite.primitive = primitive; - cipher_suite.hash = hash; - cipher_suite.algorithm1 = algorithm1; - cipher_suite.bits1 = bits1; - cipher_suite.algorithm2 = algorithm2; - cipher_suite.bits2 = bits2; - cipher_suite.options = options; +static inline psa_algorithm_t psa_pake_cs_get_algorithm( + const psa_pake_cipher_suite_t *cipher_suite) +{ + return( cipher_suite->algorithm ); +} - return cipher_suite; +static inline psa_pake_primitive_type_t psa_pake_cs_get_type( + const psa_pake_cipher_suite_t *cipher_suite) +{ + return( cipher_suite->type ); +} + +static inline void psa_pake_cs_set_type( + psa_pake_cipher_suite_t *cipher_suite, + psa_pake_primitive_type_t type) +{ + cipher_suite->type = type; +} + +static inline uint8_t psa_pake_cs_get_family( + const psa_pake_cipher_suite_t *cipher_suite) +{ + return( cipher_suite->family ); +} + +static inline void psa_pake_cs_set_family( + psa_pake_cipher_suite_t *cipher_suite, + uint8_t family) +{ + cipher_suite->family = family; +} + +static inline size_t psa_pake_cs_get_bits( + const psa_pake_cipher_suite_t *cipher_suite) +{ + return( cipher_suite->bits ); +} + +static inline void psa_pake_cs_set_bits( + psa_pake_cipher_suite_t *cipher_suite, + size_t bits) +{ + cipher_suite->bits = bits; +} + +static inline psa_algorithm_t psa_pake_cs_get_hash( + const psa_pake_cipher_suite_t *cipher_suite) +{ + return( cipher_suite->hash ); +} + +static inline void psa_pake_cs_set_hash( + psa_pake_cipher_suite_t *cipher_suite, + psa_algorithm_t hash) +{ + if( !PSA_ALG_IS_HASH(hash) ) + cipher_suite->hash = 0; + else + cipher_suite->hash = hash; } struct psa_pake_operation_s diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 9a9f69e61..bed48f79c 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1969,21 +1969,22 @@ /** The Password-authenticated key exchange by juggling (J-PAKE) algorithm. * * J-PAKE can be instantiated over finite fields or elliptic curves. This can - * be achieved by passing either #PSA_PAKE_PRIMITIVE_TYPE_DH or - * #PSA_PAKE_PRIMITIVE_TYPE_ECC to #PSA_PAKE_PRIMITIVE respectively, when - * creating the cipher suite. + * be achieved by setting either #PSA_PAKE_PRIMITIVE_TYPE_DH or + * #PSA_PAKE_PRIMITIVE_TYPE_ECC respectively in the cipher suite (see + * ::psa_pake_cipher_suite_t) via psa_pake_cs_set_type(). (Before using the + * cipher suite the field or curve must be fully specified by calling + * psa_pake_cs_set_family() and psa_pake_cs_set_bits() as well. For more + * information refer to the documentation of the individual + * `PSA_PAKE_PRIMITIVE_TYPE_XXX` constants.) + * + * J-PAKE can be used with any secure cryptographic hash function. The choice + * of hash must be supplied to the cipher suite by calling + * psa_pake_cs_set_hash(). * * In theory the algorithm works with any non-interactive zero-knowledge proof. * Implementations of the present specification use Schnorr NIZKP and this does * not need to be configured in the cipher suites. * - * J-PAKE can be used with any secure cryptographic hash function, the choice - * of hash must be supplied to the psa_pake_cipher_suite() as the second - * parameter (\p hash). - * - * All the remaining parameters passed to psa_pake_cipher_suite() when creating - * the cipher suite must be 0. - * * The key exchange flow for JPAKE is as follows: * -# To get the first round data that needs to be sent to the peer, call * // Get g1 From 684da035322b3b0e1d06dd9658235ceb1e7340cb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 30 Apr 2021 12:50:32 +0100 Subject: [PATCH 078/236] PSA PAKE: remove obsolete types and macros Making the cipher suite struct internal made a number of types and macros in the interface unused. Signed-off-by: Janos Follath --- include/psa/crypto_types.h | 23 ----------------------- include/psa/crypto_values.h | 34 ++++++---------------------------- 2 files changed, 6 insertions(+), 51 deletions(-) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 3ec77f28f..7c560b3a5 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -406,28 +406,5 @@ typedef uint8_t psa_pake_data_t; */ typedef uint8_t psa_pake_primitive_type_t; -/** Encoding of the bitsize for the PAKE's primitive. - * - * The type and family is not enough to identify the primitive to use in the - * PAKE, the implementation needs to know the bitsize too. - */ -typedef uint16_t psa_pake_bits_t; - -/** Encoding of the PAKE's primitive. - * - * In most of the PAKEs the primitives are prime order groups, but some of - * them might need the ring structure or just are using completely different - * algebraic structures (eg. SRP or PQC schemes). - */ -typedef uint32_t psa_pake_primitive_t; - -/** Encoding of additional options for PAKE. - * - * This type is for encoding additional options into PAKE cipher suites. - * (Options like for example EnvelopeMode in OPAQUE or "Per-User M and N" in - * SPAKE2.) - */ -typedef uint32_t psa_pake_cipher_suite_options_t; - /**@}*/ #endif /* PSA_CRYPTO_TYPES_H */ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index bed48f79c..78d431b9b 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2504,8 +2504,9 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /** The PAKE uses elliptic curves. * * The corresponding family type is ::psa_ecc_family_t. In determining a - * specific curve in the family ::psa_pake_bits_t values are interpreted in the - * exact same way as ::psa_key_bits_t would. + * specific curve in the family the cipher suite (see + * ::psa_pake_cipher_suite_t) bits are interpreted in the exact same way + * as key bits are. * * Input and output during the operation can involve group elements and scalar * values: @@ -2521,8 +2522,9 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /** The PAKE uses finite fields based Diffie-Hellman groups. * * The corresponding family type is ::psa_dh_family_t. In determining a - * specific group in the family ::psa_pake_bits_t values are interpreted in the - * exact same way as ::psa_key_bits_t would. + * specific group in the family the cipher suite (see + * ::psa_pake_cipher_suite_t) bits are interpreted in the exact same way + * as key bits are. * * Input and output during the operation can involve group elements and scalar * values: @@ -2535,28 +2537,6 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02) -/** Construct a PAKE primitive from type, family and bitsize. - * - * \param pake_type The type of the primitive - * (value of type ::psa_pake_primitive_type_t). - * \param pake_family The family of the primitive - * (the type and interpretation of this parameter depends - * on \p type, for more information consult the - * documentation of individual ::psa_pake_primitive_type_t - * constants). - * \param pake_bits The bitsize of the primitive - * (Value of type ::psa_pake_bits_t. The interpretation - * of this parameter depends on \p family, for more - * information consult the documentation of individual - * ::psa_pake_primitive_type_t constants). - * - * \return The constructed primitive value. - */ -#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \ - ((psa_pake_primitive_t) (((pake_type) << 24 | \ - (pake_family) << 16) | (pake_bits))) - - /** The key share being sent to or received from the peer. * * Unless the documentation of the PAKE algorithm says otherwise this is a @@ -2572,7 +2552,6 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_PAKE_DATA_KEY_SHARE ((psa_pake_data_t)0x01) - /** A Schnorr NIZKP public key. * * This is a group element. @@ -2587,7 +2566,6 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_PAKE_DATA_ZK_PUBLIC ((psa_pake_data_t)0x02) - /** A Schnorr NIZKP proof. * * This is a scalar value. From 5b44cfd430af591940845bc2c5ef6a4416007cea Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 30 Apr 2021 13:06:27 +0100 Subject: [PATCH 079/236] PSA PAKE: remove alg parameter from setup The cipher suite now defines the algorithm itself as well. Passing the algorithm separately is redundant and error prone. Signed-off-by: Janos Follath --- include/psa/crypto.h | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 9220b2ea7..17316795d 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4421,10 +4421,9 @@ static psa_pake_operation_t psa_pake_operation_init(void); * type PSA_KEY_TYPE_PASSWORD or * #PSA_KEY_TYPE_DERIVE. It has to allow the usage * #PSA_KEY_USAGE_DERIVE. - * \param alg The PAKE algorithm to use - * (\c PSA_ALG_XXX value such that - * #PSA_ALG_IS_PAKE(\p alg) is true). - * \param cipher_suite The cipher suite to use with the PAKE algorithm. + * \param cipher_suite The cipher suite to use. (A cipher suite fully + * characterizes a PAKE algorithm and determines + * the algorithm as well.) * \param side A value of type ::psa_pake_side_t signaling the * side of the algorithm that is being set up. For * more information see the documentation of \c @@ -4446,15 +4445,12 @@ static psa_pake_operation_t psa_pake_operation_init(void); * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key is not compatible with \p alg. + * \p key is not compatible with the algorithm in \p cipher_suite. * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p session_data is not empty and is not allowed in \p alg. + * \p session_data is not empty and is not allowed in the algorithm in + * \p cipher_suite. * \retval #PSA_ERROR_NOT_SUPPORTED - * \p cipher_suite is not compatible with \p alg. (Eg. \p cipher_suite - * mandates algorithms or sets options that do not make sense for \p alg - * or are not supported with \p alg.) - * \retval #PSA_ERROR_NOT_SUPPORTED - * \p alg is not supported or is not a PAKE algorithm. + * The \p cipher_suite is not supported or is not valid. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE @@ -4467,7 +4463,6 @@ static psa_pake_operation_t psa_pake_operation_init(void); */ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, mbedtls_svc_key_id_t password, - psa_algorithm_t alg, psa_pake_cipher_suite_t cipher_suite, psa_pake_side_t side, const uint8_t *user_id, From f75be64ef555f63f7b5bf4863f00d652f2300483 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 30 Apr 2021 13:11:05 +0100 Subject: [PATCH 080/236] PSA PAKE: fix identifier value Identifier value was not consistent with PSA conventions (last byte is reserved for hash algorithms or used in algorithms parametrized by a hash). Signed-off-by: Janos Follath --- include/psa/crypto_values.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 78d431b9b..a24337081 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2037,7 +2037,7 @@ * * J-PAKE is standardised for example in RFC 8236. */ -#define PSA_ALG_PAKE_JPAKE ((psa_algorithm_t)0x0a000001) +#define PSA_ALG_PAKE_JPAKE ((psa_algorithm_t)0x0a000100) /**@}*/ From 1459aa5656935a07737ab1769403ff7f4eae8a3a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 11 May 2021 08:24:56 +0100 Subject: [PATCH 081/236] PSA PAKE: improve documentation Minor documentation improvement and fixes. Signed-off-by: Janos Follath --- include/psa/crypto.h | 36 +++++++++++++++++++++++------------- include/psa/crypto_sizes.h | 5 +++-- include/psa/crypto_values.h | 24 ++++++++++++++---------- 3 files changed, 40 insertions(+), 25 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 17316795d..df8d4d4e9 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4240,8 +4240,8 @@ static uint8_t psa_pake_cs_get_family( * If this is 0, the primitive family in * \p cipher_suite becomes unspecified. The * interpretation of this parameter depends on - * the primitive type, for more information consult the - * documentation of individual + * the primitive type. For more information + * consult the documentation of individual * ::psa_pake_primitive_type_t constants). */ static void psa_pake_cs_set_family( @@ -4249,7 +4249,7 @@ static void psa_pake_cs_set_family( uint8_t family ); -/** Retrieve the primitive bits from a PAKE cipher suite. +/** Retrieve the size associated with the primitive from a PAKE cipher suite. * * This function may be declared as `static` (i.e. without external * linkage). This function may be provided as a function-like macro, @@ -4292,7 +4292,9 @@ static void psa_pake_cs_set_bits( * * \param[in] cipher_suite The cipher suite structure to query. * - * \return The hash algorithm stored in the cipher suite structure. + * \return The hash algorithm stored in the cipher suite structure. The return + * value is 0 if the PAKE is not parametrised by a hash algorithm or if + * the hash algorithm is not set. */ static psa_algorithm_t psa_pake_cs_get_hash( const psa_pake_cipher_suite_t* cipher_suite @@ -4378,8 +4380,8 @@ static psa_pake_operation_t psa_pake_operation_init(void); * -# Initialize the operation object with one of the methods described in the * documentation for #psa_pake_operation_t, e.g. * #PSA_PAKE_OPERATION_INIT. - * -# Call psa_pake_setup() to specify the algorithm, the key, cipher suite, - * identities and additional session information. + * -# Call psa_pake_setup() to specify the algorithm, the password, cipher + * suite, identities and additional session information. * * A typical sequence of calls to perform a password-authenticated key * exchange: @@ -4388,13 +4390,17 @@ static psa_pake_operation_t psa_pake_operation_init(void); * -# Call psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE, ...) to provide * the key share that was received from the peer. * -# Call psa_pake_get_implicit_key() for accessing the shared secret. + * -# Make a sequence of function calls to execute the password-authenticated + * key exchange as described below. + * -# Terminate the operation by a call to psa_pake_get_implicit_key() or + * psa_pake_abort(). * * The exact sequence of calls to perform a password-authenticated key exchange * depends on the algorithm in use: - * -# Some algorithms exchange more data than just a single key share. When using - * such a algorithm, call psa_pake_output() and psa_pake_input() one or more - * times to exchange any further data that is needed to derive the shared - * secret. + * - Some algorithms exchange more data than just a single key share. When using + * such a algorithm, call psa_pake_output() and psa_pake_input() one or more + * times to exchange any further data that is needed to derive the shared + * secret. * * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) @@ -4489,7 +4495,10 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, * \param[in,out] operation Active PAKE operation. * \param type The type of the data that is requested. * \param[out] output Buffer where the output is to be written. - * \param output_size Size of the \p output buffer in bytes. + * \param output_size Size of the \p output buffer in bytes. This must + * be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \c + * cipher_suite, \p type). + * * \param[out] output_length On success, the number of bytes of the returned * output. * @@ -4574,8 +4583,9 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, * state and must be aborted by calling psa_pake_abort(). * * \param[in,out] operation Active PAKE operation. - * \param[out] output A key derivation operation that has been - * initialized and set up. + * \param[out] output A key derivation operation that is ready + * for an input step of type + * #PSA_KEY_DERIVATION_INPUT_SECRET. * * \retval #PSA_SUCCESS * Success. diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index bb01d5315..4428fc01f 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -1144,13 +1144,14 @@ * \param alg A PAKE algorithm (PSA_ALG_XXX value such that * #PSA_ALG_IS_PAKE(\p alg) is true). * \param cipher_suite A cipher suite that is compatible with algorithm \p alg. - * \param output An output type used with algorithm \p alg. + * \param output_step A value of type ::psa_pake_data_t that is valid for the + * algorithm \p alg. * \return A sufficient output buffer size for the specified * output, cipher suite and algorithm. If the cipher suite, * the output type or PAKE algorithm is not recognized, or * the parameters are incompatible, return 0. */ -#define PSA_PAKE_OUTPUT_SIZE(alg, cipher_suite, output) +#define PSA_PAKE_OUTPUT_SIZE(alg, cipher_suite, output_step) /** Output buffer size for psa_pake_output() for any of the supported cipher * suites and PAKE algorithms. diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index a24337081..ab064dbdd 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2501,12 +2501,14 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x12) -/** The PAKE uses elliptic curves. +/** The PAKE primitive type indicating the use of elliptic curves. * - * The corresponding family type is ::psa_ecc_family_t. In determining a - * specific curve in the family the cipher suite (see - * ::psa_pake_cipher_suite_t) bits are interpreted in the exact same way - * as key bits are. + * The values of the \c family and \c bits fields of the cipher suite identify a + * specific elliptic curve, using the same mapping that is used for ECC + * (::psa_ecc_family_t) keys. + * + * (Here \c familiy means the value returned by psa_pake_cs_get_family() and + * \c bits means the value returned by psa_pake_cs_get_bits().) * * Input and output during the operation can involve group elements and scalar * values: @@ -2519,12 +2521,14 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t)0x01) -/** The PAKE uses finite fields based Diffie-Hellman groups. +/** The PAKE primitive type indicating the use of Diffie-Hellman groups. * - * The corresponding family type is ::psa_dh_family_t. In determining a - * specific group in the family the cipher suite (see - * ::psa_pake_cipher_suite_t) bits are interpreted in the exact same way - * as key bits are. + * The values of the \c family and \c bits fields of the cipher suite identify + * a specific Diffie-Hellman group, using the same mapping that is used for + * Diffie-Hellman (::psa_dh_family_t) keys. + * + * (Here \c familiy means the value returned by psa_pake_cs_get_family() and + * \c bits means the value returned by psa_pake_cs_get_bits().) * * Input and output during the operation can involve group elements and scalar * values: From f53c7af916877bfacf5fb9c27fbe0bfd21ff713d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 11 May 2021 08:35:31 +0100 Subject: [PATCH 082/236] PSA PAKE: introduce psa_pake_family_t It is the size of something that has no a priori reason to consist of 8 bits. This should be psa_pake_family_t, both for documentation (and possibly static analysis) and in case 8 bits turn out not to be enough. Signed-off-by: Janos Follath --- include/psa/crypto.h | 4 ++-- include/psa/crypto_struct.h | 6 +++--- include/psa/crypto_types.h | 9 +++++++++ 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index df8d4d4e9..970aea324 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4222,7 +4222,7 @@ static void psa_pake_cs_set_type( * * \return The primitive family stored in the cipher suite structure. */ -static uint8_t psa_pake_cs_get_family( +static psa_pake_family_t psa_pake_cs_get_family( const psa_pake_cipher_suite_t* cipher_suite ); @@ -4246,7 +4246,7 @@ static uint8_t psa_pake_cs_get_family( */ static void psa_pake_cs_set_family( psa_pake_cipher_suite_t* cipher_suite, - uint8_t family + psa_pake_family_t family ); /** Retrieve the size associated with the primitive from a PAKE cipher suite. diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 881abcb2a..97d5d2b41 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -465,7 +465,7 @@ struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; psa_pake_primitive_type_t type; - uint8_t family; + psa_pake_family_t family; size_t bits; psa_algorithm_t hash; }; @@ -499,7 +499,7 @@ static inline void psa_pake_cs_set_type( cipher_suite->type = type; } -static inline uint8_t psa_pake_cs_get_family( +static inline psa_pake_family_t psa_pake_cs_get_family( const psa_pake_cipher_suite_t *cipher_suite) { return( cipher_suite->family ); @@ -507,7 +507,7 @@ static inline uint8_t psa_pake_cs_get_family( static inline void psa_pake_cs_set_family( psa_pake_cipher_suite_t *cipher_suite, - uint8_t family) + psa_pake_family_t family) { cipher_suite->family = family; } diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 7c560b3a5..09ff1c5ed 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -403,8 +403,17 @@ typedef uint8_t psa_pake_data_t; * * Values defined by this standard will never be in the range 0x80-0xff. * Vendors who define additional types must use an encoding in this range. + * + * For more information see the documentation of individual + * PSA_PAKE_PRIMITIVE_TYPE_XXX constants. */ typedef uint8_t psa_pake_primitive_type_t; +/** \brief Encoding of the family of the primitive associated with the PAKE. + * + * For more information see the documentation of individual + * PSA_PAKE_PRIMITIVE_TYPE_XXX constants. + */ +typedef uint8_t psa_pake_family_t; /**@}*/ #endif /* PSA_CRYPTO_TYPES_H */ From 57cfc407e0ad421143e31fc6f8a656e560a249a2 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 11 May 2021 09:05:25 +0100 Subject: [PATCH 083/236] Remove obsolete __DOXYGEN_ONLY__ blocks __DOXYGEN_ONLY__ blocks were only used to typeset the PSA specification back when it was extracted from Mbed TLS headers. They are no longer used and should be removed. The PSA Crypto Driver API is still under development and might be extracted from Mbed TLS headers, leaving them there for now. Signed-off-by: Janos Follath --- include/psa/crypto.h | 42 ------------------------------------------ 1 file changed, 42 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 970aea324..7efa3154c 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -112,12 +112,6 @@ psa_status_t psa_crypto_init(void); * This macro returns a suitable initializer for a key attribute structure * of type #psa_key_attributes_t. */ -#ifdef __DOXYGEN_ONLY__ -/* This is an example definition for documentation purposes. - * Implementations should define a suitable value in `crypto_struct.h`. - */ -#define PSA_KEY_ATTRIBUTES_INIT {0} -#endif /** Return an initial value for a key attributes structure. */ @@ -947,12 +941,6 @@ typedef struct psa_hash_operation_s psa_hash_operation_t; * This macro returns a suitable initializer for a hash operation object * of type #psa_hash_operation_t. */ -#ifdef __DOXYGEN_ONLY__ -/* This is an example definition for documentation purposes. - * Implementations should define a suitable value in `crypto_struct.h`. - */ -#define PSA_HASH_OPERATION_INIT {0} -#endif /** Return an initial value for a hash operation object. */ @@ -1318,12 +1306,6 @@ typedef struct psa_mac_operation_s psa_mac_operation_t; * This macro returns a suitable initializer for a MAC operation object of type * #psa_mac_operation_t. */ -#ifdef __DOXYGEN_ONLY__ -/* This is an example definition for documentation purposes. - * Implementations should define a suitable value in `crypto_struct.h`. - */ -#define PSA_MAC_OPERATION_INIT {0} -#endif /** Return an initial value for a MAC operation object. */ @@ -1742,12 +1724,6 @@ typedef struct psa_cipher_operation_s psa_cipher_operation_t; * This macro returns a suitable initializer for a cipher operation object of * type #psa_cipher_operation_t. */ -#ifdef __DOXYGEN_ONLY__ -/* This is an example definition for documentation purposes. - * Implementations should define a suitable value in `crypto_struct.h`. - */ -#define PSA_CIPHER_OPERATION_INIT {0} -#endif /** Return an initial value for a cipher operation object. */ @@ -2271,12 +2247,6 @@ typedef struct psa_aead_operation_s psa_aead_operation_t; * This macro returns a suitable initializer for an AEAD operation object of * type #psa_aead_operation_t. */ -#ifdef __DOXYGEN_ONLY__ -/* This is an example definition for documentation purposes. - * Implementations should define a suitable value in `crypto_struct.h`. - */ -#define PSA_AEAD_OPERATION_INIT {0} -#endif /** Return an initial value for an AEAD operation object. */ @@ -3271,12 +3241,6 @@ typedef struct psa_key_derivation_s psa_key_derivation_operation_t; * This macro returns a suitable initializer for a key derivation operation * object of type #psa_key_derivation_operation_t. */ -#ifdef __DOXYGEN_ONLY__ -/* This is an example definition for documentation purposes. - * Implementations should define a suitable value in `crypto_struct.h`. - */ -#define PSA_KEY_DERIVATION_OPERATION_INIT {0} -#endif /** Return an initial value for a key derivation operation object. */ @@ -4360,12 +4324,6 @@ typedef struct psa_pake_operation_s psa_pake_operation_t; * This macro returns a suitable initializer for an PAKE operation object of * type #psa_pake_operation_t. */ -#ifdef __DOXYGEN_ONLY__ -/* This is an example definition for documentation purposes. - * Implementations should define a suitable value in `crypto_struct.h`. - */ -#define PSA_PAKE_OPERATION_INIT {0} -#endif /** Return an initial value for an PAKE operation object. */ From beb78d4d415fd68a6262194ccdf6fa4d84737bdd Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 11 May 2021 09:11:39 +0100 Subject: [PATCH 084/236] Rename psa_pake_data_t "Data" is too vague, renaming it to psa_pake_step_t. It is still somewhat vague, but at least consistent with the naming used in key derivation. Signed-off-by: Janos Follath --- include/psa/crypto.h | 4 ++-- include/psa/crypto_sizes.h | 2 +- include/psa/crypto_types.h | 2 +- include/psa/crypto_values.h | 18 +++++++++--------- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 7efa3154c..9ceac0a58 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4478,7 +4478,7 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, * results in this error code. */ psa_status_t psa_pake_output(psa_pake_operation_t *operation, - psa_pake_data_t type, + psa_pake_step_t type, uint8_t *output, size_t output_size, size_t *output_length); @@ -4518,7 +4518,7 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * results in this error code. */ psa_status_t psa_pake_input(psa_pake_operation_t *operation, - psa_pake_data_t type, + psa_pake_step_t type, uint8_t *input, size_t input_length); diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 4428fc01f..9d2f6c49c 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -1144,7 +1144,7 @@ * \param alg A PAKE algorithm (PSA_ALG_XXX value such that * #PSA_ALG_IS_PAKE(\p alg) is true). * \param cipher_suite A cipher suite that is compatible with algorithm \p alg. - * \param output_step A value of type ::psa_pake_data_t that is valid for the + * \param output_step A value of type ::psa_pake_step_t that is valid for the * algorithm \p alg. * \return A sufficient output buffer size for the specified * output, cipher suite and algorithm. If the cipher suite, diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 09ff1c5ed..bf8ab15a7 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -397,7 +397,7 @@ typedef uint8_t psa_pake_side_t; * This type is for encoding additional input and output data for such * algorithms. */ -typedef uint8_t psa_pake_data_t; +typedef uint8_t psa_pake_step_t; /** Encoding of the type of the PAKE's primitive. * diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index ab064dbdd..06aeec5e4 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2554,7 +2554,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * received. For values sent or received afterwards, use * #PSA_PAKE_DATA_KEY_SHARE_2 and #PSA_PAKE_DATA_KEY_SHARE_3. */ -#define PSA_PAKE_DATA_KEY_SHARE ((psa_pake_data_t)0x01) +#define PSA_PAKE_DATA_KEY_SHARE ((psa_pake_step_t)0x01) /** A Schnorr NIZKP public key. * @@ -2568,7 +2568,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * key received. For values sent or received afterwards, use * #PSA_PAKE_DATA_ZK_PUBLIC_2 and #PSA_PAKE_DATA_ZK_PUBLIC_3. */ -#define PSA_PAKE_DATA_ZK_PUBLIC ((psa_pake_data_t)0x02) +#define PSA_PAKE_DATA_ZK_PUBLIC ((psa_pake_step_t)0x02) /** A Schnorr NIZKP proof. * @@ -2582,43 +2582,43 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * received. For values sent or received afterwards, use * #PSA_PAKE_DATA_ZK_PROOF_2 and #PSA_PAKE_DATA_ZK_PROOF_3. */ -#define PSA_PAKE_DATA_ZK_PROOF ((psa_pake_data_t)0x03) +#define PSA_PAKE_DATA_ZK_PROOF ((psa_pake_step_t)0x03) /** Marks the second key share sent and received. * * See #PSA_PAKE_DATA_KEY_SHARE. */ -#define PSA_PAKE_DATA_KEY_SHARE_2 ((psa_pake_data_t)0x04) +#define PSA_PAKE_DATA_KEY_SHARE_2 ((psa_pake_step_t)0x04) /** Marks the second Schnorr NIZKP public key sent and received. * * See #PSA_PAKE_DATA_ZK_PUBLIC. */ -#define PSA_PAKE_DATA_ZK_PUBLIC_2 ((psa_pake_data_t)0x05) +#define PSA_PAKE_DATA_ZK_PUBLIC_2 ((psa_pake_step_t)0x05) /** Marks the second Schnorr NIZKP proof sent and received. * * See #PSA_PAKE_DATA_ZK_PROOF. */ -#define PSA_PAKE_DATA_ZK_PROOF_2 ((psa_pake_data_t)0x06) +#define PSA_PAKE_DATA_ZK_PROOF_2 ((psa_pake_step_t)0x06) /** Marks the third key share sent and received. * * See #PSA_PAKE_DATA_KEY_SHARE. */ -#define PSA_PAKE_DATA_KEY_SHARE_3 ((psa_pake_data_t)0x07) +#define PSA_PAKE_DATA_KEY_SHARE_3 ((psa_pake_step_t)0x07) /** Marks the third Schnorr NIZKP public key sent and received. * * See #PSA_PAKE_DATA_ZK_PUBLIC. */ -#define PSA_PAKE_DATA_ZK_PUBLIC_3 ((psa_pake_data_t)0x08) +#define PSA_PAKE_DATA_ZK_PUBLIC_3 ((psa_pake_step_t)0x08) /** Marks the third Schnorr NIZKP proof sent and received. * * See #PSA_PAKE_DATA_ZK_PROOF. */ -#define PSA_PAKE_DATA_ZK_PROOF_3 ((psa_pake_data_t)0x09) +#define PSA_PAKE_DATA_ZK_PROOF_3 ((psa_pake_step_t)0x09) /**@}*/ #endif /* PSA_CRYPTO_VALUES_H */ From a86c3131a8981d632585f83d8f5f61384b70c072 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 13 May 2021 10:51:01 +0100 Subject: [PATCH 085/236] PSA PAKE: divide setup into several steps There are too many parameters to the setup function. This makes it hard to figure out how to call the function and read code that calls the function. This also opens the suspicion that there's yet another parameter that we're missing. Signed-off-by: Janos Follath --- include/psa/crypto.h | 195 ++++++++++++++++++++++++++---------- include/psa/crypto_values.h | 5 + 2 files changed, 147 insertions(+), 53 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 9ceac0a58..a2f34cab0 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4319,12 +4319,6 @@ static void psa_pake_cs_set_hash( * Implementation details can change in future versions without notice. */ typedef struct psa_pake_operation_s psa_pake_operation_t; -/** \def PSA_PAKE_OPERATION_INIT - * - * This macro returns a suitable initializer for an PAKE operation object of - * type #psa_pake_operation_t. - */ - /** Return an initial value for an PAKE operation object. */ static psa_pake_operation_t psa_pake_operation_init(void); @@ -4338,8 +4332,21 @@ static psa_pake_operation_t psa_pake_operation_init(void); * -# Initialize the operation object with one of the methods described in the * documentation for #psa_pake_operation_t, e.g. * #PSA_PAKE_OPERATION_INIT. - * -# Call psa_pake_setup() to specify the algorithm, the password, cipher - * suite, identities and additional session information. + * -# Call psa_pake_setup() to specify cipher suite. + * -# Call \c psa_pake_set_xxx() functions on the operation to complete the + * setup. The exact sequence of \c psa_pake_set_xxx() functions that needs + * to be called depends on the algorithm in use. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * Like in the case of completing setup, the exact sequence of calls to perform + * a password-authenticated key exchange depends on the algorithm in use: + * - Some algorithms exchange more data than just a single key share. When using + * such a algorithm, call psa_pake_output() and psa_pake_input() one or more + * times to exchange any further data that is needed to derive the shared + * secret. * * A typical sequence of calls to perform a password-authenticated key * exchange: @@ -4353,13 +4360,6 @@ static psa_pake_operation_t psa_pake_operation_init(void); * -# Terminate the operation by a call to psa_pake_get_implicit_key() or * psa_pake_abort(). * - * The exact sequence of calls to perform a password-authenticated key exchange - * depends on the algorithm in use: - * - Some algorithms exchange more data than just a single key share. When using - * such a algorithm, call psa_pake_output() and psa_pake_input() one or more - * times to exchange any further data that is needed to derive the shared - * secret. - * * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) * for more information. @@ -4378,6 +4378,29 @@ static psa_pake_operation_t psa_pake_operation_init(void); * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for * #psa_pake_operation_t and not yet in use. + * \param cipher_suite The cipher suite to use. (A cipher suite fully + * characterizes a PAKE algorithm and determines + * the algorithm as well.) + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be inactive). + * \retval #PSA_ERROR_NOT_SUPPORTED + * The \p cipher_suite is not supported or is not valid. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_setup(psa_pake_operation_t *operation, + psa_pake_cipher_suite_t cipher_suite); + +/** Set the password for a password-authenticated key exchange. + * * \param password Identifier of the key holding the password or a * value derived from the password (eg. by a * memory-hard function). It must remain valid @@ -4385,56 +4408,122 @@ static psa_pake_operation_t psa_pake_operation_init(void); * type PSA_KEY_TYPE_PASSWORD or * #PSA_KEY_TYPE_DERIVE. It has to allow the usage * #PSA_KEY_USAGE_DERIVE. - * \param cipher_suite The cipher suite to use. (A cipher suite fully - * characterizes a PAKE algorithm and determines - * the algorithm as well.) - * \param side A value of type ::psa_pake_side_t signaling the - * side of the algorithm that is being set up. For - * more information see the documentation of \c - * PSA_PAKE_SIDE_XXX constants. - * \param[in] user_id The user ID to authenticate with. - * \param user_id_len Size of the \p user_id buffer in bytes. - * \param[in] peer_id The peer's ID to authenticate. - * \param peer_id_len Size of the \p peer_id buffer in bytes. - * \param[in] session_data Additional session related data if it is allowed - * or required by the algorithm. This must be empty - * if additional session data is not used by the - * algorithm. - * \param session_data_len Size of the \p session_data buffer in bytes. * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be inactive). + * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with the algorithm in \p cipher_suite. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p session_data is not empty and is not allowed in the algorithm in - * \p cipher_suite. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The \p cipher_suite is not supported or is not valid. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_pake_setup(psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password, - psa_pake_cipher_suite_t cipher_suite, - psa_pake_side_t side, - const uint8_t *user_id, - size_t user_id_len, - const uint8_t *peer_id, - size_t peer_id_len, - const uint8_t *session_data, - size_t session_data_len); +psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password); + +/** Set the user ID for a password-authenticated key exchange. + * + * Some PAKE algorithms assiciate only a single user identifier with the + * session. Such algorithms must call this function (psa_pake_set_user()) to + * set the identifier for the PAKE context. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param[in] user_id The user ID to authenticate with. + * \param user_id_len Size of the \p user_id buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p user_id is NULL. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len); + +/** Set the peer ID for a password-authenticated key exchange. + * + * Some PAKE algorithms assiciate only a single user identifier with the + * session. Such algorithms must call psa_pake_set_user() to set the + * identifier for the PAKE context. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param[in] peer_id The peer's ID to authenticate. + * \param peer_id_len Size of the \p peer_id buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The algorithm doesn't associate a second identity with the session. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p user_id is NULL. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len); + +/** Set the side for a password-authenticated key exchange. + * + * Not all PAKE algorithms need to differentiate the communicating entities. + * It is optional to call this function for PAKEs that don't require a side + * parameter. For such PAKEs the side parameter is ignored. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param side A value of type ::psa_pake_side_t signaling the + * side of the algorithm that is being set up. For + * more information see the documentation of \c + * PSA_PAKE_SIDE_XXX constants. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must have been set up). + * \retval #PSA_ERROR_NOT_SUPPORTED + * The \p side for this algorithm is not supported or is not valid. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_set_side(psa_pake_operation_t *operation, + psa_pake_side_t side); /** Get additional key share from a password-authenticated key exchange. * diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 06aeec5e4..a92002304 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1985,6 +1985,11 @@ * Implementations of the present specification use Schnorr NIZKP and this does * not need to be configured in the cipher suites. * + * J-PAKE doesn't differentiate between sides and has a distinct identifier + * associated with each entity. This means that both psa_pake_set_user() and + * psa_pake_set_peer() needs to be called before commencing the operation. + * Another conseque is that psa_pake_set_side() is optional and is ignored. + * * The key exchange flow for JPAKE is as follows: * -# To get the first round data that needs to be sent to the peer, call * // Get g1 From 78b9e40662bca1b594537433594dc130fffbc507 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 13 May 2021 11:45:14 +0100 Subject: [PATCH 086/236] PSA PAKE: reintroduce psa_pake_primitive_t If PSA_PAKE_OUTPUT_SIZE takes cipher_suite as a parameter and it is a structure it can't be a compile-time constant anymore. Reintroducing psa_pake_primitive_t, because it can be constructed as an integral type and holds enough information to allow PSA_PAKE_OUTPUT_SIZE calculating accurate estimates on the output size in compile time. Signed-off-by: Janos Follath --- include/psa/crypto.h | 93 ++++--------------------------------- include/psa/crypto_sizes.h | 4 +- include/psa/crypto_struct.h | 53 ++++++--------------- include/psa/crypto_types.h | 6 +++ include/psa/crypto_values.h | 24 ++++++++++ 5 files changed, 55 insertions(+), 125 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index a2f34cab0..ec5c16c48 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4145,107 +4145,30 @@ static void psa_pake_cs_set_algorithm( * This function may be provided as a function-like macro, but in this case it * must evaluate its argument exactly once. * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * * \param[in] cipher_suite The cipher suite structure to query. * - * \return The primitive type stored in the cipher suite structure. + * \return The primitive stored in the cipher suite structure. */ -static psa_pake_primitive_type_t psa_pake_cs_get_type( +static psa_pake_primitive_t psa_pake_cs_get_primitive( const psa_pake_cipher_suite_t* cipher_suite ); /** Declare the primitive type for a PAKE cipher suite. * - * This function overwrites any primitive type - * previously set in \p cipher_suite. + * This function overwrites any primitive previously set in \p cipher_suite. * * This function may be declared as `static` (i.e. without external * linkage). This function may be provided as a function-like macro, * but in this case it must evaluate each of its arguments exactly once. * * \param[out] cipher_suite The cipher suite structure to write to. - * \param type The primitive type to write. - * If this is 0, the primitive type in - * \p cipher_suite becomes unspecified. + * \param primitive The primitive to write. If this is 0, the + * primitive type in \p cipher_suite becomes + * unspecified. */ -static void psa_pake_cs_set_type( +static void psa_pake_cs_set_primitive( psa_pake_cipher_suite_t* cipher_suite, - psa_pake_primitive_type_t type - ); - -/** Retrieve the primitive family from a PAKE cipher suite. - * - * This function may be declared as `static` (i.e. without external - * linkage). This function may be provided as a function-like macro, - * but in this case it must evaluate its argument exactly once. - * - * \param[in] cipher_suite The cipher suite structure to query. - * - * \return The primitive family stored in the cipher suite structure. - */ -static psa_pake_family_t psa_pake_cs_get_family( - const psa_pake_cipher_suite_t* cipher_suite - ); - -/** Declare the primitive family for a PAKE cipher suite. - * - * This function overwrites any primitive family - * previously set in \p cipher_suite. - * - * This function may be declared as `static` (i.e. without external - * linkage). This function may be provided as a function-like macro, - * but in this case it must evaluate each of its arguments exactly once. - * - * \param[out] cipher_suite The cipher suite structure to write to. - * \param family The primitive family to write. - * If this is 0, the primitive family in - * \p cipher_suite becomes unspecified. The - * interpretation of this parameter depends on - * the primitive type. For more information - * consult the documentation of individual - * ::psa_pake_primitive_type_t constants). - */ -static void psa_pake_cs_set_family( - psa_pake_cipher_suite_t* cipher_suite, - psa_pake_family_t family - ); - -/** Retrieve the size associated with the primitive from a PAKE cipher suite. - * - * This function may be declared as `static` (i.e. without external - * linkage). This function may be provided as a function-like macro, - * but in this case it must evaluate its argument exactly once. - * - * \param[in] cipher_suite The cipher suite structure to query. - * - * \return The primitive bits stored in the cipher suite structure. - */ -static size_t psa_pake_cs_get_bits(const psa_pake_cipher_suite_t* cipher_suite); - -/** Declare the primitive bits for a PAKE cipher suite. - * - * This function overwrites any primitive bits - * previously set in \p cipher_suite. - * - * This function may be declared as `static` (i.e. without external - * linkage). This function may be provided as a function-like macro, - * but in this case it must evaluate each of its arguments exactly once. - * - * \param[out] cipher_suite The cipher suite structure to write to. - * \param bits The primitive bits to write. - * If this is 0, the primitive bits in - * \p cipher_suite becomes unspecified. The - * interpretation of this parameter depends on - * the family, for more information consult the - * documentation of individual - * ::psa_pake_primitive_type_t constants). - */ -static void psa_pake_cs_set_bits( - psa_pake_cipher_suite_t* cipher_suite, - size_t bits + psa_pake_primitive_t primitive ); /** Retrieve the hash algorithm from a PAKE cipher suite. diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 9d2f6c49c..d8fc9979b 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -1143,7 +1143,7 @@ * * \param alg A PAKE algorithm (PSA_ALG_XXX value such that * #PSA_ALG_IS_PAKE(\p alg) is true). - * \param cipher_suite A cipher suite that is compatible with algorithm \p alg. + * \param primitive A primitive that is compatible with algorithm \p alg. * \param output_step A value of type ::psa_pake_step_t that is valid for the * algorithm \p alg. * \return A sufficient output buffer size for the specified @@ -1151,7 +1151,7 @@ * the output type or PAKE algorithm is not recognized, or * the parameters are incompatible, return 0. */ -#define PSA_PAKE_OUTPUT_SIZE(alg, cipher_suite, output_step) +#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) /** Output buffer size for psa_pake_output() for any of the supported cipher * suites and PAKE algorithms. diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 97d5d2b41..a5f35cb9c 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -466,10 +466,16 @@ struct psa_pake_cipher_suite_s psa_algorithm_t algorithm; psa_pake_primitive_type_t type; psa_pake_family_t family; - size_t bits; + uint16_t bits; psa_algorithm_t hash; }; +static inline psa_algorithm_t psa_pake_cs_get_algorithm( + const psa_pake_cipher_suite_t *cipher_suite) +{ + return( cipher_suite->algorithm ); +} + static inline void psa_pake_cs_set_algorithm( psa_pake_cipher_suite_t *cipher_suite, psa_algorithm_t algorithm) @@ -480,49 +486,20 @@ static inline void psa_pake_cs_set_algorithm( cipher_suite->algorithm = algorithm; } -static inline psa_algorithm_t psa_pake_cs_get_algorithm( +static inline psa_pake_primitive_t psa_pake_cs_get_primitive( const psa_pake_cipher_suite_t *cipher_suite) { - return( cipher_suite->algorithm ); + return( PSA_PAKE_PRIMITIVE( cipher_suite->type, cipher_suite->family, + cipher_suite->bits) ); } -static inline psa_pake_primitive_type_t psa_pake_cs_get_type( - const psa_pake_cipher_suite_t *cipher_suite) -{ - return( cipher_suite->type ); -} - -static inline void psa_pake_cs_set_type( +static inline void psa_pake_cs_set_primitive( psa_pake_cipher_suite_t *cipher_suite, - psa_pake_primitive_type_t type) + psa_pake_primitive_t primitive) { - cipher_suite->type = type; -} - -static inline psa_pake_family_t psa_pake_cs_get_family( - const psa_pake_cipher_suite_t *cipher_suite) -{ - return( cipher_suite->family ); -} - -static inline void psa_pake_cs_set_family( - psa_pake_cipher_suite_t *cipher_suite, - psa_pake_family_t family) -{ - cipher_suite->family = family; -} - -static inline size_t psa_pake_cs_get_bits( - const psa_pake_cipher_suite_t *cipher_suite) -{ - return( cipher_suite->bits ); -} - -static inline void psa_pake_cs_set_bits( - psa_pake_cipher_suite_t *cipher_suite, - size_t bits) -{ - cipher_suite->bits = bits; + cipher_suite->type = (psa_pake_primitive_type_t) primitive >> 24; + cipher_suite->family = (psa_pake_family_t) ( 0xFF & (primitive >> 16) ); + cipher_suite->bits = (uint16_t) ( 0xFFFF & primitive ); } static inline psa_algorithm_t psa_pake_cs_get_hash( diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index bf8ab15a7..5418bd76e 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -415,5 +415,11 @@ typedef uint8_t psa_pake_primitive_type_t; * PSA_PAKE_PRIMITIVE_TYPE_XXX constants. */ typedef uint8_t psa_pake_family_t; + +/** \brief Encoding of the primitive associated with the PAKE. + * + * For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro. + */ +typedef uint32_t psa_pake_primitive_t; /**@}*/ #endif /* PSA_CRYPTO_TYPES_H */ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index a92002304..cb4c604a6 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2546,6 +2546,30 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02) +/** Construct a PAKE primitive from type, family and bitsize. + * + * \param pake_type The type of the primitive + * (value of type ::psa_pake_primitive_type_t). + * \param pake_family The family of the primitive + * (the type and interpretation of this parameter depends + * on \p type, for more information consult the + * documentation of individual ::psa_pake_primitive_type_t + * constants). + * \param pake_bits The bitsize of the primitive + * (Value of type \c size_t. The interpretation + * of this parameter depends on \p family, for more + * information consult the documentation of individual + * ::psa_pake_primitive_type_t constants). + * + * \return The constructed primitive value of type ::psa_pake_primitive_t. + * Return 0 if the requested primitive can't be encoded as + * ::psa_pake_primitive_t. + */ +#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \ + (pake_bits > 0xFFFF) ? 0 : \ + ((psa_pake_primitive_t) (((pake_type) << 24 | \ + (pake_family) << 16) | (pake_bits))) + /** The key share being sent to or received from the peer. * * Unless the documentation of the PAKE algorithm says otherwise this is a From a71811aa4c4958998a1a750dd99f4cb3be8b249d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 13 May 2021 11:50:01 +0100 Subject: [PATCH 087/236] Fix typo Signed-off-by: Janos Follath --- include/psa/crypto_values.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index cb4c604a6..9fc84f34d 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2512,7 +2512,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * specific elliptic curve, using the same mapping that is used for ECC * (::psa_ecc_family_t) keys. * - * (Here \c familiy means the value returned by psa_pake_cs_get_family() and + * (Here \c family means the value returned by psa_pake_cs_get_family() and * \c bits means the value returned by psa_pake_cs_get_bits().) * * Input and output during the operation can involve group elements and scalar @@ -2532,7 +2532,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * a specific Diffie-Hellman group, using the same mapping that is used for * Diffie-Hellman (::psa_dh_family_t) keys. * - * (Here \c familiy means the value returned by psa_pake_cs_get_family() and + * (Here \c family means the value returned by psa_pake_cs_get_family() and * \c bits means the value returned by psa_pake_cs_get_bits().) * * Input and output during the operation can involve group elements and scalar From 3c09c4733342ab0a142df1d7ec263ce4f4bb68e0 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 13 May 2021 11:57:49 +0100 Subject: [PATCH 088/236] PSA PAKE: remove redundant steps PAKE constructions that have multiple key shares will always consume and produce the key shares in numerical order. So using PSA_PAKE_DATA_XXX_X would demand step-sequence validation, and provides no functional utility over having only PSA_PAKE_DATA_XXX. Signed-off-by: Janos Follath --- include/psa/crypto_values.h | 75 ++++++------------------------------- 1 file changed, 12 insertions(+), 63 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 9fc84f34d..229485e66 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1999,11 +1999,11 @@ * // Get the ZKP proof for x1 * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); * // Get g2 - * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE_2, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); * // Get the ZKP public key for x2 - * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC_2, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); * // Get the ZKP proof for x2 - * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF_2, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); * -# To provide the first round data received from the peer to the operation, * call * // Set g3 @@ -2013,26 +2013,26 @@ * // Set the ZKP proof for x3 * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); * // Set g4 - * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE_2, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); * // Set the ZKP public key for x4 - * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC_2, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); * // Set the ZKP proof for x4 - * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF_2, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); * -# To get the second round data that needs to be sent to the peer, call * // Get A - * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE_3, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); * // Get ZKP public key for x2*s - * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC_3, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); * // Get ZKP proof for x2*s - * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF_3, ...); + * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); * -# To provide the second round data received from the peer to the operation, * call * // Set B - * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE_3, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); * // Set ZKP public key for x4*s - * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC_3, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); * // Set ZKP proof for x4*s - * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF_3, ...); + * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); * -# To access the shared secret call * // Get Ka=Kb=K * psa_pake_get_implicit_key() @@ -2577,11 +2577,6 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * * For information regarding representation consult the documentation of * individual ::psa_pake_primitive_type_t constants. - * - * Some PAKE algorithms need to exchange several key shares. If that is the - * case, this value marks the first key share sent and the first key share - * received. For values sent or received afterwards, use - * #PSA_PAKE_DATA_KEY_SHARE_2 and #PSA_PAKE_DATA_KEY_SHARE_3. */ #define PSA_PAKE_DATA_KEY_SHARE ((psa_pake_step_t)0x01) @@ -2591,11 +2586,6 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * * For information regarding representation consult the documentation of * individual ::psa_pake_primitive_type_t constants. - * - * Some PAKE algorithms need to perform several zero-knowledge proofs. If that - * is the case, this value marks the first public key sent and the first public - * key received. For values sent or received afterwards, use - * #PSA_PAKE_DATA_ZK_PUBLIC_2 and #PSA_PAKE_DATA_ZK_PUBLIC_3. */ #define PSA_PAKE_DATA_ZK_PUBLIC ((psa_pake_step_t)0x02) @@ -2605,49 +2595,8 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * * For information regarding representation consult the documentation of * individual ::psa_pake_primitive_type_t constants. - * - * Some PAKE algorithms need to perform several zero-knowledge proofs. If that - * is the case, this value marks the first proof sent and the first proof - * received. For values sent or received afterwards, use - * #PSA_PAKE_DATA_ZK_PROOF_2 and #PSA_PAKE_DATA_ZK_PROOF_3. */ #define PSA_PAKE_DATA_ZK_PROOF ((psa_pake_step_t)0x03) -/** Marks the second key share sent and received. - * - * See #PSA_PAKE_DATA_KEY_SHARE. - */ -#define PSA_PAKE_DATA_KEY_SHARE_2 ((psa_pake_step_t)0x04) - -/** Marks the second Schnorr NIZKP public key sent and received. - * - * See #PSA_PAKE_DATA_ZK_PUBLIC. - */ -#define PSA_PAKE_DATA_ZK_PUBLIC_2 ((psa_pake_step_t)0x05) - -/** Marks the second Schnorr NIZKP proof sent and received. - * - * See #PSA_PAKE_DATA_ZK_PROOF. - */ -#define PSA_PAKE_DATA_ZK_PROOF_2 ((psa_pake_step_t)0x06) - -/** Marks the third key share sent and received. - * - * See #PSA_PAKE_DATA_KEY_SHARE. - */ -#define PSA_PAKE_DATA_KEY_SHARE_3 ((psa_pake_step_t)0x07) - -/** Marks the third Schnorr NIZKP public key sent and received. - * - * See #PSA_PAKE_DATA_ZK_PUBLIC. - */ -#define PSA_PAKE_DATA_ZK_PUBLIC_3 ((psa_pake_step_t)0x08) - -/** Marks the third Schnorr NIZKP proof sent and received. - * - * See #PSA_PAKE_DATA_ZK_PROOF. - */ -#define PSA_PAKE_DATA_ZK_PROOF_3 ((psa_pake_step_t)0x09) - /**@}*/ #endif /* PSA_CRYPTO_VALUES_H */ From 56cc9ccc39b45a384a4ad5e60061bb4f49a63bd9 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 13 May 2021 12:01:11 +0100 Subject: [PATCH 089/236] PSA PAKE: Align macro names with psa_pake_step_t Signed-off-by: Janos Follath --- include/psa/crypto.h | 4 ++-- include/psa/crypto_values.h | 44 ++++++++++++++++++------------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index ec5c16c48..5473fbfd0 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4273,9 +4273,9 @@ static psa_pake_operation_t psa_pake_operation_init(void); * * A typical sequence of calls to perform a password-authenticated key * exchange: - * -# Call psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE, ...) to get the + * -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the * key share that needs to be sent to the peer. - * -# Call psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE, ...) to provide + * -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide * the key share that was received from the peer. * -# Call psa_pake_get_implicit_key() for accessing the shared secret. * -# Make a sequence of function calls to execute the password-authenticated diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 229485e66..174a1f1e0 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1993,52 +1993,52 @@ * The key exchange flow for JPAKE is as follows: * -# To get the first round data that needs to be sent to the peer, call * // Get g1 - * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); * // Get the ZKP public key for x1 - * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); * // Get the ZKP proof for x1 - * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); * // Get g2 - * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); * // Get the ZKP public key for x2 - * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); * // Get the ZKP proof for x2 - * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); * -# To provide the first round data received from the peer to the operation, * call * // Set g3 - * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); * // Set the ZKP public key for x3 - * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); * // Set the ZKP proof for x3 - * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); * // Set g4 - * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); * // Set the ZKP public key for x4 - * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); * // Set the ZKP proof for x4 - * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); * -# To get the second round data that needs to be sent to the peer, call * // Get A - * psa_pake_output(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); * // Get ZKP public key for x2*s - * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); * // Get ZKP proof for x2*s - * psa_pake_output(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); * -# To provide the second round data received from the peer to the operation, * call * // Set B - * psa_pake_input(operation, #PSA_PAKE_DATA_KEY_SHARE, ...); + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); * // Set ZKP public key for x4*s - * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PUBLIC, ...); + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); * // Set ZKP proof for x4*s - * psa_pake_input(operation, #PSA_PAKE_DATA_ZK_PROOF, ...); + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); * -# To access the shared secret call * // Get Ka=Kb=K * psa_pake_get_implicit_key() * * For more information consult the documentation of the individual - * PSA_PAKE_DATA_XXX constants. + * PSA_PAKE_STEP_XXX constants. * * J-PAKE is standardised for example in RFC 8236. */ @@ -2578,7 +2578,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * For information regarding representation consult the documentation of * individual ::psa_pake_primitive_type_t constants. */ -#define PSA_PAKE_DATA_KEY_SHARE ((psa_pake_step_t)0x01) +#define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01) /** A Schnorr NIZKP public key. * @@ -2587,7 +2587,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * For information regarding representation consult the documentation of * individual ::psa_pake_primitive_type_t constants. */ -#define PSA_PAKE_DATA_ZK_PUBLIC ((psa_pake_step_t)0x02) +#define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t)0x02) /** A Schnorr NIZKP proof. * @@ -2596,7 +2596,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * For information regarding representation consult the documentation of * individual ::psa_pake_primitive_type_t constants. */ -#define PSA_PAKE_DATA_ZK_PROOF ((psa_pake_step_t)0x03) +#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03) /**@}*/ #endif /* PSA_CRYPTO_VALUES_H */ From fe0c4493f5a3118d56759ad0f4b4478aadfdb077 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 13 May 2021 12:25:15 +0100 Subject: [PATCH 090/236] Add psa_pake_set_password_mhf() Using memory hard functions with PAKEs is the more secure option. It should be as convenient and efficient to use as less secure options, but so far it required creating an additional temporary key object. With psa_pake_set_password_mhf() this eliminates the need for this. Similarly we could add a convenience function to supply the password directly from character strings, but that would make the less secure option more convenient again and therfore we are not doing it now. Signed-off-by: Janos Follath --- include/psa/crypto.h | 33 ++++++++++++++++++++++++++++++++- 1 file changed, 32 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 5473fbfd0..e94a95713 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4322,7 +4322,7 @@ static psa_pake_operation_t psa_pake_operation_init(void); psa_status_t psa_pake_setup(psa_pake_operation_t *operation, psa_pake_cipher_suite_t cipher_suite); -/** Set the password for a password-authenticated key exchange. +/** Set the password for a password-authenticated key exchange from key ID. * * \param password Identifier of the key holding the password or a * value derived from the password (eg. by a @@ -4350,6 +4350,37 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, mbedtls_svc_key_id_t password); +/** Set the password for a password-authenticated key exchange with memory hard + * function. + * + * Some protocols require using values derived from passwords via memory hard + * functions to mitigate dictionary attacks. Memory hard functions can be + * accessed through the key derivation interface and the result can be supplied + * to the PAKE operation in the form of a key derivation object. + * + * \param key_derivation An ongoing key derivation operation set up from + * the password and in a state suitable for + * calling psa_key_derivation_output_bytes(). + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key_derivation is not ready for a call to + * psa_key_derivation_output_bytes(). + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_set_password_mhf(psa_pake_operation_t *operation, + psa_pake_operation_t *key_derivation); + /** Set the user ID for a password-authenticated key exchange. * * Some PAKE algorithms assiciate only a single user identifier with the From b0bcb633ffb567aaa9ff2a17fe5043df6485bfd7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 13 May 2021 13:21:43 +0100 Subject: [PATCH 091/236] Link PSA_KEY_TYPE_PASSWORD in the documentation Signed-off-by: Janos Follath --- include/psa/crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index e94a95713..8759d6975 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4328,7 +4328,7 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, * value derived from the password (eg. by a * memory-hard function). It must remain valid * until the operation terminates. It must be of - * type PSA_KEY_TYPE_PASSWORD or + * type #PSA_KEY_TYPE_PASSWORD or * #PSA_KEY_TYPE_DERIVE. It has to allow the usage * #PSA_KEY_USAGE_DERIVE. * From 60fa7c59b26aa1f5eee0aeaca00428159c391b0d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 13 May 2021 13:36:32 +0100 Subject: [PATCH 092/236] PSA PAKE: document operation parameters Signed-off-by: Janos Follath --- include/psa/crypto.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 8759d6975..f49286ca7 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4324,6 +4324,9 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, /** Set the password for a password-authenticated key exchange from key ID. * + * \param[in,out] operation The operation object to set the password for. It + * must have been set up by psa_pake_setup() and + * not yet in use. * \param password Identifier of the key holding the password or a * value derived from the password (eg. by a * memory-hard function). It must remain valid @@ -4358,6 +4361,9 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * accessed through the key derivation interface and the result can be supplied * to the PAKE operation in the form of a key derivation object. * + * \param[in,out] operation The operation object to set the password for. It + * must have been set up by psa_pake_setup() and + * not yet in use. * \param key_derivation An ongoing key derivation operation set up from * the password and in a state suitable for * calling psa_key_derivation_output_bytes(). @@ -4391,6 +4397,9 @@ psa_status_t psa_pake_set_password_mhf(psa_pake_operation_t *operation, * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) * for more information. * + * \param[in,out] operation The operation object to set the user ID for. It + * must have been set up by psa_pake_setup() and + * not yet in use. * \param[in] user_id The user ID to authenticate with. * \param user_id_len Size of the \p user_id buffer in bytes. * @@ -4423,6 +4432,9 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) * for more information. * + * \param[in,out] operation The operation object to set the peer ID for. It + * must have been set up by psa_pake_setup() and + * not yet in use. * \param[in] peer_id The peer's ID to authenticate. * \param peer_id_len Size of the \p peer_id buffer in bytes. * @@ -4457,6 +4469,9 @@ psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) * for more information. * + * \param[in,out] operation The operation object to set the side for. It + * must have been set up by psa_pake_setup() and + * not yet in use. * \param side A value of type ::psa_pake_side_t signaling the * side of the algorithm that is being set up. For * more information see the documentation of \c From ed82716546567583b42419338ffd0448f66a6171 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 13 May 2021 14:38:15 +0100 Subject: [PATCH 093/236] Remove always false comparison PSA_PAKE_PRIMITIVE Always false comparison triggered compiler warnings. Removing comparison while preserving semantics to achieve clean build. Signed-off-by: Janos Follath --- include/psa/crypto_values.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 174a1f1e0..94616aad7 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2566,7 +2566,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * ::psa_pake_primitive_t. */ #define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \ - (pake_bits > 0xFFFF) ? 0 : \ + ((pake_bits & 0xFFFF) != pake_bits) ? 0 : \ ((psa_pake_primitive_t) (((pake_type) << 24 | \ (pake_family) << 16) | (pake_bits))) From ef816f37be9e1d33639152bb4349680c973b8449 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 13 May 2021 16:01:47 +0100 Subject: [PATCH 094/236] Fix precedence in psa_pake_cs_set_primitive() Signed-off-by: Janos Follath --- include/psa/crypto_struct.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index a5f35cb9c..b20a17972 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -497,7 +497,7 @@ static inline void psa_pake_cs_set_primitive( psa_pake_cipher_suite_t *cipher_suite, psa_pake_primitive_t primitive) { - cipher_suite->type = (psa_pake_primitive_type_t) primitive >> 24; + cipher_suite->type = (psa_pake_primitive_type_t) (primitive >> 24); cipher_suite->family = (psa_pake_family_t) ( 0xFF & (primitive >> 16) ); cipher_suite->bits = (uint16_t) ( 0xFFFF & primitive ); } From 14ce06afe270687e6490e038ab5d2e647b193b17 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 14 May 2021 11:26:23 +0100 Subject: [PATCH 095/236] PSA PAKE: fix documentation Signed-off-by: Janos Follath --- include/psa/crypto.h | 6 +++--- include/psa/crypto_values.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index f49286ca7..87b4526eb 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4139,7 +4139,7 @@ static void psa_pake_cs_set_algorithm( psa_algorithm_t algorithm ); -/** Retrieve the primitive type from a PAKE cipher suite. +/** Retrieve the primitive from a PAKE cipher suite. * * This function may be declared as `static` (i.e. without external linkage). * This function may be provided as a function-like macro, but in this case it @@ -4153,7 +4153,7 @@ static psa_pake_primitive_t psa_pake_cs_get_primitive( const psa_pake_cipher_suite_t* cipher_suite ); -/** Declare the primitive type for a PAKE cipher suite. +/** Declare the primitive for a PAKE cipher suite. * * This function overwrites any primitive previously set in \p cipher_suite. * @@ -4353,7 +4353,7 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, mbedtls_svc_key_id_t password); -/** Set the password for a password-authenticated key exchange with memory hard +/** Set the password for a password-authenticated key exchange via a memory hard * function. * * Some protocols require using values derived from passwords via memory hard diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 94616aad7..d1924db67 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1988,7 +1988,7 @@ * J-PAKE doesn't differentiate between sides and has a distinct identifier * associated with each entity. This means that both psa_pake_set_user() and * psa_pake_set_peer() needs to be called before commencing the operation. - * Another conseque is that psa_pake_set_side() is optional and is ignored. + * Another consequence is that psa_pake_set_side() is optional and is ignored. * * The key exchange flow for JPAKE is as follows: * -# To get the first round data that needs to be sent to the peer, call From 1062a24152c32228ff0750256e84d77f97d39cb8 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 14 May 2021 12:02:55 +0100 Subject: [PATCH 096/236] Fix psa_pake_set_password_mhf() parameter list The type of the key derivation operation was incorrect. Also neither the PAKE nor key_derivation algorithm knows how many bytes to transfer at this stage. There is no optimal or recommended size, PAKEs don't mandate it either (with the exception of OPAQUE, but that uses it internally and won't be using this interface). Adding an input length parameter to allow the application to control how many bytes the PAKE takes from the key derivation. Signed-off-by: Janos Follath --- include/psa/crypto.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 87b4526eb..00317f7ff 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4367,6 +4367,8 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * \param key_derivation An ongoing key derivation operation set up from * the password and in a state suitable for * calling psa_key_derivation_output_bytes(). + * \param input_length Number of bytes to input from the + * \p key_derivation operation. * * \retval #PSA_SUCCESS * Success. @@ -4385,7 +4387,8 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * results in this error code. */ psa_status_t psa_pake_set_password_mhf(psa_pake_operation_t *operation, - psa_pake_operation_t *key_derivation); + psa_key_derivation_operation_t *key_derivation, + size_t input_length); /** Set the user ID for a password-authenticated key exchange. * From e1a080f1f8c82386da370d2893cf9d2b985d1e51 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 14 May 2021 12:16:36 +0100 Subject: [PATCH 097/236] Improve psa_pake_set_password_mhf() documentation Signed-off-by: Janos Follath --- include/psa/crypto.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 00317f7ff..205c5fd8a 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4361,14 +4361,14 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * accessed through the key derivation interface and the result can be supplied * to the PAKE operation in the form of a key derivation object. * - * \param[in,out] operation The operation object to set the password for. It - * must have been set up by psa_pake_setup() and - * not yet in use. - * \param key_derivation An ongoing key derivation operation set up from - * the password and in a state suitable for - * calling psa_key_derivation_output_bytes(). - * \param input_length Number of bytes to input from the - * \p key_derivation operation. + * \param[in,out] operation The operation object to set the password for. + * It must have been set up by psa_pake_setup() + * and not yet in use. + * \param[in,out] key_derivation An ongoing key derivation operation set up + * from the password and in a state suitable for + * calling psa_key_derivation_output_bytes(). + * \param input_length Number of bytes to input from the + * \p key_derivation operation. * * \retval #PSA_SUCCESS * Success. From 7b8910322c701bb85a1ba7690ce1634537f0845a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 14 May 2021 15:42:46 +0100 Subject: [PATCH 098/236] PSA PAKE: refine documentation of return values The key derivation operation passed to psa_pake_set_password_mhf() might enter an error state before the function returns. If this happens, the user needs to know about it so that they can properly abort it. Signed-off-by: Janos Follath --- include/psa/crypto.h | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 205c5fd8a..6706ef8ea 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4337,6 +4337,8 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, * * \retval #PSA_SUCCESS * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must have been set up.) * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_COMMUNICATION_FAILURE @@ -4361,6 +4363,16 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * accessed through the key derivation interface and the result can be supplied * to the PAKE operation in the form of a key derivation object. * + * This function draws bytes from a key derivation algorithm and sets those + * bytes as a password for the password-authenticated key exchange. If you + * view the key derivation's output as a stream of bytes, this function + * destructively reads the requested number of bytes from the stream. + * The key derivation operation's capacity decreases by the number of bytes read. + * + * If this function returns #PSA_ERROR_INVALID_ARGUMENT, \p key_derivation + * enters an error state and must be aborted by calling + * psa_key_derivation_abort(). + * * \param[in,out] operation The operation object to set the password for. * It must have been set up by psa_pake_setup() * and not yet in use. @@ -4372,6 +4384,11 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * * \retval #PSA_SUCCESS * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must have been set up.) + * \retval #PSA_ERROR_INSUFFICIENT_DATA + * The \p key_derivation operation's capacity was less than + * \p input_length bytes. * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_COMMUNICATION_FAILURE @@ -4379,8 +4396,8 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key_derivation is not ready for a call to - * psa_key_derivation_output_bytes(). + * The call to psa_key_derivation_output_bytes() returned something + * other than #PSA_ERROR_INSUFFICIENT_DATA. * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -4409,7 +4426,7 @@ psa_status_t psa_pake_set_password_mhf(psa_pake_operation_t *operation, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid. + * The operation state is not valid (it must have been set up.) * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE @@ -4444,7 +4461,7 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid. + * The operation state is not valid (it must have been set up.) * \retval #PSA_ERROR_NOT_SUPPORTED * The algorithm doesn't associate a second identity with the session. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY From 9a04aeaff5e01abde65a972030e23ce9cf700c99 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 20 May 2021 16:21:01 +0100 Subject: [PATCH 099/236] PSA PAKE: improve and fix documentation Signed-off-by: Janos Follath --- include/psa/crypto.h | 30 ++++++++++++++++++------------ include/psa/crypto_sizes.h | 3 ++- include/psa/crypto_types.h | 6 +++--- include/psa/crypto_values.h | 12 ++++++------ 4 files changed, 29 insertions(+), 22 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 6706ef8ea..fa4102278 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4092,7 +4092,7 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, /**@}*/ -/** \defgroup Password-authenticated key agreement +/** \defgroup pake Password-authenticated key exchange (PAKE) * @{ */ @@ -4255,7 +4255,7 @@ static psa_pake_operation_t psa_pake_operation_init(void); * -# Initialize the operation object with one of the methods described in the * documentation for #psa_pake_operation_t, e.g. * #PSA_PAKE_OPERATION_INIT. - * -# Call psa_pake_setup() to specify cipher suite. + * -# Call psa_pake_setup() to specify the cipher suite. * -# Call \c psa_pake_set_xxx() functions on the operation to complete the * setup. The exact sequence of \c psa_pake_set_xxx() functions that needs * to be called depends on the algorithm in use. @@ -4323,6 +4323,11 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, psa_pake_cipher_suite_t cipher_suite); /** Set the password for a password-authenticated key exchange from key ID. + * + * Call this function when the password, or a value derived from the password, + * is already present in the key store. To calculate the password-derived value + * from a password input, use the key derivation interface and + * psa_pake_set_password_stretch() instead. * * \param[in,out] operation The operation object to set the password for. It * must have been set up by psa_pake_setup() and @@ -4332,8 +4337,8 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, * memory-hard function). It must remain valid * until the operation terminates. It must be of * type #PSA_KEY_TYPE_PASSWORD or - * #PSA_KEY_TYPE_DERIVE. It has to allow the usage - * #PSA_KEY_USAGE_DERIVE. + * #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow + * the usage #PSA_KEY_USAGE_DERIVE. * * \retval #PSA_SUCCESS * Success. @@ -4409,7 +4414,7 @@ psa_status_t psa_pake_set_password_mhf(psa_pake_operation_t *operation, /** Set the user ID for a password-authenticated key exchange. * - * Some PAKE algorithms assiciate only a single user identifier with the + * Some PAKE algorithms associate only a single user identifier with the * session. Such algorithms must call this function (psa_pake_set_user()) to * set the identifier for the PAKE context. * @@ -4444,7 +4449,7 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, /** Set the peer ID for a password-authenticated key exchange. * - * Some PAKE algorithms assiciate only a single user identifier with the + * Some PAKE algorithms associate only a single user identifier with the * session. Such algorithms must call psa_pake_set_user() to set the * identifier for the PAKE context. * @@ -4514,7 +4519,7 @@ psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, psa_status_t psa_pake_set_side(psa_pake_operation_t *operation, psa_pake_side_t side); -/** Get additional key share from a password-authenticated key exchange. +/** Get output for a step of a password-authenticated key exchange. * * Depending on the algorithm being executed, you might need to call this * function several times or you might not need to call this at all. @@ -4529,7 +4534,8 @@ psa_status_t psa_pake_set_side(psa_pake_operation_t *operation, * state and must be aborted by calling psa_pake_abort(). * * \param[in,out] operation Active PAKE operation. - * \param type The type of the data that is requested. + * \param step The step of the algorithm for which the output is + * requested. * \param[out] output Buffer where the output is to be written. * \param output_size Size of the \p output buffer in bytes. This must * be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \c @@ -4556,12 +4562,12 @@ psa_status_t psa_pake_set_side(psa_pake_operation_t *operation, * results in this error code. */ psa_status_t psa_pake_output(psa_pake_operation_t *operation, - psa_pake_step_t type, + psa_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length); -/** Provide additional peer key share for a password-authenticated key exchange. +/** Provide input for a step of a password-authenticated key exchange. * * Depending on the algorithm being executed, you might need to call this * function several times or you might not need to call this at all. @@ -4576,7 +4582,7 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * state and must be aborted by calling psa_pake_abort(). * * \param[in,out] operation Active PAKE operation. - * \param type The type of the data provided. + * \param step The step for which the input is provided. * \param[out] input Buffer containing the input. * \param[out] input_length Size of the \p input buffer in bytes. * @@ -4596,7 +4602,7 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * results in this error code. */ psa_status_t psa_pake_input(psa_pake_operation_t *operation, - psa_pake_step_t type, + psa_pake_step_t step, uint8_t *input, size_t input_length); diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index d8fc9979b..a603c9d29 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -1143,7 +1143,8 @@ * * \param alg A PAKE algorithm (PSA_ALG_XXX value such that * #PSA_ALG_IS_PAKE(\p alg) is true). - * \param primitive A primitive that is compatible with algorithm \p alg. + * \param primitive A primitive of type ::psa_pake_primitive_t that is + * compatible with algorithm \p alg. * \param output_step A value of type ::psa_pake_step_t that is valid for the * algorithm \p alg. * \return A sufficient output buffer size for the specified diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 5418bd76e..5a66a8709 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -387,7 +387,7 @@ typedef uint16_t psa_key_derivation_step_t; /** \brief Encoding of the side of PAKE * * Encodes which side of the algorithm is being executed. For more information - * see the documentation of individual PSA_PAKE_SIDE_XXX constants. + * see the documentation of individual \c PSA_PAKE_SIDE_XXX constants. */ typedef uint8_t psa_pake_side_t; @@ -405,14 +405,14 @@ typedef uint8_t psa_pake_step_t; * Vendors who define additional types must use an encoding in this range. * * For more information see the documentation of individual - * PSA_PAKE_PRIMITIVE_TYPE_XXX constants. + * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. */ typedef uint8_t psa_pake_primitive_type_t; /** \brief Encoding of the family of the primitive associated with the PAKE. * * For more information see the documentation of individual - * PSA_PAKE_PRIMITIVE_TYPE_XXX constants. + * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. */ typedef uint8_t psa_pake_family_t; diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index d1924db67..c8a074cae 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1975,7 +1975,7 @@ * cipher suite the field or curve must be fully specified by calling * psa_pake_cs_set_family() and psa_pake_cs_set_bits() as well. For more * information refer to the documentation of the individual - * `PSA_PAKE_PRIMITIVE_TYPE_XXX` constants.) + * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.) * * J-PAKE can be used with any secure cryptographic hash function. The choice * of hash must be supplied to the cipher suite by calling @@ -1987,7 +1987,7 @@ * * J-PAKE doesn't differentiate between sides and has a distinct identifier * associated with each entity. This means that both psa_pake_set_user() and - * psa_pake_set_peer() needs to be called before commencing the operation. + * psa_pake_set_peer() need to be called before commencing the operation. * Another consequence is that psa_pake_set_side() is optional and is ignored. * * The key exchange flow for JPAKE is as follows: @@ -2038,7 +2038,7 @@ * psa_pake_get_implicit_key() * * For more information consult the documentation of the individual - * PSA_PAKE_STEP_XXX constants. + * \c PSA_PAKE_STEP_XXX constants. * * J-PAKE is standardised for example in RFC 8236. */ @@ -2480,7 +2480,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * * Although balanced PAKE algorithms are symmetric, some of them needs an * ordering of peers for the transcript calculations. If the algorithm does not - * need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are + * need this, both #PSA_PAKE_SIDE_FIRST and #PSA_PAKE_SIDE_SECOND are * accepted. */ #define PSA_PAKE_SIDE_FIRST ((psa_pake_side_t)0x01) @@ -2546,7 +2546,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) */ #define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02) -/** Construct a PAKE primitive from type, family and bitsize. +/** Construct a PAKE primitive from type, family and bit-size. * * \param pake_type The type of the primitive * (value of type ::psa_pake_primitive_type_t). @@ -2555,7 +2555,7 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) * on \p type, for more information consult the * documentation of individual ::psa_pake_primitive_type_t * constants). - * \param pake_bits The bitsize of the primitive + * \param pake_bits The bit-size of the primitive * (Value of type \c size_t. The interpretation * of this parameter depends on \p family, for more * information consult the documentation of individual From 19271ea1833b3fb24e9ca4e940cfcb87357fcd72 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 21 May 2021 12:38:12 +0100 Subject: [PATCH 100/236] PSA PAKE: Clarify documentation of valid states Signed-off-by: Janos Follath --- include/psa/crypto.h | 72 ++++++++++++++++++++++++++++++-------------- 1 file changed, 49 insertions(+), 23 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index fa4102278..ce941ed2e 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4300,7 +4300,9 @@ static psa_pake_operation_t psa_pake_operation_init(void); * * \param[in,out] operation The operation object to set up. It must have * been initialized as per the documentation for - * #psa_pake_operation_t and not yet in use. + * #psa_pake_operation_t and not yet in use (no + * other function has been called on it since the + * last initialization). * \param cipher_suite The cipher suite to use. (A cipher suite fully * characterizes a PAKE algorithm and determines * the algorithm as well.) @@ -4308,7 +4310,7 @@ static psa_pake_operation_t psa_pake_operation_init(void); * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be inactive). + * The operation state is not valid. * \retval #PSA_ERROR_NOT_SUPPORTED * The \p cipher_suite is not supported or is not valid. * \retval #PSA_ERROR_COMMUNICATION_FAILURE @@ -4331,7 +4333,13 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, * * \param[in,out] operation The operation object to set the password for. It * must have been set up by psa_pake_setup() and - * not yet in use. + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the password hasn't + * been set yet (neither + * psa_pake_set_password_mhf() nor + * psa_pake_set_password_key() has been called + * yet). * \param password Identifier of the key holding the password or a * value derived from the password (eg. by a * memory-hard function). It must remain valid @@ -4374,13 +4382,19 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * destructively reads the requested number of bytes from the stream. * The key derivation operation's capacity decreases by the number of bytes read. * - * If this function returns #PSA_ERROR_INVALID_ARGUMENT, \p key_derivation - * enters an error state and must be aborted by calling - * psa_key_derivation_abort(). + * If this function returns anything other than #PSA_SUCCESS, both \p operation + * and \p key_derivation operations enter an error state and must be aborted by + * calling psa_pake_abort() and psa_key_derivation_abort() respectively. * * \param[in,out] operation The operation object to set the password for. * It must have been set up by psa_pake_setup() - * and not yet in use. + * and not yet in use (neither psa_pake_output() + * nor psa_pake_input() has been called yet). It + * must be on operation for which the password + * hasn't been set yet (neither + * psa_pake_set_password_mhf() nor + * psa_pake_set_password_key() has been called + * yet). * \param[in,out] key_derivation An ongoing key derivation operation set up * from the password and in a state suitable for * calling psa_key_derivation_output_bytes(). @@ -4390,7 +4404,7 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must have been set up.) + * The state of \p operation or \p key_derivation is not valid. * \retval #PSA_ERROR_INSUFFICIENT_DATA * The \p key_derivation operation's capacity was less than * \p input_length bytes. @@ -4400,9 +4414,8 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The call to psa_key_derivation_output_bytes() returned something - * other than #PSA_ERROR_INSUFFICIENT_DATA. + * One of the inputs to \p key_derivation was a key whose policy didn't + * allow #PSA_KEY_USAGE_DERIVE. * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -4424,14 +4437,18 @@ psa_status_t psa_pake_set_password_mhf(psa_pake_operation_t *operation, * * \param[in,out] operation The operation object to set the user ID for. It * must have been set up by psa_pake_setup() and - * not yet in use. + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the user ID hasn't + * been set (psa_pake_set_user() hasn't been + * called yet). * \param[in] user_id The user ID to authenticate with. * \param user_id_len Size of the \p user_id buffer in bytes. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must have been set up.) + * The operation state is not valid. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_HARDWARE_FAILURE @@ -4459,14 +4476,18 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, * * \param[in,out] operation The operation object to set the peer ID for. It * must have been set up by psa_pake_setup() and - * not yet in use. + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the peer ID hasn't + * been set (psa_pake_set_peer() hasn't been + * called yet). * \param[in] peer_id The peer's ID to authenticate. * \param peer_id_len Size of the \p peer_id buffer in bytes. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must have been set up.) + * The operation state is not valid. * \retval #PSA_ERROR_NOT_SUPPORTED * The algorithm doesn't associate a second identity with the session. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY @@ -4496,7 +4517,11 @@ psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, * * \param[in,out] operation The operation object to set the side for. It * must have been set up by psa_pake_setup() and - * not yet in use. + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the side hasn't been + * set (psa_pake_set_side() hasn't been called + * yet). * \param side A value of type ::psa_pake_side_t signaling the * side of the algorithm that is being set up. For * more information see the documentation of \c @@ -4505,7 +4530,7 @@ psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must have been set up). + * The operation state is not valid. * \retval #PSA_ERROR_NOT_SUPPORTED * The \p side for this algorithm is not supported or is not valid. * \retval #PSA_ERROR_COMMUNICATION_FAILURE @@ -4602,9 +4627,9 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * results in this error code. */ psa_status_t psa_pake_input(psa_pake_operation_t *operation, - psa_pake_step_t step, - uint8_t *input, - size_t input_length); + psa_pake_step_t step, + uint8_t *input, + size_t input_length); /** Get implicitly confirmed shared secret from a PAKE. * @@ -4620,9 +4645,10 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more * information. * - * When this function returns successfully, the operation becomes inactive. - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling psa_pake_abort(). + * When this function returns successfully, \p operation becomes inactive. + * If this function returns an error status, both \p operation + * and \p key_derivation operations enter an error state and must be aborted by + * calling psa_pake_abort() and psa_key_derivation_abort() respectively. * * \param[in,out] operation Active PAKE operation. * \param[out] output A key derivation operation that is ready From 3ae6696811089c7211a69139fed840e489798b42 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 24 May 2021 12:09:00 +0100 Subject: [PATCH 101/236] Clarify psa_pake_setup() documentation Signed-off-by: Janos Follath --- include/psa/crypto.h | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index ce941ed2e..02ed57557 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4264,24 +4264,15 @@ static psa_pake_operation_t psa_pake_operation_init(void); * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) * for more information. * - * Like in the case of completing setup, the exact sequence of calls to perform - * a password-authenticated key exchange depends on the algorithm in use: - * - Some algorithms exchange more data than just a single key share. When using - * such a algorithm, call psa_pake_output() and psa_pake_input() one or more - * times to exchange any further data that is needed to derive the shared - * secret. - * * A typical sequence of calls to perform a password-authenticated key * exchange: * -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the * key share that needs to be sent to the peer. * -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide * the key share that was received from the peer. + * -# Depending on the algorithm additional calls to psa_pake_output() and + * psa_pake_input() might be necessary. * -# Call psa_pake_get_implicit_key() for accessing the shared secret. - * -# Make a sequence of function calls to execute the password-authenticated - * key exchange as described below. - * -# Terminate the operation by a call to psa_pake_get_implicit_key() or - * psa_pake_abort(). * * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) From d416838ffd590563e819e7a1fac8f4389b216b3c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 24 May 2021 12:20:12 +0100 Subject: [PATCH 102/236] Rename psa_pake_set_password_mhf() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This step is not necessarily a memory-hard function. Memory-hard functions are the best of the breed at the moment, but that's due to current hardware designs, and CPU-hard-but-not-memory-hard functions like PBKDF2 are acceptable as well. We're using “key stretching” as the generic term for such functions. Signed-off-by: Janos Follath --- include/psa/crypto.h | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 02ed57557..abf3da0df 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4328,7 +4328,7 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, * psa_pake_input() has been called yet). It must * be on operation for which the password hasn't * been set yet (neither - * psa_pake_set_password_mhf() nor + * psa_pake_set_password_stretch() nor * psa_pake_set_password_key() has been called * yet). * \param password Identifier of the key holding the password or a @@ -4359,11 +4359,11 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, mbedtls_svc_key_id_t password); -/** Set the password for a password-authenticated key exchange via a memory hard - * function. +/** Set the password for a password-authenticated key exchange via a key + * stretching function. * - * Some protocols require using values derived from passwords via memory hard - * functions to mitigate dictionary attacks. Memory hard functions can be + * Some protocols use values derived from passwords via key stretching + * functions to mitigate dictionary attacks. Key stretching functions can be * accessed through the key derivation interface and the result can be supplied * to the PAKE operation in the form of a key derivation object. * @@ -4383,7 +4383,7 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * nor psa_pake_input() has been called yet). It * must be on operation for which the password * hasn't been set yet (neither - * psa_pake_set_password_mhf() nor + * psa_pake_set_password_stretch() nor * psa_pake_set_password_key() has been called * yet). * \param[in,out] key_derivation An ongoing key derivation operation set up @@ -4412,9 +4412,11 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_pake_set_password_mhf(psa_pake_operation_t *operation, - psa_key_derivation_operation_t *key_derivation, - size_t input_length); +psa_status_t psa_pake_set_password_stretch( + psa_pake_operation_t *operation, + psa_key_derivation_operation_t *key_derivation, + size_t input_length + ); /** Set the user ID for a password-authenticated key exchange. * From ead0e4fc7b6b9be06992d4e584f6eb93b0c899bc Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 25 May 2021 14:16:52 +0100 Subject: [PATCH 103/236] PSA PAKE: Clarify J-PAKE algorithm documentation - Transformed setup description to a more explicit pseudocode based approach. - Explained implicit vs explicit key confirmation Signed-off-by: Janos Follath --- include/psa/crypto.h | 4 ++- include/psa/crypto_values.h | 65 +++++++++++++++++++++++++------------ 2 files changed, 48 insertions(+), 21 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index abf3da0df..2fe797a3b 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4350,7 +4350,7 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key is not compatible with the algorithm in \p cipher_suite. + * \p key is not compatible with the algorithm or the cipher suite. * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -4407,6 +4407,8 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * \retval #PSA_ERROR_NOT_PERMITTED * One of the inputs to \p key_derivation was a key whose policy didn't * allow #PSA_KEY_USAGE_DERIVE. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with the algorithm or the cipher suite. * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index c8a074cae..527b9c30d 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1968,29 +1968,44 @@ /** The Password-authenticated key exchange by juggling (J-PAKE) algorithm. * - * J-PAKE can be instantiated over finite fields or elliptic curves. This can - * be achieved by setting either #PSA_PAKE_PRIMITIVE_TYPE_DH or - * #PSA_PAKE_PRIMITIVE_TYPE_ECC respectively in the cipher suite (see - * ::psa_pake_cipher_suite_t) via psa_pake_cs_set_type(). (Before using the - * cipher suite the field or curve must be fully specified by calling - * psa_pake_cs_set_family() and psa_pake_cs_set_bits() as well. For more - * information refer to the documentation of the individual - * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants.) + * This is J-PAKE as defined by RFC 8236, instantiated with the following + * parameters: * - * J-PAKE can be used with any secure cryptographic hash function. The choice - * of hash must be supplied to the cipher suite by calling - * psa_pake_cs_set_hash(). + * - The group can be either an elliptic curve or defined over a finite field. + * - Schnorr NIZK proof as defined by RFC 8235 and using the same group as the + * J-PAKE algorithm. + * - A secure cryptographic hash function. * - * In theory the algorithm works with any non-interactive zero-knowledge proof. - * Implementations of the present specification use Schnorr NIZKP and this does - * not need to be configured in the cipher suites. + * To select these parameters and set up the cipher suite, call + * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_PAKE_JPAKE); + * psa_pake_cs_set_primitive(cipher_suite, + * PSA_PAKE_PRIMITIVE(type, family, bits)); + * psa_pake_cs_set_hash(cipher_suite, hash); * - * J-PAKE doesn't differentiate between sides and has a distinct identifier - * associated with each entity. This means that both psa_pake_set_user() and - * psa_pake_set_peer() need to be called before commencing the operation. - * Another consequence is that psa_pake_set_side() is optional and is ignored. + * For more information on how to set a specific curve or field, refer to the + * documentation of the individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. * - * The key exchange flow for JPAKE is as follows: + * After initializing a J-PAKE operation, call + * psa_pake_setup(operation, cipher_suite); + * psa_pake_set_user(operation, ...); + * psa_pake_set_peer(operation, ...); + * and either + * psa_pake_set_password_stretch(operation, ...); + * or + * psa_pake_set_password_key(operation, ...); + * + * Either way the password is read as a byte array and must be non-empty. This + * can be the password itself (in some pre-defined character encoding) or some + * value derived from the password as mandated by some higher level protocol. + * + * (The implementation converts this byte array to a number as described in + * Section 2.3.8 of _SEC 1: Elliptic Curve Cryptography_ + * (https://www.secg.org/sec1-v2.pdf), before reducing it modulo \c q. Here + * \c q is order of the group defined by the primitive set in the cipher suite. + * The \c psa_pake_set_password_xxx() functions return an error if the result + * of the reduction is 0.) + * + * The key exchange flow for J-PAKE is as follows: * -# To get the first round data that needs to be sent to the peer, call * // Get g1 * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); @@ -2040,7 +2055,17 @@ * For more information consult the documentation of the individual * \c PSA_PAKE_STEP_XXX constants. * - * J-PAKE is standardised for example in RFC 8236. + * At this point there is a cryptographic guarantee that only the authenticated + * party who used the same password is able to compute the key. But there is no + * guarantee that the peer is the party he claims to be and was able to do so. + * + * That is, the authentication is only implicit (the peer is not authenticated + * at this point, and no action should be taken that assume that they are - like + * for example accessing restricted files). + * + * To make the authentication explicit there are various methods, see Section 5 + * of RFC 8236 for two examples. + * */ #define PSA_ALG_PAKE_JPAKE ((psa_algorithm_t)0x0a000100) From 56a4d7a59fb171f4c16ca4fde54ba04aaf7e8d91 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 25 May 2021 15:35:11 +0100 Subject: [PATCH 104/236] Simplify PAKE input/output format documentation Make input/output format documentation easier to find: - Add direct reference to the steps from the input/output functions - Move the format description directly to the step constants Signed-off-by: Janos Follath --- include/psa/crypto.h | 12 ++++++++++-- include/psa/crypto_values.h | 38 +++++++++++++++++++++++++++---------- 2 files changed, 38 insertions(+), 12 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2fe797a3b..3df82d91d 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4556,7 +4556,11 @@ psa_status_t psa_pake_set_side(psa_pake_operation_t *operation, * \param[in,out] operation Active PAKE operation. * \param step The step of the algorithm for which the output is * requested. - * \param[out] output Buffer where the output is to be written. + * \param[out] output Buffer where the output is to be written in the + * format appropriate for this \p step. Refer to + * the documentation of the individual + * \c PSA_PAKE_STEP_XXX constants for more + * information. * \param output_size Size of the \p output buffer in bytes. This must * be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \c * cipher_suite, \p type). @@ -4603,7 +4607,11 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * * \param[in,out] operation Active PAKE operation. * \param step The step for which the input is provided. - * \param[out] input Buffer containing the input. + * \param[out] input Buffer containing the input in the format + * appropriate for this \p step. Refer to the + * documentation of the individual + * \c PSA_PAKE_STEP_XXX constants for more + * information. * \param[out] input_length Size of the \p input buffer in bytes. * * \retval #PSA_SUCCESS diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 527b9c30d..ab9bb5b8b 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2597,29 +2597,47 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /** The key share being sent to or received from the peer. * - * Unless the documentation of the PAKE algorithm says otherwise this is a - * group element. + * The format for both input and output at this step is the same as for public + * keys on the group determined by the primitive (::psa_pake_primitive_t) would + * be. * - * For information regarding representation consult the documentation of - * individual ::psa_pake_primitive_type_t constants. + * For more information on the format, consult the documentation of + * psa_export_public_key(). + * + * For information regarding how the group is determined, consult the + * documentation #PSA_PAKE_PRIMITIVE. */ #define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01) /** A Schnorr NIZKP public key. * - * This is a group element. + * The format for both input and output at this step is the same as for public + * keys on the group determined by the primitive (::psa_pake_primitive_t) would + * be. * - * For information regarding representation consult the documentation of - * individual ::psa_pake_primitive_type_t constants. + * For more information on the format, consult the documentation of + * psa_export_public_key(). + * + * For information regarding how the group is determined, consult the + * documentation #PSA_PAKE_PRIMITIVE. */ #define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t)0x02) /** A Schnorr NIZKP proof. * - * This is a scalar value. + * The format for both input and output at this step is the same as for private + * keys on the group determined by the primitive (::psa_pake_primitive_t) would + * be. * - * For information regarding representation consult the documentation of - * individual ::psa_pake_primitive_type_t constants. + * Some public key algorithms mask the private keys and this might be reflected + * in the export format. Even if this is the case the masking is omitted at + * this step. + * + * For more information on the format, consult the documentation of + * psa_export_key(). + * + * For information regarding how the group is determined, consult the + * documentation #PSA_PAKE_PRIMITIVE. */ #define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03) From 7c59b7a073fc6430bda38177769eb4e93c82ba0e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 25 May 2021 15:46:56 +0100 Subject: [PATCH 105/236] Improve psa_pake_set_peer()/user() documentation Signed-off-by: Janos Follath --- include/psa/crypto.h | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 3df82d91d..2d4c80df9 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4422,9 +4422,10 @@ psa_status_t psa_pake_set_password_stretch( /** Set the user ID for a password-authenticated key exchange. * - * Some PAKE algorithms associate only a single user identifier with the - * session. Such algorithms must call this function (psa_pake_set_user()) to - * set the identifier for the PAKE context. + * Call this function to set the user ID. For PAKE algorithms that associate a + * user identifier with each side of the session you need to call + * psa_pake_set_peer() as well. For PAKE algorithms that associate a single + * user identifier with the session, call psa_pake_set_user() only. * * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) @@ -4461,9 +4462,10 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, /** Set the peer ID for a password-authenticated key exchange. * - * Some PAKE algorithms associate only a single user identifier with the - * session. Such algorithms must call psa_pake_set_user() to set the - * identifier for the PAKE context. + * Call this function in addition to psa_pake_set_user() for PAKE algorithms + * that associate a user identifier with each side of the session. For PAKE + * algorithms that associate a single user identifier with the session, call + * psa_pake_set_user() only. * * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) From 79e1c47a54c0504b42827343df0b61a2e10ef721 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 25 May 2021 15:53:13 +0100 Subject: [PATCH 106/236] PSA PAKE: explain implicit key confirmation Signed-off-by: Janos Follath --- include/psa/crypto.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2d4c80df9..bbdd06d5a 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4637,6 +4637,14 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, size_t input_length); /** Get implicitly confirmed shared secret from a PAKE. + * + * At this point there is a cryptographic guarantee that only the authenticated + * party who used the same password is able to compute the key. But there is no + * guarantee that the peer is the party he claims to be and was able to do so. + * + * That is, the authentication is only implicit (the peer is not authenticated + * at this point, and no action should be taken that assume that they are - like + * for example accessing restricted files). * * This function can be called after the key exchange phase of the operation * has completed. It imports the shared secret output of the PAKE into the From d60b6c62d57563b04caa1ee0470fb0d1354302d5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 29 Apr 2021 12:04:11 +0100 Subject: [PATCH 107/236] Remove per-version ciphersuite configuration API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit removes the API ``` mbedtls_ssl_conf_ciphersuites_for_version() ``` which allows to configure lists of acceptable ciphersuites for each supported version of SSL/TLS: SSL3, TLS 1.{0,1,2}. With Mbed TLS 3.0, support for SSL3, TLS 1.0 and TLS 1.1 is dropped. Moreover, upcoming TLS 1.3 support has a different notion of cipher suite and will require a different API. This means that it's only for TLS 1.2 that we require a ciphersuite configuration API, and ``` mbedtls_ssl_conf_ciphersuites() ``` can be used for that. The version-specific ciphersuite configuration API `mbedtls_ssl_conf_ciphersuites_for_version()`, in turn, is no longer needed. Signed-off-by: Hanno Becker Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ssl.h | 38 +----------------- library/ssl_cli.c | 7 ++-- library/ssl_srv.c | 2 +- library/ssl_tls.c | 80 ++------------------------------------ programs/ssl/ssl_server2.c | 63 ------------------------------ tests/ssl-opt.sh | 11 ------ 6 files changed, 9 insertions(+), 192 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 677ed9869..b5b91f3e1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -976,10 +976,8 @@ struct mbedtls_ssl_config * Pointers */ - /** Allowed ciphersuites per version. To access list's elements, please use - * \c mbedtls_ssl_get_protocol_version_ciphersuites - */ - const int *ciphersuite_list[3]; + /** Allowed ciphersuites for (D)TLS 1.2 (0-terminated) */ + const int *ciphersuite_list; /** Callback for printing debug output */ void (*f_dbg)(void *, int, const char *, int, const char *); @@ -2508,17 +2506,6 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, const int *ciphersuites ); -/** - * \brief Get ciphersuite for given protocol's minor version. - * - * \param conf The SSL configuration. - * \param prot_version Protocol version. One of MBEDTLS_SSL_MINOR_VERSION_x macros. - * \return Ciphersuites pointer if successful. - * \return \c NULL if no ciphersuites where found. - */ -const int *mbedtls_ssl_get_protocol_version_ciphersuites( - const mbedtls_ssl_config *conf, int prot_version ); - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0 #define MBEDTLS_SSL_UNEXPECTED_CID_FAIL 1 @@ -2558,27 +2545,6 @@ int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len, int ignore_other_cids ); #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ -/** - * \brief Set the list of allowed ciphersuites and the - * preference order for a specific version of the protocol. - * (Only useful on the server side) - * - * The ciphersuites array is not copied, and must remain - * valid for the lifetime of the ssl_config. - * - * \param conf SSL configuration - * \param ciphersuites 0-terminated list of allowed ciphersuites - * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 - * supported) - * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 - * supported) - * - * \note With DTLS, use MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2 - */ -void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, - const int *ciphersuites, - int major, int minor ); - #if defined(MBEDTLS_X509_CRT_PARSE_C) /** * \brief Set the X.509 security profile used for verification diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 6cf283e1d..12ed0fbb2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1155,8 +1155,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) /* * Ciphersuite list */ - ciphersuites = mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf, - ssl->minor_ver ); + ciphersuites = ssl->conf->ciphersuite_list; /* Skip writing ciphersuite length for now */ n = 0; @@ -2244,7 +2243,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) i = 0; while( 1 ) { - if( mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf, ssl->minor_ver )[i] == 0 ) + if( ssl->conf->ciphersuite_list[i] == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); mbedtls_ssl_send_alert_message( @@ -2254,7 +2253,7 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } - if( mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf, ssl->minor_ver )[i++] == + if( ssl->conf->ciphersuite_list[i++] == ssl->session_negotiate->ciphersuite ) { break; diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 8f13a2cec..4fe6b02f1 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1870,7 +1870,7 @@ read_record_header: * and certificate from the SNI callback triggered by the SNI extension.) */ got_common_suite = 0; - ciphersuites = mbedtls_ssl_get_protocol_version_ciphersuites( ssl->conf, ssl->minor_ver ); + ciphersuites = ssl->conf->ciphersuite_list; ciphersuite_info = NULL; #if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE) for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 342832f12..9b8c05f76 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3514,73 +3514,10 @@ int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session } #endif /* MBEDTLS_SSL_CLI_C */ -static int protocol_version_to_ciphersuites_list_index(int prot_version) -{ - switch(prot_version) { - case MBEDTLS_SSL_MINOR_VERSION_1: - return 0; - case MBEDTLS_SSL_MINOR_VERSION_2: - return 1; - case MBEDTLS_SSL_MINOR_VERSION_3: - return 2; - default: - return -1; - }; -} - -static void set_protocol_version_ciphersuites( mbedtls_ssl_config *conf, - int prot_version, - const int* ciphersuites ) -{ - int ciphersuite_list_index = - protocol_version_to_ciphersuites_list_index(prot_version); - if ( ciphersuite_list_index >= 0 && - (unsigned int)ciphersuite_list_index < - sizeof(conf->ciphersuite_list)/sizeof(conf->ciphersuite_list[0]) ) - { - conf->ciphersuite_list[ciphersuite_list_index] = ciphersuites; - } -} - void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf, const int *ciphersuites ) { - set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1, - ciphersuites); - set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_2, - ciphersuites); - set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_3, - ciphersuites); -} - -const int *mbedtls_ssl_get_protocol_version_ciphersuites( - const mbedtls_ssl_config *conf, int prot_version ) -{ - int ciphersuite_list_index = - protocol_version_to_ciphersuites_list_index(prot_version); - if ( ciphersuite_list_index >= 0 && - (unsigned int)ciphersuite_list_index < - sizeof(conf->ciphersuite_list)/sizeof(conf->ciphersuite_list[0]) ) - { - return conf->ciphersuite_list[ciphersuite_list_index]; - } - else - { - return NULL; - } -} - -void mbedtls_ssl_conf_ciphersuites_for_version( mbedtls_ssl_config *conf, - const int *ciphersuites, - int major, int minor ) -{ - if( major != MBEDTLS_SSL_MAJOR_VERSION_3 ) - return; - - if( minor != MBEDTLS_SSL_MINOR_VERSION_3 ) - return; - - set_protocol_version_ciphersuites(conf, minor, ciphersuites); + conf->ciphersuite_list = ciphersuites; } #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -6278,12 +6215,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, conf->max_major_ver = MBEDTLS_SSL_MAX_MAJOR_VERSION; conf->max_minor_ver = MBEDTLS_SSL_MAX_MINOR_VERSION; - set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1, - ssl_preset_suiteb_ciphersuites); - set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_2, - ssl_preset_suiteb_ciphersuites); - set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_3, - ssl_preset_suiteb_ciphersuites); + conf->ciphersuite_list = ssl_preset_suiteb_ciphersuites; #if defined(MBEDTLS_X509_CRT_PARSE_C) conf->cert_profile = &mbedtls_x509_crt_profile_suiteb; @@ -6317,13 +6249,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, if( transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) conf->min_minor_ver = MBEDTLS_SSL_MINOR_VERSION_3; #endif - const int* default_ciphersuites = mbedtls_ssl_list_ciphersuites(); - set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_1, - default_ciphersuites); - set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_2, - default_ciphersuites); - set_protocol_version_ciphersuites(conf, MBEDTLS_SSL_MINOR_VERSION_3, - default_ciphersuites); + conf->ciphersuite_list = mbedtls_ssl_list_ciphersuites(); #if defined(MBEDTLS_X509_CRT_PARSE_C) conf->cert_profile = &mbedtls_x509_crt_profile_default; diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index ef55a7c25..0e7b7f929 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -93,7 +93,6 @@ int main( void ) #define DFL_ECJPAKE_PW NULL #define DFL_PSK_LIST NULL #define DFL_FORCE_CIPHER 0 -#define DFL_VERSION_SUITES NULL #define DFL_RENEGOTIATION MBEDTLS_SSL_RENEGOTIATION_DISABLED #define DFL_ALLOW_LEGACY -2 #define DFL_RENEGOTIATE 0 @@ -501,9 +500,6 @@ int main( void ) " force_version=%%s default: \"\" (none)\n" \ " options: tls1_2, dtls1_2\n" \ "\n" \ - " version_suites=a,b,c per-version ciphersuites\n" \ - " in order from tls1 to tls1_2\n" \ - " default: all enabled\n" \ " force_ciphersuite= default: all enabled\n" \ " query_config= return 0 if the specified\n" \ " configuration macro is defined and 1\n" \ @@ -565,7 +561,6 @@ struct options char *psk_list; /* list of PSK id/key pairs for callback */ const char *ecjpake_pw; /* the EC J-PAKE password */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ - const char *version_suites; /* per-version ciphersuites */ int renegotiation; /* enable / disable renegotiation */ int allow_legacy; /* allow legacy renegotiation */ int renegotiate; /* attempt renegotiation? */ @@ -1253,7 +1248,6 @@ int main( int argc, char *argv[] ) { int ret = 0, len, written, frags, exchanges_left; int query_config_ret = 0; - int version_suites[3][2]; io_ctx_t io_ctx; unsigned char* buf = 0; #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) @@ -1481,7 +1475,6 @@ int main( int argc, char *argv[] ) opt.psk_list = DFL_PSK_LIST; opt.ecjpake_pw = DFL_ECJPAKE_PW; opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; - opt.version_suites = DFL_VERSION_SUITES; opt.renegotiation = DFL_RENEGOTIATION; opt.allow_legacy = DFL_ALLOW_LEGACY; opt.renegotiate = DFL_RENEGOTIATE; @@ -1669,8 +1662,6 @@ int main( int argc, char *argv[] ) } else if( strcmp( p, "curves" ) == 0 ) opt.curves = q; - else if( strcmp( p, "version_suites" ) == 0 ) - opt.version_suites = q; else if( strcmp( p, "renegotiation" ) == 0 ) { opt.renegotiation = (atoi( q )) ? @@ -2067,47 +2058,6 @@ int main( int argc, char *argv[] ) #endif /* MBEDTLS_USE_PSA_CRYPTO */ } - if( opt.version_suites != NULL ) - { - const char *name[3] = { 0 }; - - /* Parse 4-element coma-separated list */ - for( i = 0, p = (char *) opt.version_suites; - i < 3 && *p != '\0'; - i++ ) - { - name[i] = p; - - /* Terminate the current string and move on to next one */ - while( *p != ',' && *p != '\0' ) - p++; - if( *p == ',' ) - *p++ = '\0'; - } - - if( i != 3 ) - { - mbedtls_printf( "too few values for version_suites\n" ); - ret = 1; - goto exit; - } - - memset( version_suites, 0, sizeof( version_suites ) ); - - /* Get the suites identifiers from their name */ - for( i = 0; i < 3; i++ ) - { - version_suites[i][0] = mbedtls_ssl_get_ciphersuite_id( name[i] ); - - if( version_suites[i][0] == 0 ) - { - mbedtls_printf( "unknown ciphersuite: '%s'\n", name[i] ); - ret = 2; - goto usage; - } - } - } - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( mbedtls_test_unhexify( cid, sizeof( cid ), opt.cid_val, &cid_len ) != 0 ) @@ -2689,19 +2639,6 @@ int main( int argc, char *argv[] ) if( opt.force_ciphersuite[0] != DFL_FORCE_CIPHER ) mbedtls_ssl_conf_ciphersuites( &conf, opt.force_ciphersuite ); - if( opt.version_suites != NULL ) - { - mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[0], - MBEDTLS_SSL_MAJOR_VERSION_3, - MBEDTLS_SSL_MINOR_VERSION_1 ); - mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[1], - MBEDTLS_SSL_MAJOR_VERSION_3, - MBEDTLS_SSL_MINOR_VERSION_2 ); - mbedtls_ssl_conf_ciphersuites_for_version( &conf, version_suites[2], - MBEDTLS_SSL_MAJOR_VERSION_3, - MBEDTLS_SSL_MINOR_VERSION_3 ); - } - if( opt.allow_legacy != DFL_ALLOW_LEGACY ) mbedtls_ssl_conf_legacy_renegotiation( &conf, opt.allow_legacy ); #if defined(MBEDTLS_SSL_RENEGOTIATION) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1d49dc5cb..a54aab1f6 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -5614,17 +5614,6 @@ run_test "ECJPAKE: working, DTLS, nolog" \ force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 0 -# Tests for ciphersuites per version - -requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_config_enabled MBEDTLS_CAMELLIA_C -requires_config_enabled MBEDTLS_AES_C -run_test "Per-version suites: TLS 1.2" \ - "$P_SRV version_suites=TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ - "$P_CLI force_version=tls1_2" \ - 0 \ - -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256" - # Test for ClientHello without extensions requires_gnutls From cac90a15edff69afca15837d3187a4bf655d37be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 4 Jun 2021 11:42:30 +0200 Subject: [PATCH 108/236] Hide constants for TLS 1.0 and TLS 1.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ssl_server2 had a check that we never try to use a minor version lower than 2 with DTLS, but that check is no longer needed, as there's no way that would happen now that MBEDTLS_SSL_MINOR_VERSION_1 is no longer public. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ssl.h | 4 ---- library/ssl_ciphersuites.c | 1 + library/ssl_misc.h | 10 ++++++++++ programs/ssl/ssl_server2.c | 4 ---- 4 files changed, 11 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b5b91f3e1..c6bd35814 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -125,14 +125,10 @@ */ /* These are the high an low bytes of ProtocolVersion as defined by: - * - RFC 2246: ProtocolVersion version = { 3, 1 }; // TLS v1.0 - * - RFC 4346: ProtocolVersion version = { 3, 2 }; // TLS v1.1 * - RFC 5246: ProtocolVersion version = { 3, 3 }; // TLS v1.2 * - RFC 8446: see section 4.2.1 */ #define MBEDTLS_SSL_MAJOR_VERSION_3 3 -#define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 deprecated */ -#define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 deprecated */ #define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ #define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 00dcd0797..1bda9c066 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -31,6 +31,7 @@ #include "mbedtls/ssl_ciphersuites.h" #include "mbedtls/ssl.h" +#include "ssl_misc.h" #include diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 73ffdef92..e5ec13118 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -65,6 +65,16 @@ #define inline __inline #endif +/* Legacy minor version numbers as defined by: + * - RFC 2246: ProtocolVersion version = { 3, 1 }; // TLS v1.0 + * - RFC 4346: ProtocolVersion version = { 3, 2 }; // TLS v1.1 + * + * We no longer support these versions, but some code still references those + * constants, for keep them for now until we clean up that code. + */ +#define MBEDTLS_SSL_MINOR_VERSION_1 1 +#define MBEDTLS_SSL_MINOR_VERSION_2 2 + /* Determine minimum supported version */ #define MBEDTLS_SSL_MIN_MAJOR_VERSION MBEDTLS_SSL_MAJOR_VERSION_3 diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 0e7b7f929..151c811e3 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2027,10 +2027,6 @@ int main( int argc, char *argv[] ) if( opt.min_version < ciphersuite_info->min_minor_ver ) { opt.min_version = ciphersuite_info->min_minor_ver; - /* DTLS starts with TLS 1.1 */ - if( opt.transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - opt.min_version < MBEDTLS_SSL_MINOR_VERSION_2 ) - opt.min_version = MBEDTLS_SSL_MINOR_VERSION_2; } #if defined(MBEDTLS_USE_PSA_CRYPTO) From 9371a404767f8225f7ef7e0264e7c2f69bc459d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 4 Jun 2021 11:44:44 +0200 Subject: [PATCH 109/236] Stop referencing private constants in documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ssl.h | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c6bd35814..dc37bc310 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3191,8 +3191,7 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss * * \param conf SSL configuration * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) - * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2, - * MBEDTLS_SSL_MINOR_VERSION_3 supported) + * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported) */ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor ); @@ -3207,9 +3206,7 @@ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int mino * * \param conf SSL configuration * \param major Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported) - * \param minor Minor version number (MBEDTLS_SSL_MINOR_VERSION_1, - * MBEDTLS_SSL_MINOR_VERSION_2, - * MBEDTLS_SSL_MINOR_VERSION_3 supported) + * \param minor Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported) */ void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor ); From 2f458d3dccb0405bdf006bb48522a9a03cce8870 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 3 Jun 2021 17:58:13 +0100 Subject: [PATCH 110/236] Update README to document minimum tool versions Fixes #4379. Signed-off-by: Dave Rodgman --- README.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 3f41a0d76..78d3c30cf 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Documentation for the Mbed TLS interfaces in the default library configuration i To generate a local copy of the library documentation in HTML format, tailored to your compile-time configuration: -1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. We use version 1.8.11 but slightly older or more recent versions should work. +1. Make sure that [Doxygen](http://www.doxygen.nl/) is installed. 1. Run `make apidoc`. 1. Browse `apidoc/index.html` or `apidoc/modules.html`. @@ -39,7 +39,7 @@ There are currently three active build systems used within Mbed TLS releases: - GNU Make - CMake -- Microsoft Visual Studio (Microsoft Visual Studio 2013 or later) +- Microsoft Visual Studio The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. @@ -49,10 +49,13 @@ The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx You need the following tools to build the library with the provided makefiles: -* GNU Make or a build tool that CMake supports. -* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, IAR8 and Visual Studio 2013. More recent versions should work. Slightly older versions may work. -* Python 3 to generate the test code, and to generate sample programs in the development branch. +* GNU Make 3.82 or a build tool that CMake supports. +* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, IAR 8 and Visual Studio 2013. More recent versions should work. Slightly older versions may work. +* Python 3.6 to generate the test code, and to generate sample programs in the development branch. * Perl to run the tests, and to generate some source files in the development branch. +* CMake 3.10.2 or later (if using CMake). +* Microsoft Visual Studio 2013 or later (if using Visual Studio). +* Doxygen 1.8.11 or later (if building the documentation; slightly older versions should work). ### Generated source files in the development branch From f21e4621f8933533e28d78402dc5c6d43d9f8555 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 4 Jun 2021 14:15:27 +0100 Subject: [PATCH 111/236] Changelog entry for updated tool versions Signed-off-by: Dave Rodgman --- ChangeLog.d/tool-versions.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/tool-versions.txt diff --git a/ChangeLog.d/tool-versions.txt b/ChangeLog.d/tool-versions.txt new file mode 100644 index 000000000..b89b384aa --- /dev/null +++ b/ChangeLog.d/tool-versions.txt @@ -0,0 +1,4 @@ +Requirement changes + * Refresh the minimum supported versions of tools to build the + library. CMake versions older than 3.10.2 and Python older + than 3.6 are no longer supported. From be4af04fcffcfebe44fa12d39388817d9949a9f3 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 4 Jun 2021 17:04:20 +0100 Subject: [PATCH 112/236] Update minimum CMake version in CMakeLists.txt Signed-off-by: Dave Rodgman --- CMakeLists.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index f648f2299..efe3cab65 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -16,7 +16,9 @@ # mbedtls, mbedx509, mbedcrypto and apidoc targets. # -cmake_minimum_required(VERSION 2.8.12) +# We specify a minimum requirement of 3.10.2, but for now use 3.5.1 here +# until our infrastructure catches up. +cmake_minimum_required(VERSION 3.5.1) # https://cmake.org/cmake/help/latest/policy/CMP0011.html # Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD From 2abe51cc751c16b618dfa55219e91172254bb463 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Mon, 7 Jun 2021 11:08:01 +0200 Subject: [PATCH 113/236] Extend setup_and_run script to cover remaining configurations. Signed-off-by: Mateusz Starzyk --- include/mbedtls/ecdh.h | 4 ++-- include/mbedtls/ecdsa.h | 1 + include/mbedtls/entropy.h | 2 +- include/mbedtls/ssl.h | 6 +++--- include/mbedtls/ssl_cookie.h | 2 +- include/psa/crypto_platform.h | 3 ++- setup_and_run_MBEDTLS_PRIVATE.sh | 21 +++++++++++++++++++++ 7 files changed, 31 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 807c88420..2a0980b39 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -134,8 +134,8 @@ typedef struct mbedtls_ecdh_context mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */ mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */ #if defined(MBEDTLS_ECP_RESTARTABLE) - int restart_enabled; /*!< The flag for restartable mode. */ - mbedtls_ecp_restart_ctx rs; /*!< The restart context for EC computations. */ + int MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. */ + mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */ #endif /* MBEDTLS_ECP_RESTARTABLE */ #else uint8_t MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS messages diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index cf063a0b5..735d37764 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -29,6 +29,7 @@ #ifndef MBEDTLS_ECDSA_H #define MBEDTLS_ECDSA_H +#include "mbedtls/private_access.h" #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index d707bddf0..78591e765 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -124,7 +124,7 @@ typedef struct mbedtls_entropy_context #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator); #else - mbedtls_sha256_context accumulator; + mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator); #endif int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */ mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES]; diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2dda6ad45..b6b9c8ca1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -940,9 +940,9 @@ struct mbedtls_ssl_session #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ /*! The digest of the peer's end-CRT. This must be kept to detect CRT * changes during renegotiation, mitigating the triple handshake attack. */ - unsigned char *peer_cert_digest; - size_t peer_cert_digest_len; - mbedtls_md_type_t peer_cert_digest_type; + unsigned char *MBEDTLS_PRIVATE(peer_cert_digest); + size_t MBEDTLS_PRIVATE(peer_cert_digest_len); + mbedtls_md_type_t MBEDTLS_PRIVATE(peer_cert_digest_type); #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ uint32_t MBEDTLS_PRIVATE(verify_result); /*!< verification result */ diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h index 6806dbddd..c4f042c80 100644 --- a/include/mbedtls/ssl_cookie.h +++ b/include/mbedtls/ssl_cookie.h @@ -59,7 +59,7 @@ typedef struct mbedtls_ssl_cookie_ctx { mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC portion */ #if !defined(MBEDTLS_HAVE_TIME) - unsigned long serial; /*!< serial number for expiration */ + unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */ #endif unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if HAVE_TIME, or in number of tickets issued */ diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h index 8acf22c7f..d60b7732f 100644 --- a/include/psa/crypto_platform.h +++ b/include/psa/crypto_platform.h @@ -32,6 +32,7 @@ #ifndef PSA_CRYPTO_PLATFORM_H #define PSA_CRYPTO_PLATFORM_H +#include "mbedtls/private_access.h" /* Include the Mbed TLS configuration file, the way Mbed TLS does it * in each of its header files. */ @@ -92,7 +93,7 @@ static inline int mbedtls_key_owner_id_equal( mbedtls_key_owner_id_t id1, * are expected to replace it with a custom definition. */ typedef struct { - uintptr_t opaque[2]; + uintptr_t MBEDTLS_PRIVATE(opaque)[2]; } mbedtls_psa_external_random_context_t; #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */ diff --git a/setup_and_run_MBEDTLS_PRIVATE.sh b/setup_and_run_MBEDTLS_PRIVATE.sh index 9a0e59979..aaf0a1cf5 100755 --- a/setup_and_run_MBEDTLS_PRIVATE.sh +++ b/setup_and_run_MBEDTLS_PRIVATE.sh @@ -8,3 +8,24 @@ doxygen mbedtls.doxyfile cd .. python3 apply_MBEDTLS_PRIVATE.py git checkout include/mbedtls/config.h doxygen/mbedtls.doxyfile + +make clean +sed -i 's/GENERATE_XML = NO/GENERATE_XML = YES/g' doxygen/mbedtls.doxyfile +scripts/config.py set MBEDTLS_ECP_RESTARTABLE +scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE +scripts/config.py unset MBEDTLS_HAVE_TIME +cd doxygen +doxygen mbedtls.doxyfile +cd .. +python3 apply_MBEDTLS_PRIVATE.py +git checkout include/mbedtls/config.h doxygen/mbedtls.doxyfile + +make clean +sed -i 's/GENERATE_XML = NO/GENERATE_XML = YES/g' doxygen/mbedtls.doxyfile +scripts/config.py realfull +cd doxygen +doxygen mbedtls.doxyfile +cd .. +python3 apply_MBEDTLS_PRIVATE.py +git checkout include/mbedtls/config.h doxygen/mbedtls.doxyfile + From 3b5a7c198c51e09342ed83947057375533aaff36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 7 Jun 2021 11:13:34 +0200 Subject: [PATCH 114/236] Update ChangeLog and migration guide MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/issue4286.txt | 15 ++++++++------ ...ve_support_for_tls_1.0_1.1_and_dtls_1.0.md | 20 +++++++++++++++++-- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/ChangeLog.d/issue4286.txt b/ChangeLog.d/issue4286.txt index 813b2ecfb..427b37ccc 100644 --- a/ChangeLog.d/issue4286.txt +++ b/ChangeLog.d/issue4286.txt @@ -1,11 +1,14 @@ Removals - * Remove the TLS 1.0, TLS 1.1 and DTLS 1.0 support by removing the following - library constants: MBEDTLS_SSL_PROTO_TLS1, - MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_CBC_RECORD_SPLITTING, + * Remove support for TLS 1.0, TLS 1.1 and DTLS 1.0, as well as support for + CBC record splitting, fallback SCSV, and the ability to configure + ciphersuites per version, which are no longer relevant. This removes the + following public constants: MBEDTLS_SSL_PROTO_TLS1, + MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_MINOR_VERSION_1, + MBEDTLS_SSL_MINOR_VERSION_2, MBEDTLS_SSL_CBC_RECORD_SPLITTING, MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED, MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED, MBEDTLS_SSL_FALLBACK_SCSV, MBEDTLS_SSL_FALLBACK_SCSV_VALUE, - MBEDTLS_SSL_IS_FALLBACK, MBEDTLS_SSL_IS_NOT_FALLBACK, and functions: + MBEDTLS_SSL_IS_FALLBACK, MBEDTLS_SSL_IS_NOT_FALLBACK; and functions: mbedtls_ssl_conf_cbc_record_splitting(), - mbedtls_ssl_get_key_exchange_md_ssl_tls(), mbedtls_ssl_conf_fallback(). - Fixes #4286. + mbedtls_ssl_get_key_exchange_md_ssl_tls(), mbedtls_ssl_conf_fallback(), + mbedtls_ssl_conf_ciphersuites_for_version(). Fixes #4286. diff --git a/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md b/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md index 4beebe240..b1afe64eb 100644 --- a/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md +++ b/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md @@ -3,9 +3,25 @@ Remove suport for TLS 1.0, 1.1 and DTLS 1.0 This change affects users of the TLS 1.0, 1.1 and DTLS 1.0 protocols. -The versions of (D)TLS that are being removed are not as secure as the latest -versions. Keeping them in the library creates opportunities for misconfiguration +These versions have been deprecated by RFC 8996. +Keeping them in the library creates opportunities for misconfiguration and possibly downgrade attacks. More generally, more code means a larger attack surface, even if the code is supposedly not used. The migration path is to adopt the latest versions of the protocol. + +As a consequence of removing 1.0, support for CBC record splitting was also +removed, as it was a work-around for a weakness in this particular version. +There is no migration path is no longer makes sense with newer versions. + +As a consequence of currently supporting only one version of (D)TLS (and in the +future 1.3 which will have a different version negociation mechanism), support +for fallback SCSV (RFC 7507) was also removed. There is no migration path as +it's no longer useful with TLS 1.2 and later. + +As a consequence of currently supporting only one version of (D)TLS (and in the +future 1.3 which will have a different concept of ciphersuites), support for +configuring ciphersuites separately for each version via +`mbedtls_ssl_conf_ciphersuites_for_version()` was removed. Use +`mbedtls_ssl_conf_ciphersuites()` to configure ciphersuites to use with (D)TLS +1.2; in the future a different API will be added for (D)TLS 1.3. From 8fc95a06a6b7695f1e2e04cacff49643ee109f63 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Mon, 7 Jun 2021 11:28:24 +0200 Subject: [PATCH 115/236] Wrap variable missed by the python script. Signed-off-by: Mateusz Starzyk --- include/mbedtls/timing.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 9a8b1e011..7669bb9b3 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -52,7 +52,7 @@ struct mbedtls_timing_hr_time */ typedef struct mbedtls_timing_delay_context { - struct mbedtls_timing_hr_time timer; + struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer); uint32_t MBEDTLS_PRIVATE(int_ms); uint32_t MBEDTLS_PRIVATE(fin_ms); } mbedtls_timing_delay_context; From a74295fb526f3d6ac1468e6ef46212200db80418 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Mon, 7 Jun 2021 11:30:55 +0200 Subject: [PATCH 116/236] Remove outdated note about direct manipulation of private members. Signed-off-by: Mateusz Starzyk --- include/mbedtls/rsa.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 08db213f4..d3b695ea1 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -82,10 +82,6 @@ extern "C" { /** * \brief The RSA context structure. - * - * \note Direct manipulation of the members of this structure - * is deprecated. All manipulation should instead be done through - * the public interface functions. */ typedef struct mbedtls_rsa_context { From 13a977667652ec3a7a3e9ad45b9e6bad09b2539b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 7 Jun 2021 12:00:04 +0200 Subject: [PATCH 117/236] Editorial improvements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/issue4286.txt | 12 ++++-------- .../remove_support_for_tls_1.0_1.1_and_dtls_1.0.md | 6 +++--- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/ChangeLog.d/issue4286.txt b/ChangeLog.d/issue4286.txt index 427b37ccc..75d2f0928 100644 --- a/ChangeLog.d/issue4286.txt +++ b/ChangeLog.d/issue4286.txt @@ -2,13 +2,9 @@ Removals * Remove support for TLS 1.0, TLS 1.1 and DTLS 1.0, as well as support for CBC record splitting, fallback SCSV, and the ability to configure ciphersuites per version, which are no longer relevant. This removes the - following public constants: MBEDTLS_SSL_PROTO_TLS1, - MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_MINOR_VERSION_1, - MBEDTLS_SSL_MINOR_VERSION_2, MBEDTLS_SSL_CBC_RECORD_SPLITTING, - MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED, - MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED, - MBEDTLS_SSL_FALLBACK_SCSV, MBEDTLS_SSL_FALLBACK_SCSV_VALUE, - MBEDTLS_SSL_IS_FALLBACK, MBEDTLS_SSL_IS_NOT_FALLBACK; and functions: + configuration options MBEDTLS_SSL_PROTO_TLS1, + MBEDTLS_SSL_PROTO_TLS1_1, MBEDTLS_SSL_CBC_RECORD_SPLITTING and + MBEDTLS_SSL_FALLBACK_SCSV as well as the functions mbedtls_ssl_conf_cbc_record_splitting(), mbedtls_ssl_get_key_exchange_md_ssl_tls(), mbedtls_ssl_conf_fallback(), - mbedtls_ssl_conf_ciphersuites_for_version(). Fixes #4286. + and mbedtls_ssl_conf_ciphersuites_for_version(). Fixes #4286. diff --git a/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md b/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md index b1afe64eb..73d621f78 100644 --- a/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md +++ b/docs/3.0-migration-guide.d/remove_support_for_tls_1.0_1.1_and_dtls_1.0.md @@ -10,9 +10,9 @@ surface, even if the code is supposedly not used. The migration path is to adopt the latest versions of the protocol. -As a consequence of removing 1.0, support for CBC record splitting was also -removed, as it was a work-around for a weakness in this particular version. -There is no migration path is no longer makes sense with newer versions. +As a consequence of removing TLS 1.0, support for CBC record splitting was +also removed, as it was a work-around for a weakness in this particular +version. There is no migration path since the feature is no longer relevant. As a consequence of currently supporting only one version of (D)TLS (and in the future 1.3 which will have a different version negociation mechanism), support From 442fdc22eac7ae24c507543529a887ec33482165 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 7 Jun 2021 13:52:23 +0200 Subject: [PATCH 118/236] Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code Signed-off-by: TRodziewicz --- ChangeLog.d/issue4405.txt | 4 +++ configs/config-no-entropy.h | 2 -- ..._MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md | 20 ++++++++++++++ include/mbedtls/config.h | 27 ------------------- include/mbedtls/x509_crt.h | 4 --- library/ssl_tls.c | 17 ------------ library/x509_crt.c | 8 ------ tests/suites/test_suite_x509parse.data | 6 ++--- tests/suites/test_suite_x509parse.function | 4 +-- 9 files changed, 29 insertions(+), 63 deletions(-) create mode 100644 ChangeLog.d/issue4405.txt create mode 100644 docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md diff --git a/ChangeLog.d/issue4405.txt b/ChangeLog.d/issue4405.txt new file mode 100644 index 000000000..c36aefa15 --- /dev/null +++ b/ChangeLog.d/issue4405.txt @@ -0,0 +1,4 @@ +Removals + * Remove the MBEDTLS_X509_CHECK_KEY_USAGE and + MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE config.h options and let the code + behave as if they were always enabled. Fixes #4405. diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 09b3cf5e0..7ca33c381 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -49,8 +49,6 @@ #define MBEDTLS_PKCS1_V21 #define MBEDTLS_SELF_TEST #define MBEDTLS_VERSION_FEATURES -#define MBEDTLS_X509_CHECK_KEY_USAGE -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE /* mbed TLS modules */ #define MBEDTLS_AES_C diff --git a/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md new file mode 100644 index 000000000..348fe32f7 --- /dev/null +++ b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md @@ -0,0 +1,20 @@ +Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `config.h` +-- + +This change affects users who have chosen the compilation time options to disable +the library's verification of the `keyUsage` and `extendedKeyUsage` fields of an x509 +certificate. + +The change is to remove MBEDTLS_X509_CHECK_KEY_USAGE and +MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE from the configuration. + +After the change the options are removed and the compilation is done in a way that +the verification of the key usage fields is allways enabled by default. + +This verification is an important step and disabling it can cause security issues. +If the verification is for some reason undesirable it can still be disabled at +a runtime with even more flexibility by using the callback parameter in +`mbedtls_x509_crt_verify()`. + +For example the user can disable the verification by using the callback which +clears the corresponding flags when they've been set. diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 9cce3cd8e..42f9867ac 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1910,33 +1910,6 @@ */ //#define MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK -/** - * \def MBEDTLS_X509_CHECK_KEY_USAGE - * - * Enable verification of the keyUsage extension (CA and leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused - * (intermediate) CA and leaf certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip keyUsage checking for both CA and leaf certificates. - */ -#define MBEDTLS_X509_CHECK_KEY_USAGE - -/** - * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - * - * Enable verification of the extendedKeyUsage extension (leaf certificates). - * - * Disabling this avoids problems with mis-issued and/or misused certificates. - * - * \warning Depending on your PKI use, disabling this can be a security risk! - * - * Comment to skip extendedKeyUsage checking for certificates. - */ -#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE - /** * \def MBEDTLS_X509_REMOVE_INFO * diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 23a20d10b..18b03738c 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -827,7 +827,6 @@ int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, #endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */ -#if defined(MBEDTLS_X509_CHECK_KEY_USAGE) /** * \brief Check usage of certificate against keyUsage extension. * @@ -851,9 +850,7 @@ int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt, */ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, unsigned int usage ); -#endif /* MBEDTLS_X509_CHECK_KEY_USAGE) */ -#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) /** * \brief Check usage of certificate against extendedKeyUsage. * @@ -870,7 +867,6 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len ); -#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ #if defined(MBEDTLS_X509_CRL_PARSE_C) /** diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9b8c05f76..b9666e9b0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6526,22 +6526,10 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, uint32_t *flags ) { int ret = 0; -#if defined(MBEDTLS_X509_CHECK_KEY_USAGE) int usage = 0; -#endif -#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) const char *ext_oid; size_t ext_len; -#endif -#if !defined(MBEDTLS_X509_CHECK_KEY_USAGE) && \ - !defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) - ((void) cert); - ((void) cert_endpoint); - ((void) flags); -#endif - -#if defined(MBEDTLS_X509_CHECK_KEY_USAGE) if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) { /* Server part of the key exchange */ @@ -6583,11 +6571,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE; ret = -1; } -#else - ((void) ciphersuite); -#endif /* MBEDTLS_X509_CHECK_KEY_USAGE */ -#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) if( cert_endpoint == MBEDTLS_SSL_IS_SERVER ) { ext_oid = MBEDTLS_OID_SERVER_AUTH; @@ -6604,7 +6588,6 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert, *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE; ret = -1; } -#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ return( ret ); } diff --git a/library/x509_crt.c b/library/x509_crt.c index 8387de618..2cc3381d1 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2238,7 +2238,6 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, } #endif /* MBEDTLS_X509_REMOVE_INFO */ -#if defined(MBEDTLS_X509_CHECK_KEY_USAGE) int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, unsigned int usage ) { @@ -2261,9 +2260,7 @@ int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, return( 0 ); } -#endif -#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, const char *usage_oid, size_t usage_len ) @@ -2293,7 +2290,6 @@ int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt, return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); } -#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ #if defined(MBEDTLS_X509_CRL_PARSE_C) /* @@ -2344,14 +2340,12 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca, /* * Check if the CA is configured to sign CRLs */ -#if defined(MBEDTLS_X509_CHECK_KEY_USAGE) if( mbedtls_x509_crt_check_key_usage( ca, MBEDTLS_X509_KU_CRL_SIGN ) != 0 ) { flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED; break; } -#endif /* * Check if CRL is correctly signed by the trusted CA @@ -2488,13 +2482,11 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child, if( need_ca_bit && ! parent->ca_istrue ) return( -1 ); -#if defined(MBEDTLS_X509_CHECK_KEY_USAGE) if( need_ca_bit && mbedtls_x509_crt_check_key_usage( parent, MBEDTLS_X509_KU_KEY_CERT_SIGN ) != 0 ) { return( -1 ); } -#endif return( 0 ); } diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 59acc667a..d9611e5da 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -720,7 +720,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_S x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #53 (CA keyUsage missing cRLSign) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #54 (CA keyUsage missing cRLSign, no CRL) @@ -728,11 +728,11 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_S x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" X509 CRT verification #55 (CA keyUsage missing keyCertSign) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #56 (CA keyUsage plain wrong) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-1) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index a6361d83a..fea02f362 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -1173,7 +1173,7 @@ void x509_oid_numstr( data_t * oid_buf, char * numstr, int blen, int ret ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ void x509_check_key_usage( char * crt_file, int usage, int ret ) { mbedtls_x509_crt crt; @@ -1189,7 +1189,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret ) { From 34428a6849e50728ed782094fb5f463db42b533a Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 7 Jun 2021 15:33:15 +0200 Subject: [PATCH 119/236] Remove duplicated ASSERT_ALLOC define Signed-off-by: TRodziewicz --- tests/include/test/macros.h | 32 -------------------------------- 1 file changed, 32 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index df961aa04..87e86d38e 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -174,38 +174,6 @@ } \ } while( 0 ) -/** Allocate memory dynamically and fail the test case if this fails. - * - * You must set \p pointer to \c NULL before calling this macro and - * put `mbedtls_free( pointer )` in the test's cleanup code. - * - * If \p length is zero, the resulting \p pointer will be \c NULL. - * This is usually what we want in tests since API functions are - * supposed to accept null pointers when a buffer size is zero. - * - * This macro expands to an instruction, not an expression. - * It may jump to the \c exit label. - * - * \param pointer An lvalue where the address of the allocated buffer - * will be stored. - * This expression may be evaluated multiple times. - * \param length Number of elements to allocate. - * This expression may be evaluated multiple times. - * - */ -#define ASSERT_ALLOC( pointer, length ) \ - do \ - { \ - TEST_ASSERT( ( pointer ) == NULL ); \ - if( ( length ) != 0 ) \ - { \ - ( pointer ) = mbedtls_calloc( sizeof( *( pointer ) ), \ - ( length ) ); \ - TEST_ASSERT( ( pointer ) != NULL ); \ - } \ - } \ - while( 0 ) - #define TEST_HELPER_ASSERT(a) if( !( a ) ) \ { \ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ From d1a8cd5169d81308be85320ad39c80ea810970a7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Jun 2021 20:42:40 +0200 Subject: [PATCH 120/236] Minor clarifications Signed-off-by: Gilles Peskine --- BRANCHES.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/BRANCHES.md b/BRANCHES.md index dbdc1738e..d9de6957d 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -28,7 +28,7 @@ undocumented features, then you should be able to re-compile it without modification with any later release x.y'.z' with the same major version number, and your code will still build, be secure, and work. -Note that new releases of Mbed TLS may extend the API. Here are some example of changes that are common in minor releases of Mbed TLS, and are not considered compatibility breaks: +Note that new releases of Mbed TLS may extend the API. Here are some example of changes that are common in minor releases of Mbed TLS, and are not considered API compatibility breaks: * Adding or reordering fields in a structure or union. * Removing a field from a structure, unless the field is documented as public. @@ -37,11 +37,11 @@ Note that new releases of Mbed TLS may extend the API. Here are some example of * Changing which error code is returned in a case where multiple error conditions apply. * Changing the behavior of a function from failing to succeeding, when the change is a reasonable extension of the current behavior, i.e. the addition of a new feature. -There are rare exceptions: code that was relying on something that became -insecure in the meantime (for example, crypto that was found to be weak) may -need to be changed. In case security comes in conflict with backwards -compatibility, we will put security first, but always attempt to provide a -compatibility option. +There are rare exceptions where we break API compatibility: code that was +relying on something that became insecure in the meantime (for example, +crypto that was found to be weak) may need to be changed. In case security +comes in conflict with backwards compatibility, we will put security first, +but always attempt to provide a compatibility option. For the LTS branches, additionally we try very hard to also maintain ABI compatibility (same definition as API except with re-linking instead of From 87d36e311bd043ce4170f31c94803fc05b4c312b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Jun 2021 20:42:50 +0200 Subject: [PATCH 121/236] Add a section heading for LTS branches Signed-off-by: Gilles Peskine --- BRANCHES.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/BRANCHES.md b/BRANCHES.md index d9de6957d..a758d08b3 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -28,7 +28,7 @@ undocumented features, then you should be able to re-compile it without modification with any later release x.y'.z' with the same major version number, and your code will still build, be secure, and work. -Note that new releases of Mbed TLS may extend the API. Here are some example of changes that are common in minor releases of Mbed TLS, and are not considered API compatibility breaks: +Note that new releases of Mbed TLS may extend the API. Here are some examples of changes that are common in minor releases of Mbed TLS, and are not considered API compatibility breaks: * Adding or reordering fields in a structure or union. * Removing a field from a structure, unless the field is documented as public. @@ -43,6 +43,8 @@ crypto that was found to be weak) may need to be changed. In case security comes in conflict with backwards compatibility, we will put security first, but always attempt to provide a compatibility option. +## Long-time support branches + For the LTS branches, additionally we try very hard to also maintain ABI compatibility (same definition as API except with re-linking instead of re-compiling) and to avoid any increase in code size or RAM usage, or in the From df3b86343ac80a4874878c28108c88a157a8c076 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Jun 2021 05:30:45 +0100 Subject: [PATCH 122/236] Fixup rebase slip in library/ssl_misc.h Signed-off-by: Hanno Becker --- library/ssl_misc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index ecbeb8ba8..7fd5686bd 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -289,7 +289,7 @@ size_t mbedtls_ssl_get_output_max_frag_len( const mbedtls_ssl_context *ssl ); /** * \brief Return the maximum fragment length (payload, in bytes) for * the input buffer. This is the negotiated maximum fragment - * length, or, if there is none, MBEDTLS_SSL_MAX_CONTENT_LEN. + * length, or, if there is none, MBEDTLS_SSL_IN_CONTENT_LEN. * If it is not defined either, the value is 2^14. This function * works as its predecessor, \c mbedtls_ssl_get_max_frag_len(). * From 59d3670fa557f5ed564b631e4299138a8bbf4e78 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Jun 2021 05:35:29 +0100 Subject: [PATCH 123/236] Fix ssl-opt.sh test cases grepping for MFL configuration output Use and grep for the new max in/out record payload length API instead. Signed-off-by: Hanno Becker --- programs/ssl/ssl_client2.c | 7 ++ programs/ssl/ssl_server2.c | 7 ++ tests/ssl-opt.sh | 188 ++++++++++++++++++------------------- 3 files changed, 108 insertions(+), 94 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 3cbf13000..6e9955ccf 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2083,6 +2083,13 @@ int main( int argc, char *argv[] ) else mbedtls_printf( " [ Record expansion is unknown ]\n" ); +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + mbedtls_printf( " [ Maximum incoming record payload length is %u ]\n", + (unsigned int) mbedtls_ssl_get_max_in_record_payload( &ssl ) ); + mbedtls_printf( " [ Maximum outgoing record payload length is %u ]\n", + (unsigned int) mbedtls_ssl_get_max_out_record_payload( &ssl ) ); +#endif + #if defined(MBEDTLS_SSL_ALPN) if( opt.alpn_string != NULL ) { diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 1ec8f09f7..914286cfc 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3164,6 +3164,13 @@ handshake: else mbedtls_printf( " [ Record expansion is unknown ]\n" ); +#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) + mbedtls_printf( " [ Maximum incoming record payload length is %u ]\n", + (unsigned int) mbedtls_ssl_get_max_in_record_payload( &ssl ) ); + mbedtls_printf( " [ Maximum outgoing record payload length is %u ]\n", + (unsigned int) mbedtls_ssl_get_max_out_record_payload( &ssl ) ); +#endif + #if defined(MBEDTLS_SSL_ALPN) if( opt.alpn_string != NULL ) { diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1041c87d4..a42ff73ac 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3033,10 +3033,10 @@ run_test "Max fragment length: enabled, default" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ 0 \ - -c "Maximum input fragment length is $MAX_CONTENT_LEN" \ - -c "Maximum output fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum input fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum output fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ + -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ + -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ + -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ -C "client hello, adding max_fragment_length extension" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ @@ -3047,10 +3047,10 @@ run_test "Max fragment length: enabled, default, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 0 \ - -c "Maximum input fragment length is $MAX_CONTENT_LEN" \ - -c "Maximum output fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum input fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum output fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ + -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ + -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ + -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ -C "client hello, adding max_fragment_length extension" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ @@ -3064,10 +3064,10 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1 \ - -c "Maximum input fragment length is $MAX_CONTENT_LEN" \ - -c "Maximum output fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum input fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum output fragment length is $MAX_CONTENT_LEN" \ + -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ + -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ + -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ + -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ -C "client hello, adding max_fragment_length extension" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ @@ -3083,10 +3083,10 @@ run_test "Max fragment length: disabled, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 0 \ - -C "Maximum input fragment length is 16384" \ - -C "Maximum output fragment length is 16384" \ - -S "Maximum input fragment length is 16384" \ - -S "Maximum output fragment length is 16384" \ + -C "Maximum incoming record payload length is 16384" \ + -C "Maximum outgoing record payload length is 16384" \ + -S "Maximum incoming record payload length is 16384" \ + -S "Maximum outgoing record payload length is 16384" \ -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ -s "$MAX_CONTENT_LEN bytes read" \ -s "1 bytes read" @@ -3096,10 +3096,10 @@ run_test "Max fragment length DTLS: disabled, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1 \ - -C "Maximum input fragment length is 16384" \ - -C "Maximum output fragment length is 16384" \ - -S "Maximum input fragment length is 16384" \ - -S "Maximum output fragment length is 16384" \ + -C "Maximum incoming record payload length is 16384" \ + -C "Maximum outgoing record payload length is 16384" \ + -S "Maximum incoming record payload length is 16384" \ + -S "Maximum outgoing record payload length is 16384" \ -c "fragment larger than.*maximum " requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH @@ -3107,10 +3107,10 @@ run_test "Max fragment length: used by client" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=4096" \ 0 \ - -c "Maximum input fragment length is 4096" \ - -c "Maximum output fragment length is 4096" \ - -s "Maximum input fragment length is 4096" \ - -s "Maximum output fragment length is 4096" \ + -c "Maximum incoming record payload length is 4096" \ + -c "Maximum outgoing record payload length is 4096" \ + -s "Maximum incoming record payload length is 4096" \ + -s "Maximum outgoing record payload length is 4096" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3121,10 +3121,10 @@ run_test "Max fragment length: client 512, server 1024" \ "$P_SRV debug_level=3 max_frag_len=1024" \ "$P_CLI debug_level=3 max_frag_len=512" \ 0 \ - -c "Maximum input fragment length is 512" \ - -c "Maximum output fragment length is 512" \ - -s "Maximum input fragment length is 512" \ - -s "Maximum output fragment length is 512" \ + -c "Maximum incoming record payload length is 512" \ + -c "Maximum outgoing record payload length is 512" \ + -s "Maximum incoming record payload length is 512" \ + -s "Maximum outgoing record payload length is 512" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3135,10 +3135,10 @@ run_test "Max fragment length: client 512, server 2048" \ "$P_SRV debug_level=3 max_frag_len=2048" \ "$P_CLI debug_level=3 max_frag_len=512" \ 0 \ - -c "Maximum input fragment length is 512" \ - -c "Maximum output fragment length is 512" \ - -s "Maximum input fragment length is 512" \ - -s "Maximum output fragment length is 512" \ + -c "Maximum incoming record payload length is 512" \ + -c "Maximum outgoing record payload length is 512" \ + -s "Maximum incoming record payload length is 512" \ + -s "Maximum outgoing record payload length is 512" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3149,10 +3149,10 @@ run_test "Max fragment length: client 512, server 4096" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3 max_frag_len=512" \ 0 \ - -c "Maximum input fragment length is 512" \ - -c "Maximum output fragment length is 512" \ - -s "Maximum input fragment length is 512" \ - -s "Maximum output fragment length is 512" \ + -c "Maximum incoming record payload length is 512" \ + -c "Maximum outgoing record payload length is 512" \ + -s "Maximum incoming record payload length is 512" \ + -s "Maximum outgoing record payload length is 512" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3163,10 +3163,10 @@ run_test "Max fragment length: client 1024, server 512" \ "$P_SRV debug_level=3 max_frag_len=512" \ "$P_CLI debug_level=3 max_frag_len=1024" \ 0 \ - -c "Maximum input fragment length is 1024" \ - -c "Maximum output fragment length is 1024" \ - -s "Maximum input fragment length is 1024" \ - -s "Maximum output fragment length is 512" \ + -c "Maximum incoming record payload length is 1024" \ + -c "Maximum outgoing record payload length is 1024" \ + -s "Maximum incoming record payload length is 1024" \ + -s "Maximum outgoing record payload length is 512" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3177,10 +3177,10 @@ run_test "Max fragment length: client 1024, server 2048" \ "$P_SRV debug_level=3 max_frag_len=2048" \ "$P_CLI debug_level=3 max_frag_len=1024" \ 0 \ - -c "Maximum input fragment length is 1024" \ - -c "Maximum output fragment length is 1024" \ - -s "Maximum input fragment length is 1024" \ - -s "Maximum output fragment length is 1024" \ + -c "Maximum incoming record payload length is 1024" \ + -c "Maximum outgoing record payload length is 1024" \ + -s "Maximum incoming record payload length is 1024" \ + -s "Maximum outgoing record payload length is 1024" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3191,10 +3191,10 @@ run_test "Max fragment length: client 1024, server 4096" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3 max_frag_len=1024" \ 0 \ - -c "Maximum input fragment length is 1024" \ - -c "Maximum output fragment length is 1024" \ - -s "Maximum input fragment length is 1024" \ - -s "Maximum output fragment length is 1024" \ + -c "Maximum incoming record payload length is 1024" \ + -c "Maximum outgoing record payload length is 1024" \ + -s "Maximum incoming record payload length is 1024" \ + -s "Maximum outgoing record payload length is 1024" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3205,10 +3205,10 @@ run_test "Max fragment length: client 2048, server 512" \ "$P_SRV debug_level=3 max_frag_len=512" \ "$P_CLI debug_level=3 max_frag_len=2048" \ 0 \ - -c "Maximum input fragment length is 2048" \ - -c "Maximum output fragment length is 2048" \ - -s "Maximum input fragment length is 2048" \ - -s "Maximum output fragment length is 512" \ + -c "Maximum incoming record payload length is 2048" \ + -c "Maximum outgoing record payload length is 2048" \ + -s "Maximum incoming record payload length is 2048" \ + -s "Maximum outgoing record payload length is 512" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3219,10 +3219,10 @@ run_test "Max fragment length: client 2048, server 1024" \ "$P_SRV debug_level=3 max_frag_len=1024" \ "$P_CLI debug_level=3 max_frag_len=2048" \ 0 \ - -c "Maximum input fragment length is 2048" \ - -c "Maximum output fragment length is 2048" \ - -s "Maximum input fragment length is 2048" \ - -s "Maximum output fragment length is 1024" \ + -c "Maximum incoming record payload length is 2048" \ + -c "Maximum outgoing record payload length is 2048" \ + -s "Maximum incoming record payload length is 2048" \ + -s "Maximum outgoing record payload length is 1024" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3233,10 +3233,10 @@ run_test "Max fragment length: client 2048, server 4096" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3 max_frag_len=2048" \ 0 \ - -c "Maximum input fragment length is 2048" \ - -c "Maximum output fragment length is 2048" \ - -s "Maximum input fragment length is 2048" \ - -s "Maximum output fragment length is 2048" \ + -c "Maximum incoming record payload length is 2048" \ + -c "Maximum outgoing record payload length is 2048" \ + -s "Maximum incoming record payload length is 2048" \ + -s "Maximum outgoing record payload length is 2048" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3247,10 +3247,10 @@ run_test "Max fragment length: client 4096, server 512" \ "$P_SRV debug_level=3 max_frag_len=512" \ "$P_CLI debug_level=3 max_frag_len=4096" \ 0 \ - -c "Maximum input fragment length is 4096" \ - -c "Maximum output fragment length is 4096" \ - -s "Maximum input fragment length is 4096" \ - -s "Maximum output fragment length is 512" \ + -c "Maximum incoming record payload length is 4096" \ + -c "Maximum outgoing record payload length is 4096" \ + -s "Maximum incoming record payload length is 4096" \ + -s "Maximum outgoing record payload length is 512" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3261,10 +3261,10 @@ run_test "Max fragment length: client 4096, server 1024" \ "$P_SRV debug_level=3 max_frag_len=1024" \ "$P_CLI debug_level=3 max_frag_len=4096" \ 0 \ - -c "Maximum input fragment length is 4096" \ - -c "Maximum output fragment length is 4096" \ - -s "Maximum input fragment length is 4096" \ - -s "Maximum output fragment length is 1024" \ + -c "Maximum incoming record payload length is 4096" \ + -c "Maximum outgoing record payload length is 4096" \ + -s "Maximum incoming record payload length is 4096" \ + -s "Maximum outgoing record payload length is 1024" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3275,10 +3275,10 @@ run_test "Max fragment length: client 4096, server 2048" \ "$P_SRV debug_level=3 max_frag_len=2048" \ "$P_CLI debug_level=3 max_frag_len=4096" \ 0 \ - -c "Maximum input fragment length is 4096" \ - -c "Maximum output fragment length is 4096" \ - -s "Maximum input fragment length is 4096" \ - -s "Maximum output fragment length is 2048" \ + -c "Maximum incoming record payload length is 4096" \ + -c "Maximum outgoing record payload length is 4096" \ + -s "Maximum incoming record payload length is 4096" \ + -s "Maximum outgoing record payload length is 2048" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3289,10 +3289,10 @@ run_test "Max fragment length: used by server" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3" \ 0 \ - -c "Maximum input fragment length is $MAX_CONTENT_LEN" \ - -c "Maximum output fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum input fragment length is $MAX_CONTENT_LEN" \ - -s "Maximum output fragment length is 4096" \ + -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ + -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ + -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ + -s "Maximum outgoing record payload length is 4096" \ -C "client hello, adding max_fragment_length extension" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ @@ -3304,8 +3304,8 @@ run_test "Max fragment length: gnutls server" \ "$G_SRV" \ "$P_CLI debug_level=3 max_frag_len=4096" \ 0 \ - -c "Maximum input fragment length is 4096" \ - -c "Maximum output fragment length is 4096" \ + -c "Maximum incoming record payload length is 4096" \ + -c "Maximum outgoing record payload length is 4096" \ -c "client hello, adding max_fragment_length extension" \ -c "found max_fragment_length extension" @@ -3314,10 +3314,10 @@ run_test "Max fragment length: client, message just fits" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \ 0 \ - -c "Maximum input fragment length is 2048" \ - -c "Maximum output fragment length is 2048" \ - -s "Maximum input fragment length is 2048" \ - -s "Maximum output fragment length is 2048" \ + -c "Maximum incoming record payload length is 2048" \ + -c "Maximum outgoing record payload length is 2048" \ + -s "Maximum incoming record payload length is 2048" \ + -s "Maximum outgoing record payload length is 2048" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3330,10 +3330,10 @@ run_test "Max fragment length: client, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \ 0 \ - -c "Maximum input fragment length is 2048" \ - -c "Maximum output fragment length is 2048" \ - -s "Maximum input fragment length is 2048" \ - -s "Maximum output fragment length is 2048" \ + -c "Maximum incoming record payload length is 2048" \ + -c "Maximum outgoing record payload length is 2048" \ + -s "Maximum incoming record payload length is 2048" \ + -s "Maximum outgoing record payload length is 2048" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3347,10 +3347,10 @@ run_test "Max fragment length: DTLS client, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ 1 \ - -c "Maximum input fragment length is 2048" \ - -c "Maximum output fragment length is 2048" \ - -s "Maximum input fragment length is 2048" \ - -s "Maximum output fragment length is 2048" \ + -c "Maximum incoming record payload length is 2048" \ + -c "Maximum outgoing record payload length is 2048" \ + -s "Maximum incoming record payload length is 2048" \ + -s "Maximum outgoing record payload length is 2048" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ @@ -3457,10 +3457,10 @@ run_test "Renegotiation with max fragment length: client 2048, server 512" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 0 \ - -c "Maximum input fragment length is 2048" \ - -c "Maximum output fragment length is 2048" \ - -s "Maximum input fragment length is 2048" \ - -s "Maximum output fragment length is 512" \ + -c "Maximum incoming record payload length is 2048" \ + -c "Maximum outgoing record payload length is 2048" \ + -s "Maximum incoming record payload length is 2048" \ + -s "Maximum outgoing record payload length is 512" \ -c "client hello, adding max_fragment_length extension" \ -s "found max fragment length extension" \ -s "server hello, max_fragment_length extension" \ From 61f292ea0a4b2e4388f69a80661ba8b22a547152 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 8 Jun 2021 07:50:55 +0100 Subject: [PATCH 124/236] Fix migration guide for now-removed deprecated functions Signed-off-by: Hanno Becker --- .../remove_deprecated_functions_and_constants.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md index b18b3109d..31c2ce862 100644 --- a/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md +++ b/docs/3.0-migration-guide.d/remove_deprecated_functions_and_constants.md @@ -50,7 +50,9 @@ The function `mbedtls_ssl_conf_dh_param()` was removed. Please use `mbedtls_ssl_conf_dh_param_bin()` or `mbedtls_ssl_conf_dh_param_ctx()` instead. The function `mbedtls_ssl_get_max_frag_len()` was removed. Please use -`mbedtls_ssl_get_output_max_frag_len()` instead. +`mbedtls_ssl_get_max_out_record_payload()` and +`mbedtls_ssl_get_max_in_record_payload()` +instead. Deprecated hex-encoded primes were removed from DHM --------------------------------------------------- From 6dd92c3f6b2c3e2dc28d966607560b260a491e27 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Jun 2021 20:44:47 +0200 Subject: [PATCH 125/236] Wrap lines in the source to <80 columns Signed-off-by: Gilles Peskine --- BRANCHES.md | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/BRANCHES.md b/BRANCHES.md index a758d08b3..df30ae100 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -28,14 +28,20 @@ undocumented features, then you should be able to re-compile it without modification with any later release x.y'.z' with the same major version number, and your code will still build, be secure, and work. -Note that new releases of Mbed TLS may extend the API. Here are some examples of changes that are common in minor releases of Mbed TLS, and are not considered API compatibility breaks: +Note that new releases of Mbed TLS may extend the API. Here are some +examples of changes that are common in minor releases of Mbed TLS, and are +not considered API compatibility breaks: * Adding or reordering fields in a structure or union. * Removing a field from a structure, unless the field is documented as public. * Adding items to an enum. -* Returning an error code that was not previously documented for a function when a new error condition arises. -* Changing which error code is returned in a case where multiple error conditions apply. -* Changing the behavior of a function from failing to succeeding, when the change is a reasonable extension of the current behavior, i.e. the addition of a new feature. +* Returning an error code that was not previously documented for a function + when a new error condition arises. +* Changing which error code is returned in a case where multiple error + conditions apply. +* Changing the behavior of a function from failing to succeeding, when the + change is a reasonable extension of the current behavior, i.e. the + addition of a new feature. There are rare exceptions where we break API compatibility: code that was relying on something that became insecure in the meantime (for example, From ea7631be1c797f8b6363c44535aba7df0c348795 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 3 Jun 2021 18:51:59 +0200 Subject: [PATCH 126/236] Change mbedtls_rsa_set_padding() signature mbedtls_rsa_set_padding() now returns the error code MBEDTLS_ERR_RSA_INVALID_PADDING when padding parameters are invalid. Signed-off-by: Ronald Cron --- include/mbedtls/rsa.h | 10 +++- library/psa_crypto.c | 19 ++++++-- library/psa_crypto_rsa.c | 73 ++++++++++++++++------------ library/rsa.c | 22 +++++++-- programs/pkey/rsa_sign_pss.c | 8 ++- programs/pkey/rsa_verify_pss.c | 8 ++- tests/suites/test_suite_rsa.data | 3 ++ tests/suites/test_suite_rsa.function | 24 +++++++++ 8 files changed, 123 insertions(+), 44 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index ba00bff31..eeb846e28 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -399,9 +399,15 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, * \param padding The padding mode to use. This must be either * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21. * \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier. + * #MBEDTLS_MD_NONE is accepted by this function but may be + * not suitable for some operations. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_RSA_INVALID_PADDING failure: + * \p padding or \p hash_id is invalid. */ -void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, - int hash_id ); +int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, + mbedtls_md_type_t hash_id ); /** * \brief This function retrieves the length of RSA modulus in Bytes. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 214c405b3..7921eb231 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2838,13 +2838,14 @@ psa_status_t psa_verify_hash( mbedtls_svc_key_id_t key, } #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) -static void psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg, - mbedtls_rsa_context *rsa ) +static int psa_rsa_oaep_set_padding_mode( psa_algorithm_t alg, + mbedtls_rsa_context *rsa ) { psa_algorithm_t hash_alg = PSA_ALG_RSA_OAEP_GET_HASH( alg ); const mbedtls_md_info_t *md_info = mbedtls_md_info_from_psa( hash_alg ); mbedtls_md_type_t md_alg = mbedtls_md_get_type( md_info ); - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); + + return( mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ) ); } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) */ @@ -2917,7 +2918,11 @@ psa_status_t psa_asymmetric_encrypt( mbedtls_svc_key_id_t key, #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( PSA_ALG_IS_RSA_OAEP( alg ) ) { - psa_rsa_oaep_set_padding_mode( alg, rsa ); + status = mbedtls_to_psa_error( + psa_rsa_oaep_set_padding_mode( alg, rsa ) ); + if( status != PSA_SUCCESS ) + goto rsa_exit; + status = mbedtls_to_psa_error( mbedtls_rsa_rsaes_oaep_encrypt( rsa, mbedtls_psa_get_random, @@ -3023,7 +3028,11 @@ psa_status_t psa_asymmetric_decrypt( mbedtls_svc_key_id_t key, #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) if( PSA_ALG_IS_RSA_OAEP( alg ) ) { - psa_rsa_oaep_set_padding_mode( alg, rsa ); + status = mbedtls_to_psa_error( + psa_rsa_oaep_set_padding_mode( alg, rsa ) ); + if( status != PSA_SUCCESS ) + goto rsa_exit; + status = mbedtls_to_psa_error( mbedtls_rsa_rsaes_oaep_decrypt( rsa, mbedtls_psa_get_random, diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index b5aec2003..33e22e700 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -416,29 +416,36 @@ static psa_status_t rsa_sign_hash( #if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, - MBEDTLS_MD_NONE ); - ret = mbedtls_rsa_pkcs1_sign( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - md_alg, - (unsigned int) hash_length, - hash, - signature ); + ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, + MBEDTLS_MD_NONE ); + if( ret == 0 ) + { + ret = mbedtls_rsa_pkcs1_sign( rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + md_alg, + (unsigned int) hash_length, + hash, + signature ); + } } else #endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ #if defined(BUILTIN_ALG_RSA_PSS) if( PSA_ALG_IS_RSA_PSS( alg ) ) { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); - ret = mbedtls_rsa_rsassa_pss_sign( rsa, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE, - MBEDTLS_MD_NONE, - (unsigned int) hash_length, - hash, - signature ); + ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); + + if( ret == 0 ) + { + ret = mbedtls_rsa_rsassa_pss_sign( rsa, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + MBEDTLS_MD_NONE, + (unsigned int) hash_length, + hash, + signature ); + } } else #endif /* BUILTIN_ALG_RSA_PSS */ @@ -489,25 +496,31 @@ static psa_status_t rsa_verify_hash( #if defined(BUILTIN_ALG_RSA_PKCS1V15_SIGN) if( PSA_ALG_IS_RSA_PKCS1V15_SIGN( alg ) ) { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, - MBEDTLS_MD_NONE ); - ret = mbedtls_rsa_pkcs1_verify( rsa, - md_alg, - (unsigned int) hash_length, - hash, - signature ); + ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V15, + MBEDTLS_MD_NONE ); + if( ret == 0 ) + { + ret = mbedtls_rsa_pkcs1_verify( rsa, + md_alg, + (unsigned int) hash_length, + hash, + signature ); + } } else #endif /* BUILTIN_ALG_RSA_PKCS1V15_SIGN */ #if defined(BUILTIN_ALG_RSA_PSS) if( PSA_ALG_IS_RSA_PSS( alg ) ) { - mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); - ret = mbedtls_rsa_rsassa_pss_verify( rsa, - MBEDTLS_MD_NONE, - (unsigned int) hash_length, - hash, - signature ); + ret = mbedtls_rsa_set_padding( rsa, MBEDTLS_RSA_PKCS_V21, md_alg ); + if( ret == 0 ) + { + ret = mbedtls_rsa_rsassa_pss_verify( rsa, + MBEDTLS_MD_NONE, + (unsigned int) hash_length, + hash, + signature ); + } } else #endif /* BUILTIN_ALG_RSA_PSS */ diff --git a/library/rsa.c b/library/rsa.c index 36424bd19..5a1ae79bc 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -500,15 +500,27 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, /* * Set padding for an existing RSA context */ -void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, - int hash_id ) +int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, + mbedtls_md_type_t hash_id ) { - RSA_VALIDATE( ctx != NULL ); - RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 || - padding == MBEDTLS_RSA_PKCS_V21 ); + if( ( padding != MBEDTLS_RSA_PKCS_V15 ) && + ( padding != MBEDTLS_RSA_PKCS_V21 ) ) + return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + + if( ( padding == MBEDTLS_RSA_PKCS_V21 ) && + ( hash_id != MBEDTLS_MD_NONE ) ) + { + const mbedtls_md_info_t *md_info; + + md_info = mbedtls_md_info_from_type( hash_id ); + if( md_info == NULL ) + return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + } ctx->padding = padding; ctx->hash_id = hash_id; + + return( 0 ); } /* diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 9d5053a56..e7fcf511a 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -115,7 +115,13 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 ); + if( ( ret = mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), + MBEDTLS_RSA_PKCS_V21, + MBEDTLS_MD_SHA256 ) ) != 0 ) + { + mbedtls_printf( " failed\n ! Invalid padding\n" ); + goto exit; + } /* * Compute the SHA-256 hash of the input file, diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c index 81b0fd644..527d79916 100644 --- a/programs/pkey/rsa_verify_pss.c +++ b/programs/pkey/rsa_verify_pss.c @@ -98,7 +98,13 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 ); + if( ( ret = mbedtls_rsa_set_padding( mbedtls_pk_rsa( pk ), + MBEDTLS_RSA_PKCS_V21, + MBEDTLS_MD_SHA256 ) ) != 0 ) + { + mbedtls_printf( " failed\n ! Invalid padding\n" ); + goto exit; + } /* * Extract the RSA signature from the file diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 2512ef24c..cc5a04779 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -1,3 +1,6 @@ +RSA parameter validation +rsa_invalid_param: + RSA init-free-free rsa_init_free:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 9cf2fcf34..e057dfb19 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -17,6 +17,30 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void rsa_invalid_param( ) +{ + mbedtls_rsa_context ctx; + const int invalid_padding = 42; + const int invalid_hash_id = 0xff; + + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); + + TEST_EQUAL( mbedtls_rsa_set_padding( &ctx, + invalid_padding, + MBEDTLS_MD_NONE ), + MBEDTLS_ERR_RSA_INVALID_PADDING ); + + TEST_EQUAL( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V21, + invalid_hash_id ), + MBEDTLS_ERR_RSA_INVALID_PADDING ); + +exit: + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void rsa_init_free( int reinit ) { From c1905a1c3debef865c6ecc19be121e4f205a13cb Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Sat, 5 Jun 2021 11:11:14 +0200 Subject: [PATCH 127/236] Change mbedtls_rsa_init() signature Remove padding parameters as mbedtls_rsa_init() cannot return an error code when padding parameters are invalid. Signed-off-by: Ronald Cron --- include/mbedtls/rsa.h | 56 +++++++++++----------- library/pk_wrap.c | 2 +- library/psa_crypto_rsa.c | 2 +- library/rsa.c | 11 ++--- programs/pkey/dh_client.c | 3 +- programs/pkey/dh_server.c | 3 +- programs/pkey/rsa_decrypt.c | 2 +- programs/pkey/rsa_encrypt.c | 2 +- programs/pkey/rsa_genkey.c | 2 +- programs/pkey/rsa_sign.c | 2 +- programs/pkey/rsa_verify.c | 2 +- programs/test/benchmark.c | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_pkcs1_v15.function | 14 ++++-- tests/suites/test_suite_pkcs1_v21.function | 15 ++++-- tests/suites/test_suite_rsa.function | 53 +++++++++++--------- 16 files changed, 92 insertions(+), 81 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index eeb846e28..514484574 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -134,33 +134,51 @@ mbedtls_rsa_context; /** * \brief This function initializes an RSA context. * + * \note This function initializes the padding and the hash + * identifier for #MBEDTLS_RSA_PKCS_V21 to respectively + * #MBEDTLS_RSA_PKCS_V15 and #MBEDTLS_MD_NONE. See + * mbedtls_rsa_set_padding() for more information about + * those parameters. + * + * \param ctx The RSA context to initialize. This must not be \c NULL. + */ +void mbedtls_rsa_init( mbedtls_rsa_context *ctx ); + +/** + * \brief This function sets padding for an already initialized RSA + * context. + * * \note Set padding to #MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP * encryption scheme and the RSASSA-PSS signature scheme. * * \note The \p hash_id parameter is ignored when using * #MBEDTLS_RSA_PKCS_V15 padding. * - * \note The choice of padding mode is strictly enforced for private key - * operations, since there might be security concerns in + * \note The choice of padding mode is strictly enforced for private + * key operations, since there might be security concerns in * mixing padding modes. For public key operations it is * a default value, which can be overridden by calling specific - * \c rsa_rsaes_xxx or \c rsa_rsassa_xxx functions. + * \c mbedtls_rsa_rsaes_xxx or \c mbedtls_rsa_rsassa_xxx + * functions. * * \note The hash selected in \p hash_id is always used for OEAP * encryption. For PSS signatures, it is always used for * making signatures, but can be overridden for verifying them. * If set to #MBEDTLS_MD_NONE, it is always overridden. * - * \param ctx The RSA context to initialize. This must not be \c NULL. + * \param ctx The initialized RSA context to be configured. * \param padding The padding mode to use. This must be either * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21. - * \param hash_id The hash identifier of ::mbedtls_md_type_t type, if - * \p padding is #MBEDTLS_RSA_PKCS_V21. It is unused - * otherwise. + * \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier. + * #MBEDTLS_MD_NONE is accepted by this function but may be + * not suitable for some operations. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_RSA_INVALID_PADDING failure: + * \p padding or \p hash_id is invalid. */ -void mbedtls_rsa_init( mbedtls_rsa_context *ctx, - int padding, - int hash_id ); +int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, + mbedtls_md_type_t hash_id ); /** * \brief This function imports a set of core parameters into an @@ -391,24 +409,6 @@ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ); -/** - * \brief This function sets padding for an already initialized RSA - * context. See mbedtls_rsa_init() for details. - * - * \param ctx The initialized RSA context to be configured. - * \param padding The padding mode to use. This must be either - * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21. - * \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier. - * #MBEDTLS_MD_NONE is accepted by this function but may be - * not suitable for some operations. - * - * \return \c 0 on success. - * \return #MBEDTLS_ERR_RSA_INVALID_PADDING failure: - * \p padding or \p hash_id is invalid. - */ -int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, - mbedtls_md_type_t hash_id ); - /** * \brief This function retrieves the length of RSA modulus in Bytes. * diff --git a/library/pk_wrap.c b/library/pk_wrap.c index c351113e0..ec0ff45cc 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -165,7 +165,7 @@ static void *rsa_alloc_wrap( void ) void *ctx = mbedtls_calloc( 1, sizeof( mbedtls_rsa_context ) ); if( ctx != NULL ) - mbedtls_rsa_init( (mbedtls_rsa_context *) ctx, 0, 0 ); + mbedtls_rsa_init( (mbedtls_rsa_context *) ctx ); return( ctx ); } diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 33e22e700..f2e9a1c05 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -317,7 +317,7 @@ static psa_status_t rsa_generate_key( if( status != PSA_SUCCESS ) return( status ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); + mbedtls_rsa_init( &rsa ); ret = mbedtls_rsa_gen_key( &rsa, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE, diff --git a/library/rsa.c b/library/rsa.c index 5a1ae79bc..26a93c1b9 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -477,17 +477,14 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, /* * Initialize an RSA context */ -void mbedtls_rsa_init( mbedtls_rsa_context *ctx, - int padding, - int hash_id ) +void mbedtls_rsa_init( mbedtls_rsa_context *ctx ) { RSA_VALIDATE( ctx != NULL ); - RSA_VALIDATE( padding == MBEDTLS_RSA_PKCS_V15 || - padding == MBEDTLS_RSA_PKCS_V21 ); memset( ctx, 0, sizeof( mbedtls_rsa_context ) ); - mbedtls_rsa_set_padding( ctx, padding, hash_id ); + ctx->padding = MBEDTLS_RSA_PKCS_V15; + ctx->hash_id = MBEDTLS_MD_NONE; #if defined(MBEDTLS_THREADING_C) /* Set ctx->ver to nonzero to indicate that the mutex has been @@ -2592,7 +2589,7 @@ int mbedtls_rsa_self_test( int verbose ) mbedtls_mpi K; mbedtls_mpi_init( &K ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &rsa ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_N ) ); MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, &K, NULL, NULL, NULL, NULL ) ); diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index c6b313200..3abf49eda 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -92,7 +92,6 @@ int main( void ) mbedtls_aes_context aes; mbedtls_net_init( &server_fd ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 ); mbedtls_dhm_init( &dhm ); mbedtls_aes_init( &aes ); mbedtls_ctr_drbg_init( &ctr_drbg ); @@ -125,7 +124,7 @@ int main( void ) goto exit; } - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &rsa ); if( ( ret = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 63df77ee0..d87f75a55 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -95,7 +95,6 @@ int main( void ) mbedtls_net_init( &listen_fd ); mbedtls_net_init( &client_fd ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 ); mbedtls_dhm_init( &dhm ); mbedtls_aes_init( &aes ); mbedtls_ctr_drbg_init( &ctr_drbg ); @@ -131,7 +130,7 @@ int main( void ) goto exit; } - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &rsa ); if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 || ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 || diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 1ba8c735d..88b80d177 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -90,7 +90,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &rsa ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index 6c654ad18..111362205 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -87,7 +87,7 @@ int main( int argc, char *argv[] ) fflush( stdout ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &rsa ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 26a892504..1dcfc52f0 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -75,7 +75,7 @@ int main( void ) const char *pers = "rsa_genkey"; mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &rsa ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 1cfa0a8dd..427554ff1 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -67,7 +67,7 @@ int main( int argc, char *argv[] ) char filename[512]; mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &rsa ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c index 6aca17134..0cd17b0a3 100644 --- a/programs/pkey/rsa_verify.c +++ b/programs/pkey/rsa_verify.c @@ -66,7 +66,7 @@ int main( int argc, char *argv[] ) unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; char filename[512]; - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &rsa ); if( argc != 2 ) { diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index e12345365..5aa31f725 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -786,7 +786,7 @@ int main( int argc, char *argv[] ) { mbedtls_snprintf( title, sizeof( title ), "RSA-%d", keysize ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &rsa ); mbedtls_rsa_gen_key( &rsa, myrand, NULL, keysize, 65537 ); TIME_PUBLIC( title, " public", diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 2e24aecc7..573c9d430 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -863,7 +863,7 @@ void pk_rsa_alt( ) size_t sig_len, ciph_len, test_len; int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; - mbedtls_rsa_init( &raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); + mbedtls_rsa_init( &raw ); mbedtls_pk_init( &rsa ); mbedtls_pk_init( &alt ); memset( hash, 0x2a, sizeof hash ); diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index a7fb2a5ff..d558c386f 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -25,7 +25,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, info.length = rnd_buf->len; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); @@ -71,7 +72,8 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( output, 0x00, sizeof( output ) ); memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); @@ -193,7 +195,7 @@ void pkcs1_v15_decode( data_t *input, memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi ); mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi ); - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &ctx ); TEST_ASSERT( mbedtls_mpi_read_binary( &Nmpi, N, sizeof( N ) ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_binary( &Empi, E, sizeof( E ) ) == 0 ); @@ -277,7 +279,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( hash_result, 0x00, sizeof( hash_result ) ); memset( output, 0x00, sizeof( output ) ); @@ -325,7 +328,8 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, ((void) salt); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( hash_result, 0x00, sizeof( hash_result ) ); TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index f7e1e24ac..e923e0b28 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -24,7 +24,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, data_t * input_N, data_t * input_E, info.length = rnd_buf->len; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); @@ -67,7 +68,8 @@ void pkcs1_rsaes_oaep_decrypt( int mod, data_t * input_P, data_t * input_Q, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( output, 0x00, sizeof( output ) ); memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); @@ -131,7 +133,8 @@ void pkcs1_rsassa_pss_sign( int mod, data_t * input_P, data_t * input_Q, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( hash_result, 0x00, sizeof( hash_result ) ); memset( output, 0x00, sizeof( output ) ); @@ -189,7 +192,8 @@ void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E, ((void) salt); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( hash_result, 0x00, sizeof( hash_result ) ); TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); @@ -225,7 +229,8 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, mbedtls_mpi N, E; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash ); memset( hash_result, 0x00, sizeof( hash_result ) ); TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index e057dfb19..aed05a420 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -24,7 +24,7 @@ void rsa_invalid_param( ) const int invalid_padding = 42; const int invalid_hash_id = 0xff; - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE ); + mbedtls_rsa_init( &ctx ); TEST_EQUAL( mbedtls_rsa_set_padding( &ctx, invalid_padding, @@ -51,11 +51,11 @@ void rsa_init_free( int reinit ) * unconditionally on an error path without checking whether it has * already been called in the success path. */ - mbedtls_rsa_init( &ctx, 0, 0 ); + mbedtls_rsa_init( &ctx ); mbedtls_rsa_free( &ctx ); if( reinit ) - mbedtls_rsa_init( &ctx, 0, 0 ); + mbedtls_rsa_init( &ctx ); mbedtls_rsa_free( &ctx ); /* This test case always succeeds, functionally speaking. A plausible @@ -79,7 +79,8 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, padding_mode, 0 ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); memset( hash_result, 0x00, sizeof( hash_result ) ); memset( output, 0x00, sizeof( output ) ); @@ -128,7 +129,8 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, mbedtls_mpi N, E; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, padding_mode, 0 ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); memset( hash_result, 0x00, sizeof( hash_result ) ); TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); @@ -162,7 +164,8 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, mbedtls_mpi N, P, Q, E; mbedtls_test_rnd_pseudo_info rnd_info; - mbedtls_rsa_init( &ctx, padding_mode, 0 ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); @@ -209,7 +212,8 @@ void rsa_pkcs1_verify_raw( data_t * hash_result, mbedtls_mpi N, E; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, padding_mode, 0 ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); @@ -243,7 +247,8 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); - mbedtls_rsa_init( &ctx, padding_mode, 0 ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); @@ -284,7 +289,8 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, mbedtls_mpi N, E; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, padding_mode, 0 ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); @@ -329,7 +335,8 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, padding_mode, 0 ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); memset( output, 0x00, sizeof( output ) ); memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); @@ -377,8 +384,8 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, mbedtls_mpi N, E; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); - mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_init( &ctx2 ); memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); @@ -435,8 +442,8 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); - mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &ctx ); + mbedtls_rsa_init( &ctx2 ); memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); @@ -512,7 +519,7 @@ void mbedtls_rsa_check_pubkey( int radix_N, char * input_N, int radix_E, mbedtls_mpi N, E; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &ctx ); if( strlen( input_N ) ) { @@ -543,7 +550,7 @@ void mbedtls_rsa_check_privkey( int mod, int radix_P, char * input_P, { mbedtls_rsa_context ctx; - mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &ctx ); ctx.len = mod / 8; if( strlen( input_P ) ) @@ -604,8 +611,8 @@ void rsa_check_pubpriv( int mod, int radix_Npub, char * input_Npub, { mbedtls_rsa_context pub, prv; - mbedtls_rsa_init( &pub, MBEDTLS_RSA_PKCS_V15, 0 ); - mbedtls_rsa_init( &prv, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_rsa_init( &pub ); + mbedtls_rsa_init( &prv ); pub.len = mod / 8; prv.len = mod / 8; @@ -676,7 +683,7 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); - mbedtls_rsa_init ( &ctx, 0, 0 ); + mbedtls_rsa_init ( &ctx ); TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, @@ -828,7 +835,7 @@ void mbedtls_rsa_import( int radix_N, char *input_N, mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); - mbedtls_rsa_init( &ctx, 0, 0 ); + mbedtls_rsa_init( &ctx ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); @@ -969,7 +976,7 @@ void mbedtls_rsa_export( int radix_N, char *input_N, mbedtls_rsa_context ctx; - mbedtls_rsa_init( &ctx, 0, 0 ); + mbedtls_rsa_init( &ctx ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); @@ -1149,7 +1156,7 @@ void mbedtls_rsa_export_raw( data_t *input_N, data_t *input_P, mbedtls_rsa_context ctx; - mbedtls_rsa_init( &ctx, 0, 0 ); + mbedtls_rsa_init( &ctx ); /* Setup RSA context */ TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, @@ -1251,7 +1258,7 @@ void mbedtls_rsa_import_raw( data_t *input_N, mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); - mbedtls_rsa_init( &ctx, 0, 0 ); + mbedtls_rsa_init( &ctx ); TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, From 6fe1bc3f246e93b08d5c7c4f9e0a41f38556402c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 7 Jun 2021 09:35:02 +0200 Subject: [PATCH 128/236] Add change log and migration guide Signed-off-by: Ronald Cron --- ChangeLog.d/rsa-padding.txt | 5 ++++ docs/3.0-migration-guide.d/rsa-padding.md | 29 +++++++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 ChangeLog.d/rsa-padding.txt create mode 100644 docs/3.0-migration-guide.d/rsa-padding.md diff --git a/ChangeLog.d/rsa-padding.txt b/ChangeLog.d/rsa-padding.txt new file mode 100644 index 000000000..5f9c11f71 --- /dev/null +++ b/ChangeLog.d/rsa-padding.txt @@ -0,0 +1,5 @@ +API changes + * mbedtls_rsa_init() now always selects the PKCS#1v1.5 encoding for an RSA + key. To use an RSA key with PSS or OAEP, call mbedtls_rsa_set_padding() + after initializing the context. mbedtls_rsa_set_padding() now returns an + error if its parameters are invalid. diff --git a/docs/3.0-migration-guide.d/rsa-padding.md b/docs/3.0-migration-guide.d/rsa-padding.md new file mode 100644 index 000000000..a04d9ee2a --- /dev/null +++ b/docs/3.0-migration-guide.d/rsa-padding.md @@ -0,0 +1,29 @@ +Remove the padding parameters from mbedtls_rsa_init() +----------------------------------------------------- + +This affects all users who use the RSA encryption, decryption, sign and +verify APIs. + +The function mbedtls_rsa_init() no longer supports selecting the PKCS#1 v2.1 +encoding and its hash. It just selects the PKCS#1 v1.5 encoding by default. If +you were using the PKCS#1 v2.1 encoding you now need, subsequently to the call +to mbedtls_rsa_init(), to call mbedtls_rsa_set_padding() to set it. + +Code migration examples: +```C + mbedtls_rsa_init(ctx, padding, hash_id); +``` +to +```C + mbedtls_rsa_init(ctx); + mbedtls_rsa_set_padding(ctx, padding, hash_id); +``` +or +```C + mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, ); +``` +to +```C + mbedtls_rsa_init(ctx); +``` + From d2cfa3e9809f62c7a5f7a873d900e9ca7714bf89 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 8 Jun 2021 09:09:04 +0200 Subject: [PATCH 129/236] Improve mbedtls_rsa_init/set_padding() descriptions Signed-off-by: Ronald Cron --- include/mbedtls/rsa.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 514484574..34174b69b 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -135,10 +135,9 @@ mbedtls_rsa_context; * \brief This function initializes an RSA context. * * \note This function initializes the padding and the hash - * identifier for #MBEDTLS_RSA_PKCS_V21 to respectively - * #MBEDTLS_RSA_PKCS_V15 and #MBEDTLS_MD_NONE. See - * mbedtls_rsa_set_padding() for more information about - * those parameters. + * identifier to respectively #MBEDTLS_RSA_PKCS_V15 and + * #MBEDTLS_MD_NONE. See mbedtls_rsa_set_padding() for more + * information about those parameters. * * \param ctx The RSA context to initialize. This must not be \c NULL. */ @@ -169,9 +168,10 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx ); * \param ctx The initialized RSA context to be configured. * \param padding The padding mode to use. This must be either * #MBEDTLS_RSA_PKCS_V15 or #MBEDTLS_RSA_PKCS_V21. - * \param hash_id The #MBEDTLS_RSA_PKCS_V21 hash identifier. - * #MBEDTLS_MD_NONE is accepted by this function but may be - * not suitable for some operations. + * \param hash_id The hash identifier for PSS or OAEP, if \p padding is + * #MBEDTLS_RSA_PKCS_V21. #MBEDTLS_MD_NONE is accepted by this + * function but may be not suitable for some operations. + * Ignored if \p padding is #MBEDTLS_RSA_PKCS_V15. * * \return \c 0 on success. * \return #MBEDTLS_ERR_RSA_INVALID_PADDING failure: From 266b6d2121eb2bbfb68725fa3b3ba63e9accbcc5 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 8 Jun 2021 10:03:49 +0200 Subject: [PATCH 130/236] tests: Assert success of calls to mbedtls_rsa_set_padding() Signed-off-by: Ronald Cron --- tests/suites/test_suite_pkcs1_v15.function | 12 ++++++++---- tests/suites/test_suite_pkcs1_v21.function | 15 ++++++++++----- tests/suites/test_suite_rsa.function | 21 ++++++++++++++------- 3 files changed, 32 insertions(+), 16 deletions(-) diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index d558c386f..d78ee8895 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -26,7 +26,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V15, hash ) == 0 ); memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); @@ -73,7 +74,8 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V15, hash ) == 0 ); memset( output, 0x00, sizeof( output ) ); memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); @@ -280,7 +282,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V15, hash ) == 0 ); memset( hash_result, 0x00, sizeof( hash_result ) ); memset( output, 0x00, sizeof( output ) ); @@ -329,7 +332,8 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char * input_N, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V15, hash ) == 0 ); memset( hash_result, 0x00, sizeof( hash_result ) ); TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index e923e0b28..ec5591f6d 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -25,7 +25,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, data_t * input_N, data_t * input_E, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V21, hash ) == 0 ); memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); @@ -69,7 +70,8 @@ void pkcs1_rsaes_oaep_decrypt( int mod, data_t * input_P, data_t * input_Q, mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V21, hash ) == 0 ); memset( output, 0x00, sizeof( output ) ); memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); @@ -134,7 +136,8 @@ void pkcs1_rsassa_pss_sign( int mod, data_t * input_P, data_t * input_Q, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V21, hash ) == 0 ); memset( hash_result, 0x00, sizeof( hash_result ) ); memset( output, 0x00, sizeof( output ) ); @@ -193,7 +196,8 @@ void pkcs1_rsassa_pss_verify( int mod, data_t * input_N, data_t * input_E, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V21, hash ) == 0 ); memset( hash_result, 0x00, sizeof( hash_result ) ); TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); @@ -230,7 +234,8 @@ void pkcs1_rsassa_pss_verify_ext( int mod, data_t * input_N, data_t * input_E, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V21, ctx_hash ) == 0 ); memset( hash_result, 0x00, sizeof( hash_result ) ); TEST_ASSERT( mbedtls_mpi_read_binary( &N, input_N->x, input_N->len ) == 0 ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index aed05a420..086544401 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -80,7 +80,8 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx,padding_mode, + MBEDTLS_MD_NONE ) == 0 ); memset( hash_result, 0x00, sizeof( hash_result ) ); memset( output, 0x00, sizeof( output ) ); @@ -130,7 +131,8 @@ void mbedtls_rsa_pkcs1_verify( data_t * message_str, int padding_mode, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode, + MBEDTLS_MD_NONE ) == 0 ); memset( hash_result, 0x00, sizeof( hash_result ) ); TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); @@ -165,7 +167,8 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode, + MBEDTLS_MD_NONE ) == 0 ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); @@ -213,7 +216,8 @@ void rsa_pkcs1_verify_raw( data_t * hash_result, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode, + MBEDTLS_MD_NONE ) == 0 ); memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); @@ -248,7 +252,8 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode, + MBEDTLS_MD_NONE ) == 0 ); memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); @@ -290,7 +295,8 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode, + MBEDTLS_MD_NONE ) == 0 ); memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); @@ -336,7 +342,8 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx ); - mbedtls_rsa_set_padding( &ctx, padding_mode, MBEDTLS_MD_NONE ); + TEST_ASSERT( mbedtls_rsa_set_padding( &ctx, padding_mode, + MBEDTLS_MD_NONE ) == 0 ); memset( output, 0x00, sizeof( output ) ); memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); From 3a0375fff43fba25b95ea9b765c504eba9194b2a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 8 Jun 2021 10:22:28 +0200 Subject: [PATCH 131/236] Fail if a padding disabled by the build-time configuration is selected Signed-off-by: Ronald Cron --- library/rsa.c | 17 ++++++++++++++--- programs/pkey/rsa_sign_pss.c | 2 +- tests/suites/test_suite_rsa.function | 14 ++++++++++++++ 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 26a93c1b9..a788337a5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -500,9 +500,20 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx ) int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, mbedtls_md_type_t hash_id ) { - if( ( padding != MBEDTLS_RSA_PKCS_V15 ) && - ( padding != MBEDTLS_RSA_PKCS_V21 ) ) - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + switch( padding ) + { +#if defined(MBEDTLS_PKCS1_V15) + case MBEDTLS_RSA_PKCS_V15: + break; +#endif + +#if defined(MBEDTLS_PKCS1_V21) + case MBEDTLS_RSA_PKCS_V21: + break; +#endif + default: + return( MBEDTLS_ERR_RSA_INVALID_PADDING ); + } if( ( padding == MBEDTLS_RSA_PKCS_V21 ) && ( hash_id != MBEDTLS_MD_NONE ) ) diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index e7fcf511a..26056dd9b 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -119,7 +119,7 @@ int main( int argc, char *argv[] ) MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256 ) ) != 0 ) { - mbedtls_printf( " failed\n ! Invalid padding\n" ); + mbedtls_printf( " failed\n ! Padding not supported\n" ); goto exit; } diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 086544401..14b4afc3a 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -36,6 +36,20 @@ void rsa_invalid_param( ) invalid_hash_id ), MBEDTLS_ERR_RSA_INVALID_PADDING ); +#if !defined(MBEDTLS_PKCS1_V15) + TEST_EQUAL( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V15, + MBEDTLS_MD_NONE ), + MBEDTLS_ERR_RSA_INVALID_PADDING ); +#endif + +#if !defined(MBEDTLS_PKCS1_V21) + TEST_EQUAL( mbedtls_rsa_set_padding( &ctx, + MBEDTLS_RSA_PKCS_V21, + MBEDTLS_MD_NONE ), + MBEDTLS_ERR_RSA_INVALID_PADDING ); +#endif + exit: mbedtls_rsa_free( &ctx ); } From 73876cf9cb16ab8ca9c761ae9204692b0f626477 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 8 Jun 2021 15:33:53 +0200 Subject: [PATCH 132/236] Clarify "between major version changes" This was diversely interpreted as "compatibility in the period between two major version changes" (as intended) or "compatibility between two versions whose major version is different" (unintended). Signed-off-by: Gilles Peskine --- BRANCHES.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/BRANCHES.md b/BRANCHES.md index df30ae100..b9926ac9d 100644 --- a/BRANCHES.md +++ b/BRANCHES.md @@ -16,9 +16,10 @@ At any point in time, we have a number of maintained branches consisting of: these only get bug fixes and security fixes. We use [Semantic Versioning](https://semver.org/). In particular, we maintain -API compatibility in the `master` branch between major version changes. We -also maintain ABI compatibility within LTS branches; see the next section for -details. +API compatibility in the `master` branch across minor version changes (e.g. +the API of 3.(x+1) is backward compatible with 3.x). We only break API +compatibility on major version changes (e.g. from 3.x to 4.0). We also maintain +ABI compatibility within LTS branches; see the next section for details. ## Backwards Compatibility From 5e1948d2a311a64254265431a4ab8d10024b7941 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 26 May 2021 09:27:03 +0100 Subject: [PATCH 133/236] PSA PAKE: define size macros as 0 Define the size macros to 0 rather than empty. That will lead to fewer weird errors when we start implementing. Signed-off-by: Janos Follath --- include/psa/crypto_sizes.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index a603c9d29..a1b89446e 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -1152,7 +1152,7 @@ * the output type or PAKE algorithm is not recognized, or * the parameters are incompatible, return 0. */ -#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) +#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) 0 /** Output buffer size for psa_pake_output() for any of the supported cipher * suites and PAKE algorithms. @@ -1161,6 +1161,6 @@ * * See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p cipher_suite, \p output). */ -#define PSA_PAKE_OUTPUT_MAX_SIZE +#define PSA_PAKE_OUTPUT_MAX_SIZE 0 #endif /* PSA_CRYPTO_SIZES_H */ From a2959185969fd26fb42643e135ae5ce4672d5eac Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 26 May 2021 09:41:39 +0100 Subject: [PATCH 134/236] PSA PAKE: add input size macros The caller is likely to receive the inputs on the wire, and having a known size for which they can confidently reject longer inputs would be helpful in cases where the application can't just use the input in place. Signed-off-by: Janos Follath --- include/psa/crypto.h | 2 ++ include/psa/crypto_sizes.h | 36 ++++++++++++++++++++++++++++++++---- 2 files changed, 34 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index bbdd06d5a..e84c757d1 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4626,6 +4626,8 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * \retval #PSA_ERROR_HARDWARE_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The input is not valid for the algorithm, ciphersuite or \p step. * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index a1b89446e..62254fab5 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -1134,10 +1134,9 @@ /** A sufficient output buffer size for psa_pake_output(). * - * If the size of the ciphertext buffer is at least this large, it is - * guaranteed that psa_pake_output() will not fail due to an - * insufficient ciphertext buffer size. The actual size of the output might be - * smaller in any given call. + * If the size of the output buffer is at least this large, it is guaranteed + * that psa_pake_output() will not fail due to an insufficient output buffer + * size. The actual size of the output might be smaller in any given call. * * See also #PSA_PAKE_OUTPUT_MAX_SIZE * @@ -1154,6 +1153,26 @@ */ #define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) 0 +/** A sufficient input buffer size for psa_pake_input(). + * + * If the size of the input is larger than this, it is guaranteed + * that psa_pake_input() will fail with #PSA_ERROR_INVALID_ARGUMENT. + * + * See also #PSA_PAKE_INPUT_MAX_SIZE + * + * \param alg A PAKE algorithm (PSA_ALG_XXX value such that + * #PSA_ALG_IS_PAKE(\p alg) is true). + * \param primitive A primitive of type ::psa_pake_primitive_t that is + * compatible with algorithm \p alg. + * \param output_step A value of type ::psa_pake_step_t that is valid for the + * algorithm \p alg. + * \return A sufficient output buffer size for the specified + * output, cipher suite and algorithm. If the cipher suite, + * the output type or PAKE algorithm is not recognized, or + * the parameters are incompatible, return 0. + */ +#define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) 0 + /** Output buffer size for psa_pake_output() for any of the supported cipher * suites and PAKE algorithms. * @@ -1163,4 +1182,13 @@ */ #define PSA_PAKE_OUTPUT_MAX_SIZE 0 +/** Input buffer size for psa_pake_input() for any of the supported cipher + * suites and PAKE algorithms. + * + * This macro must expand to a compile-time constant integer. + * + * See also #PSA_PAKE_INPUT_SIZE(\p alg, \p cipher_suite, \p output). + */ +#define PSA_PAKE_INPUT_MAX_SIZE 0 + #endif /* PSA_CRYPTO_SIZES_H */ From 304766e11ef35d17c549b9df9e46617ce12c5291 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 26 May 2021 09:48:08 +0100 Subject: [PATCH 135/236] PSA PAKE: make algorithm macro name consistent The API has PSA_ALG_GCM and not PSA_ALG_AEAD_GCM, PSA_ALG_MD5 and not PSA_ALG_HASH_MD5, etc., so PSA_ALG_PAKE_JPAKE should be PSA_ALG_JPAKE as well. Signed-off-by: Janos Follath --- include/psa/crypto_values.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index ab9bb5b8b..37cd03024 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1977,7 +1977,7 @@ * - A secure cryptographic hash function. * * To select these parameters and set up the cipher suite, call - * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_PAKE_JPAKE); + * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE); * psa_pake_cs_set_primitive(cipher_suite, * PSA_PAKE_PRIMITIVE(type, family, bits)); * psa_pake_cs_set_hash(cipher_suite, hash); @@ -2067,7 +2067,7 @@ * of RFC 8236 for two examples. * */ -#define PSA_ALG_PAKE_JPAKE ((psa_algorithm_t)0x0a000100) +#define PSA_ALG_JPAKE ((psa_algorithm_t)0x0a000100) /**@}*/ From 702cf09ae9fdb180fc1a4b56206aaf9425d99e39 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 26 May 2021 12:58:23 +0100 Subject: [PATCH 136/236] PSA PAKE: move the API to crypto_extra.h At this point this is a proposed PAKE interface for the PSA Crypto API and not part of the official standard. Place the interface in crypto_extra.h to make this clear. Signed-off-by: Janos Follath --- include/psa/crypto.h | 606 -------------------- include/psa/crypto_extra.h | 1041 +++++++++++++++++++++++++++++++++++ include/psa/crypto_sizes.h | 59 -- include/psa/crypto_struct.h | 75 --- include/psa/crypto_types.h | 42 -- include/psa/crypto_values.h | 261 --------- 6 files changed, 1041 insertions(+), 1043 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index e84c757d1..534902f2d 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4091,612 +4091,6 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, /**@}*/ - -/** \defgroup pake Password-authenticated key exchange (PAKE) - * @{ - */ - -/** The type of the data strucure for PAKE cipher suites. - * - * This is an implementation-defined \c struct. Applications should not - * make any assumptions about the content of this structure. - * Implementation details can change in future versions without notice. - */ -typedef struct psa_pake_cipher_suite_s psa_pake_cipher_suite_t; - -/** Retrieve the PAKE algorithm from a PAKE cipher suite. - * - * This function may be declared as `static` (i.e. without external - * linkage). This function may be provided as a function-like macro, - * but in this case it must evaluate its argument exactly once. - * - * \param[in] cipher_suite The cipher suite structure to query. - * - * \return The PAKE algorithm stored in the cipher suite structure. - */ -static psa_algorithm_t psa_pake_cs_get_algorithm( - const psa_pake_cipher_suite_t* cipher_suite - ); - -/** Declare the PAKE algorithm for the cipher suite. - * - * This function overwrites any PAKE algorithm - * previously set in \p cipher_suite. - * - * This function may be declared as `static` (i.e. without external - * linkage). This function may be provided as a function-like macro, - * but in this case it must evaluate each of its arguments exactly once. - * - * \param[out] cipher_suite The cipher suite structure to write to. - * \param algorithm The PAKE algorithm to write. - * (`PSA_ALG_XXX` values of type ::psa_algorithm_t - * such that #PSA_ALG_IS_PAKE(\c alg) is true.) - * If this is 0, the PAKE algorithm in - * \p cipher_suite becomes unspecified. - */ -static void psa_pake_cs_set_algorithm( - psa_pake_cipher_suite_t* cipher_suite, - psa_algorithm_t algorithm - ); - -/** Retrieve the primitive from a PAKE cipher suite. - * - * This function may be declared as `static` (i.e. without external linkage). - * This function may be provided as a function-like macro, but in this case it - * must evaluate its argument exactly once. - * - * \param[in] cipher_suite The cipher suite structure to query. - * - * \return The primitive stored in the cipher suite structure. - */ -static psa_pake_primitive_t psa_pake_cs_get_primitive( - const psa_pake_cipher_suite_t* cipher_suite - ); - -/** Declare the primitive for a PAKE cipher suite. - * - * This function overwrites any primitive previously set in \p cipher_suite. - * - * This function may be declared as `static` (i.e. without external - * linkage). This function may be provided as a function-like macro, - * but in this case it must evaluate each of its arguments exactly once. - * - * \param[out] cipher_suite The cipher suite structure to write to. - * \param primitive The primitive to write. If this is 0, the - * primitive type in \p cipher_suite becomes - * unspecified. - */ -static void psa_pake_cs_set_primitive( - psa_pake_cipher_suite_t* cipher_suite, - psa_pake_primitive_t primitive - ); - -/** Retrieve the hash algorithm from a PAKE cipher suite. - * - * This function may be declared as `static` (i.e. without external - * linkage). This function may be provided as a function-like macro, - * but in this case it must evaluate its argument exactly once. - * - * \param[in] cipher_suite The cipher suite structure to query. - * - * \return The hash algorithm stored in the cipher suite structure. The return - * value is 0 if the PAKE is not parametrised by a hash algorithm or if - * the hash algorithm is not set. - */ -static psa_algorithm_t psa_pake_cs_get_hash( - const psa_pake_cipher_suite_t* cipher_suite - ); - -/** Declare the hash algorithm for a PAKE cipher suite. - * - * This function overwrites any hash algorithm - * previously set in \p cipher_suite. - * - * This function may be declared as `static` (i.e. without external - * linkage). This function may be provided as a function-like macro, - * but in this case it must evaluate each of its arguments exactly once. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * \param[out] cipher_suite The cipher suite structure to write to. - * \param hash The hash involved in the cipher suite. - * (`PSA_ALG_XXX` values of type ::psa_algorithm_t - * such that #PSA_ALG_IS_HASH(\c alg) is true.) - * If this is 0, the hash algorithm in - * \p cipher_suite becomes unspecified. - */ -static void psa_pake_cs_set_hash( - psa_pake_cipher_suite_t* cipher_suite, - psa_algorithm_t hash - ); - -/** The type of the state data structure for PAKE operations. - * - * Before calling any function on a PAKE operation object, the application - * must initialize it by any of the following means: - * - Set the structure to all-bits-zero, for example: - * \code - * psa_pake_operation_t operation; - * memset(&operation, 0, sizeof(operation)); - * \endcode - * - Initialize the structure to logical zero values, for example: - * \code - * psa_pake_operation_t operation = {0}; - * \endcode - * - Initialize the structure to the initializer #PSA_PAKE_OPERATION_INIT, - * for example: - * \code - * psa_pake_operation_t operation = PSA_PAKE_OPERATION_INIT; - * \endcode - * - Assign the result of the function psa_pake_operation_init() - * to the structure, for example: - * \code - * psa_pake_operation_t operation; - * operation = psa_pake_operation_init(); - * \endcode - * - * This is an implementation-defined \c struct. Applications should not - * make any assumptions about the content of this structure. - * Implementation details can change in future versions without notice. */ -typedef struct psa_pake_operation_s psa_pake_operation_t; - -/** Return an initial value for an PAKE operation object. - */ -static psa_pake_operation_t psa_pake_operation_init(void); - -/** Set the session information for a password-authenticated key exchange. - * - * The sequence of operations to set up a password-authenticated key exchange - * is as follows: - * -# Allocate an operation object which will be passed to all the functions - * listed here. - * -# Initialize the operation object with one of the methods described in the - * documentation for #psa_pake_operation_t, e.g. - * #PSA_PAKE_OPERATION_INIT. - * -# Call psa_pake_setup() to specify the cipher suite. - * -# Call \c psa_pake_set_xxx() functions on the operation to complete the - * setup. The exact sequence of \c psa_pake_set_xxx() functions that needs - * to be called depends on the algorithm in use. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * A typical sequence of calls to perform a password-authenticated key - * exchange: - * -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the - * key share that needs to be sent to the peer. - * -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide - * the key share that was received from the peer. - * -# Depending on the algorithm additional calls to psa_pake_output() and - * psa_pake_input() might be necessary. - * -# Call psa_pake_get_implicit_key() for accessing the shared secret. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * If an error occurs at any step after a call to psa_pake_setup(), - * the operation will need to be reset by a call to psa_pake_abort(). The - * application may call psa_pake_abort() at any time after the operation - * has been initialized. - * - * After a successful call to psa_pake_setup(), the application must - * eventually terminate the operation. The following events terminate an - * operation: - * - A call to psa_pake_abort(). - * - A successful call to psa_pake_get_implicit_key(). - * - * \param[in,out] operation The operation object to set up. It must have - * been initialized as per the documentation for - * #psa_pake_operation_t and not yet in use (no - * other function has been called on it since the - * last initialization). - * \param cipher_suite The cipher suite to use. (A cipher suite fully - * characterizes a PAKE algorithm and determines - * the algorithm as well.) - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The \p cipher_suite is not supported or is not valid. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_setup(psa_pake_operation_t *operation, - psa_pake_cipher_suite_t cipher_suite); - -/** Set the password for a password-authenticated key exchange from key ID. - * - * Call this function when the password, or a value derived from the password, - * is already present in the key store. To calculate the password-derived value - * from a password input, use the key derivation interface and - * psa_pake_set_password_stretch() instead. - * - * \param[in,out] operation The operation object to set the password for. It - * must have been set up by psa_pake_setup() and - * not yet in use (neither psa_pake_output() nor - * psa_pake_input() has been called yet). It must - * be on operation for which the password hasn't - * been set yet (neither - * psa_pake_set_password_stretch() nor - * psa_pake_set_password_key() has been called - * yet). - * \param password Identifier of the key holding the password or a - * value derived from the password (eg. by a - * memory-hard function). It must remain valid - * until the operation terminates. It must be of - * type #PSA_KEY_TYPE_PASSWORD or - * #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow - * the usage #PSA_KEY_USAGE_DERIVE. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must have been set up.) - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key is not compatible with the algorithm or the cipher suite. - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password); - -/** Set the password for a password-authenticated key exchange via a key - * stretching function. - * - * Some protocols use values derived from passwords via key stretching - * functions to mitigate dictionary attacks. Key stretching functions can be - * accessed through the key derivation interface and the result can be supplied - * to the PAKE operation in the form of a key derivation object. - * - * This function draws bytes from a key derivation algorithm and sets those - * bytes as a password for the password-authenticated key exchange. If you - * view the key derivation's output as a stream of bytes, this function - * destructively reads the requested number of bytes from the stream. - * The key derivation operation's capacity decreases by the number of bytes read. - * - * If this function returns anything other than #PSA_SUCCESS, both \p operation - * and \p key_derivation operations enter an error state and must be aborted by - * calling psa_pake_abort() and psa_key_derivation_abort() respectively. - * - * \param[in,out] operation The operation object to set the password for. - * It must have been set up by psa_pake_setup() - * and not yet in use (neither psa_pake_output() - * nor psa_pake_input() has been called yet). It - * must be on operation for which the password - * hasn't been set yet (neither - * psa_pake_set_password_stretch() nor - * psa_pake_set_password_key() has been called - * yet). - * \param[in,out] key_derivation An ongoing key derivation operation set up - * from the password and in a state suitable for - * calling psa_key_derivation_output_bytes(). - * \param input_length Number of bytes to input from the - * \p key_derivation operation. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The state of \p operation or \p key_derivation is not valid. - * \retval #PSA_ERROR_INSUFFICIENT_DATA - * The \p key_derivation operation's capacity was less than - * \p input_length bytes. - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_NOT_PERMITTED - * One of the inputs to \p key_derivation was a key whose policy didn't - * allow #PSA_KEY_USAGE_DERIVE. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key is not compatible with the algorithm or the cipher suite. - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_set_password_stretch( - psa_pake_operation_t *operation, - psa_key_derivation_operation_t *key_derivation, - size_t input_length - ); - -/** Set the user ID for a password-authenticated key exchange. - * - * Call this function to set the user ID. For PAKE algorithms that associate a - * user identifier with each side of the session you need to call - * psa_pake_set_peer() as well. For PAKE algorithms that associate a single - * user identifier with the session, call psa_pake_set_user() only. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * \param[in,out] operation The operation object to set the user ID for. It - * must have been set up by psa_pake_setup() and - * not yet in use (neither psa_pake_output() nor - * psa_pake_input() has been called yet). It must - * be on operation for which the user ID hasn't - * been set (psa_pake_set_user() hasn't been - * called yet). - * \param[in] user_id The user ID to authenticate with. - * \param user_id_len Size of the \p user_id buffer in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p user_id is NULL. - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len); - -/** Set the peer ID for a password-authenticated key exchange. - * - * Call this function in addition to psa_pake_set_user() for PAKE algorithms - * that associate a user identifier with each side of the session. For PAKE - * algorithms that associate a single user identifier with the session, call - * psa_pake_set_user() only. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * \param[in,out] operation The operation object to set the peer ID for. It - * must have been set up by psa_pake_setup() and - * not yet in use (neither psa_pake_output() nor - * psa_pake_input() has been called yet). It must - * be on operation for which the peer ID hasn't - * been set (psa_pake_set_peer() hasn't been - * called yet). - * \param[in] peer_id The peer's ID to authenticate. - * \param peer_id_len Size of the \p peer_id buffer in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The algorithm doesn't associate a second identity with the session. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p user_id is NULL. - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len); - -/** Set the side for a password-authenticated key exchange. - * - * Not all PAKE algorithms need to differentiate the communicating entities. - * It is optional to call this function for PAKEs that don't require a side - * parameter. For such PAKEs the side parameter is ignored. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * \param[in,out] operation The operation object to set the side for. It - * must have been set up by psa_pake_setup() and - * not yet in use (neither psa_pake_output() nor - * psa_pake_input() has been called yet). It must - * be on operation for which the side hasn't been - * set (psa_pake_set_side() hasn't been called - * yet). - * \param side A value of type ::psa_pake_side_t signaling the - * side of the algorithm that is being set up. For - * more information see the documentation of \c - * PSA_PAKE_SIDE_XXX constants. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The \p side for this algorithm is not supported or is not valid. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_set_side(psa_pake_operation_t *operation, - psa_pake_side_t side); - -/** Get output for a step of a password-authenticated key exchange. - * - * Depending on the algorithm being executed, you might need to call this - * function several times or you might not need to call this at all. - * - * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the algorithm in use. Refer to the documentation of - * individual PAKE algorithm types (`PSA_ALG_XXX` values of type - * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more - * information. - * - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling psa_pake_abort(). - * - * \param[in,out] operation Active PAKE operation. - * \param step The step of the algorithm for which the output is - * requested. - * \param[out] output Buffer where the output is to be written in the - * format appropriate for this \p step. Refer to - * the documentation of the individual - * \c PSA_PAKE_STEP_XXX constants for more - * information. - * \param output_size Size of the \p output buffer in bytes. This must - * be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \c - * cipher_suite, \p type). - * - * \param[out] output_length On success, the number of bytes of the returned - * output. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, but beyond that - * validity is specific to the algorithm). - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * The size of the \p output buffer is too small. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_output(psa_pake_operation_t *operation, - psa_pake_step_t step, - uint8_t *output, - size_t output_size, - size_t *output_length); - -/** Provide input for a step of a password-authenticated key exchange. - * - * Depending on the algorithm being executed, you might need to call this - * function several times or you might not need to call this at all. - * - * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the algorithm in use. Refer to the documentation of - * individual PAKE algorithm types (`PSA_ALG_XXX` values of type - * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more - * information. - * - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling psa_pake_abort(). - * - * \param[in,out] operation Active PAKE operation. - * \param step The step for which the input is provided. - * \param[out] input Buffer containing the input in the format - * appropriate for this \p step. Refer to the - * documentation of the individual - * \c PSA_PAKE_STEP_XXX constants for more - * information. - * \param[out] input_length Size of the \p input buffer in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, but beyond that - * validity is specific to the algorithm). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The input is not valid for the algorithm, ciphersuite or \p step. - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_input(psa_pake_operation_t *operation, - psa_pake_step_t step, - uint8_t *input, - size_t input_length); - -/** Get implicitly confirmed shared secret from a PAKE. - * - * At this point there is a cryptographic guarantee that only the authenticated - * party who used the same password is able to compute the key. But there is no - * guarantee that the peer is the party he claims to be and was able to do so. - * - * That is, the authentication is only implicit (the peer is not authenticated - * at this point, and no action should be taken that assume that they are - like - * for example accessing restricted files). - * - * This function can be called after the key exchange phase of the operation - * has completed. It imports the shared secret output of the PAKE into the - * provided derivation operation. The input step - * #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key - * material in the key derivation operation. - * - * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the algorithm in use. Refer to the documentation of - * individual PAKE algorithm types (`PSA_ALG_XXX` values of type - * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more - * information. - * - * When this function returns successfully, \p operation becomes inactive. - * If this function returns an error status, both \p operation - * and \p key_derivation operations enter an error state and must be aborted by - * calling psa_pake_abort() and psa_key_derivation_abort() respectively. - * - * \param[in,out] operation Active PAKE operation. - * \param[out] output A key derivation operation that is ready - * for an input step of type - * #PSA_KEY_DERIVATION_INPUT_SECRET. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, but beyond that - * validity is specific to the algorithm). - * \retval #PSA_ERROR_BAD_STATE - * The state of \p output is not valid for - * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the - * step is out of order or the application has done this step already - * and it may not be repeated. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the output’s - * algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, - psa_key_derivation_operation_t *output); -/**@}*/ - #ifdef __cplusplus } #endif diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index a7b4ab599..615b6511c 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -813,6 +813,1047 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( /** @} */ +/** \addtogroup crypto_types + * @{ + */ + +#define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t)0x0a000000) + +/** Whether the specified algorithm is a password-authenticated key exchange. + * + * \param alg An algorithm identifier (value of type #psa_algorithm_t). + * + * \return 1 if \p alg is a password-authenticated key exchange (PAKE) + * algorithm, 0 otherwise. + * This macro may return either 0 or 1 if \p alg is not a supported + * algorithm identifier. + */ +#define PSA_ALG_IS_PAKE(alg) \ + (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_PAKE) + +/** The Password-authenticated key exchange by juggling (J-PAKE) algorithm. + * + * This is J-PAKE as defined by RFC 8236, instantiated with the following + * parameters: + * + * - The group can be either an elliptic curve or defined over a finite field. + * - Schnorr NIZK proof as defined by RFC 8235 and using the same group as the + * J-PAKE algorithm. + * - A secure cryptographic hash function. + * + * To select these parameters and set up the cipher suite, call + * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE); + * psa_pake_cs_set_primitive(cipher_suite, + * PSA_PAKE_PRIMITIVE(type, family, bits)); + * psa_pake_cs_set_hash(cipher_suite, hash); + * + * For more information on how to set a specific curve or field, refer to the + * documentation of the individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. + * + * After initializing a J-PAKE operation, call + * psa_pake_setup(operation, cipher_suite); + * psa_pake_set_user(operation, ...); + * psa_pake_set_peer(operation, ...); + * and either + * psa_pake_set_password_stretch(operation, ...); + * or + * psa_pake_set_password_key(operation, ...); + * + * Either way the password is read as a byte array and must be non-empty. This + * can be the password itself (in some pre-defined character encoding) or some + * value derived from the password as mandated by some higher level protocol. + * + * (The implementation converts this byte array to a number as described in + * Section 2.3.8 of _SEC 1: Elliptic Curve Cryptography_ + * (https://www.secg.org/sec1-v2.pdf), before reducing it modulo \c q. Here + * \c q is order of the group defined by the primitive set in the cipher suite. + * The \c psa_pake_set_password_xxx() functions return an error if the result + * of the reduction is 0.) + * + * The key exchange flow for J-PAKE is as follows: + * -# To get the first round data that needs to be sent to the peer, call + * // Get g1 + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Get the ZKP public key for x1 + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Get the ZKP proof for x1 + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * // Get g2 + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Get the ZKP public key for x2 + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Get the ZKP proof for x2 + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * -# To provide the first round data received from the peer to the operation, + * call + * // Set g3 + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Set the ZKP public key for x3 + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Set the ZKP proof for x3 + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * // Set g4 + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Set the ZKP public key for x4 + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Set the ZKP proof for x4 + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * -# To get the second round data that needs to be sent to the peer, call + * // Get A + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Get ZKP public key for x2*s + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Get ZKP proof for x2*s + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * -# To provide the second round data received from the peer to the operation, + * call + * // Set B + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Set ZKP public key for x4*s + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Set ZKP proof for x4*s + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * -# To access the shared secret call + * // Get Ka=Kb=K + * psa_pake_get_implicit_key() + * + * For more information consult the documentation of the individual + * \c PSA_PAKE_STEP_XXX constants. + * + * At this point there is a cryptographic guarantee that only the authenticated + * party who used the same password is able to compute the key. But there is no + * guarantee that the peer is the party he claims to be and was able to do so. + * + * That is, the authentication is only implicit (the peer is not authenticated + * at this point, and no action should be taken that assume that they are - like + * for example accessing restricted files). + * + * To make the authentication explicit there are various methods, see Section 5 + * of RFC 8236 for two examples. + * + */ +#define PSA_ALG_JPAKE ((psa_algorithm_t)0x0a000100) + +/** @} */ + +/** \defgroup pake Password-authenticated key exchange (PAKE) + * @{ + */ + +/** \brief Encoding of the side of PAKE + * + * Encodes which side of the algorithm is being executed. For more information + * see the documentation of individual \c PSA_PAKE_SIDE_XXX constants. + */ +typedef uint8_t psa_pake_side_t; + +/** Encoding of input and output indicators for PAKE. + * + * Some PAKE algorithms need to exchange more data than just a single key share. + * This type is for encoding additional input and output data for such + * algorithms. + */ +typedef uint8_t psa_pake_step_t; + +/** Encoding of the type of the PAKE's primitive. + * + * Values defined by this standard will never be in the range 0x80-0xff. + * Vendors who define additional types must use an encoding in this range. + * + * For more information see the documentation of individual + * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. + */ +typedef uint8_t psa_pake_primitive_type_t; + +/** \brief Encoding of the family of the primitive associated with the PAKE. + * + * For more information see the documentation of individual + * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. + */ +typedef uint8_t psa_pake_family_t; + +/** \brief Encoding of the primitive associated with the PAKE. + * + * For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro. + */ +typedef uint32_t psa_pake_primitive_t; + +/** The first peer in a balanced PAKE. + * + * Although balanced PAKE algorithms are symmetric, some of them needs an + * ordering of peers for the transcript calculations. If the algorithm does not + * need this, both #PSA_PAKE_SIDE_FIRST and #PSA_PAKE_SIDE_SECOND are + * accepted. + */ +#define PSA_PAKE_SIDE_FIRST ((psa_pake_side_t)0x01) + +/** The second peer in a balanced PAKE. + * + * Although balanced PAKE algorithms are symmetric, some of them needs an + * ordering of peers for the transcript calculations. If the algorithm does not + * need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are + * accepted. + */ +#define PSA_PAKE_SIDE_SECOND ((psa_pake_side_t)0x02) + +/** The client in an augmented PAKE. + * + * Augmented PAKE algorithms need to differentiate between client and server. + */ +#define PSA_PAKE_SIDE_CLIENT ((psa_pake_side_t)0x11) + +/** The server in an augmented PAKE. + * + * Augmented PAKE algorithms need to differentiate between client and server. + */ +#define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x12) + +/** The PAKE primitive type indicating the use of elliptic curves. + * + * The values of the \c family and \c bits fields of the cipher suite identify a + * specific elliptic curve, using the same mapping that is used for ECC + * (::psa_ecc_family_t) keys. + * + * (Here \c family means the value returned by psa_pake_cs_get_family() and + * \c bits means the value returned by psa_pake_cs_get_bits().) + * + * Input and output during the operation can involve group elements and scalar + * values: + * -# The format for group elements is the same as for public keys on the + * specific curve would be. For more information, consult the documentation of + * psa_export_public_key(). + * -# The format for scalars is the same as for private keys on the specific + * curve would be. For more information, consult the documentation of + * psa_export_key(). + */ +#define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t)0x01) + +/** The PAKE primitive type indicating the use of Diffie-Hellman groups. + * + * The values of the \c family and \c bits fields of the cipher suite identify + * a specific Diffie-Hellman group, using the same mapping that is used for + * Diffie-Hellman (::psa_dh_family_t) keys. + * + * (Here \c family means the value returned by psa_pake_cs_get_family() and + * \c bits means the value returned by psa_pake_cs_get_bits().) + * + * Input and output during the operation can involve group elements and scalar + * values: + * -# The format for group elements is the same as for public keys on the + * specific group would be. For more information, consult the documentation of + * psa_export_public_key(). + * -# The format for scalars is the same as for private keys on the specific + * group would be. For more information, consult the documentation of + * psa_export_key(). + */ +#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02) + +/** Construct a PAKE primitive from type, family and bit-size. + * + * \param pake_type The type of the primitive + * (value of type ::psa_pake_primitive_type_t). + * \param pake_family The family of the primitive + * (the type and interpretation of this parameter depends + * on \p type, for more information consult the + * documentation of individual ::psa_pake_primitive_type_t + * constants). + * \param pake_bits The bit-size of the primitive + * (Value of type \c size_t. The interpretation + * of this parameter depends on \p family, for more + * information consult the documentation of individual + * ::psa_pake_primitive_type_t constants). + * + * \return The constructed primitive value of type ::psa_pake_primitive_t. + * Return 0 if the requested primitive can't be encoded as + * ::psa_pake_primitive_t. + */ +#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \ + ((pake_bits & 0xFFFF) != pake_bits) ? 0 : \ + ((psa_pake_primitive_t) (((pake_type) << 24 | \ + (pake_family) << 16) | (pake_bits))) + +/** The key share being sent to or received from the peer. + * + * The format for both input and output at this step is the same as for public + * keys on the group determined by the primitive (::psa_pake_primitive_t) would + * be. + * + * For more information on the format, consult the documentation of + * psa_export_public_key(). + * + * For information regarding how the group is determined, consult the + * documentation #PSA_PAKE_PRIMITIVE. + */ +#define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01) + +/** A Schnorr NIZKP public key. + * + * The format for both input and output at this step is the same as for public + * keys on the group determined by the primitive (::psa_pake_primitive_t) would + * be. + * + * For more information on the format, consult the documentation of + * psa_export_public_key(). + * + * For information regarding how the group is determined, consult the + * documentation #PSA_PAKE_PRIMITIVE. + */ +#define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t)0x02) + +/** A Schnorr NIZKP proof. + * + * The format for both input and output at this step is the same as for private + * keys on the group determined by the primitive (::psa_pake_primitive_t) would + * be. + * + * Some public key algorithms mask the private keys and this might be reflected + * in the export format. Even if this is the case the masking is omitted at + * this step. + * + * For more information on the format, consult the documentation of + * psa_export_key(). + * + * For information regarding how the group is determined, consult the + * documentation #PSA_PAKE_PRIMITIVE. + */ +#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03) + +/** The type of the data strucure for PAKE cipher suites. + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. + */ +typedef struct psa_pake_cipher_suite_s psa_pake_cipher_suite_t; + +/** Retrieve the PAKE algorithm from a PAKE cipher suite. + * + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate its argument exactly once. + * + * \param[in] cipher_suite The cipher suite structure to query. + * + * \return The PAKE algorithm stored in the cipher suite structure. + */ +static psa_algorithm_t psa_pake_cs_get_algorithm( + const psa_pake_cipher_suite_t* cipher_suite + ); + +/** Declare the PAKE algorithm for the cipher suite. + * + * This function overwrites any PAKE algorithm + * previously set in \p cipher_suite. + * + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate each of its arguments exactly once. + * + * \param[out] cipher_suite The cipher suite structure to write to. + * \param algorithm The PAKE algorithm to write. + * (`PSA_ALG_XXX` values of type ::psa_algorithm_t + * such that #PSA_ALG_IS_PAKE(\c alg) is true.) + * If this is 0, the PAKE algorithm in + * \p cipher_suite becomes unspecified. + */ +static void psa_pake_cs_set_algorithm( + psa_pake_cipher_suite_t* cipher_suite, + psa_algorithm_t algorithm + ); + +/** Retrieve the primitive from a PAKE cipher suite. + * + * This function may be declared as `static` (i.e. without external linkage). + * This function may be provided as a function-like macro, but in this case it + * must evaluate its argument exactly once. + * + * \param[in] cipher_suite The cipher suite structure to query. + * + * \return The primitive stored in the cipher suite structure. + */ +static psa_pake_primitive_t psa_pake_cs_get_primitive( + const psa_pake_cipher_suite_t* cipher_suite + ); + +/** Declare the primitive for a PAKE cipher suite. + * + * This function overwrites any primitive previously set in \p cipher_suite. + * + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate each of its arguments exactly once. + * + * \param[out] cipher_suite The cipher suite structure to write to. + * \param primitive The primitive to write. If this is 0, the + * primitive type in \p cipher_suite becomes + * unspecified. + */ +static void psa_pake_cs_set_primitive( + psa_pake_cipher_suite_t* cipher_suite, + psa_pake_primitive_t primitive + ); + +/** Retrieve the hash algorithm from a PAKE cipher suite. + * + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate its argument exactly once. + * + * \param[in] cipher_suite The cipher suite structure to query. + * + * \return The hash algorithm stored in the cipher suite structure. The return + * value is 0 if the PAKE is not parametrised by a hash algorithm or if + * the hash algorithm is not set. + */ +static psa_algorithm_t psa_pake_cs_get_hash( + const psa_pake_cipher_suite_t* cipher_suite + ); + +/** Declare the hash algorithm for a PAKE cipher suite. + * + * This function overwrites any hash algorithm + * previously set in \p cipher_suite. + * + * This function may be declared as `static` (i.e. without external + * linkage). This function may be provided as a function-like macro, + * but in this case it must evaluate each of its arguments exactly once. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param[out] cipher_suite The cipher suite structure to write to. + * \param hash The hash involved in the cipher suite. + * (`PSA_ALG_XXX` values of type ::psa_algorithm_t + * such that #PSA_ALG_IS_HASH(\c alg) is true.) + * If this is 0, the hash algorithm in + * \p cipher_suite becomes unspecified. + */ +static void psa_pake_cs_set_hash( + psa_pake_cipher_suite_t* cipher_suite, + psa_algorithm_t hash + ); + +/** The type of the state data structure for PAKE operations. + * + * Before calling any function on a PAKE operation object, the application + * must initialize it by any of the following means: + * - Set the structure to all-bits-zero, for example: + * \code + * psa_pake_operation_t operation; + * memset(&operation, 0, sizeof(operation)); + * \endcode + * - Initialize the structure to logical zero values, for example: + * \code + * psa_pake_operation_t operation = {0}; + * \endcode + * - Initialize the structure to the initializer #PSA_PAKE_OPERATION_INIT, + * for example: + * \code + * psa_pake_operation_t operation = PSA_PAKE_OPERATION_INIT; + * \endcode + * - Assign the result of the function psa_pake_operation_init() + * to the structure, for example: + * \code + * psa_pake_operation_t operation; + * operation = psa_pake_operation_init(); + * \endcode + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ +typedef struct psa_pake_operation_s psa_pake_operation_t; + +/** Return an initial value for an PAKE operation object. + */ +static psa_pake_operation_t psa_pake_operation_init(void); + +/** Set the session information for a password-authenticated key exchange. + * + * The sequence of operations to set up a password-authenticated key exchange + * is as follows: + * -# Allocate an operation object which will be passed to all the functions + * listed here. + * -# Initialize the operation object with one of the methods described in the + * documentation for #psa_pake_operation_t, e.g. + * #PSA_PAKE_OPERATION_INIT. + * -# Call psa_pake_setup() to specify the cipher suite. + * -# Call \c psa_pake_set_xxx() functions on the operation to complete the + * setup. The exact sequence of \c psa_pake_set_xxx() functions that needs + * to be called depends on the algorithm in use. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * A typical sequence of calls to perform a password-authenticated key + * exchange: + * -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the + * key share that needs to be sent to the peer. + * -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide + * the key share that was received from the peer. + * -# Depending on the algorithm additional calls to psa_pake_output() and + * psa_pake_input() might be necessary. + * -# Call psa_pake_get_implicit_key() for accessing the shared secret. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * If an error occurs at any step after a call to psa_pake_setup(), + * the operation will need to be reset by a call to psa_pake_abort(). The + * application may call psa_pake_abort() at any time after the operation + * has been initialized. + * + * After a successful call to psa_pake_setup(), the application must + * eventually terminate the operation. The following events terminate an + * operation: + * - A call to psa_pake_abort(). + * - A successful call to psa_pake_get_implicit_key(). + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized as per the documentation for + * #psa_pake_operation_t and not yet in use (no + * other function has been called on it since the + * last initialization). + * \param cipher_suite The cipher suite to use. (A cipher suite fully + * characterizes a PAKE algorithm and determines + * the algorithm as well.) + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The \p cipher_suite is not supported or is not valid. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_setup(psa_pake_operation_t *operation, + psa_pake_cipher_suite_t cipher_suite); + +/** Set the password for a password-authenticated key exchange from key ID. + * + * Call this function when the password, or a value derived from the password, + * is already present in the key store. To calculate the password-derived value + * from a password input, use the key derivation interface and + * psa_pake_set_password_stretch() instead. + * + * \param[in,out] operation The operation object to set the password for. It + * must have been set up by psa_pake_setup() and + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the password hasn't + * been set yet (neither + * psa_pake_set_password_stretch() nor + * psa_pake_set_password_key() has been called + * yet). + * \param password Identifier of the key holding the password or a + * value derived from the password (eg. by a + * memory-hard function). It must remain valid + * until the operation terminates. It must be of + * type #PSA_KEY_TYPE_PASSWORD or + * #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow + * the usage #PSA_KEY_USAGE_DERIVE. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must have been set up.) + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with the algorithm or the cipher suite. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password); + +/** Set the password for a password-authenticated key exchange via a key + * stretching function. + * + * Some protocols use values derived from passwords via key stretching + * functions to mitigate dictionary attacks. Key stretching functions can be + * accessed through the key derivation interface and the result can be supplied + * to the PAKE operation in the form of a key derivation object. + * + * This function draws bytes from a key derivation algorithm and sets those + * bytes as a password for the password-authenticated key exchange. If you + * view the key derivation's output as a stream of bytes, this function + * destructively reads the requested number of bytes from the stream. + * The key derivation operation's capacity decreases by the number of bytes read. + * + * If this function returns anything other than #PSA_SUCCESS, both \p operation + * and \p key_derivation operations enter an error state and must be aborted by + * calling psa_pake_abort() and psa_key_derivation_abort() respectively. + * + * \param[in,out] operation The operation object to set the password for. + * It must have been set up by psa_pake_setup() + * and not yet in use (neither psa_pake_output() + * nor psa_pake_input() has been called yet). It + * must be on operation for which the password + * hasn't been set yet (neither + * psa_pake_set_password_stretch() nor + * psa_pake_set_password_key() has been called + * yet). + * \param[in,out] key_derivation An ongoing key derivation operation set up + * from the password and in a state suitable for + * calling psa_key_derivation_output_bytes(). + * \param input_length Number of bytes to input from the + * \p key_derivation operation. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The state of \p operation or \p key_derivation is not valid. + * \retval #PSA_ERROR_INSUFFICIENT_DATA + * The \p key_derivation operation's capacity was less than + * \p input_length bytes. + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_NOT_PERMITTED + * One of the inputs to \p key_derivation was a key whose policy didn't + * allow #PSA_KEY_USAGE_DERIVE. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p key is not compatible with the algorithm or the cipher suite. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_set_password_stretch( + psa_pake_operation_t *operation, + psa_key_derivation_operation_t *key_derivation, + size_t input_length + ); + +/** Set the user ID for a password-authenticated key exchange. + * + * Call this function to set the user ID. For PAKE algorithms that associate a + * user identifier with each side of the session you need to call + * psa_pake_set_peer() as well. For PAKE algorithms that associate a single + * user identifier with the session, call psa_pake_set_user() only. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param[in,out] operation The operation object to set the user ID for. It + * must have been set up by psa_pake_setup() and + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the user ID hasn't + * been set (psa_pake_set_user() hasn't been + * called yet). + * \param[in] user_id The user ID to authenticate with. + * \param user_id_len Size of the \p user_id buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p user_id is NULL. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len); + +/** Set the peer ID for a password-authenticated key exchange. + * + * Call this function in addition to psa_pake_set_user() for PAKE algorithms + * that associate a user identifier with each side of the session. For PAKE + * algorithms that associate a single user identifier with the session, call + * psa_pake_set_user() only. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param[in,out] operation The operation object to set the peer ID for. It + * must have been set up by psa_pake_setup() and + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the peer ID hasn't + * been set (psa_pake_set_peer() hasn't been + * called yet). + * \param[in] peer_id The peer's ID to authenticate. + * \param peer_id_len Size of the \p peer_id buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The algorithm doesn't associate a second identity with the session. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p user_id is NULL. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len); + +/** Set the side for a password-authenticated key exchange. + * + * Not all PAKE algorithms need to differentiate the communicating entities. + * It is optional to call this function for PAKEs that don't require a side + * parameter. For such PAKEs the side parameter is ignored. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param[in,out] operation The operation object to set the side for. It + * must have been set up by psa_pake_setup() and + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the side hasn't been + * set (psa_pake_set_side() hasn't been called + * yet). + * \param side A value of type ::psa_pake_side_t signaling the + * side of the algorithm that is being set up. For + * more information see the documentation of \c + * PSA_PAKE_SIDE_XXX constants. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The \p side for this algorithm is not supported or is not valid. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_set_side(psa_pake_operation_t *operation, + psa_pake_side_t side); + +/** Get output for a step of a password-authenticated key exchange. + * + * Depending on the algorithm being executed, you might need to call this + * function several times or you might not need to call this at all. + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the algorithm in use. Refer to the documentation of + * individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_pake_abort(). + * + * \param[in,out] operation Active PAKE operation. + * \param step The step of the algorithm for which the output is + * requested. + * \param[out] output Buffer where the output is to be written in the + * format appropriate for this \p step. Refer to + * the documentation of the individual + * \c PSA_PAKE_STEP_XXX constants for more + * information. + * \param output_size Size of the \p output buffer in bytes. This must + * be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \c + * cipher_suite, \p type). + * + * \param[out] output_length On success, the number of bytes of the returned + * output. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, but beyond that + * validity is specific to the algorithm). + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_output(psa_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/** Provide input for a step of a password-authenticated key exchange. + * + * Depending on the algorithm being executed, you might need to call this + * function several times or you might not need to call this at all. + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the algorithm in use. Refer to the documentation of + * individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_pake_abort(). + * + * \param[in,out] operation Active PAKE operation. + * \param step The step for which the input is provided. + * \param[out] input Buffer containing the input in the format + * appropriate for this \p step. Refer to the + * documentation of the individual + * \c PSA_PAKE_STEP_XXX constants for more + * information. + * \param[out] input_length Size of the \p input buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, but beyond that + * validity is specific to the algorithm). + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The input is not valid for the algorithm, ciphersuite or \p step. + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_input(psa_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *input, + size_t input_length); + +/** Get implicitly confirmed shared secret from a PAKE. + * + * At this point there is a cryptographic guarantee that only the authenticated + * party who used the same password is able to compute the key. But there is no + * guarantee that the peer is the party he claims to be and was able to do so. + * + * That is, the authentication is only implicit (the peer is not authenticated + * at this point, and no action should be taken that assume that they are - like + * for example accessing restricted files). + * + * This function can be called after the key exchange phase of the operation + * has completed. It imports the shared secret output of the PAKE into the + * provided derivation operation. The input step + * #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key + * material in the key derivation operation. + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the algorithm in use. Refer to the documentation of + * individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * When this function returns successfully, \p operation becomes inactive. + * If this function returns an error status, both \p operation + * and \p key_derivation operations enter an error state and must be aborted by + * calling psa_pake_abort() and psa_key_derivation_abort() respectively. + * + * \param[in,out] operation Active PAKE operation. + * \param[out] output A key derivation operation that is ready + * for an input step of type + * #PSA_KEY_DERIVATION_INPUT_SECRET. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, but beyond that + * validity is specific to the algorithm). + * \retval #PSA_ERROR_BAD_STATE + * The state of \p output is not valid for + * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the + * step is out of order or the application has done this step already + * and it may not be repeated. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the output’s + * algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, + psa_key_derivation_operation_t *output); + +/**@}*/ + +/** A sufficient output buffer size for psa_pake_output(). + * + * If the size of the output buffer is at least this large, it is guaranteed + * that psa_pake_output() will not fail due to an insufficient output buffer + * size. The actual size of the output might be smaller in any given call. + * + * See also #PSA_PAKE_OUTPUT_MAX_SIZE + * + * \param alg A PAKE algorithm (PSA_ALG_XXX value such that + * #PSA_ALG_IS_PAKE(\p alg) is true). + * \param primitive A primitive of type ::psa_pake_primitive_t that is + * compatible with algorithm \p alg. + * \param output_step A value of type ::psa_pake_step_t that is valid for the + * algorithm \p alg. + * \return A sufficient output buffer size for the specified + * output, cipher suite and algorithm. If the cipher suite, + * the output type or PAKE algorithm is not recognized, or + * the parameters are incompatible, return 0. + */ +#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) 0 + +/** A sufficient input buffer size for psa_pake_input(). + * + * If the size of the input is larger than this, it is guaranteed + * that psa_pake_input() will fail with #PSA_ERROR_INVALID_ARGUMENT. + * + * See also #PSA_PAKE_INPUT_MAX_SIZE + * + * \param alg A PAKE algorithm (PSA_ALG_XXX value such that + * #PSA_ALG_IS_PAKE(\p alg) is true). + * \param primitive A primitive of type ::psa_pake_primitive_t that is + * compatible with algorithm \p alg. + * \param output_step A value of type ::psa_pake_step_t that is valid for the + * algorithm \p alg. + * \return A sufficient output buffer size for the specified + * output, cipher suite and algorithm. If the cipher suite, + * the output type or PAKE algorithm is not recognized, or + * the parameters are incompatible, return 0. + */ +#define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) 0 + +/** Output buffer size for psa_pake_output() for any of the supported cipher + * suites and PAKE algorithms. + * + * This macro must expand to a compile-time constant integer. + * + * See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p cipher_suite, \p output). + */ +#define PSA_PAKE_OUTPUT_MAX_SIZE 0 + +/** Input buffer size for psa_pake_input() for any of the supported cipher + * suites and PAKE algorithms. + * + * This macro must expand to a compile-time constant integer. + * + * See also #PSA_PAKE_INPUT_SIZE(\p alg, \p cipher_suite, \p output). + */ +#define PSA_PAKE_INPUT_MAX_SIZE 0 + +struct psa_pake_cipher_suite_s +{ + psa_algorithm_t algorithm; + psa_pake_primitive_type_t type; + psa_pake_family_t family; + uint16_t bits; + psa_algorithm_t hash; +}; + +static inline psa_algorithm_t psa_pake_cs_get_algorithm( + const psa_pake_cipher_suite_t *cipher_suite) +{ + return(cipher_suite->algorithm); +} + +static inline void psa_pake_cs_set_algorithm( + psa_pake_cipher_suite_t *cipher_suite, + psa_algorithm_t algorithm) +{ + if(!PSA_ALG_IS_PAKE(algorithm)) + cipher_suite->algorithm = 0; + else + cipher_suite->algorithm = algorithm; +} + +static inline psa_pake_primitive_t psa_pake_cs_get_primitive( + const psa_pake_cipher_suite_t *cipher_suite) +{ + return(PSA_PAKE_PRIMITIVE(cipher_suite->type, cipher_suite->family, + cipher_suite->bits)); +} + +static inline void psa_pake_cs_set_primitive( + psa_pake_cipher_suite_t *cipher_suite, + psa_pake_primitive_t primitive) +{ + cipher_suite->type = (psa_pake_primitive_type_t) (primitive >> 24); + cipher_suite->family = (psa_pake_family_t) (0xFF & (primitive >> 16)); + cipher_suite->bits = (uint16_t) (0xFFFF & primitive); +} + +static inline psa_algorithm_t psa_pake_cs_get_hash( + const psa_pake_cipher_suite_t *cipher_suite) +{ + return(cipher_suite->hash); +} + +static inline void psa_pake_cs_set_hash( + psa_pake_cipher_suite_t *cipher_suite, + psa_algorithm_t hash) +{ + if(!PSA_ALG_IS_HASH(hash)) + cipher_suite->hash = 0; + else + cipher_suite->hash = hash; +} + +struct psa_pake_operation_s +{ + psa_algorithm_t alg; + union + { + /* Make the union non-empty even with no supported algorithms. */ + uint8_t dummy; + } ctx; +}; + +/* This only zeroes out the first byte in the union, the rest is unspecified. */ +#define PSA_PAKE_OPERATION_INIT {0, {0}} +static inline struct psa_pake_operation_s psa_pake_operation_init(void) +{ + const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT; + return(v); +} + #ifdef __cplusplus } #endif diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 62254fab5..79f96739b 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -1132,63 +1132,4 @@ #define PSA_CIPHER_FINISH_OUTPUT_MAX_SIZE \ (PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE) -/** A sufficient output buffer size for psa_pake_output(). - * - * If the size of the output buffer is at least this large, it is guaranteed - * that psa_pake_output() will not fail due to an insufficient output buffer - * size. The actual size of the output might be smaller in any given call. - * - * See also #PSA_PAKE_OUTPUT_MAX_SIZE - * - * \param alg A PAKE algorithm (PSA_ALG_XXX value such that - * #PSA_ALG_IS_PAKE(\p alg) is true). - * \param primitive A primitive of type ::psa_pake_primitive_t that is - * compatible with algorithm \p alg. - * \param output_step A value of type ::psa_pake_step_t that is valid for the - * algorithm \p alg. - * \return A sufficient output buffer size for the specified - * output, cipher suite and algorithm. If the cipher suite, - * the output type or PAKE algorithm is not recognized, or - * the parameters are incompatible, return 0. - */ -#define PSA_PAKE_OUTPUT_SIZE(alg, primitive, output_step) 0 - -/** A sufficient input buffer size for psa_pake_input(). - * - * If the size of the input is larger than this, it is guaranteed - * that psa_pake_input() will fail with #PSA_ERROR_INVALID_ARGUMENT. - * - * See also #PSA_PAKE_INPUT_MAX_SIZE - * - * \param alg A PAKE algorithm (PSA_ALG_XXX value such that - * #PSA_ALG_IS_PAKE(\p alg) is true). - * \param primitive A primitive of type ::psa_pake_primitive_t that is - * compatible with algorithm \p alg. - * \param output_step A value of type ::psa_pake_step_t that is valid for the - * algorithm \p alg. - * \return A sufficient output buffer size for the specified - * output, cipher suite and algorithm. If the cipher suite, - * the output type or PAKE algorithm is not recognized, or - * the parameters are incompatible, return 0. - */ -#define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) 0 - -/** Output buffer size for psa_pake_output() for any of the supported cipher - * suites and PAKE algorithms. - * - * This macro must expand to a compile-time constant integer. - * - * See also #PSA_PAKE_OUTPUT_SIZE(\p alg, \p cipher_suite, \p output). - */ -#define PSA_PAKE_OUTPUT_MAX_SIZE 0 - -/** Input buffer size for psa_pake_input() for any of the supported cipher - * suites and PAKE algorithms. - * - * This macro must expand to a compile-time constant integer. - * - * See also #PSA_PAKE_INPUT_SIZE(\p alg, \p cipher_suite, \p output). - */ -#define PSA_PAKE_INPUT_MAX_SIZE 0 - #endif /* PSA_CRYPTO_SIZES_H */ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index b20a17972..47012fdd0 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -461,81 +461,6 @@ static inline size_t psa_get_key_bits( return( attributes->core.bits ); } -struct psa_pake_cipher_suite_s -{ - psa_algorithm_t algorithm; - psa_pake_primitive_type_t type; - psa_pake_family_t family; - uint16_t bits; - psa_algorithm_t hash; -}; - -static inline psa_algorithm_t psa_pake_cs_get_algorithm( - const psa_pake_cipher_suite_t *cipher_suite) -{ - return( cipher_suite->algorithm ); -} - -static inline void psa_pake_cs_set_algorithm( - psa_pake_cipher_suite_t *cipher_suite, - psa_algorithm_t algorithm) -{ - if( !PSA_ALG_IS_PAKE(algorithm) ) - cipher_suite->algorithm = 0; - else - cipher_suite->algorithm = algorithm; -} - -static inline psa_pake_primitive_t psa_pake_cs_get_primitive( - const psa_pake_cipher_suite_t *cipher_suite) -{ - return( PSA_PAKE_PRIMITIVE( cipher_suite->type, cipher_suite->family, - cipher_suite->bits) ); -} - -static inline void psa_pake_cs_set_primitive( - psa_pake_cipher_suite_t *cipher_suite, - psa_pake_primitive_t primitive) -{ - cipher_suite->type = (psa_pake_primitive_type_t) (primitive >> 24); - cipher_suite->family = (psa_pake_family_t) ( 0xFF & (primitive >> 16) ); - cipher_suite->bits = (uint16_t) ( 0xFFFF & primitive ); -} - -static inline psa_algorithm_t psa_pake_cs_get_hash( - const psa_pake_cipher_suite_t *cipher_suite) -{ - return( cipher_suite->hash ); -} - -static inline void psa_pake_cs_set_hash( - psa_pake_cipher_suite_t *cipher_suite, - psa_algorithm_t hash) -{ - if( !PSA_ALG_IS_HASH(hash) ) - cipher_suite->hash = 0; - else - cipher_suite->hash = hash; -} - -struct psa_pake_operation_s -{ - psa_algorithm_t alg; - union - { - /* Make the union non-empty even with no supported algorithms. */ - uint8_t dummy; - } ctx; -}; - -/* This only zeroes out the first byte in the union, the rest is unspecified. */ -#define PSA_PAKE_OPERATION_INIT {0, {0}} -static inline struct psa_pake_operation_s psa_pake_operation_init( void ) -{ - const struct psa_pake_operation_s v = PSA_PAKE_OPERATION_INIT; - return( v ); -} - #ifdef __cplusplus } #endif diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 5a66a8709..386c7d794 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -380,46 +380,4 @@ typedef uint16_t psa_key_derivation_step_t; /**@}*/ -/** \defgroup pake Password-authenticated key exchange (PAKE) - * @{ - */ - -/** \brief Encoding of the side of PAKE - * - * Encodes which side of the algorithm is being executed. For more information - * see the documentation of individual \c PSA_PAKE_SIDE_XXX constants. - */ -typedef uint8_t psa_pake_side_t; - -/** Encoding of input and output indicators for PAKE. - * - * Some PAKE algorithms need to exchange more data than just a single key share. - * This type is for encoding additional input and output data for such - * algorithms. - */ -typedef uint8_t psa_pake_step_t; - -/** Encoding of the type of the PAKE's primitive. - * - * Values defined by this standard will never be in the range 0x80-0xff. - * Vendors who define additional types must use an encoding in this range. - * - * For more information see the documentation of individual - * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. - */ -typedef uint8_t psa_pake_primitive_type_t; - -/** \brief Encoding of the family of the primitive associated with the PAKE. - * - * For more information see the documentation of individual - * \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. - */ -typedef uint8_t psa_pake_family_t; - -/** \brief Encoding of the primitive associated with the PAKE. - * - * For more information see the documentation of the #PSA_PAKE_PRIMITIVE macro. - */ -typedef uint32_t psa_pake_primitive_t; -/**@}*/ #endif /* PSA_CRYPTO_TYPES_H */ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 37cd03024..497bd8f01 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -731,7 +731,6 @@ #define PSA_ALG_CATEGORY_ASYMMETRIC_ENCRYPTION ((psa_algorithm_t)0x07000000) #define PSA_ALG_CATEGORY_KEY_DERIVATION ((psa_algorithm_t)0x08000000) #define PSA_ALG_CATEGORY_KEY_AGREEMENT ((psa_algorithm_t)0x09000000) -#define PSA_ALG_CATEGORY_PAKE ((psa_algorithm_t)0x0a000000) /** Whether an algorithm is vendor-defined. * @@ -849,18 +848,6 @@ (PSA_ALG_IS_KEY_DERIVATION(alg) && \ (alg) & PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG) -/** Whether the specified algorithm is a password-authenticated key exchange. - * - * \param alg An algorithm identifier (value of type #psa_algorithm_t). - * - * \return 1 if \p alg is a password-authenticated key exchange (PAKE) - * algorithm, 0 otherwise. - * This macro may return either 0 or 1 if \p alg is not a supported - * algorithm identifier. - */ -#define PSA_ALG_IS_PAKE(alg) \ - (((alg) & PSA_ALG_CATEGORY_MASK) == PSA_ALG_CATEGORY_PAKE) - #define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff) /** MD2 */ #define PSA_ALG_MD2 ((psa_algorithm_t)0x02000001) @@ -1966,109 +1953,6 @@ #define PSA_ALG_GET_HASH(alg) \ (((alg) & 0x000000ff) == 0 ? ((psa_algorithm_t)0) : 0x02000000 | ((alg) & 0x000000ff)) -/** The Password-authenticated key exchange by juggling (J-PAKE) algorithm. - * - * This is J-PAKE as defined by RFC 8236, instantiated with the following - * parameters: - * - * - The group can be either an elliptic curve or defined over a finite field. - * - Schnorr NIZK proof as defined by RFC 8235 and using the same group as the - * J-PAKE algorithm. - * - A secure cryptographic hash function. - * - * To select these parameters and set up the cipher suite, call - * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE); - * psa_pake_cs_set_primitive(cipher_suite, - * PSA_PAKE_PRIMITIVE(type, family, bits)); - * psa_pake_cs_set_hash(cipher_suite, hash); - * - * For more information on how to set a specific curve or field, refer to the - * documentation of the individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. - * - * After initializing a J-PAKE operation, call - * psa_pake_setup(operation, cipher_suite); - * psa_pake_set_user(operation, ...); - * psa_pake_set_peer(operation, ...); - * and either - * psa_pake_set_password_stretch(operation, ...); - * or - * psa_pake_set_password_key(operation, ...); - * - * Either way the password is read as a byte array and must be non-empty. This - * can be the password itself (in some pre-defined character encoding) or some - * value derived from the password as mandated by some higher level protocol. - * - * (The implementation converts this byte array to a number as described in - * Section 2.3.8 of _SEC 1: Elliptic Curve Cryptography_ - * (https://www.secg.org/sec1-v2.pdf), before reducing it modulo \c q. Here - * \c q is order of the group defined by the primitive set in the cipher suite. - * The \c psa_pake_set_password_xxx() functions return an error if the result - * of the reduction is 0.) - * - * The key exchange flow for J-PAKE is as follows: - * -# To get the first round data that needs to be sent to the peer, call - * // Get g1 - * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // Get the ZKP public key for x1 - * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); - * // Get the ZKP proof for x1 - * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); - * // Get g2 - * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // Get the ZKP public key for x2 - * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); - * // Get the ZKP proof for x2 - * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); - * -# To provide the first round data received from the peer to the operation, - * call - * // Set g3 - * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // Set the ZKP public key for x3 - * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); - * // Set the ZKP proof for x3 - * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); - * // Set g4 - * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // Set the ZKP public key for x4 - * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); - * // Set the ZKP proof for x4 - * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); - * -# To get the second round data that needs to be sent to the peer, call - * // Get A - * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // Get ZKP public key for x2*s - * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); - * // Get ZKP proof for x2*s - * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); - * -# To provide the second round data received from the peer to the operation, - * call - * // Set B - * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // Set ZKP public key for x4*s - * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); - * // Set ZKP proof for x4*s - * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); - * -# To access the shared secret call - * // Get Ka=Kb=K - * psa_pake_get_implicit_key() - * - * For more information consult the documentation of the individual - * \c PSA_PAKE_STEP_XXX constants. - * - * At this point there is a cryptographic guarantee that only the authenticated - * party who used the same password is able to compute the key. But there is no - * guarantee that the peer is the party he claims to be and was able to do so. - * - * That is, the authentication is only implicit (the peer is not authenticated - * at this point, and no action should be taken that assume that they are - like - * for example accessing restricted files). - * - * To make the authentication explicit there are various methods, see Section 5 - * of RFC 8236 for two examples. - * - */ -#define PSA_ALG_JPAKE ((psa_algorithm_t)0x0a000100) - /**@}*/ /** \defgroup key_lifetimes Key lifetimes @@ -2497,149 +2381,4 @@ static inline int mbedtls_svc_key_id_is_null( mbedtls_svc_key_id_t key ) /**@}*/ -/** \defgroup pake Password-authenticated key exchange (PAKE) - * @{ - */ - -/** The first peer in a balanced PAKE. - * - * Although balanced PAKE algorithms are symmetric, some of them needs an - * ordering of peers for the transcript calculations. If the algorithm does not - * need this, both #PSA_PAKE_SIDE_FIRST and #PSA_PAKE_SIDE_SECOND are - * accepted. - */ -#define PSA_PAKE_SIDE_FIRST ((psa_pake_side_t)0x01) - -/** The second peer in a balanced PAKE. - * - * Although balanced PAKE algorithms are symmetric, some of them needs an - * ordering of peers for the transcript calculations. If the algorithm does not - * need this, either #PSA_PAKE_SIDE_FIRST or #PSA_PAKE_SIDE_SECOND are - * accepted. - */ -#define PSA_PAKE_SIDE_SECOND ((psa_pake_side_t)0x02) - -/** The client in an augmented PAKE. - * - * Augmented PAKE algorithms need to differentiate between client and server. - */ -#define PSA_PAKE_SIDE_CLIENT ((psa_pake_side_t)0x11) - -/** The server in an augmented PAKE. - * - * Augmented PAKE algorithms need to differentiate between client and server. - */ -#define PSA_PAKE_SIDE_SERVER ((psa_pake_side_t)0x12) - -/** The PAKE primitive type indicating the use of elliptic curves. - * - * The values of the \c family and \c bits fields of the cipher suite identify a - * specific elliptic curve, using the same mapping that is used for ECC - * (::psa_ecc_family_t) keys. - * - * (Here \c family means the value returned by psa_pake_cs_get_family() and - * \c bits means the value returned by psa_pake_cs_get_bits().) - * - * Input and output during the operation can involve group elements and scalar - * values: - * -# The format for group elements is the same as for public keys on the - * specific curve would be. For more information, consult the documentation of - * psa_export_public_key(). - * -# The format for scalars is the same as for private keys on the specific - * curve would be. For more information, consult the documentation of - * psa_export_key(). - */ -#define PSA_PAKE_PRIMITIVE_TYPE_ECC ((psa_pake_primitive_type_t)0x01) - -/** The PAKE primitive type indicating the use of Diffie-Hellman groups. - * - * The values of the \c family and \c bits fields of the cipher suite identify - * a specific Diffie-Hellman group, using the same mapping that is used for - * Diffie-Hellman (::psa_dh_family_t) keys. - * - * (Here \c family means the value returned by psa_pake_cs_get_family() and - * \c bits means the value returned by psa_pake_cs_get_bits().) - * - * Input and output during the operation can involve group elements and scalar - * values: - * -# The format for group elements is the same as for public keys on the - * specific group would be. For more information, consult the documentation of - * psa_export_public_key(). - * -# The format for scalars is the same as for private keys on the specific - * group would be. For more information, consult the documentation of - * psa_export_key(). - */ -#define PSA_PAKE_PRIMITIVE_TYPE_DH ((psa_pake_primitive_type_t)0x02) - -/** Construct a PAKE primitive from type, family and bit-size. - * - * \param pake_type The type of the primitive - * (value of type ::psa_pake_primitive_type_t). - * \param pake_family The family of the primitive - * (the type and interpretation of this parameter depends - * on \p type, for more information consult the - * documentation of individual ::psa_pake_primitive_type_t - * constants). - * \param pake_bits The bit-size of the primitive - * (Value of type \c size_t. The interpretation - * of this parameter depends on \p family, for more - * information consult the documentation of individual - * ::psa_pake_primitive_type_t constants). - * - * \return The constructed primitive value of type ::psa_pake_primitive_t. - * Return 0 if the requested primitive can't be encoded as - * ::psa_pake_primitive_t. - */ -#define PSA_PAKE_PRIMITIVE(pake_type, pake_family, pake_bits) \ - ((pake_bits & 0xFFFF) != pake_bits) ? 0 : \ - ((psa_pake_primitive_t) (((pake_type) << 24 | \ - (pake_family) << 16) | (pake_bits))) - -/** The key share being sent to or received from the peer. - * - * The format for both input and output at this step is the same as for public - * keys on the group determined by the primitive (::psa_pake_primitive_t) would - * be. - * - * For more information on the format, consult the documentation of - * psa_export_public_key(). - * - * For information regarding how the group is determined, consult the - * documentation #PSA_PAKE_PRIMITIVE. - */ -#define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01) - -/** A Schnorr NIZKP public key. - * - * The format for both input and output at this step is the same as for public - * keys on the group determined by the primitive (::psa_pake_primitive_t) would - * be. - * - * For more information on the format, consult the documentation of - * psa_export_public_key(). - * - * For information regarding how the group is determined, consult the - * documentation #PSA_PAKE_PRIMITIVE. - */ -#define PSA_PAKE_STEP_ZK_PUBLIC ((psa_pake_step_t)0x02) - -/** A Schnorr NIZKP proof. - * - * The format for both input and output at this step is the same as for private - * keys on the group determined by the primitive (::psa_pake_primitive_t) would - * be. - * - * Some public key algorithms mask the private keys and this might be reflected - * in the export format. Even if this is the case the masking is omitted at - * this step. - * - * For more information on the format, consult the documentation of - * psa_export_key(). - * - * For information regarding how the group is determined, consult the - * documentation #PSA_PAKE_PRIMITIVE. - */ -#define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03) - -/**@}*/ #endif /* PSA_CRYPTO_VALUES_H */ From 7d69b3a993d2785bc75299d8c5dfe7b7c20bf3e4 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 26 May 2021 13:10:56 +0100 Subject: [PATCH 137/236] PSA PAKE: add warning about stability We are not confident about the stability of the PAKE interface (it is just a proposal, not part of the standard yet). So we should explicitly document it as experimental, subject to change. Signed-off-by: Janos Follath --- include/psa/crypto_extra.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 615b6511c..4478f3a43 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -937,6 +937,14 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( /** @} */ /** \defgroup pake Password-authenticated key exchange (PAKE) + * + * This is a proposed PAKE interface for the PSA Crypto API. It is not part of + * the official PSA Crypto API yet. + * + * \note The content of this section is not part of the stable API and ABI + * of Mbed Crypto and may change arbitrarily from version to version. + * Same holds for the corresponding macros #PSA_ALG_CATEGORY_PAKE and + * #PSA_ALG_JPAKE. * @{ */ From 559f05eefc002dfc8f89e532d04e727bf91ed256 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 26 May 2021 15:44:30 +0100 Subject: [PATCH 138/236] PSA PAKE: remove psa_pake_set_password_stretch() The password stretching (using slow and/or memory hard hashes) in PAKEs usually serves two purposes: - Defending against server compromise impersonation attacks. J-PAKE is an augmented PAKE and as such, stores a password-equivalent and defending against this class of attacks is out of scope. - Preventing offline dictionary attacks. J-PAKE is proven to be zero knowledge and leaks no information beyond the fact if the passwords matched and offline dictionary attack is not possible. In summary: J-PAKE does not benefit from pasword stretching and is unlikely to be an input. This part of the API is not necessary at this point and can be added later. Signed-off-by: Janos Follath --- include/psa/crypto_extra.h | 80 +++----------------------------------- 1 file changed, 6 insertions(+), 74 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 4478f3a43..dcaf75568 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -854,14 +854,11 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * psa_pake_setup(operation, cipher_suite); * psa_pake_set_user(operation, ...); * psa_pake_set_peer(operation, ...); - * and either - * psa_pake_set_password_stretch(operation, ...); - * or * psa_pake_set_password_key(operation, ...); * - * Either way the password is read as a byte array and must be non-empty. This - * can be the password itself (in some pre-defined character encoding) or some - * value derived from the password as mandated by some higher level protocol. + * The password is read as a byte array and must be non-empty. This can be the + * password itself (in some pre-defined character encoding) or some value + * derived from the password as mandated by some higher level protocol. * * (The implementation converts this byte array to a number as described in * Section 2.3.8 of _SEC 1: Elliptic Curve Cryptography_ @@ -1348,19 +1345,15 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, /** Set the password for a password-authenticated key exchange from key ID. * * Call this function when the password, or a value derived from the password, - * is already present in the key store. To calculate the password-derived value - * from a password input, use the key derivation interface and - * psa_pake_set_password_stretch() instead. + * is already present in the key store. * * \param[in,out] operation The operation object to set the password for. It * must have been set up by psa_pake_setup() and * not yet in use (neither psa_pake_output() nor * psa_pake_input() has been called yet). It must * be on operation for which the password hasn't - * been set yet (neither - * psa_pake_set_password_stretch() nor - * psa_pake_set_password_key() has been called - * yet). + * been set yet (psa_pake_set_password_key() + * hasn't been called yet). * \param password Identifier of the key holding the password or a * value derived from the password (eg. by a * memory-hard function). It must remain valid @@ -1389,67 +1382,6 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, mbedtls_svc_key_id_t password); -/** Set the password for a password-authenticated key exchange via a key - * stretching function. - * - * Some protocols use values derived from passwords via key stretching - * functions to mitigate dictionary attacks. Key stretching functions can be - * accessed through the key derivation interface and the result can be supplied - * to the PAKE operation in the form of a key derivation object. - * - * This function draws bytes from a key derivation algorithm and sets those - * bytes as a password for the password-authenticated key exchange. If you - * view the key derivation's output as a stream of bytes, this function - * destructively reads the requested number of bytes from the stream. - * The key derivation operation's capacity decreases by the number of bytes read. - * - * If this function returns anything other than #PSA_SUCCESS, both \p operation - * and \p key_derivation operations enter an error state and must be aborted by - * calling psa_pake_abort() and psa_key_derivation_abort() respectively. - * - * \param[in,out] operation The operation object to set the password for. - * It must have been set up by psa_pake_setup() - * and not yet in use (neither psa_pake_output() - * nor psa_pake_input() has been called yet). It - * must be on operation for which the password - * hasn't been set yet (neither - * psa_pake_set_password_stretch() nor - * psa_pake_set_password_key() has been called - * yet). - * \param[in,out] key_derivation An ongoing key derivation operation set up - * from the password and in a state suitable for - * calling psa_key_derivation_output_bytes(). - * \param input_length Number of bytes to input from the - * \p key_derivation operation. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_BAD_STATE - * The state of \p operation or \p key_derivation is not valid. - * \retval #PSA_ERROR_INSUFFICIENT_DATA - * The \p key_derivation operation's capacity was less than - * \p input_length bytes. - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_NOT_PERMITTED - * One of the inputs to \p key_derivation was a key whose policy didn't - * allow #PSA_KEY_USAGE_DERIVE. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p key is not compatible with the algorithm or the cipher suite. - * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t psa_pake_set_password_stretch( - psa_pake_operation_t *operation, - psa_key_derivation_operation_t *key_derivation, - size_t input_length - ); - /** Set the user ID for a password-authenticated key exchange. * * Call this function to set the user ID. For PAKE algorithms that associate a From 89ee05a80589e719bfde97c5d1b0cdcc55a3443c Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 26 May 2021 15:57:53 +0100 Subject: [PATCH 139/236] Rename psa_pake_set_password() Technically this function takes a low entropy secret as an input which might or might not be the password. Using the term "secret" in the function name is less misleading. Signed-off-by: Janos Follath --- include/psa/crypto_extra.h | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index dcaf75568..43d37b912 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -854,7 +854,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * psa_pake_setup(operation, cipher_suite); * psa_pake_set_user(operation, ...); * psa_pake_set_peer(operation, ...); - * psa_pake_set_password_key(operation, ...); + * psa_pake_set_secret_from_key(operation, ...); * * The password is read as a byte array and must be non-empty. This can be the * password itself (in some pre-defined character encoding) or some value @@ -1345,14 +1345,15 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, /** Set the password for a password-authenticated key exchange from key ID. * * Call this function when the password, or a value derived from the password, - * is already present in the key store. + * (for example a hash of the password or a key derived from the password) is + * already present in the key store. * * \param[in,out] operation The operation object to set the password for. It * must have been set up by psa_pake_setup() and * not yet in use (neither psa_pake_output() nor * psa_pake_input() has been called yet). It must * be on operation for which the password hasn't - * been set yet (psa_pake_set_password_key() + * been set yet (psa_pake_set_secret_from_key() * hasn't been called yet). * \param password Identifier of the key holding the password or a * value derived from the password (eg. by a @@ -1379,8 +1380,8 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password); +psa_status_t psa_pake_set_secret_from_key(psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password); /** Set the user ID for a password-authenticated key exchange. * From 1f9e9e95c975b61297eee2c00f97daa21d93a55e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 26 May 2021 16:10:25 +0100 Subject: [PATCH 140/236] PSA PAKE: fix old constant name in test Signed-off-by: Janos Follath --- tests/suites/test_suite_psa_crypto_metadata.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 0845b55d7..22056b0a8 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -295,7 +295,7 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_384 key_agreement_algorithm:PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_384 ) ):ALG_IS_ECDH:PSA_ALG_ECDH:PSA_ALG_HKDF( PSA_ALG_SHA_384 ) PAKE: J-PAKE -pake_algorithm:PSA_ALG_PAKE_JPAKE +pake_algorithm:PSA_ALG_JPAKE Key type: raw data key_type:PSA_KEY_TYPE_RAW_DATA:KEY_TYPE_IS_UNSTRUCTURED From 52f9efad22a3c1dbeea5abd33479188ae2978e85 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 27 May 2021 08:40:16 +0100 Subject: [PATCH 141/236] Revert "Rename psa_pake_set_password()" This reverts commit 03a5fd7780026b2ca0b4728352ded930f5a7cff9. We're already calling the output of a PAKE a "shared secret". The password is a shared secret (for PAKE where the verifier knows a password-equivalent secret), but calling it "shared secret" or even just "secret" would be confusing. Signed-off-by: Janos Follath --- include/psa/crypto_extra.h | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 43d37b912..dcaf75568 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -854,7 +854,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * psa_pake_setup(operation, cipher_suite); * psa_pake_set_user(operation, ...); * psa_pake_set_peer(operation, ...); - * psa_pake_set_secret_from_key(operation, ...); + * psa_pake_set_password_key(operation, ...); * * The password is read as a byte array and must be non-empty. This can be the * password itself (in some pre-defined character encoding) or some value @@ -1345,15 +1345,14 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, /** Set the password for a password-authenticated key exchange from key ID. * * Call this function when the password, or a value derived from the password, - * (for example a hash of the password or a key derived from the password) is - * already present in the key store. + * is already present in the key store. * * \param[in,out] operation The operation object to set the password for. It * must have been set up by psa_pake_setup() and * not yet in use (neither psa_pake_output() nor * psa_pake_input() has been called yet). It must * be on operation for which the password hasn't - * been set yet (psa_pake_set_secret_from_key() + * been set yet (psa_pake_set_password_key() * hasn't been called yet). * \param password Identifier of the key holding the password or a * value derived from the password (eg. by a @@ -1380,8 +1379,8 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t psa_pake_set_secret_from_key(psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password); +psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password); /** Set the user ID for a password-authenticated key exchange. * From ec83eb605e0744e4975446d0e7e6c7b5c7329bb7 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 27 May 2021 08:41:59 +0100 Subject: [PATCH 142/236] Fix copy+paste mistake Signed-off-by: Janos Follath --- include/psa/crypto_extra.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index dcaf75568..997fec0b8 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1692,7 +1692,7 @@ psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, * #PSA_ALG_IS_PAKE(\p alg) is true). * \param primitive A primitive of type ::psa_pake_primitive_t that is * compatible with algorithm \p alg. - * \param output_step A value of type ::psa_pake_step_t that is valid for the + * \param input_step A value of type ::psa_pake_step_t that is valid for the * algorithm \p alg. * \return A sufficient output buffer size for the specified * output, cipher suite and algorithm. If the cipher suite, From a46e28f7861203b983e904f5040ae512ec5dc36a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 3 Jun 2021 13:07:03 +0100 Subject: [PATCH 143/236] PSA PAKE: use neutral pronouns Signed-off-by: Janos Follath --- include/psa/crypto_extra.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 997fec0b8..02e87ffa2 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -919,7 +919,7 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * * At this point there is a cryptographic guarantee that only the authenticated * party who used the same password is able to compute the key. But there is no - * guarantee that the peer is the party he claims to be and was able to do so. + * guarantee that the peer is the party it claims to be and was able to do so. * * That is, the authentication is only implicit (the peer is not authenticated * at this point, and no action should be taken that assume that they are - like @@ -1604,7 +1604,7 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, * * At this point there is a cryptographic guarantee that only the authenticated * party who used the same password is able to compute the key. But there is no - * guarantee that the peer is the party he claims to be and was able to do so. + * guarantee that the peer is the party it claims to be and was able to do so. * * That is, the authentication is only implicit (the peer is not authenticated * at this point, and no action should be taken that assume that they are - like From 38d29db75fd2c06a899341895fbeec989c1d1fb6 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 3 Jun 2021 13:14:42 +0100 Subject: [PATCH 144/236] Fix copy+paste mistake Signed-off-by: Janos Follath --- include/psa/crypto_extra.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 02e87ffa2..dd99839cc 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1694,9 +1694,9 @@ psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, * compatible with algorithm \p alg. * \param input_step A value of type ::psa_pake_step_t that is valid for the * algorithm \p alg. - * \return A sufficient output buffer size for the specified - * output, cipher suite and algorithm. If the cipher suite, - * the output type or PAKE algorithm is not recognized, or + * \return A sufficient input buffer size for the specified + * input, cipher suite and algorithm. If the cipher suite, + * the input type or PAKE algorithm is not recognized, or * the parameters are incompatible, return 0. */ #define PSA_PAKE_INPUT_SIZE(alg, primitive, input_step) 0 @@ -1715,7 +1715,7 @@ psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, * * This macro must expand to a compile-time constant integer. * - * See also #PSA_PAKE_INPUT_SIZE(\p alg, \p cipher_suite, \p output). + * See also #PSA_PAKE_INPUT_SIZE(\p alg, \p cipher_suite, \p input). */ #define PSA_PAKE_INPUT_MAX_SIZE 0 From b4db90fb27008932fe5735f7572885c22243e52d Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 3 Jun 2021 13:17:09 +0100 Subject: [PATCH 145/236] PSA PAKE: improve documentation Signed-off-by: Janos Follath --- include/psa/crypto_extra.h | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index dd99839cc..66c9f9c20 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1606,9 +1606,10 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, * party who used the same password is able to compute the key. But there is no * guarantee that the peer is the party it claims to be and was able to do so. * - * That is, the authentication is only implicit (the peer is not authenticated - * at this point, and no action should be taken that assume that they are - like - * for example accessing restricted files). + * That is, the authentication is only implicit. Since the peer is not + * authenticated yet, no action should be taken yet that assumes that the peer + * is who it claims to be. For example, do not access restricted files on the + * peer's behalf until an explicit authentication has succeeded. * * This function can be called after the key exchange phase of the operation * has completed. It imports the shared secret output of the PAKE into the @@ -1683,8 +1684,9 @@ psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, /** A sufficient input buffer size for psa_pake_input(). * - * If the size of the input is larger than this, it is guaranteed - * that psa_pake_input() will fail with #PSA_ERROR_INVALID_ARGUMENT. + * The value returned by this macro is guaranteed to be large enough for any + * valid input to psa_pake_input() in an operation with the specified + * parameters. * * See also #PSA_PAKE_INPUT_MAX_SIZE * From 3293dae00eaf300bd6f180181c253551b7506d3e Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 3 Jun 2021 13:21:33 +0100 Subject: [PATCH 146/236] psa_pake_setup(): simplify documentation This level of detail can be confusing and could require even more detail to clear it up. Simplifying it instead in alignment wiht the documentation of existing setup functions. Signed-off-by: Janos Follath --- include/psa/crypto_extra.h | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 66c9f9c20..a7425deb2 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1317,10 +1317,7 @@ static psa_pake_operation_t psa_pake_operation_init(void); * - A successful call to psa_pake_get_implicit_key(). * * \param[in,out] operation The operation object to set up. It must have - * been initialized as per the documentation for - * #psa_pake_operation_t and not yet in use (no - * other function has been called on it since the - * last initialization). + * been initialized but not set up yet. * \param cipher_suite The cipher suite to use. (A cipher suite fully * characterizes a PAKE algorithm and determines * the algorithm as well.) From b384ec19d188eb58056367d481d4091e8dba6390 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 3 Jun 2021 14:48:51 +0100 Subject: [PATCH 147/236] PSA PAKE: fix J-PAKE documentation code rendering 4-space indent is only guaranteed to result in a code block if there's a blank line just before (details vary depending on the markdown implementation, and doxygen isn't exactly markdown anyway). In a bullet list, you need 8 spaces since the list itself is a nested construct which takes a 4-space indent (even though you don't have to indent continuation lines inside a bullet point by 4 spaces, 1 is enough). Using \code...\encode which is rendering as intended. Signed-off-by: Janos Follath --- include/psa/crypto_extra.h | 108 +++++++++++++++++++++---------------- 1 file changed, 62 insertions(+), 46 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index a7425deb2..717db2bc9 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -842,19 +842,25 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * - A secure cryptographic hash function. * * To select these parameters and set up the cipher suite, call - * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE); - * psa_pake_cs_set_primitive(cipher_suite, - * PSA_PAKE_PRIMITIVE(type, family, bits)); - * psa_pake_cs_set_hash(cipher_suite, hash); + * + * \code + * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE); + * psa_pake_cs_set_primitive(cipher_suite, + * PSA_PAKE_PRIMITIVE(type, family, bits)); + * psa_pake_cs_set_hash(cipher_suite, hash); + * \endcode * * For more information on how to set a specific curve or field, refer to the * documentation of the individual \c PSA_PAKE_PRIMITIVE_TYPE_XXX constants. * * After initializing a J-PAKE operation, call - * psa_pake_setup(operation, cipher_suite); - * psa_pake_set_user(operation, ...); - * psa_pake_set_peer(operation, ...); - * psa_pake_set_password_key(operation, ...); + * + * \code + * psa_pake_setup(operation, cipher_suite); + * psa_pake_set_user(operation, ...); + * psa_pake_set_peer(operation, ...); + * psa_pake_set_password_key(operation, ...); + * \endcode * * The password is read as a byte array and must be non-empty. This can be the * password itself (in some pre-defined character encoding) or some value @@ -869,50 +875,60 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * * The key exchange flow for J-PAKE is as follows: * -# To get the first round data that needs to be sent to the peer, call - * // Get g1 - * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // Get the ZKP public key for x1 - * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); - * // Get the ZKP proof for x1 - * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); - * // Get g2 - * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // Get the ZKP public key for x2 - * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); - * // Get the ZKP proof for x2 - * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * \code + * // Get g1 + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Get the ZKP public key for x1 + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Get the ZKP proof for x1 + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * // Get g2 + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Get the ZKP public key for x2 + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Get the ZKP proof for x2 + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * \endcode * -# To provide the first round data received from the peer to the operation, * call - * // Set g3 - * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // Set the ZKP public key for x3 - * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); - * // Set the ZKP proof for x3 - * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); - * // Set g4 - * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // Set the ZKP public key for x4 - * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); - * // Set the ZKP proof for x4 - * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * \code + * // Set g3 + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Set the ZKP public key for x3 + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Set the ZKP proof for x3 + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * // Set g4 + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Set the ZKP public key for x4 + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Set the ZKP proof for x4 + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * \endcode * -# To get the second round data that needs to be sent to the peer, call - * // Get A - * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // Get ZKP public key for x2*s - * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); - * // Get ZKP proof for x2*s - * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * \code + * // Get A + * psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Get ZKP public key for x2*s + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Get ZKP proof for x2*s + * psa_pake_output(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * \endcode * -# To provide the second round data received from the peer to the operation, * call - * // Set B - * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); - * // Set ZKP public key for x4*s - * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); - * // Set ZKP proof for x4*s - * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * \code + * // Set B + * psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...); + * // Set ZKP public key for x4*s + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PUBLIC, ...); + * // Set ZKP proof for x4*s + * psa_pake_input(operation, #PSA_PAKE_STEP_ZK_PROOF, ...); + * \endcode * -# To access the shared secret call - * // Get Ka=Kb=K - * psa_pake_get_implicit_key() + * \code + * // Get Ka=Kb=K + * psa_pake_get_implicit_key() + * \endcode * * For more information consult the documentation of the individual * \c PSA_PAKE_STEP_XXX constants. From 55dd5dc3556be0eeccf943cc29fd0077be553003 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 3 Jun 2021 15:51:09 +0100 Subject: [PATCH 148/236] PSA PAKE: Clarify the documentation of NIZKP steps The expression "the masking is omitted" assumes familiarity with Montgomery curve private key format and even then can be confusing and ambiguous or confusing. Describe directly what format we mean and add some more background information and reference to the standard as well. Signed-off-by: Janos Follath --- include/psa/crypto_extra.h | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 717db2bc9..e4a21d44b 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1108,6 +1108,9 @@ typedef uint32_t psa_pake_primitive_t; #define PSA_PAKE_STEP_KEY_SHARE ((psa_pake_step_t)0x01) /** A Schnorr NIZKP public key. + * + * This is the ephemeral public key in the Schnorr Non-Interactive + * Zero-Knowledge Proof (the value denoted by the letter 'V' in RFC 8235). * * The format for both input and output at this step is the same as for public * keys on the group determined by the primitive (::psa_pake_primitive_t) would @@ -1123,16 +1126,16 @@ typedef uint32_t psa_pake_primitive_t; /** A Schnorr NIZKP proof. * - * The format for both input and output at this step is the same as for private - * keys on the group determined by the primitive (::psa_pake_primitive_t) would - * be. + * This is the proof in the Schnorr Non-Interactive Zero-Knowledge Proof (the + * value denoted by the letter 'r' in RFC 8235). * - * Some public key algorithms mask the private keys and this might be reflected - * in the export format. Even if this is the case the masking is omitted at - * this step. + * Both input and output at this step is an integer less than the group + * selected in the cipher suite. The format depends on the group as well: * - * For more information on the format, consult the documentation of - * psa_export_key(). + * - For Montgomery curves, the encoding is little endian (see decoding of + * scalars in Section 5 of RFC 7748). + * - For everything else the encoding is big endian (see Section 2.3.8 of + * _SEC 1: Elliptic Curve Cryptography_ at https://www.secg.org/sec1-v2.pdf). * * For information regarding how the group is determined, consult the * documentation #PSA_PAKE_PRIMITIVE. From 33434a9f60f18894953eb64ffd699d5774cd1a37 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 26 May 2021 09:25:33 +0100 Subject: [PATCH 149/236] Fix parenthesis spacing in crypto_struct.h crypto_struct.h is implementation-specific so it was intended to have Mbed TLS whitespace style. Signed-off-by: Janos Follath --- include/psa/crypto_struct.h | 64 ++++++++++++++++++++----------------- 1 file changed, 34 insertions(+), 30 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 47012fdd0..406007445 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -92,7 +92,7 @@ struct psa_hash_operation_s psa_driver_hash_context_t ctx; }; -#define PSA_HASH_OPERATION_INIT {0, {0}} +#define PSA_HASH_OPERATION_INIT { 0, { 0 } } static inline struct psa_hash_operation_s psa_hash_operation_init( void ) { const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT; @@ -117,7 +117,7 @@ struct psa_cipher_operation_s psa_driver_cipher_context_t ctx; }; -#define PSA_CIPHER_OPERATION_INIT {0, 0, 0, 0, {0}} +#define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } } static inline struct psa_cipher_operation_s psa_cipher_operation_init( void ) { const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT; @@ -142,7 +142,7 @@ struct psa_mac_operation_s psa_driver_mac_context_t ctx; }; -#define PSA_MAC_OPERATION_INIT {0, 0, 0, {0}} +#define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } } static inline struct psa_mac_operation_s psa_mac_operation_init( void ) { const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT; @@ -163,7 +163,7 @@ struct psa_aead_operation_s } ctx; }; -#define PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, {0}} +#define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, { 0 } } static inline struct psa_aead_operation_s psa_aead_operation_init( void ) { const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT; @@ -223,7 +223,7 @@ typedef struct psa_tls12_prf_key_derivation_s uint8_t Ai[PSA_HASH_MAX_SIZE]; - /* `HMAC_hash( prk, A(i) + seed )` in the notation of RFC 5246, Sect. 5. */ + /* `HMAC_hash( prk, A( i ) + seed )` in the notation of RFC 5246, Sect. 5. */ uint8_t output_block[PSA_HASH_MAX_SIZE]; } psa_tls12_prf_key_derivation_t; #endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || @@ -249,8 +249,9 @@ struct psa_key_derivation_s }; /* This only zeroes out the first byte in the union, the rest is unspecified. */ -#define PSA_KEY_DERIVATION_OPERATION_INIT {0, 0, 0, {0}} -static inline struct psa_key_derivation_s psa_key_derivation_operation_init( void ) +#define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } } +static inline +struct psa_key_derivation_s psa_key_derivation_operation_init( void ) { const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT; return( v ); @@ -264,7 +265,7 @@ struct psa_key_policy_s }; typedef struct psa_key_policy_s psa_key_policy_t; -#define PSA_KEY_POLICY_INIT {0, 0, 0} +#define PSA_KEY_POLICY_INIT { 0, 0, 0 } static inline struct psa_key_policy_s psa_key_policy_init( void ) { const struct psa_key_policy_s v = PSA_KEY_POLICY_INIT; @@ -276,7 +277,7 @@ static inline struct psa_key_policy_s psa_key_policy_init( void ) typedef uint16_t psa_key_bits_t; /* The maximum value of the type used to represent bit-sizes. * This is used to mark an invalid key size. */ -#define PSA_KEY_BITS_TOO_LARGE ( (psa_key_bits_t) ( -1 ) ) +#define PSA_KEY_BITS_TOO_LARGE ( ( psa_key_bits_t ) -1 ) /* The maximum size of a key in bits. * Currently defined as the maximum that can be represented, rounded down * to a whole number of bytes. @@ -317,7 +318,10 @@ typedef struct psa_key_attributes_flag_t flags; } psa_core_key_attributes_t; -#define PSA_CORE_KEY_ATTRIBUTES_INIT {PSA_KEY_TYPE_NONE, 0, PSA_KEY_LIFETIME_VOLATILE, MBEDTLS_SVC_KEY_ID_INIT, PSA_KEY_POLICY_INIT, 0} +#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, \ + PSA_KEY_LIFETIME_VOLATILE, \ + MBEDTLS_SVC_KEY_ID_INIT, \ + PSA_KEY_POLICY_INIT, 0 } struct psa_key_attributes_s { @@ -330,9 +334,9 @@ struct psa_key_attributes_s }; #if defined(MBEDTLS_PSA_CRYPTO_SE_C) -#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0} +#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0 } #else -#define PSA_KEY_ATTRIBUTES_INIT {PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0} +#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0 } #endif static inline struct psa_key_attributes_s psa_key_attributes_init( void ) @@ -358,7 +362,7 @@ static inline void psa_set_key_id( psa_key_attributes_t *attributes, } static inline mbedtls_svc_key_id_t psa_get_key_id( - const psa_key_attributes_t *attributes) + const psa_key_attributes_t *attributes ) { return( attributes->core.id ); } @@ -371,8 +375,8 @@ static inline void mbedtls_set_key_owner_id( psa_key_attributes_t *attributes, } #endif -static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, - psa_key_lifetime_t lifetime) +static inline void psa_set_key_lifetime( psa_key_attributes_t *attributes, + psa_key_lifetime_t lifetime ) { attributes->core.lifetime = lifetime; if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) @@ -386,44 +390,44 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes, } static inline psa_key_lifetime_t psa_get_key_lifetime( - const psa_key_attributes_t *attributes) + const psa_key_attributes_t *attributes ) { return( attributes->core.lifetime ); } -static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes, - psa_key_usage_t usage_flags) +static inline void psa_set_key_usage_flags( psa_key_attributes_t *attributes, + psa_key_usage_t usage_flags ) { attributes->core.policy.usage = usage_flags; } static inline psa_key_usage_t psa_get_key_usage_flags( - const psa_key_attributes_t *attributes) + const psa_key_attributes_t *attributes ) { return( attributes->core.policy.usage ); } -static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes, - psa_algorithm_t alg) +static inline void psa_set_key_algorithm( psa_key_attributes_t *attributes, + psa_algorithm_t alg ) { attributes->core.policy.alg = alg; } static inline psa_algorithm_t psa_get_key_algorithm( - const psa_key_attributes_t *attributes) + const psa_key_attributes_t *attributes ) { return( attributes->core.policy.alg ); } /* This function is declared in crypto_extra.h, which comes after this * header file, but we need the function here, so repeat the declaration. */ -psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, +psa_status_t psa_set_key_domain_parameters( psa_key_attributes_t *attributes, psa_key_type_t type, const uint8_t *data, - size_t data_length); + size_t data_length ); -static inline void psa_set_key_type(psa_key_attributes_t *attributes, - psa_key_type_t type) +static inline void psa_set_key_type( psa_key_attributes_t *attributes, + psa_key_type_t type ) { if( attributes->domain_parameters == NULL ) { @@ -441,13 +445,13 @@ static inline void psa_set_key_type(psa_key_attributes_t *attributes, } static inline psa_key_type_t psa_get_key_type( - const psa_key_attributes_t *attributes) + const psa_key_attributes_t *attributes ) { return( attributes->core.type ); } -static inline void psa_set_key_bits(psa_key_attributes_t *attributes, - size_t bits) +static inline void psa_set_key_bits( psa_key_attributes_t *attributes, + size_t bits ) { if( bits > PSA_MAX_KEY_BITS ) attributes->core.bits = PSA_KEY_BITS_TOO_LARGE; @@ -456,7 +460,7 @@ static inline void psa_set_key_bits(psa_key_attributes_t *attributes, } static inline size_t psa_get_key_bits( - const psa_key_attributes_t *attributes) + const psa_key_attributes_t *attributes ) { return( attributes->core.bits ); } From 0dcda95ac04162c0b328ef95622d3886cfa3184a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Mon, 7 Jun 2021 14:52:13 +0100 Subject: [PATCH 150/236] Make check-names.sh happy Signed-off-by: Janos Follath --- include/psa/crypto_struct.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 406007445..1be9949f4 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -250,8 +250,8 @@ struct psa_key_derivation_s /* This only zeroes out the first byte in the union, the rest is unspecified. */ #define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } } -static inline -struct psa_key_derivation_s psa_key_derivation_operation_init( void ) +static inline struct psa_key_derivation_s psa_key_derivation_operation_init( + void ) { const struct psa_key_derivation_s v = PSA_KEY_DERIVATION_OPERATION_INIT; return( v ); From 46c02375b730b53f2bfbfd9c49396018a8511711 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 8 Jun 2021 15:22:51 +0100 Subject: [PATCH 151/236] PSA PAKE: improve documentation Signed-off-by: Janos Follath --- include/psa/crypto_extra.h | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index e4a21d44b..c5ae09959 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -839,9 +839,10 @@ psa_status_t mbedtls_psa_platform_get_builtin_key( * - The group can be either an elliptic curve or defined over a finite field. * - Schnorr NIZK proof as defined by RFC 8235 and using the same group as the * J-PAKE algorithm. - * - A secure cryptographic hash function. + * - A cryptographic hash function. * - * To select these parameters and set up the cipher suite, call + * To select these parameters and set up the cipher suite, call these functions + * in any order: * * \code * psa_pake_cs_set_algorithm(cipher_suite, PSA_ALG_JPAKE); @@ -1499,8 +1500,8 @@ psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, * yet). * \param side A value of type ::psa_pake_side_t signaling the * side of the algorithm that is being set up. For - * more information see the documentation of \c - * PSA_PAKE_SIDE_XXX constants. + * more information see the documentation of + * \c PSA_PAKE_SIDE_XXX constants. * * \retval #PSA_SUCCESS * Success. @@ -1652,8 +1653,8 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, but beyond that - * validity is specific to the algorithm). + * The PAKE operation state is not valid (it must be active, but beyond + * that validity is specific to the algorithm). * \retval #PSA_ERROR_BAD_STATE * The state of \p output is not valid for * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the @@ -1685,7 +1686,7 @@ psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, * * See also #PSA_PAKE_OUTPUT_MAX_SIZE * - * \param alg A PAKE algorithm (PSA_ALG_XXX value such that + * \param alg A PAKE algorithm (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_PAKE(\p alg) is true). * \param primitive A primitive of type ::psa_pake_primitive_t that is * compatible with algorithm \p alg. @@ -1706,7 +1707,7 @@ psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, * * See also #PSA_PAKE_INPUT_MAX_SIZE * - * \param alg A PAKE algorithm (PSA_ALG_XXX value such that + * \param alg A PAKE algorithm (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_PAKE(\p alg) is true). * \param primitive A primitive of type ::psa_pake_primitive_t that is * compatible with algorithm \p alg. From 1f0131844ce98a50aab4e4c3b4ea70268aa8e72a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 8 Jun 2021 15:30:48 +0100 Subject: [PATCH 152/236] Clarify PSA_PAKE_STEP_ZK_PROOF format Removing reference to RFC 7748 as it is more confusing than helpful. (It decodes the scalars after masking which is not part of the encoding we want to specify. Also, it has the explanation what it means by little endian in a preceding section that is not trivial to find.) We also explicitly specify constraint on leading zeroes. Signed-off-by: Janos Follath --- include/psa/crypto_extra.h | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index c5ae09959..0567e8a73 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1130,14 +1130,17 @@ typedef uint32_t psa_pake_primitive_t; * This is the proof in the Schnorr Non-Interactive Zero-Knowledge Proof (the * value denoted by the letter 'r' in RFC 8235). * - * Both input and output at this step is an integer less than the group - * selected in the cipher suite. The format depends on the group as well: + * Both for input and output, the value at this step is an integer less than + * the order of the group selected in the cipher suite. The format depends on + * the group as well: * - * - For Montgomery curves, the encoding is little endian (see decoding of - * scalars in Section 5 of RFC 7748). + * - For Montgomery curves, the encoding is little endian. * - For everything else the encoding is big endian (see Section 2.3.8 of * _SEC 1: Elliptic Curve Cryptography_ at https://www.secg.org/sec1-v2.pdf). * + * In both cases leading zeroes are allowed as long as the length in bytes does + * not exceed the byte length of the group order. + * * For information regarding how the group is determined, consult the * documentation #PSA_PAKE_PRIMITIVE. */ From 26371e47939d02d5f1a5ad9012f49aff0c7f5bc4 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Tue, 8 Jun 2021 16:45:41 +0200 Subject: [PATCH 153/236] Rename the _ret() functions Signed-off-by: TRodziewicz --- include/mbedtls/compat-2.x.h | 69 ++++++++++++++++++++++ include/mbedtls/ctr_drbg.h | 6 +- include/mbedtls/hmac_drbg.h | 4 +- include/mbedtls/md2.h | 18 +++--- include/mbedtls/md4.h | 18 +++--- include/mbedtls/md5.h | 18 +++--- include/mbedtls/ripemd160.h | 18 +++--- include/mbedtls/sha1.h | 18 +++--- include/mbedtls/sha256.h | 22 +++---- include/mbedtls/sha512.h | 22 +++---- library/ctr_drbg.c | 6 +- library/entropy.c | 32 +++++----- library/hmac_drbg.c | 12 ++-- library/md.c | 72 +++++++++++------------ library/md2.c | 16 ++--- library/md4.c | 20 +++---- library/md5.c | 16 ++--- library/pem.c | 18 +++--- library/psa_crypto_hash.c | 54 ++++++++--------- library/ripemd160.c | 20 +++---- library/rsa.c | 2 +- library/sha1.c | 22 +++---- library/sha256.c | 22 +++---- library/sha512.c | 22 +++---- library/ssl_tls.c | 24 ++++---- library/x509write_crt.c | 4 +- programs/hash/hello.c | 2 +- programs/pkey/dh_client.c | 4 +- programs/pkey/dh_server.c | 4 +- programs/pkey/ecdsa.c | 4 +- programs/test/benchmark.c | 12 ++-- tests/scripts/check-names.sh | 2 +- tests/scripts/list-macros.sh | 2 +- tests/suites/test_suite_ctr_drbg.function | 2 +- tests/suites/test_suite_mdx.function | 8 +-- tests/suites/test_suite_shax.function | 18 +++--- 36 files changed, 351 insertions(+), 282 deletions(-) create mode 100644 include/mbedtls/compat-2.x.h diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h new file mode 100644 index 000000000..fe7aa16c3 --- /dev/null +++ b/include/mbedtls/compat-2.x.h @@ -0,0 +1,69 @@ +/** + * \file compat-2.x.h + * + * \brief Compatibility definitions + * + * \deprecated Use the new names directly instead + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if ! defined(MBEDTLS_DEPRECATED_REMOVED) + +#if defined(MBEDTLS_DEPRECATED_WARNING) +#warning "Including compat-2.x.h is deprecated" +#endif + +#ifndef MBEDTLS_COMPAT2X_H +#define MBEDTLS_COMPAT2X_H + +/* + * Macros for renamed functions + */ +#define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update +#define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update +#define mbedtls_md2_starts_ret mbedtls_md2_starts +#define mbedtls_md2_update_ret mbedtls_md2_update +#define mbedtls_md2_finish_ret mbedtls_md2_finish +#define mbedtls_md2_ret mbedtls_md2 +#define mbedtls_md4_starts_ret mbedtls_md4_starts +#define mbedtls_md4_update_ret mbedtls_md4_update +#define mbedtls_md4_finish_ret mbedtls_md4_finish +#define mbedtls_md4_ret mbedtls_md4 +#define mbedtls_md5_starts_ret mbedtls_md5_starts +#define mbedtls_md5_update_ret mbedtls_md5_update +#define mbedtls_md5_finish_ret mbedtls_md5_finish +#define mbedtls_md5_ret mbedtls_md5 +#define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts +#define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update +#define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish +#define mbedtls_ripemd160_ret mbedtls_ripemd160 +#define mbedtls_sha1_starts_ret mbedtls_sha1_starts +#define mbedtls_sha1_update_ret mbedtls_sha1_update +#define mbedtls_sha1_finish_ret mbedtls_sha1_finish +#define mbedtls_sha1_ret mbedtls_sha1 +#define mbedtls_sha256_starts_ret mbedtls_sha256_starts +#define mbedtls_sha256_update_ret mbedtls_sha256_update +#define mbedtls_sha256_finish_ret mbedtls_sha256_finish +#define mbedtls_sha256_ret mbedtls_sha256 +#define mbedtls_sha512_starts_ret mbedtls_sha512_starts +#define mbedtls_sha512_update_ret mbedtls_sha512_update +#define mbedtls_sha512_finish_ret mbedtls_sha512_finish +#define mbedtls_sha512_ret mbedtls_sha512 + +#endif /* MBEDTLS_COMPAT2X_H */ +#endif /* MBEDTLS_DEPRECATED_REMOVED */ diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h index 0f2c5510f..d7a0c7eb1 100644 --- a/include/mbedtls/ctr_drbg.h +++ b/include/mbedtls/ctr_drbg.h @@ -462,9 +462,9 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, * #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT. * \return An error from the underlying AES cipher on failure. */ -int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx, - const unsigned char *additional, - size_t add_len ); +int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, + const unsigned char *additional, + size_t add_len ); /** * \brief This function updates a CTR_DRBG instance with additional diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index 1ab342252..3f3d630c8 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -294,8 +294,8 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx, * \return \c 0 on success, or an error from the underlying * hash calculation. */ -int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx, - const unsigned char *additional, size_t add_len ); +int mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, + const unsigned char *additional, size_t add_len ); /** * \brief This function reseeds the HMAC_DRBG context, that is diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h index 950afa241..2ad31cfe5 100644 --- a/include/mbedtls/md2.h +++ b/include/mbedtls/md2.h @@ -114,7 +114,7 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, * stronger message digests instead. * */ -int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ); +int mbedtls_md2_starts( mbedtls_md2_context *ctx ); /** * \brief MD2 process buffer @@ -130,9 +130,9 @@ int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_md2_update( mbedtls_md2_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD2 final digest @@ -147,8 +147,8 @@ int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, * stronger message digests instead. * */ -int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, - unsigned char output[16] ); +int mbedtls_md2_finish( mbedtls_md2_context *ctx, + unsigned char output[16] ); /** * \brief MD2 process data block (internal use only) @@ -176,9 +176,9 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); * stronger message digests instead. * */ -int mbedtls_md2_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +int mbedtls_md2( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); #if defined(MBEDTLS_SELF_TEST) diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h index f9e398749..65869630f 100644 --- a/include/mbedtls/md4.h +++ b/include/mbedtls/md4.h @@ -113,7 +113,7 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, * constitutes a security risk. We recommend considering * stronger message digests instead. */ -int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ); +int mbedtls_md4_starts( mbedtls_md4_context *ctx ); /** * \brief MD4 process buffer @@ -129,9 +129,9 @@ int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ); * stronger message digests instead. * */ -int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_md4_update( mbedtls_md4_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD4 final digest @@ -146,8 +146,8 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, - unsigned char output[16] ); +int mbedtls_md4_finish( mbedtls_md4_context *ctx, + unsigned char output[16] ); /** * \brief MD4 process data block (internal use only) @@ -179,9 +179,9 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, * stronger message digests instead. * */ -int mbedtls_md4_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +int mbedtls_md4( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); #if defined(MBEDTLS_SELF_TEST) diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h index 71a41dc0e..369160980 100644 --- a/include/mbedtls/md5.h +++ b/include/mbedtls/md5.h @@ -113,7 +113,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, * stronger message digests instead. * */ -int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ); +int mbedtls_md5_starts( mbedtls_md5_context *ctx ); /** * \brief MD5 process buffer @@ -129,9 +129,9 @@ int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ); * stronger message digests instead. * */ -int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_md5_update( mbedtls_md5_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief MD5 final digest @@ -146,8 +146,8 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, - unsigned char output[16] ); +int mbedtls_md5_finish( mbedtls_md5_context *ctx, + unsigned char output[16] ); /** * \brief MD5 process data block (internal use only) @@ -179,9 +179,9 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, * stronger message digests instead. * */ -int mbedtls_md5_ret( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); +int mbedtls_md5( const unsigned char *input, + size_t ilen, + unsigned char output[16] ); #if defined(MBEDTLS_SELF_TEST) diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h index 1c72d60fc..963cc949d 100644 --- a/include/mbedtls/ripemd160.h +++ b/include/mbedtls/ripemd160.h @@ -84,7 +84,7 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, * * \return 0 if successful */ -int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ); +int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ); /** * \brief RIPEMD-160 process buffer @@ -95,9 +95,9 @@ int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ); * * \return 0 if successful */ -int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief RIPEMD-160 final digest @@ -107,8 +107,8 @@ int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, * * \return 0 if successful */ -int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, - unsigned char output[20] ); +int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, + unsigned char output[20] ); /** * \brief RIPEMD-160 process data block (internal use only) @@ -130,9 +130,9 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, * * \return 0 if successful */ -int mbedtls_ripemd160_ret( const unsigned char *input, - size_t ilen, - unsigned char output[20] ); +int mbedtls_ripemd160( const unsigned char *input, + size_t ilen, + unsigned char output[20] ); #if defined(MBEDTLS_SELF_TEST) diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h index 56ff9487e..1cb8741bf 100644 --- a/include/mbedtls/sha1.h +++ b/include/mbedtls/sha1.h @@ -123,7 +123,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, * \return A negative error code on failure. * */ -int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); +int mbedtls_sha1_starts( mbedtls_sha1_context *ctx ); /** * \brief This function feeds an input buffer into an ongoing SHA-1 @@ -142,9 +142,9 @@ int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_sha1_update( mbedtls_sha1_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief This function finishes the SHA-1 operation, and writes @@ -162,8 +162,8 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, - unsigned char output[20] ); +int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, + unsigned char output[20] ); /** * \brief SHA-1 process data block (internal use only). @@ -206,9 +206,9 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, * \return A negative error code on failure. * */ -int mbedtls_sha1_ret( const unsigned char *input, - size_t ilen, - unsigned char output[20] ); +int mbedtls_sha1( const unsigned char *input, + size_t ilen, + unsigned char output[20] ); #if defined(MBEDTLS_SELF_TEST) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 22c2c7d7e..97e642c90 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -49,7 +49,7 @@ extern "C" { * * The structure is used both for SHA-256 and for SHA-224 * checksum calculations. The choice between these two is - * made in the call to mbedtls_sha256_starts_ret(). + * made in the call to mbedtls_sha256_starts(). */ typedef struct mbedtls_sha256_context { @@ -101,7 +101,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); +int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ); /** * \brief This function feeds an input buffer into an ongoing @@ -116,9 +116,9 @@ int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_sha256_update( mbedtls_sha256_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief This function finishes the SHA-256 operation, and writes @@ -133,8 +133,8 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, - unsigned char *output ); +int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, + unsigned char *output ); /** * \brief This function processes a single data block within @@ -170,10 +170,10 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, * \param is224 Determines which function to use. This must be * either \c 0 for SHA-256, or \c 1 for SHA-224. */ -int mbedtls_sha256_ret( const unsigned char *input, - size_t ilen, - unsigned char *output, - int is224 ); +int mbedtls_sha256( const unsigned char *input, + size_t ilen, + unsigned char *output, + int is224 ); #if defined(MBEDTLS_SELF_TEST) diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h index 04222f4a4..9fe37c195 100644 --- a/include/mbedtls/sha512.h +++ b/include/mbedtls/sha512.h @@ -48,7 +48,7 @@ extern "C" { * * The structure is used both for SHA-384 and for SHA-512 * checksum calculations. The choice between these two is - * made in the call to mbedtls_sha512_starts_ret(). + * made in the call to mbedtls_sha512_starts(). */ typedef struct mbedtls_sha512_context { @@ -108,7 +108,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ); +int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ); /** * \brief This function feeds an input buffer into an ongoing @@ -123,9 +123,9 @@ int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ); * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, - const unsigned char *input, - size_t ilen ); +int mbedtls_sha512_update( mbedtls_sha512_context *ctx, + const unsigned char *input, + size_t ilen ); /** * \brief This function finishes the SHA-512 operation, and writes @@ -140,8 +140,8 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, - unsigned char *output ); +int mbedtls_sha512_finish( mbedtls_sha512_context *ctx, + unsigned char *output ); /** * \brief This function processes a single data block within @@ -184,10 +184,10 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, * \return \c 0 on success. * \return A negative error code on failure. */ -int mbedtls_sha512_ret( const unsigned char *input, - size_t ilen, - unsigned char *output, - int is384 ); +int mbedtls_sha512( const unsigned char *input, + size_t ilen, + unsigned char *output, + int is384 ); #if defined(MBEDTLS_SELF_TEST) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 602ec699c..b664fb0fc 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -304,7 +304,7 @@ exit: } /* CTR_DRBG_Instantiate with derivation function (SP 800-90A §10.2.1.3.2) - * mbedtls_ctr_drbg_update_ret(ctx, additional, add_len) + * mbedtls_ctr_drbg_update(ctx, additional, add_len) * implements * CTR_DRBG_Instantiate(entropy_input, nonce, personalization_string, * security_strength) -> initial_working_state @@ -315,7 +315,7 @@ exit: * and with outputs * ctx = initial_working_state */ -int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx, +int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t add_len ) { @@ -657,7 +657,7 @@ int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, fclose( f ); f = NULL; - ret = mbedtls_ctr_drbg_update_ret( ctx, buf, n ); + ret = mbedtls_ctr_drbg_update( ctx, buf, n ); exit: mbedtls_platform_zeroize( buf, sizeof( buf ) ); diff --git a/library/entropy.c b/library/entropy.c index cc686282a..f12a2395a 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -164,10 +164,10 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id if( use_len > MBEDTLS_ENTROPY_BLOCK_SIZE ) { #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) - if( ( ret = mbedtls_sha512_ret( data, len, tmp, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha512( data, len, tmp, 0 ) ) != 0 ) goto cleanup; #else - if( ( ret = mbedtls_sha256_ret( data, len, tmp, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha256( data, len, tmp, 0 ) ) != 0 ) goto cleanup; #endif p = tmp; @@ -184,22 +184,22 @@ static int entropy_update( mbedtls_entropy_context *ctx, unsigned char source_id */ #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR) if( ctx->accumulator_started == 0 && - ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) + ( ret = mbedtls_sha512_starts( &ctx->accumulator, 0 ) ) != 0 ) goto cleanup; else ctx->accumulator_started = 1; - if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, header, 2 ) ) != 0 ) + if( ( ret = mbedtls_sha512_update( &ctx->accumulator, header, 2 ) ) != 0 ) goto cleanup; - ret = mbedtls_sha512_update_ret( &ctx->accumulator, p, use_len ); + ret = mbedtls_sha512_update( &ctx->accumulator, p, use_len ); #else if( ctx->accumulator_started == 0 && - ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) + ( ret = mbedtls_sha256_starts( &ctx->accumulator, 0 ) ) != 0 ) goto cleanup; else ctx->accumulator_started = 1; - if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, header, 2 ) ) != 0 ) + if( ( ret = mbedtls_sha256_update( &ctx->accumulator, header, 2 ) ) != 0 ) goto cleanup; - ret = mbedtls_sha256_update_ret( &ctx->accumulator, p, use_len ); + ret = mbedtls_sha256_update( &ctx->accumulator, p, use_len ); #endif cleanup: @@ -361,7 +361,7 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) * in a previous call to entropy_update(). If this is not guaranteed, the * code below will fail. */ - if( ( ret = mbedtls_sha512_finish_ret( &ctx->accumulator, buf ) ) != 0 ) + if( ( ret = mbedtls_sha512_finish( &ctx->accumulator, buf ) ) != 0 ) goto exit; /* @@ -369,20 +369,20 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) */ mbedtls_sha512_free( &ctx->accumulator ); mbedtls_sha512_init( &ctx->accumulator ); - if( ( ret = mbedtls_sha512_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha512_starts( &ctx->accumulator, 0 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha512_update_ret( &ctx->accumulator, buf, + if( ( ret = mbedtls_sha512_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) goto exit; /* * Perform second SHA-512 on entropy */ - if( ( ret = mbedtls_sha512_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + if( ( ret = mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 ) ) != 0 ) goto exit; #else /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ - if( ( ret = mbedtls_sha256_finish_ret( &ctx->accumulator, buf ) ) != 0 ) + if( ( ret = mbedtls_sha256_finish( &ctx->accumulator, buf ) ) != 0 ) goto exit; /* @@ -390,16 +390,16 @@ int mbedtls_entropy_func( void *data, unsigned char *output, size_t len ) */ mbedtls_sha256_free( &ctx->accumulator ); mbedtls_sha256_init( &ctx->accumulator ); - if( ( ret = mbedtls_sha256_starts_ret( &ctx->accumulator, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha256_starts( &ctx->accumulator, 0 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha256_update_ret( &ctx->accumulator, buf, + if( ( ret = mbedtls_sha256_update( &ctx->accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) goto exit; /* * Perform second SHA-256 on entropy */ - if( ( ret = mbedtls_sha256_ret( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, + if( ( ret = mbedtls_sha256( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, buf, 0 ) ) != 0 ) goto exit; #endif /* MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */ diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index 7e1b4fb06..ab353bfd5 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -59,7 +59,7 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx ) /* * HMAC_DRBG update, using optional additional data (10.1.2.2) */ -int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx, +int mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx, const unsigned char *additional, size_t add_len ) { @@ -130,7 +130,7 @@ int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx, return( ret ); memset( ctx->V, 0x01, mbedtls_md_get_size( md_info ) ); - if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, data, data_len ) ) != 0 ) + if( ( ret = mbedtls_hmac_drbg_update( ctx, data, data_len ) ) != 0 ) return( ret ); return( 0 ); @@ -205,7 +205,7 @@ static int hmac_drbg_reseed_core( mbedtls_hmac_drbg_context *ctx, } /* 2. Update state */ - if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, seed, seedlen ) ) != 0 ) + if( ( ret = mbedtls_hmac_drbg_update( ctx, seed, seedlen ) ) != 0 ) goto exit; /* 3. Reset reseed_counter */ @@ -348,7 +348,7 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng, /* 2. Use additional data if any */ if( additional != NULL && add_len != 0 ) { - if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, + if( ( ret = mbedtls_hmac_drbg_update( ctx, additional, add_len ) ) != 0 ) goto exit; } @@ -372,7 +372,7 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng, } /* 6. Update */ - if( ( ret = mbedtls_hmac_drbg_update_ret( ctx, + if( ( ret = mbedtls_hmac_drbg_update( ctx, additional, add_len ) ) != 0 ) goto exit; @@ -479,7 +479,7 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch fclose( f ); f = NULL; - ret = mbedtls_hmac_drbg_update_ret( ctx, buf, n ); + ret = mbedtls_hmac_drbg_update( ctx, buf, n ); exit: mbedtls_platform_zeroize( buf, sizeof( buf ) ); diff --git a/library/md.c b/library/md.c index 28261ac8c..53afbef53 100644 --- a/library/md.c +++ b/library/md.c @@ -503,39 +503,39 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_md2_starts_ret( ctx->md_ctx ) ); + return( mbedtls_md2_starts( ctx->md_ctx ) ); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_md4_starts_ret( ctx->md_ctx ) ); + return( mbedtls_md4_starts( ctx->md_ctx ) ); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_md5_starts_ret( ctx->md_ctx ) ); + return( mbedtls_md5_starts( ctx->md_ctx ) ); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_ripemd160_starts_ret( ctx->md_ctx ) ); + return( mbedtls_ripemd160_starts( ctx->md_ctx ) ); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_starts_ret( ctx->md_ctx ) ); + return( mbedtls_sha1_starts( ctx->md_ctx ) ); #endif #if defined(MBEDTLS_SHA224_C) case MBEDTLS_MD_SHA224: - return( mbedtls_sha256_starts_ret( ctx->md_ctx, 1 ) ); + return( mbedtls_sha256_starts( ctx->md_ctx, 1 ) ); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_starts_ret( ctx->md_ctx, 0 ) ); + return( mbedtls_sha256_starts( ctx->md_ctx, 0 ) ); #endif #if defined(MBEDTLS_SHA384_C) case MBEDTLS_MD_SHA384: - return( mbedtls_sha512_starts_ret( ctx->md_ctx, 1 ) ); + return( mbedtls_sha512_starts( ctx->md_ctx, 1 ) ); #endif #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_starts_ret( ctx->md_ctx, 0 ) ); + return( mbedtls_sha512_starts( ctx->md_ctx, 0 ) ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -551,39 +551,39 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_md2_update_ret( ctx->md_ctx, input, ilen ) ); + return( mbedtls_md2_update( ctx->md_ctx, input, ilen ) ); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_md4_update_ret( ctx->md_ctx, input, ilen ) ); + return( mbedtls_md4_update( ctx->md_ctx, input, ilen ) ); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_md5_update_ret( ctx->md_ctx, input, ilen ) ); + return( mbedtls_md5_update( ctx->md_ctx, input, ilen ) ); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_ripemd160_update_ret( ctx->md_ctx, input, ilen ) ); + return( mbedtls_ripemd160_update( ctx->md_ctx, input, ilen ) ); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_update_ret( ctx->md_ctx, input, ilen ) ); + return( mbedtls_sha1_update( ctx->md_ctx, input, ilen ) ); #endif #if defined(MBEDTLS_SHA224_C) case MBEDTLS_MD_SHA224: - return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) ); + return( mbedtls_sha256_update( ctx->md_ctx, input, ilen ) ); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_update_ret( ctx->md_ctx, input, ilen ) ); + return( mbedtls_sha256_update( ctx->md_ctx, input, ilen ) ); #endif #if defined(MBEDTLS_SHA384_C) case MBEDTLS_MD_SHA384: - return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) ); + return( mbedtls_sha512_update( ctx->md_ctx, input, ilen ) ); #endif #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_update_ret( ctx->md_ctx, input, ilen ) ); + return( mbedtls_sha512_update( ctx->md_ctx, input, ilen ) ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -599,39 +599,39 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_md2_finish_ret( ctx->md_ctx, output ) ); + return( mbedtls_md2_finish( ctx->md_ctx, output ) ); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_md4_finish_ret( ctx->md_ctx, output ) ); + return( mbedtls_md4_finish( ctx->md_ctx, output ) ); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_md5_finish_ret( ctx->md_ctx, output ) ); + return( mbedtls_md5_finish( ctx->md_ctx, output ) ); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_ripemd160_finish_ret( ctx->md_ctx, output ) ); + return( mbedtls_ripemd160_finish( ctx->md_ctx, output ) ); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_finish_ret( ctx->md_ctx, output ) ); + return( mbedtls_sha1_finish( ctx->md_ctx, output ) ); #endif #if defined(MBEDTLS_SHA224_C) case MBEDTLS_MD_SHA224: - return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) ); + return( mbedtls_sha256_finish( ctx->md_ctx, output ) ); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_finish_ret( ctx->md_ctx, output ) ); + return( mbedtls_sha256_finish( ctx->md_ctx, output ) ); #endif #if defined(MBEDTLS_SHA384_C) case MBEDTLS_MD_SHA384: - return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) ); + return( mbedtls_sha512_finish( ctx->md_ctx, output ) ); #endif #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_finish_ret( ctx->md_ctx, output ) ); + return( mbedtls_sha512_finish( ctx->md_ctx, output ) ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); @@ -648,39 +648,39 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si { #if defined(MBEDTLS_MD2_C) case MBEDTLS_MD_MD2: - return( mbedtls_md2_ret( input, ilen, output ) ); + return( mbedtls_md2( input, ilen, output ) ); #endif #if defined(MBEDTLS_MD4_C) case MBEDTLS_MD_MD4: - return( mbedtls_md4_ret( input, ilen, output ) ); + return( mbedtls_md4( input, ilen, output ) ); #endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: - return( mbedtls_md5_ret( input, ilen, output ) ); + return( mbedtls_md5( input, ilen, output ) ); #endif #if defined(MBEDTLS_RIPEMD160_C) case MBEDTLS_MD_RIPEMD160: - return( mbedtls_ripemd160_ret( input, ilen, output ) ); + return( mbedtls_ripemd160( input, ilen, output ) ); #endif #if defined(MBEDTLS_SHA1_C) case MBEDTLS_MD_SHA1: - return( mbedtls_sha1_ret( input, ilen, output ) ); + return( mbedtls_sha1( input, ilen, output ) ); #endif #if defined(MBEDTLS_SHA224_C) case MBEDTLS_MD_SHA224: - return( mbedtls_sha256_ret( input, ilen, output, 1 ) ); + return( mbedtls_sha256( input, ilen, output, 1 ) ); #endif #if defined(MBEDTLS_SHA256_C) case MBEDTLS_MD_SHA256: - return( mbedtls_sha256_ret( input, ilen, output, 0 ) ); + return( mbedtls_sha256( input, ilen, output, 0 ) ); #endif #if defined(MBEDTLS_SHA384_C) case MBEDTLS_MD_SHA384: - return( mbedtls_sha512_ret( input, ilen, output, 1 ) ); + return( mbedtls_sha512( input, ilen, output, 1 ) ); #endif #if defined(MBEDTLS_SHA512_C) case MBEDTLS_MD_SHA512: - return( mbedtls_sha512_ret( input, ilen, output, 0 ) ); + return( mbedtls_sha512( input, ilen, output, 0 ) ); #endif default: return( MBEDTLS_ERR_MD_BAD_INPUT_DATA ); diff --git a/library/md2.c b/library/md2.c index a11bc0f80..e02c2f023 100644 --- a/library/md2.c +++ b/library/md2.c @@ -96,7 +96,7 @@ void mbedtls_md2_clone( mbedtls_md2_context *dst, /* * MD2 context setup */ -int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx ) +int mbedtls_md2_starts( mbedtls_md2_context *ctx ) { memset( ctx->cksum, 0, 16 ); memset( ctx->state, 0, 46 ); @@ -151,7 +151,7 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ) /* * MD2 process buffer */ -int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, +int mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen ) { @@ -185,7 +185,7 @@ int mbedtls_md2_update_ret( mbedtls_md2_context *ctx, /* * MD2 final digest */ -int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, +int mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -214,7 +214,7 @@ int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx, /* * output = MD2( input buffer ) */ -int mbedtls_md2_ret( const unsigned char *input, +int mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] ) { @@ -223,13 +223,13 @@ int mbedtls_md2_ret( const unsigned char *input, mbedtls_md2_init( &ctx ); - if( ( ret = mbedtls_md2_starts_ret( &ctx ) ) != 0 ) + if( ( ret = mbedtls_md2_starts( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md2_update_ret( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_md2_update( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md2_finish_ret( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_md2_finish( &ctx, output ) ) != 0 ) goto exit; exit: @@ -290,7 +290,7 @@ int mbedtls_md2_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD2 test #%d: ", i + 1 ); - ret = mbedtls_md2_ret( md2_test_str[i], md2_test_strlen[i], md2sum ); + ret = mbedtls_md2( md2_test_str[i], md2_test_strlen[i], md2sum ); if( ret != 0 ) goto fail; diff --git a/library/md4.c b/library/md4.c index c366c0de8..f5f330253 100644 --- a/library/md4.c +++ b/library/md4.c @@ -89,7 +89,7 @@ void mbedtls_md4_clone( mbedtls_md4_context *dst, /* * MD4 context setup */ -int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx ) +int mbedtls_md4_starts( mbedtls_md4_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -236,7 +236,7 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, /* * MD4 process buffer */ -int mbedtls_md4_update_ret( mbedtls_md4_context *ctx, +int mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen ) { @@ -298,7 +298,7 @@ static const unsigned char md4_padding[64] = /* * MD4 final digest */ -int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, +int mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -316,11 +316,11 @@ int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - ret = mbedtls_md4_update_ret( ctx, (unsigned char *)md4_padding, padn ); + ret = mbedtls_md4_update( ctx, (unsigned char *)md4_padding, padn ); if( ret != 0 ) return( ret ); - if( ( ret = mbedtls_md4_update_ret( ctx, msglen, 8 ) ) != 0 ) + if( ( ret = mbedtls_md4_update( ctx, msglen, 8 ) ) != 0 ) return( ret ); @@ -337,7 +337,7 @@ int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx, /* * output = MD4( input buffer ) */ -int mbedtls_md4_ret( const unsigned char *input, +int mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] ) { @@ -346,13 +346,13 @@ int mbedtls_md4_ret( const unsigned char *input, mbedtls_md4_init( &ctx ); - if( ( ret = mbedtls_md4_starts_ret( &ctx ) ) != 0 ) + if( ( ret = mbedtls_md4_starts( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md4_update_ret( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_md4_update( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md4_finish_ret( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_md4_finish( &ctx, output ) ) != 0 ) goto exit; exit: @@ -413,7 +413,7 @@ int mbedtls_md4_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD4 test #%d: ", i + 1 ); - ret = mbedtls_md4_ret( md4_test_str[i], md4_test_strlen[i], md4sum ); + ret = mbedtls_md4( md4_test_str[i], md4_test_strlen[i], md4sum ); if( ret != 0 ) goto fail; diff --git a/library/md5.c b/library/md5.c index 019b7f481..d7f8cee46 100644 --- a/library/md5.c +++ b/library/md5.c @@ -88,7 +88,7 @@ void mbedtls_md5_clone( mbedtls_md5_context *dst, /* * MD5 context setup */ -int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx ) +int mbedtls_md5_starts( mbedtls_md5_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -242,7 +242,7 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx, /* * MD5 process buffer */ -int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, +int mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen ) { @@ -293,7 +293,7 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx, /* * MD5 final digest */ -int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, +int mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -352,7 +352,7 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx, /* * output = MD5( input buffer ) */ -int mbedtls_md5_ret( const unsigned char *input, +int mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] ) { @@ -361,13 +361,13 @@ int mbedtls_md5_ret( const unsigned char *input, mbedtls_md5_init( &ctx ); - if( ( ret = mbedtls_md5_starts_ret( &ctx ) ) != 0 ) + if( ( ret = mbedtls_md5_starts( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ret( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_md5_update( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_finish_ret( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_md5_finish( &ctx, output ) ) != 0 ) goto exit; exit: @@ -427,7 +427,7 @@ int mbedtls_md5_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " MD5 test #%d: ", i + 1 ); - ret = mbedtls_md5_ret( md5_test_buf[i], md5_test_buflen[i], md5sum ); + ret = mbedtls_md5( md5_test_buf[i], md5_test_buflen[i], md5sum ); if( ret != 0 ) goto fail; diff --git a/library/pem.c b/library/pem.c index fcfde9479..1b40e5e55 100644 --- a/library/pem.c +++ b/library/pem.c @@ -87,13 +87,13 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen, /* * key[ 0..15] = MD5(pwd || IV) */ - if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 ) + if( ( ret = mbedtls_md5_starts( &md5_ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 ) + if( ( ret = mbedtls_md5_update( &md5_ctx, pwd, pwdlen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 ) + if( ( ret = mbedtls_md5_update( &md5_ctx, iv, 8 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 ) + if( ( ret = mbedtls_md5_finish( &md5_ctx, md5sum ) ) != 0 ) goto exit; if( keylen <= 16 ) @@ -107,15 +107,15 @@ static int pem_pbkdf1( unsigned char *key, size_t keylen, /* * key[16..23] = MD5(key[ 0..15] || pwd || IV]) */ - if( ( ret = mbedtls_md5_starts_ret( &md5_ctx ) ) != 0 ) + if( ( ret = mbedtls_md5_starts( &md5_ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, md5sum, 16 ) ) != 0 ) + if( ( ret = mbedtls_md5_update( &md5_ctx, md5sum, 16 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, pwd, pwdlen ) ) != 0 ) + if( ( ret = mbedtls_md5_update( &md5_ctx, pwd, pwdlen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_update_ret( &md5_ctx, iv, 8 ) ) != 0 ) + if( ( ret = mbedtls_md5_update( &md5_ctx, iv, 8 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_md5_finish_ret( &md5_ctx, md5sum ) ) != 0 ) + if( ( ret = mbedtls_md5_finish( &md5_ctx, md5sum ) ) != 0 ) goto exit; use_len = 16; diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c index d0f986ebc..6471f82a8 100644 --- a/library/psa_crypto_hash.c +++ b/library/psa_crypto_hash.c @@ -203,55 +203,55 @@ static psa_status_t hash_setup( #if defined(BUILTIN_ALG_MD2) case PSA_ALG_MD2: mbedtls_md2_init( &operation->ctx.md2 ); - ret = mbedtls_md2_starts_ret( &operation->ctx.md2 ); + ret = mbedtls_md2_starts( &operation->ctx.md2 ); break; #endif #if defined(BUILTIN_ALG_MD4) case PSA_ALG_MD4: mbedtls_md4_init( &operation->ctx.md4 ); - ret = mbedtls_md4_starts_ret( &operation->ctx.md4 ); + ret = mbedtls_md4_starts( &operation->ctx.md4 ); break; #endif #if defined(BUILTIN_ALG_MD5) case PSA_ALG_MD5: mbedtls_md5_init( &operation->ctx.md5 ); - ret = mbedtls_md5_starts_ret( &operation->ctx.md5 ); + ret = mbedtls_md5_starts( &operation->ctx.md5 ); break; #endif #if defined(BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: mbedtls_ripemd160_init( &operation->ctx.ripemd160 ); - ret = mbedtls_ripemd160_starts_ret( &operation->ctx.ripemd160 ); + ret = mbedtls_ripemd160_starts( &operation->ctx.ripemd160 ); break; #endif #if defined(BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: mbedtls_sha1_init( &operation->ctx.sha1 ); - ret = mbedtls_sha1_starts_ret( &operation->ctx.sha1 ); + ret = mbedtls_sha1_starts( &operation->ctx.sha1 ); break; #endif #if defined(BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: mbedtls_sha256_init( &operation->ctx.sha256 ); - ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 1 ); + ret = mbedtls_sha256_starts( &operation->ctx.sha256, 1 ); break; #endif #if defined(BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: mbedtls_sha256_init( &operation->ctx.sha256 ); - ret = mbedtls_sha256_starts_ret( &operation->ctx.sha256, 0 ); + ret = mbedtls_sha256_starts( &operation->ctx.sha256, 0 ); break; #endif #if defined(BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: mbedtls_sha512_init( &operation->ctx.sha512 ); - ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 1 ); + ret = mbedtls_sha512_starts( &operation->ctx.sha512, 1 ); break; #endif #if defined(BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: mbedtls_sha512_init( &operation->ctx.sha512 ); - ret = mbedtls_sha512_starts_ret( &operation->ctx.sha512, 0 ); + ret = mbedtls_sha512_starts( &operation->ctx.sha512, 0 ); break; #endif default: @@ -349,55 +349,55 @@ static psa_status_t hash_update( { #if defined(BUILTIN_ALG_MD2) case PSA_ALG_MD2: - ret = mbedtls_md2_update_ret( &operation->ctx.md2, + ret = mbedtls_md2_update( &operation->ctx.md2, input, input_length ); break; #endif #if defined(BUILTIN_ALG_MD4) case PSA_ALG_MD4: - ret = mbedtls_md4_update_ret( &operation->ctx.md4, + ret = mbedtls_md4_update( &operation->ctx.md4, input, input_length ); break; #endif #if defined(BUILTIN_ALG_MD5) case PSA_ALG_MD5: - ret = mbedtls_md5_update_ret( &operation->ctx.md5, + ret = mbedtls_md5_update( &operation->ctx.md5, input, input_length ); break; #endif #if defined(BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: - ret = mbedtls_ripemd160_update_ret( &operation->ctx.ripemd160, + ret = mbedtls_ripemd160_update( &operation->ctx.ripemd160, input, input_length ); break; #endif #if defined(BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: - ret = mbedtls_sha1_update_ret( &operation->ctx.sha1, + ret = mbedtls_sha1_update( &operation->ctx.sha1, input, input_length ); break; #endif #if defined(BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: - ret = mbedtls_sha256_update_ret( &operation->ctx.sha256, + ret = mbedtls_sha256_update( &operation->ctx.sha256, input, input_length ); break; #endif #if defined(BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: - ret = mbedtls_sha256_update_ret( &operation->ctx.sha256, + ret = mbedtls_sha256_update( &operation->ctx.sha256, input, input_length ); break; #endif #if defined(BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: - ret = mbedtls_sha512_update_ret( &operation->ctx.sha512, + ret = mbedtls_sha512_update( &operation->ctx.sha512, input, input_length ); break; #endif #if defined(BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: - ret = mbedtls_sha512_update_ret( &operation->ctx.sha512, + ret = mbedtls_sha512_update( &operation->ctx.sha512, input, input_length ); break; #endif @@ -439,47 +439,47 @@ static psa_status_t hash_finish( { #if defined(BUILTIN_ALG_MD2) case PSA_ALG_MD2: - ret = mbedtls_md2_finish_ret( &operation->ctx.md2, hash ); + ret = mbedtls_md2_finish( &operation->ctx.md2, hash ); break; #endif #if defined(BUILTIN_ALG_MD4) case PSA_ALG_MD4: - ret = mbedtls_md4_finish_ret( &operation->ctx.md4, hash ); + ret = mbedtls_md4_finish( &operation->ctx.md4, hash ); break; #endif #if defined(BUILTIN_ALG_MD5) case PSA_ALG_MD5: - ret = mbedtls_md5_finish_ret( &operation->ctx.md5, hash ); + ret = mbedtls_md5_finish( &operation->ctx.md5, hash ); break; #endif #if defined(BUILTIN_ALG_RIPEMD160) case PSA_ALG_RIPEMD160: - ret = mbedtls_ripemd160_finish_ret( &operation->ctx.ripemd160, hash ); + ret = mbedtls_ripemd160_finish( &operation->ctx.ripemd160, hash ); break; #endif #if defined(BUILTIN_ALG_SHA_1) case PSA_ALG_SHA_1: - ret = mbedtls_sha1_finish_ret( &operation->ctx.sha1, hash ); + ret = mbedtls_sha1_finish( &operation->ctx.sha1, hash ); break; #endif #if defined(BUILTIN_ALG_SHA_224) case PSA_ALG_SHA_224: - ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash ); + ret = mbedtls_sha256_finish( &operation->ctx.sha256, hash ); break; #endif #if defined(BUILTIN_ALG_SHA_256) case PSA_ALG_SHA_256: - ret = mbedtls_sha256_finish_ret( &operation->ctx.sha256, hash ); + ret = mbedtls_sha256_finish( &operation->ctx.sha256, hash ); break; #endif #if defined(BUILTIN_ALG_SHA_384) case PSA_ALG_SHA_384: - ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash ); + ret = mbedtls_sha512_finish( &operation->ctx.sha512, hash ); break; #endif #if defined(BUILTIN_ALG_SHA_512) case PSA_ALG_SHA_512: - ret = mbedtls_sha512_finish_ret( &operation->ctx.sha512, hash ); + ret = mbedtls_sha512_finish( &operation->ctx.sha512, hash ); break; #endif default: diff --git a/library/ripemd160.c b/library/ripemd160.c index 0e1df8fa1..d2ccbbec4 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -89,7 +89,7 @@ void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst, /* * RIPEMD-160 context setup */ -int mbedtls_ripemd160_starts_ret( mbedtls_ripemd160_context *ctx ) +int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx ) { ctx->total[0] = 0; ctx->total[1] = 0; @@ -305,7 +305,7 @@ int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx, /* * RIPEMD-160 process buffer */ -int mbedtls_ripemd160_update_ret( mbedtls_ripemd160_context *ctx, +int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx, const unsigned char *input, size_t ilen ) { @@ -365,7 +365,7 @@ static const unsigned char ripemd160_padding[64] = /* * RIPEMD-160 final digest */ -int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, +int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx, unsigned char output[20] ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -383,11 +383,11 @@ int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, last = ctx->total[0] & 0x3F; padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - ret = mbedtls_ripemd160_update_ret( ctx, ripemd160_padding, padn ); + ret = mbedtls_ripemd160_update( ctx, ripemd160_padding, padn ); if( ret != 0 ) return( ret ); - ret = mbedtls_ripemd160_update_ret( ctx, msglen, 8 ); + ret = mbedtls_ripemd160_update( ctx, msglen, 8 ); if( ret != 0 ) return( ret ); @@ -405,7 +405,7 @@ int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx, /* * output = RIPEMD-160( input buffer ) */ -int mbedtls_ripemd160_ret( const unsigned char *input, +int mbedtls_ripemd160( const unsigned char *input, size_t ilen, unsigned char output[20] ) { @@ -414,13 +414,13 @@ int mbedtls_ripemd160_ret( const unsigned char *input, mbedtls_ripemd160_init( &ctx ); - if( ( ret = mbedtls_ripemd160_starts_ret( &ctx ) ) != 0 ) + if( ( ret = mbedtls_ripemd160_starts( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_ripemd160_update_ret( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_ripemd160_update( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_ripemd160_finish_ret( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_ripemd160_finish( &ctx, output ) ) != 0 ) goto exit; exit: @@ -487,7 +487,7 @@ int mbedtls_ripemd160_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " RIPEMD-160 test #%d: ", i + 1 ); - ret = mbedtls_ripemd160_ret( ripemd160_test_str[i], + ret = mbedtls_ripemd160( ripemd160_test_str[i], ripemd160_test_strlen[i], output ); if( ret != 0 ) goto fail; diff --git a/library/rsa.c b/library/rsa.c index 36424bd19..b84e6a06d 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2654,7 +2654,7 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " PKCS#1 data sign : " ); - if( mbedtls_sha1_ret( rsa_plaintext, PT_LEN, sha1sum ) != 0 ) + if( mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); diff --git a/library/sha1.c b/library/sha1.c index c6087acce..545d09310 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -98,7 +98,7 @@ void mbedtls_sha1_clone( mbedtls_sha1_context *dst, /* * SHA-1 context setup */ -int mbedtls_sha1_starts_ret( mbedtls_sha1_context *ctx ) +int mbedtls_sha1_starts( mbedtls_sha1_context *ctx ) { SHA1_VALIDATE_RET( ctx != NULL ); @@ -292,7 +292,7 @@ int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx, /* * SHA-1 process buffer */ -int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, +int mbedtls_sha1_update( mbedtls_sha1_context *ctx, const unsigned char *input, size_t ilen ) { @@ -345,7 +345,7 @@ int mbedtls_sha1_update_ret( mbedtls_sha1_context *ctx, /* * SHA-1 final digest */ -int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, +int mbedtls_sha1_finish( mbedtls_sha1_context *ctx, unsigned char output[20] ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -408,7 +408,7 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx, /* * output = SHA-1( input buffer ) */ -int mbedtls_sha1_ret( const unsigned char *input, +int mbedtls_sha1( const unsigned char *input, size_t ilen, unsigned char output[20] ) { @@ -420,13 +420,13 @@ int mbedtls_sha1_ret( const unsigned char *input, mbedtls_sha1_init( &ctx ); - if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 ) + if( ( ret = mbedtls_sha1_starts( &ctx ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_update_ret( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_sha1_update( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha1_finish_ret( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_sha1_finish( &ctx, output ) ) != 0 ) goto exit; exit: @@ -481,7 +481,7 @@ int mbedtls_sha1_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-1 test #%d: ", i + 1 ); - if( ( ret = mbedtls_sha1_starts_ret( &ctx ) ) != 0 ) + if( ( ret = mbedtls_sha1_starts( &ctx ) ) != 0 ) goto fail; if( i == 2 ) @@ -490,20 +490,20 @@ int mbedtls_sha1_self_test( int verbose ) for( j = 0; j < 1000; j++ ) { - ret = mbedtls_sha1_update_ret( &ctx, buf, buflen ); + ret = mbedtls_sha1_update( &ctx, buf, buflen ); if( ret != 0 ) goto fail; } } else { - ret = mbedtls_sha1_update_ret( &ctx, sha1_test_buf[i], + ret = mbedtls_sha1_update( &ctx, sha1_test_buf[i], sha1_test_buflen[i] ); if( ret != 0 ) goto fail; } - if( ( ret = mbedtls_sha1_finish_ret( &ctx, sha1sum ) ) != 0 ) + if( ( ret = mbedtls_sha1_finish( &ctx, sha1sum ) ) != 0 ) goto fail; if( memcmp( sha1sum, sha1_test_sum[i], 20 ) != 0 ) diff --git a/library/sha256.c b/library/sha256.c index 3cb2122d6..6ec6da296 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -100,7 +100,7 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst, /* * SHA-256 context setup */ -int mbedtls_sha256_starts_ret( mbedtls_sha256_context *ctx, int is224 ) +int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 ) { SHA256_VALIDATE_RET( ctx != NULL ); @@ -285,7 +285,7 @@ int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx, /* * SHA-256 process buffer */ -int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, +int mbedtls_sha256_update( mbedtls_sha256_context *ctx, const unsigned char *input, size_t ilen ) { @@ -338,7 +338,7 @@ int mbedtls_sha256_update_ret( mbedtls_sha256_context *ctx, /* * SHA-256 final digest */ -int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, +int mbedtls_sha256_finish( mbedtls_sha256_context *ctx, unsigned char *output ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -408,7 +408,7 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx, /* * output = SHA-256( input buffer ) */ -int mbedtls_sha256_ret( const unsigned char *input, +int mbedtls_sha256( const unsigned char *input, size_t ilen, unsigned char *output, int is224 ) @@ -427,13 +427,13 @@ int mbedtls_sha256_ret( const unsigned char *input, mbedtls_sha256_init( &ctx ); - if( ( ret = mbedtls_sha256_starts_ret( &ctx, is224 ) ) != 0 ) + if( ( ret = mbedtls_sha256_starts( &ctx, is224 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha256_update_ret( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_sha256_update( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha256_finish_ret( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_sha256_finish( &ctx, output ) ) != 0 ) goto exit; exit: @@ -522,7 +522,7 @@ int mbedtls_sha256_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 ); - if( ( ret = mbedtls_sha256_starts_ret( &ctx, k ) ) != 0 ) + if( ( ret = mbedtls_sha256_starts( &ctx, k ) ) != 0 ) goto fail; if( j == 2 ) @@ -531,7 +531,7 @@ int mbedtls_sha256_self_test( int verbose ) for( j = 0; j < 1000; j++ ) { - ret = mbedtls_sha256_update_ret( &ctx, buf, buflen ); + ret = mbedtls_sha256_update( &ctx, buf, buflen ); if( ret != 0 ) goto fail; } @@ -539,13 +539,13 @@ int mbedtls_sha256_self_test( int verbose ) } else { - ret = mbedtls_sha256_update_ret( &ctx, sha256_test_buf[j], + ret = mbedtls_sha256_update( &ctx, sha256_test_buf[j], sha256_test_buflen[j] ); if( ret != 0 ) goto fail; } - if( ( ret = mbedtls_sha256_finish_ret( &ctx, sha256sum ) ) != 0 ) + if( ( ret = mbedtls_sha256_finish( &ctx, sha256sum ) ) != 0 ) goto fail; diff --git a/library/sha512.c b/library/sha512.c index 315e516cc..6511c6e36 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -123,7 +123,7 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst, /* * SHA-512 context setup */ -int mbedtls_sha512_starts_ret( mbedtls_sha512_context *ctx, int is384 ) +int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 ) { SHA512_VALIDATE_RET( ctx != NULL ); #if defined(MBEDTLS_SHA384_C) @@ -327,7 +327,7 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx, /* * SHA-512 process buffer */ -int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, +int mbedtls_sha512_update( mbedtls_sha512_context *ctx, const unsigned char *input, size_t ilen ) { @@ -379,7 +379,7 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx, /* * SHA-512 final digest */ -int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, +int mbedtls_sha512_finish( mbedtls_sha512_context *ctx, unsigned char *output ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -451,7 +451,7 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx, /* * output = SHA-512( input buffer ) */ -int mbedtls_sha512_ret( const unsigned char *input, +int mbedtls_sha512( const unsigned char *input, size_t ilen, unsigned char *output, int is384 ) @@ -469,13 +469,13 @@ int mbedtls_sha512_ret( const unsigned char *input, mbedtls_sha512_init( &ctx ); - if( ( ret = mbedtls_sha512_starts_ret( &ctx, is384 ) ) != 0 ) + if( ( ret = mbedtls_sha512_starts( &ctx, is384 ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha512_update_ret( &ctx, input, ilen ) ) != 0 ) + if( ( ret = mbedtls_sha512_update( &ctx, input, ilen ) ) != 0 ) goto exit; - if( ( ret = mbedtls_sha512_finish_ret( &ctx, output ) ) != 0 ) + if( ( ret = mbedtls_sha512_finish( &ctx, output ) ) != 0 ) goto exit; exit: @@ -591,7 +591,7 @@ int mbedtls_sha512_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 ); - if( ( ret = mbedtls_sha512_starts_ret( &ctx, k ) ) != 0 ) + if( ( ret = mbedtls_sha512_starts( &ctx, k ) ) != 0 ) goto fail; if( j == 2 ) @@ -600,20 +600,20 @@ int mbedtls_sha512_self_test( int verbose ) for( j = 0; j < 1000; j++ ) { - ret = mbedtls_sha512_update_ret( &ctx, buf, buflen ); + ret = mbedtls_sha512_update( &ctx, buf, buflen ); if( ret != 0 ) goto fail; } } else { - ret = mbedtls_sha512_update_ret( &ctx, sha512_test_buf[j], + ret = mbedtls_sha512_update( &ctx, sha512_test_buf[j], sha512_test_buflen[j] ); if( ret != 0 ) goto fail; } - if( ( ret = mbedtls_sha512_finish_ret( &ctx, sha512sum ) ) != 0 ) + if( ( ret = mbedtls_sha512_finish( &ctx, sha512sum ) ) != 0 ) goto fail; if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7a878bc40..3e2ac922c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1429,7 +1429,7 @@ void ssl_calc_verify_tls_sha256( const mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha256" ) ); mbedtls_sha256_clone( &sha256, &ssl->handshake->fin_sha256 ); - mbedtls_sha256_finish_ret( &sha256, hash ); + mbedtls_sha256_finish( &sha256, hash ); *hlen = 32; @@ -1478,7 +1478,7 @@ void ssl_calc_verify_tls_sha384( const mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> calc verify sha384" ) ); mbedtls_sha512_clone( &sha512, &ssl->handshake->fin_sha512 ); - mbedtls_sha512_finish_ret( &sha512, hash ); + mbedtls_sha512_finish( &sha512, hash ); *hlen = 48; @@ -2490,7 +2490,7 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) psa_hash_abort( &ssl->handshake->fin_sha256_psa ); psa_hash_setup( &ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256 ); #else - mbedtls_sha256_starts_ret( &ssl->handshake->fin_sha256, 0 ); + mbedtls_sha256_starts( &ssl->handshake->fin_sha256, 0 ); #endif #endif #if defined(MBEDTLS_SHA384_C) @@ -2498,7 +2498,7 @@ void mbedtls_ssl_reset_checksum( mbedtls_ssl_context *ssl ) psa_hash_abort( &ssl->handshake->fin_sha384_psa ); psa_hash_setup( &ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384 ); #else - mbedtls_sha512_starts_ret( &ssl->handshake->fin_sha512, 1 ); + mbedtls_sha512_starts( &ssl->handshake->fin_sha512, 1 ); #endif #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -2512,14 +2512,14 @@ static void ssl_update_checksum_start( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); #else - mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); #endif #endif #if defined(MBEDTLS_SHA384_C) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len ); #else - mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); #endif #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -2533,7 +2533,7 @@ static void ssl_update_checksum_sha256( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len ); #else - mbedtls_sha256_update_ret( &ssl->handshake->fin_sha256, buf, len ); + mbedtls_sha256_update( &ssl->handshake->fin_sha256, buf, len ); #endif } #endif @@ -2545,7 +2545,7 @@ static void ssl_update_checksum_sha384( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len ); #else - mbedtls_sha512_update_ret( &ssl->handshake->fin_sha512, buf, len ); + mbedtls_sha512_update( &ssl->handshake->fin_sha512, buf, len ); #endif } #endif @@ -2613,7 +2613,7 @@ static void ssl_calc_finished_tls_sha256( sha256.state, sizeof( sha256.state ) ); #endif - mbedtls_sha256_finish_ret( &sha256, padbuf ); + mbedtls_sha256_finish( &sha256, padbuf ); mbedtls_sha256_free( &sha256 ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -2688,7 +2688,7 @@ static void ssl_calc_finished_tls_sha384( MBEDTLS_SSL_DEBUG_BUF( 4, "finished sha512 state", (unsigned char *) sha512.state, sizeof( sha512.state ) ); #endif - mbedtls_sha512_finish_ret( &sha512, padbuf ); + mbedtls_sha512_finish( &sha512, padbuf ); mbedtls_sha512_free( &sha512 ); #endif @@ -2988,7 +2988,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) psa_hash_setup( &handshake->fin_sha256_psa, PSA_ALG_SHA_256 ); #else mbedtls_sha256_init( &handshake->fin_sha256 ); - mbedtls_sha256_starts_ret( &handshake->fin_sha256, 0 ); + mbedtls_sha256_starts( &handshake->fin_sha256, 0 ); #endif #endif #if defined(MBEDTLS_SHA384_C) @@ -2997,7 +2997,7 @@ static void ssl_handshake_params_init( mbedtls_ssl_handshake_params *handshake ) psa_hash_setup( &handshake->fin_sha384_psa, PSA_ALG_SHA_384 ); #else mbedtls_sha512_init( &handshake->fin_sha512 ); - mbedtls_sha512_starts_ret( &handshake->fin_sha512, 1 ); + mbedtls_sha512_starts( &handshake->fin_sha512, 1 ); #endif #endif #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 8f4a4f5ea..c90f8bc4b 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -178,7 +178,7 @@ int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ct MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->subject_key ) ); - ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, + ret = mbedtls_sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 ); if( ret != 0 ) return( ret ); @@ -206,7 +206,7 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert * MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); - ret = mbedtls_sha1_ret( buf + sizeof( buf ) - len, len, + ret = mbedtls_sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 ); if( ret != 0 ) return( ret ); diff --git a/programs/hash/hello.c b/programs/hash/hello.c index 70bea4206..18beb6997 100644 --- a/programs/hash/hello.c +++ b/programs/hash/hello.c @@ -55,7 +55,7 @@ int main( void ) mbedtls_printf( "\n MD5('%s') = ", str ); - if( ( ret = mbedtls_md5_ret( (unsigned char *) str, 13, digest ) ) != 0 ) + if( ( ret = mbedtls_md5( (unsigned char *) str, 13, digest ) ) != 0 ) mbedtls_exit( MBEDTLS_EXIT_FAILURE ); for( i = 0; i < 16; i++ ) diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index c6b313200..3ff56240c 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -214,9 +214,9 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_sha1_ret( buf, (int)( p - 2 - buf ), hash ) ) != 0 ) + if( ( ret = mbedtls_sha1( buf, (int)( p - 2 - buf ), hash ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_sha1 returned %d\n\n", ret ); goto exit; } diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 63df77ee0..47d9c26e0 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -220,9 +220,9 @@ int main( void ) /* * 5. Sign the parameters and send them */ - if( ( ret = mbedtls_sha1_ret( buf, n, hash ) ) != 0 ) + if( ( ret = mbedtls_sha1( buf, n, hash ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_sha1_ret returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_sha1 returned %d\n\n", ret ); goto exit; } diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 1bbf8268c..5a9c712d3 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -166,9 +166,9 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Computing message hash..." ); fflush( stdout ); - if( ( ret = mbedtls_sha256_ret( message, sizeof( message ), hash, 0 ) ) != 0 ) + if( ( ret = mbedtls_sha256( message, sizeof( message ), hash, 0 ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_sha256_ret returned %d\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_sha256 returned %d\n", ret ); goto exit; } diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index e12345365..80057b6d7 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -405,32 +405,32 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_MD4_C) if( todo.md4 ) - TIME_AND_TSC( "MD4", mbedtls_md4_ret( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "MD4", mbedtls_md4( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_MD5_C) if( todo.md5 ) - TIME_AND_TSC( "MD5", mbedtls_md5_ret( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "MD5", mbedtls_md5( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_RIPEMD160_C) if( todo.ripemd160 ) - TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160_ret( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "RIPEMD160", mbedtls_ripemd160( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA1_C) if( todo.sha1 ) - TIME_AND_TSC( "SHA-1", mbedtls_sha1_ret( buf, BUFSIZE, tmp ) ); + TIME_AND_TSC( "SHA-1", mbedtls_sha1( buf, BUFSIZE, tmp ) ); #endif #if defined(MBEDTLS_SHA256_C) if( todo.sha256 ) - TIME_AND_TSC( "SHA-256", mbedtls_sha256_ret( buf, BUFSIZE, tmp, 0 ) ); + TIME_AND_TSC( "SHA-256", mbedtls_sha256( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_SHA512_C) if( todo.sha512 ) - TIME_AND_TSC( "SHA-512", mbedtls_sha512_ret( buf, BUFSIZE, tmp, 0 ) ); + TIME_AND_TSC( "SHA-512", mbedtls_sha512( buf, BUFSIZE, tmp, 0 ) ); #endif #if defined(MBEDTLS_ARC4_C) diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 9492896f6..2a06adc11 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -90,7 +90,7 @@ done printf "Likely typos: " sort -u actual-macros enum-consts > _caps -HEADERS=$( ls include/mbedtls/*.h include/psa/*.h ) +HEADERS=$( ls include/mbedtls/*.h include/psa/*.h | egrep -v 'compat-2\.x\.h' ) HEADERS="$HEADERS library/*.h" HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h" LIBRARY="$( ls library/*.c )" diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh index fd19c471b..2e62359e4 100755 --- a/tests/scripts/list-macros.sh +++ b/tests/scripts/list-macros.sh @@ -22,7 +22,7 @@ if [ -d include/mbedtls ]; then :; else exit 1 fi -HEADERS=$( ls include/mbedtls/*.h include/psa/*.h tests/include/test/drivers/*.h ) +HEADERS=$( ls include/mbedtls/*.h include/psa/*.h tests/include/test/drivers/*.h | egrep -v 'compat-2\.x\.h' ) HEADERS="$HEADERS library/*.h" HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h" diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index c3ffe3b47..a46f21c1f 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -288,7 +288,7 @@ void ctr_drbg_entropy_usage( int entropy_nonce_len ) /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT). * Make sure it's detected as an error and doesn't cause memory * corruption. */ - TEST_ASSERT( mbedtls_ctr_drbg_update_ret( + TEST_ASSERT( mbedtls_ctr_drbg_update( &ctx, entropy, sizeof( entropy ) ) != 0 ); /* Now enable PR, so the next few calls should all reseed */ diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index aa35c583e..1ee722988 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -17,7 +17,7 @@ void md2_text( char * text_src_string, data_t * hash ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md2( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ) ; TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, @@ -37,7 +37,7 @@ void md4_text( char * text_src_string, data_t * hash ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md4( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, @@ -57,7 +57,7 @@ void md5_text( char * text_src_string, data_t * hash ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_md5( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, @@ -77,7 +77,7 @@ void ripemd160_text( char * text_src_string, data_t * hash ) strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output ); + ret = mbedtls_ripemd160( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 35fecce6c..95d45baa4 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -12,7 +12,7 @@ void mbedtls_sha1( data_t * src_str, data_t * hash ) memset(output, 0x00, 41); - TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 ); + TEST_ASSERT( mbedtls_sha1( src_str->x, src_str->len, output ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 20, hash->len ) == 0 ); } @@ -28,10 +28,10 @@ void sha256_invalid_param( ) int invalid_type = 42; TEST_EQUAL( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, - mbedtls_sha256_starts_ret( &ctx, invalid_type ) ); + mbedtls_sha256_starts( &ctx, invalid_type ) ); TEST_EQUAL( MBEDTLS_ERR_SHA256_BAD_INPUT_DATA, - mbedtls_sha256_ret( buf, buflen, + mbedtls_sha256( buf, buflen, buf, invalid_type ) ); exit: @@ -47,7 +47,7 @@ void sha224( data_t * src_str, data_t * hash ) memset(output, 0x00, 57); - TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 ); + TEST_ASSERT( mbedtls_sha256( src_str->x, src_str->len, output, 1 ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 28, hash->len ) == 0 ); } @@ -61,7 +61,7 @@ void mbedtls_sha256( data_t * src_str, data_t * hash ) memset(output, 0x00, 65); - TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 ); + TEST_ASSERT( mbedtls_sha256( src_str->x, src_str->len, output, 0 ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 32, hash->len ) == 0 ); } @@ -77,10 +77,10 @@ void sha512_invalid_param( ) int invalid_type = 42; TEST_EQUAL( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, - mbedtls_sha512_starts_ret( &ctx, invalid_type ) ); + mbedtls_sha512_starts( &ctx, invalid_type ) ); TEST_EQUAL( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA, - mbedtls_sha512_ret( buf, buflen, + mbedtls_sha512( buf, buflen, buf, invalid_type ) ); exit: @@ -96,7 +96,7 @@ void sha384( data_t * src_str, data_t * hash ) memset(output, 0x00, 97); - TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 ); + TEST_ASSERT( mbedtls_sha512( src_str->x, src_str->len, output, 1 ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 48, hash->len ) == 0 ); } @@ -110,7 +110,7 @@ void mbedtls_sha512( data_t * src_str, data_t * hash ) memset(output, 0x00, 129); - TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 ); + TEST_ASSERT( mbedtls_sha512( src_str->x, src_str->len, output, 0 ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 64, hash->len ) == 0 ); } From f8abfa8b1b1abad18c49725abee214921dcb240f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 9 Jun 2021 10:17:04 +0200 Subject: [PATCH 154/236] Improve migration guide Signed-off-by: Ronald Cron --- docs/3.0-migration-guide.d/rsa-padding.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/3.0-migration-guide.d/rsa-padding.md b/docs/3.0-migration-guide.d/rsa-padding.md index a04d9ee2a..f10ece6f8 100644 --- a/docs/3.0-migration-guide.d/rsa-padding.md +++ b/docs/3.0-migration-guide.d/rsa-padding.md @@ -9,21 +9,21 @@ encoding and its hash. It just selects the PKCS#1 v1.5 encoding by default. If you were using the PKCS#1 v2.1 encoding you now need, subsequently to the call to mbedtls_rsa_init(), to call mbedtls_rsa_set_padding() to set it. -Code migration examples: +To choose the padding type when initializing a context, instead of ```C mbedtls_rsa_init(ctx, padding, hash_id); ``` -to +, use ```C mbedtls_rsa_init(ctx); mbedtls_rsa_set_padding(ctx, padding, hash_id); ``` -or + +To use PKCS#1 v1.5 padding, instead of ```C mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, ); ``` -to +, just use ```C mbedtls_rsa_init(ctx); ``` - From 1e66642d68cb69fd334beccdeeee617a771d11ef Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 9 Jun 2021 11:25:28 +0200 Subject: [PATCH 155/236] Addition of change log and migration guide files. Signed-off-by: TRodziewicz --- ChangeLog.d/issue4212.txt | 33 +++++++++++++++++++ .../rename_the__ret_functions.md | 13 ++++++++ 2 files changed, 46 insertions(+) create mode 100644 ChangeLog.d/issue4212.txt create mode 100644 docs/3.0-migration-guide.d/rename_the__ret_functions.md diff --git a/ChangeLog.d/issue4212.txt b/ChangeLog.d/issue4212.txt new file mode 100644 index 000000000..d9a7cd5a7 --- /dev/null +++ b/ChangeLog.d/issue4212.txt @@ -0,0 +1,33 @@ +Changes + * Rename functions whose deprecated variants have been removed via #4029: + mbedtls_ctr_drbg_update_ret -> mbedtls_ctr_drbg_update + mbedtls_hmac_drbg_update_ret -> mbedtls_hmac_drbg_update + mbedtls_md2_starts_ret -> mbedtls_md2_starts + mbedtls_md2_update_ret -> mbedtls_md2_update + mbedtls_md2_finish_ret -> mbedtls_md2_finish + mbedtls_md2_ret -> mbedtls_md2 + mbedtls_md4_starts_ret -> mbedtls_md4_starts + mbedtls_md4_update_ret -> mbedtls_md4_update + mbedtls_md4_finish_ret -> mbedtls_md4_finish + mbedtls_md4_ret -> mbedtls_md4 + mbedtls_md5_starts_ret -> mbedtls_md5_starts + mbedtls_md5_update_ret -> mbedtls_md5_update + mbedtls_md5_finish_ret -> mbedtls_md5_finish + mbedtls_md5_ret -> mbedtls_md5 + mbedtls_ripemd160_starts_ret -> mbedtls_ripemd160_starts + mbedtls_ripemd160_update_ret -> mbedtls_ripemd160_update + mbedtls_ripemd160_finish_ret -> mbedtls_ripemd160_finish + mbedtls_ripemd160_ret -> mbedtls_ripemd160 + mbedtls_sha1_starts_ret -> mbedtls_sha1_starts + mbedtls_sha1_update_ret -> mbedtls_sha1_update + mbedtls_sha1_finish_ret -> mbedtls_sha1_finish + mbedtls_sha1_ret -> mbedtls_sha1 + mbedtls_sha256_starts_ret -> mbedtls_sha256_starts + mbedtls_sha256_update_ret -> mbedtls_sha256_update + mbedtls_sha256_finish_ret -> mbedtls_sha256_finish + mbedtls_sha256_ret -> mbedtls_sha256 + mbedtls_sha512_starts_ret -> mbedtls_sha512_starts + mbedtls_sha512_update_ret -> mbedtls_sha512_update + mbedtls_sha512_finish_ret -> mbedtls_sha512_finish + mbedtls_sha512_ret -> mbedtls_sha512. + Fixes #4212. diff --git a/docs/3.0-migration-guide.d/rename_the__ret_functions.md b/docs/3.0-migration-guide.d/rename_the__ret_functions.md new file mode 100644 index 000000000..513f167ff --- /dev/null +++ b/docs/3.0-migration-guide.d/rename_the__ret_functions.md @@ -0,0 +1,13 @@ +Rename mbedtls_*_ret() cryptography functions whose deprecated variants have been removed in #4029 +-- + +This change affects users who were using the `mbedtls_*_ret()` criptography functions. + +Those functions were created based on now-deprecated functions according to a +requirement that a function needs to return a value. This change brings back the +original names of those functions. + +To migrate to the this change the user can keep the `*_ret` names in their code +and include the `compat_2.x.h` header file which holds macros with proper +renaming or to rename those function in their code according to the list from +mentioned header file. From 3ecb92e680ac38a1bbe67bcf732a4650fad9fbe8 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Tue, 11 May 2021 18:22:05 +0200 Subject: [PATCH 156/236] Remove _X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION Signed-off-by: TRodziewicz --- ChangeLog.d/issue4378.txt | 4 ++++ include/mbedtls/config.h | 12 ------------ library/x509_crt.c | 9 +-------- scripts/config.py | 1 - tests/suites/test_suite_x509parse.data | 4 ++-- 5 files changed, 7 insertions(+), 23 deletions(-) create mode 100644 ChangeLog.d/issue4378.txt diff --git a/ChangeLog.d/issue4378.txt b/ChangeLog.d/issue4378.txt new file mode 100644 index 000000000..f10c23c58 --- /dev/null +++ b/ChangeLog.d/issue4378.txt @@ -0,0 +1,4 @@ +Removals + * Remove the MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION config.h + option. The mbedtls_x509_crt_parse_der_with_ext_cb() is the way to go for + for migration path. Fixes #4378. diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d0e27805c..ae32f2183 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1813,18 +1813,6 @@ */ #define MBEDTLS_VERSION_FEATURES -/** - * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - * - * If set, the X509 parser will not break-off when parsing an X509 certificate - * and encountering an unknown critical extension. - * - * \warning Depending on your PKI use, enabling this can be a security risk! - * - * Uncomment to prevent an error. - */ -//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - /** * \def MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK * diff --git a/library/x509_crt.c b/library/x509_crt.c index 8387de618..7d8847a30 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -818,8 +818,7 @@ static int x509_get_certificate_policies( unsigned char **p, { /* * Set the parsing return code but continue parsing, in case this - * extension is critical and MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION - * is configured. + * extension is critical. */ parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; } @@ -961,14 +960,12 @@ static int x509_get_crt_ext( unsigned char **p, /* No parser found, skip extension */ *p = end_ext_octet; -#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) if( is_critical ) { /* Data is marked as critical: fail */ return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); } -#endif continue; } @@ -1027,11 +1024,9 @@ static int x509_get_crt_ext( unsigned char **p, start_ext_octet, end_ext_octet ) == 0 ) break; -#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) if( is_critical ) return( ret ); else -#endif /* * If MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE is returned, then we * cannot interpret or enforce the policy. However, it is up to @@ -1049,11 +1044,9 @@ static int x509_get_crt_ext( unsigned char **p, * supports, but there isn't an x509 parser for it, * skip the extension. */ -#if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) if( is_critical ) return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); else -#endif *p = end_ext_octet; } } diff --git a/scripts/config.py b/scripts/config.py index 94fbdef42..b85745a2a 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -192,7 +192,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS 'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan) 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) - 'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS 'MBEDTLS_X509_REMOVE_INFO', # removes a feature ]) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 59acc667a..0ebfb9498 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1783,7 +1783,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"3081ad308197a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a311300f300d0603551d200406300430020601300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, unknown critical policy) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE X509 CRT ASN1 (TBSCertificate v3, inv CertificatePolicies, policy qualifier invalid tag) @@ -2001,7 +2001,7 @@ depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDT x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 X509 CRT ASN1 (Unsupported critical extension) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRT ASN1 (Unsupported critical extension recognized by callback) From b8367380b1f6a84662743bbef81ec4ef09f467f8 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 12 May 2021 11:03:42 +0200 Subject: [PATCH 157/236] Addition of the migration guide Signed-off-by: TRodziewicz --- ChangeLog.d/issue4378.txt | 2 +- ...TLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md diff --git a/ChangeLog.d/issue4378.txt b/ChangeLog.d/issue4378.txt index f10c23c58..9a7522b3a 100644 --- a/ChangeLog.d/issue4378.txt +++ b/ChangeLog.d/issue4378.txt @@ -1,4 +1,4 @@ Removals * Remove the MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION config.h option. The mbedtls_x509_crt_parse_der_with_ext_cb() is the way to go for - for migration path. Fixes #4378. + migration path. Fixes #4378. diff --git a/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md new file mode 100644 index 000000000..34ec4738a --- /dev/null +++ b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md @@ -0,0 +1,13 @@ +Remove the X509 parser sensitivity control for an unknown critical extension from config.h +------------------------------------------------------------------------------------------ + +It affects users who use the `MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION` +option which if set, allowed the X509 parser to parse an X509 certificate +even when it encountered an unknown critical extension. + +The migration path from that option is to use the +`mbedtls_x509_crt_parse_der_with_ext_cb()` function which is functionally +equivalent to `mbedtls_x509_crt_parse_der()`, and/or +`mbedtls_x509_crt_parse_der_nocopy()` but it calls the callback with every +unsupported certificate extension and additionally the "certificate policies" +extension if it contains any unsupported certificate policies. From 0ea257650207918f84748c589c1e8238e701fbf2 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 9 Jun 2021 13:24:48 +0200 Subject: [PATCH 158/236] Correction to the migr. guide wording and removal of not needed option Signed-off-by: TRodziewicz --- ...LS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md index 34ec4738a..738fa81fd 100644 --- a/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md +++ b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION.md @@ -1,9 +1,13 @@ -Remove the X509 parser sensitivity control for an unknown critical extension from config.h ------------------------------------------------------------------------------------------- +Remove the config option MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +-------------------------------------------------------------------------- -It affects users who use the `MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION` -option which if set, allowed the X509 parser to parse an X509 certificate -even when it encountered an unknown critical extension. +This change does not affect users of the default configuration; it only affect +users who enable this option. + +The X.509 standard says that implementations must reject critical extensions that +they don't recognize, and this is what Mbed TLS does by default. This option +allowed to continue parsing those certificates but didn't provide a convenient +way to handle those extensions. The migration path from that option is to use the `mbedtls_x509_crt_parse_der_with_ext_cb()` function which is functionally From 197496af690ec603c31568fcf6430fc96b15835a Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Tue, 8 Jun 2021 18:31:27 +0100 Subject: [PATCH 159/236] config: Allow Mbed to implement TIMING_C Mbed OS now provides POSIX-like time functions, although not alarm() nor signal(). It is possible to implement MBEDTLS_TIMING_ALT on Mbed OS, so we should not artificially prevent this in check-config. Remove the the check that prevents implementing MBEDTLS_TIMING_ALT on Mbed OS. Note that this limitation originally was added in the following commit, although there isn't much context around why the restriction was imposed: 63e7ebaaa184 ("Add material for generating yotta module"). In 2015, Mbed OS was quite a different thing: no RTOS, no threads, just an asynchronous event loop model. I'd suppose the asynchronous event loop model made it difficult before to implement MBEDTLS_TIMING_C on Mbed OS, but that is no longer the case. Fixes #4633 Signed-off-by: Jaeden Amero --- ChangeLog.d/mbed-can-do-timing.txt | 3 +++ include/mbedtls/check_config.h | 5 ++--- 2 files changed, 5 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/mbed-can-do-timing.txt diff --git a/ChangeLog.d/mbed-can-do-timing.txt b/ChangeLog.d/mbed-can-do-timing.txt new file mode 100644 index 000000000..d83da0243 --- /dev/null +++ b/ChangeLog.d/mbed-can-do-timing.txt @@ -0,0 +1,3 @@ +Bugfix + * Remove outdated check-config.h check that prevented implementing the + timing module on Mbed OS. Fixes #4633. diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index ef19f3834..90dee6c1a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -55,9 +55,8 @@ #endif #endif /* _WIN32 */ -#if defined(TARGET_LIKE_MBED) && \ - ( defined(MBEDTLS_NET_C) || defined(MBEDTLS_TIMING_C) ) -#error "The NET and TIMING modules are not available for mbed OS - please use the network and timing functions provided by mbed OS" +#if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C) +#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS" #endif #if defined(MBEDTLS_DEPRECATED_WARNING) && \ From 2a5e5a2759f99ee084760fd4588b2a13e273b503 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 9 Jun 2021 16:54:20 +0200 Subject: [PATCH 160/236] Correction to the migration guide entry wording Signed-off-by: TRodziewicz --- ..._MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md | 30 +++++++++---------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md index 348fe32f7..2acb3bfbe 100644 --- a/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md +++ b/docs/3.0-migration-guide.d/remove_MBEDTLS_X509_CHECK_x_KEY_USAGE_options.md @@ -1,20 +1,18 @@ Remove `MBEDTLS_X509_CHECK_*_KEY_USAGE` options from `config.h` --- +------------------------------------------------------------------- -This change affects users who have chosen the compilation time options to disable -the library's verification of the `keyUsage` and `extendedKeyUsage` fields of an x509 -certificate. +This change affects users who have chosen the configuration options to disable the +library's verification of the `keyUsage` and `extendedKeyUsage` fields of x509 +certificates. -The change is to remove MBEDTLS_X509_CHECK_KEY_USAGE and -MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE from the configuration. +The `MBEDTLS_X509_CHECK_KEY_USAGE` and `MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE` +configuration options are removed and the X509 code now behaves as if they were +always enabled. It is consequently not possible anymore to disable at compile +time the verification of the `keyUsage` and `extendedKeyUsage` fields of X509 +certificates. -After the change the options are removed and the compilation is done in a way that -the verification of the key usage fields is allways enabled by default. - -This verification is an important step and disabling it can cause security issues. -If the verification is for some reason undesirable it can still be disabled at -a runtime with even more flexibility by using the callback parameter in -`mbedtls_x509_crt_verify()`. - -For example the user can disable the verification by using the callback which -clears the corresponding flags when they've been set. +The verification of the `keyUsage` and `extendedKeyUsage` fields is important, +disabling it can cause security issues and it is thus not recommended. If the +verification is for some reason undesirable, it can still be disabled by means +of the verification callback function passed to `mbedtls_x509_crt_verify()` (see +the documentation of this function for more information). From d0581e119ba3643a9248762b8002b0eeb7b618eb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 10 Jun 2021 15:47:18 +0100 Subject: [PATCH 161/236] Disable OS X builds on Travis Signed-off-by: Dave Rodgman --- .travis.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.travis.yml b/.travis.yml index 542f70569..48faa4846 100644 --- a/.travis.yml +++ b/.travis.yml @@ -28,12 +28,6 @@ jobs: script: - tests/scripts/all.sh -k test_full_cmake_gcc_asan - - name: macOS - os: osx - compiler: clang - script: - - tests/scripts/all.sh -k test_default_out_of_box - - name: Windows os: windows before_install: From 93038fab2c39579b2aaab2aceb8d155e77ecb250 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 11 Jun 2021 22:38:22 +0200 Subject: [PATCH 162/236] Key derivation: add test cases where the secret is missing Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.data | 32 +++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c0146879d..9968cd16f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2827,6 +2827,10 @@ PSA key derivation: HKDF-SHA-256, direct empty secret, key output depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED +PSA key derivation: HKDF-SHA-256, missing secret, key output +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_ERROR_NOT_PERMITTED + PSA key derivation: HKDF-SHA-256, RAW_DATA key as salt depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_RAW_DATA:"412073616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS @@ -2901,6 +2905,34 @@ PSA key derivation: TLS 1.2 PRF SHA-256, good case depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_DERIVE:PSA_SUCCESS +PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, good case +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 +derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS + +PSA key derivation: TLS 1.2 PRF SHA-256, missing label +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF +derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 +derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: TLS 1.2 PRF SHA-256, missing label and secret +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF +derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label and secret +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 +derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: TLS 1.2 PRF SHA-256, no inputs +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF +derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + +PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, no inputs +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 +derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256)):0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE + PSA key derivation: TLS 1.2 PRF SHA-256, key first depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF derive_input:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE From b1edaec18fa9536f193b2fbace66adaf357e3941 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 11 Jun 2021 22:41:46 +0200 Subject: [PATCH 163/236] Fix missing state check for tls12_prf output Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive about missing inputs. Signed-off-by: Gilles Peskine --- ChangeLog.d/psa_key_derivation-bad_workflow.txt | 3 +++ library/psa_crypto.c | 11 +++++++++++ 2 files changed, 14 insertions(+) create mode 100644 ChangeLog.d/psa_key_derivation-bad_workflow.txt diff --git a/ChangeLog.d/psa_key_derivation-bad_workflow.txt b/ChangeLog.d/psa_key_derivation-bad_workflow.txt new file mode 100644 index 000000000..7fd03e6c9 --- /dev/null +++ b/ChangeLog.d/psa_key_derivation-bad_workflow.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive + about missing inputs. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index db44e3f34..d8a5d8298 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3731,6 +3731,17 @@ static psa_status_t psa_key_derivation_tls12_prf_read( psa_status_t status; uint8_t offset, length; + switch( tls12_prf->state ) + { + case PSA_TLS12_PRF_STATE_LABEL_SET: + tls12_prf->state = PSA_TLS12_PRF_STATE_OUTPUT; + break; + case PSA_TLS12_PRF_STATE_OUTPUT: + break; + default: + return( PSA_ERROR_BAD_STATE ); + } + while( output_length != 0 ) { /* Check if we have fully processed the current block. */ From 1fcd72e93ca5e16f00f48380a233790f739ac4cd Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 14 Jun 2021 11:16:06 +0200 Subject: [PATCH 164/236] change log and migr. guide fixes and _DEPRECATED_REMOVED removed Signed-off-by: TRodziewicz --- ChangeLog.d/issue4212.txt | 2 +- docs/3.0-migration-guide.d/rename_the__ret_functions.md | 8 +++++--- include/mbedtls/compat-2.x.h | 3 --- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/ChangeLog.d/issue4212.txt b/ChangeLog.d/issue4212.txt index d9a7cd5a7..4943d71c5 100644 --- a/ChangeLog.d/issue4212.txt +++ b/ChangeLog.d/issue4212.txt @@ -1,4 +1,4 @@ -Changes +API changes * Rename functions whose deprecated variants have been removed via #4029: mbedtls_ctr_drbg_update_ret -> mbedtls_ctr_drbg_update mbedtls_hmac_drbg_update_ret -> mbedtls_hmac_drbg_update diff --git a/docs/3.0-migration-guide.d/rename_the__ret_functions.md b/docs/3.0-migration-guide.d/rename_the__ret_functions.md index 513f167ff..c6fe71429 100644 --- a/docs/3.0-migration-guide.d/rename_the__ret_functions.md +++ b/docs/3.0-migration-guide.d/rename_the__ret_functions.md @@ -1,7 +1,9 @@ -Rename mbedtls_*_ret() cryptography functions whose deprecated variants have been removed in #4029 --- +Rename mbedtls_*_ret() cryptography functions whose deprecated variants +have been removed in #4029 +-------------------------- -This change affects users who were using the `mbedtls_*_ret()` criptography functions. +This change affects users who were using the `mbedtls_*_ret()` cryptography +functions. Those functions were created based on now-deprecated functions according to a requirement that a function needs to return a value. This change brings back the diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h index fe7aa16c3..fe0779045 100644 --- a/include/mbedtls/compat-2.x.h +++ b/include/mbedtls/compat-2.x.h @@ -22,8 +22,6 @@ * limitations under the License. */ -#if ! defined(MBEDTLS_DEPRECATED_REMOVED) - #if defined(MBEDTLS_DEPRECATED_WARNING) #warning "Including compat-2.x.h is deprecated" #endif @@ -66,4 +64,3 @@ #define mbedtls_sha512_ret mbedtls_sha512 #endif /* MBEDTLS_COMPAT2X_H */ -#endif /* MBEDTLS_DEPRECATED_REMOVED */ From 8476f2f30a1b775d25349e082caf993b8213cbdb Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 2 Jun 2021 14:34:47 +0200 Subject: [PATCH 165/236] Turn _SSL_SRV_RESPECT_CLIENT_PREFERENCE config option to a runtime option Signed-off-by: TRodziewicz --- ChangeLog.d/issue4398.txt | 9 +++++++ include/mbedtls/config.h | 10 ------- include/mbedtls/ssl.h | 21 ++++++++++++++- library/ssl_srv.c | 56 +++++++++++++++++++++++++++------------ library/ssl_tls.c | 1 + 5 files changed, 69 insertions(+), 28 deletions(-) create mode 100644 ChangeLog.d/issue4398.txt diff --git a/ChangeLog.d/issue4398.txt b/ChangeLog.d/issue4398.txt new file mode 100644 index 000000000..67acbf5a2 --- /dev/null +++ b/ChangeLog.d/issue4398.txt @@ -0,0 +1,9 @@ +API changes + * Remove the MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE option from config.h. + Replace it with SSL runtime option which can be enabled or disabled using + new added API function mbedtls_ssl_conf_respect_client_preference(). Add + a new field respect_cli_pref in the mbedtls_ssl_config structure and two + defines used as a parameter: MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED + and MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED. Adapt the code used for + searching for a matching ciphersuite to use the new field instead of the + removed config.h option. Fixes #3498. diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 3139b223d..c1106a6e8 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1471,16 +1471,6 @@ */ #define MBEDTLS_SSL_RENEGOTIATION -/** - * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - * - * Pick the ciphersuite according to the client's preferences rather than ours - * in the SSL Server module (MBEDTLS_SSL_SRV_C). - * - * Uncomment this macro to respect client's ciphersuite order - */ -//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE - /** * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c293b88e5..364239a84 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -200,6 +200,9 @@ #define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0 #define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1 +#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED 1 +#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED 0 + /* * Default range for DTLS retransmission timer value, in milliseconds. * RFC 6347 4.2.4.1 says from 1 second to 60 seconds. @@ -1185,6 +1188,9 @@ struct mbedtls_ssl_config #if defined(MBEDTLS_SSL_SRV_C) unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in Certificate Request messages? */ + unsigned int respect_cli_pref : 1; /*!< pick the ciphersuite according to + the client's preferences rather + than ours */ #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) unsigned int ignore_unexpected_cid : 1; /*!< Determines whether DTLS @@ -2494,7 +2500,7 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co * * Note: The server uses its own preferences * over the preference of the client unless - * MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE is defined! + * conf->respect_cli_pref is enabled! * * \param conf SSL configuration * \param ciphersuites 0-terminated list of allowed ciphersuites @@ -3292,6 +3298,19 @@ void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf, int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code ); #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ +#if defined(MBEDTLS_SSL_SRV_C) +/** + * \brief Pick the ciphersuite according to the client's preferences + * rather than ours in the SSL Server module (MBEDTLS_SSL_SRV_C). + * (Default: MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED) + * + * \param conf SSL configuration + * \param enable Enable or disable (MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED + * or MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED) + */ +void mbedtls_ssl_conf_respect_client_preference( mbedtls_ssl_config *conf, int enable ); +#endif /* MBEDTLS_SSL_SRV_C */ + #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) /** * \brief Activate negotiation of truncated HMAC diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 4fe6b02f1..c7ec4fe2a 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1872,27 +1872,43 @@ read_record_header: got_common_suite = 0; ciphersuites = ssl->conf->ciphersuite_list; ciphersuite_info = NULL; -#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE) - for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 ) - for( i = 0; ciphersuites[i] != 0; i++ ) -#else - for( i = 0; ciphersuites[i] != 0; i++ ) + + if (ssl->conf->respect_cli_pref == MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED) + { for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 ) -#endif - { - if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) || - p[1] != ( ( ciphersuites[i] ) & 0xFF ) ) - continue; + for( i = 0; ciphersuites[i] != 0; i++ ) + { + if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) || + p[1] != ( ( ciphersuites[i] ) & 0xFF ) ) + continue; - got_common_suite = 1; + got_common_suite = 1; - if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i], - &ciphersuite_info ) ) != 0 ) - return( ret ); + if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i], + &ciphersuite_info ) ) != 0 ) + return( ret ); - if( ciphersuite_info != NULL ) - goto have_ciphersuite; - } + if( ciphersuite_info != NULL ) + goto have_ciphersuite; + } + } else { + for( i = 0; ciphersuites[i] != 0; i++ ) + for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 ) + { + if( p[0] != ( ( ciphersuites[i] >> 8 ) & 0xFF ) || + p[1] != ( ( ciphersuites[i] ) & 0xFF ) ) + continue; + + got_common_suite = 1; + + if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i], + &ciphersuite_info ) ) != 0 ) + return( ret ); + + if( ciphersuite_info != NULL ) + goto have_ciphersuite; + } + } if( got_common_suite ) { @@ -4416,4 +4432,10 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) return( ret ); } + +void mbedtls_ssl_conf_respect_client_preference( mbedtls_ssl_config *conf, int enable ) +{ + conf->respect_cli_pref = enable; +} + #endif /* MBEDTLS_SSL_SRV_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3bdc1cfa4..ab11391ba 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6189,6 +6189,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_SRV_C) conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; + conf->respect_cli_pref = MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED; #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) From 8b223b650991182ff288140b5f8b3a1d4832981d Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 2 Jun 2021 16:42:39 +0200 Subject: [PATCH 166/236] Addition of the migration guide entry file. Signed-off-by: TRodziewicz --- ...T_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md diff --git a/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md b/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md new file mode 100644 index 000000000..6b1db9e62 --- /dev/null +++ b/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md @@ -0,0 +1,13 @@ +Turn MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE configuration option into a runtime option +-- + +This change affects users who see the change of the SSL server vs. client +preferred set of ciphersuites in runtime useful. + +The `MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE` `config.h` option has been +removed and a new function with similar functionality has been introduced into the +SSL API. + +This new function `mbedtls_ssl_conf_respect_client_preference()` can be used to +change the preferred set of ciphersuites on the server to those used on the client. +The default state is to use the server set of suites. From 3946f79cabc20e2dfa7fa45ae60d1ca8895b4af7 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 14 Jun 2021 12:11:18 +0200 Subject: [PATCH 167/236] Correction according to code review (function and param. names change and docs rewording) Signed-off-by: TRodziewicz --- ChangeLog.d/issue4398.txt | 10 ++------ ...NT_PREFERENCE_config_opt_to_runtime_opt.md | 17 +++++++------ include/mbedtls/ssl.h | 25 +++++++++++-------- library/ssl_srv.c | 6 ++--- library/ssl_tls.c | 2 +- 5 files changed, 29 insertions(+), 31 deletions(-) diff --git a/ChangeLog.d/issue4398.txt b/ChangeLog.d/issue4398.txt index 67acbf5a2..b7f241391 100644 --- a/ChangeLog.d/issue4398.txt +++ b/ChangeLog.d/issue4398.txt @@ -1,9 +1,3 @@ API changes - * Remove the MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE option from config.h. - Replace it with SSL runtime option which can be enabled or disabled using - new added API function mbedtls_ssl_conf_respect_client_preference(). Add - a new field respect_cli_pref in the mbedtls_ssl_config structure and two - defines used as a parameter: MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED - and MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED. Adapt the code used for - searching for a matching ciphersuite to use the new field instead of the - removed config.h option. Fixes #3498. + * Replace MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE by a runtime + configuration function mbedtls_ssl_conf_preference_order(). Fixes #4398. diff --git a/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md b/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md index 6b1db9e62..6a6554dfb 100644 --- a/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md +++ b/docs/3.0-migration-guide.d/turn_SSL_SRV_RESPECT_CLIENT_PREFERENCE_config_opt_to_runtime_opt.md @@ -1,13 +1,14 @@ Turn MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE configuration option into a runtime option -- -This change affects users who see the change of the SSL server vs. client -preferred set of ciphersuites in runtime useful. +This change affects users who were enabling MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE +option in the `config.h` -The `MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE` `config.h` option has been -removed and a new function with similar functionality has been introduced into the -SSL API. +This option has been removed and a new function with similar functionality has +been introduced into the SSL API. -This new function `mbedtls_ssl_conf_respect_client_preference()` can be used to -change the preferred set of ciphersuites on the server to those used on the client. -The default state is to use the server set of suites. +This new function `mbedtls_ssl_conf_preference_order()` can be used to +change the preferred order of ciphersuites on the server to those used on the client, +e.g.: `mbedtls_ssl_conf_preference_order(ssl_config, MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)` +has the same effect as enabling the removed option. The default state is to use +the server order of suites. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 364239a84..f0ae778b5 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -200,8 +200,8 @@ #define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0 #define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED 1 -#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED 1 -#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED 0 +#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1 +#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0 /* * Default range for DTLS retransmission timer value, in milliseconds. @@ -2498,9 +2498,12 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co * The ciphersuites array is not copied, and must remain * valid for the lifetime of the ssl_config. * - * Note: The server uses its own preferences - * over the preference of the client unless - * conf->respect_cli_pref is enabled! + * Note: By default, the server chooses its preferred + * ciphersuite among those that the client supports. If + * mbedtls_ssl_conf_preference_order() is called to prefer + * the client's preferences, the server instead chooses + * the client's preferred ciphersuite among those that + * the server supports. * * \param conf SSL configuration * \param ciphersuites 0-terminated list of allowed ciphersuites @@ -3300,15 +3303,15 @@ int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_c #if defined(MBEDTLS_SSL_SRV_C) /** - * \brief Pick the ciphersuite according to the client's preferences - * rather than ours in the SSL Server module (MBEDTLS_SSL_SRV_C). - * (Default: MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED) + * \brief Pick the ciphersuites order according to the second parameter + * in the SSL Server module (MBEDTLS_SSL_SRV_C). + * (Default, if never called: MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER) * * \param conf SSL configuration - * \param enable Enable or disable (MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED - * or MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED) + * \param order Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER + * or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT) */ -void mbedtls_ssl_conf_respect_client_preference( mbedtls_ssl_config *conf, int enable ); +void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order ); #endif /* MBEDTLS_SSL_SRV_C */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index c7ec4fe2a..c70c21f85 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1873,7 +1873,7 @@ read_record_header: ciphersuites = ssl->conf->ciphersuite_list; ciphersuite_info = NULL; - if (ssl->conf->respect_cli_pref == MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_ENABLED) + if (ssl->conf->respect_cli_pref == MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT) { for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 ) for( i = 0; ciphersuites[i] != 0; i++ ) @@ -4433,9 +4433,9 @@ int mbedtls_ssl_handshake_server_step( mbedtls_ssl_context *ssl ) return( ret ); } -void mbedtls_ssl_conf_respect_client_preference( mbedtls_ssl_config *conf, int enable ) +void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order ) { - conf->respect_cli_pref = enable; + conf->respect_cli_pref = order; } #endif /* MBEDTLS_SSL_SRV_C */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ab11391ba..8ef98af20 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6189,7 +6189,7 @@ int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf, #if defined(MBEDTLS_SSL_SRV_C) conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED; - conf->respect_cli_pref = MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREF_DISABLED; + conf->respect_cli_pref = MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER; #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) From a90e0907c51241556e07c83b581903302b617c13 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 14 Jun 2021 15:46:35 +0200 Subject: [PATCH 168/236] Remove scripts automating wrapping structs members with MBEDTLS_PRIVATE. Signed-off-by: Ronald Cron --- apply_MBEDTLS_PRIVATE.py | 106 ------------------------------- setup_and_run_MBEDTLS_PRIVATE.sh | 31 --------- 2 files changed, 137 deletions(-) delete mode 100644 apply_MBEDTLS_PRIVATE.py delete mode 100755 setup_and_run_MBEDTLS_PRIVATE.sh diff --git a/apply_MBEDTLS_PRIVATE.py b/apply_MBEDTLS_PRIVATE.py deleted file mode 100644 index d2bc7c06a..000000000 --- a/apply_MBEDTLS_PRIVATE.py +++ /dev/null @@ -1,106 +0,0 @@ -import re -import fileinput -import glob -import pprint -import os -import xml.etree.ElementTree as ET - - -# Create dictionary with following structre -# files_to_visit = { -# "filepath1" : { "variable_name1": (1, 2, 40, 61), # line numbers -# "variable_name2": (60, 64), -# }, -# "filepath2" : { "variable_name1": (1, 2, 40, 61), # line numbers -# "variable_name2": (60, 64), -# }, ... -# } -files_to_visit = {} - -# find xml models for structs parsed by doxygen -struct_files = glob.glob("apidoc/xml/structmbedtls*.xml") + glob.glob("apidoc/xml/structpsa*.xml") - -for struct_file in struct_files: - # get all variables from currently processed struct - struct_file_tree = ET.parse(struct_file) - all_struct_members_definitions = struct_file_tree.getroot().findall(".//memberdef[@kind='variable']") - - for struct_member_def in all_struct_members_definitions: - # get unique id by which this variable is referenced - member_id = struct_member_def.attrib["id"] - # find file path for this variable's definition - location = struct_member_def.find("location") - file_path = location.attrib["file"] - # get variable name - variable_name = struct_member_def.find("name").text - # if file path is not yet in dictionary, create empty sub-dictionary to initialize - if file_path not in files_to_visit: - files_to_visit[file_path] = {} - # if variable is not yet in this file's dictionary, create empty set to initialize - if variable_name not in files_to_visit[file_path]: - files_to_visit[file_path][variable_name] = set() - - # add variable's definition line number - files_to_visit[file_path][variable_name].add(int(location.attrib["line"])) - - # check where the variable was referenced - references = struct_member_def.findall("referencedby") - for reference in references: - refid = reference.attrib["refid"] - # assuming that compound name is related to header's xml file - header_file_xml = "apidoc/xml/" + reference.attrib["compoundref"] + ".xml" - header_file_tree = ET.parse(header_file_xml) - # check if this reference is created by static inline function - static_inline_function_definition = header_file_tree.getroot().find(f".//memberdef[@id='{refid}'][@kind='function'][@static='yes'][@inline='yes']") - if static_inline_function_definition: - static_inline_function_file_path = static_inline_function_definition.find("location").attrib["file"] - # if file path not yet in dictionary, create empty sub-dictionary to initialize. - # This could happen if reference is inside header file which was not yet processed in search for variable definitions - if static_inline_function_file_path not in files_to_visit: - files_to_visit[static_inline_function_file_path] = {} - # if variable is not yet in this file's dictionary, create empty set to initialize - if variable_name not in files_to_visit[static_inline_function_file_path]: - files_to_visit[static_inline_function_file_path][variable_name] = set() - # function block scope - function_lines_from = int(reference.attrib["startline"]) - function_lines_to = int(reference.attrib["endline"]) - # find codelines referencing currently processed variable. This is using the code listing inside header's xml model. - codelines_xml = header_file_tree.getroot().findall(f".//ref[@refid='{member_id}']/../..") - # filter by function's scope - codelines = [int(line.attrib["lineno"]) for line in codelines_xml if int(line.attrib["lineno"]) >= function_lines_from and int(line.attrib["lineno"]) <= function_lines_to] - # add lines referencing currently processed variable - files_to_visit[static_inline_function_file_path][variable_name].update(codelines) - -pp = pprint.PrettyPrinter(indent=4) -pp.pprint(files_to_visit) - -mbedtls_private_access_include = "#include \"mbedtls/private_access.h\"" - -for file_path, variables in files_to_visit.items(): - # check if this file has "mbedtls/private_access.h" include - file_has_private_access_include = False - with open(file_path, 'r') as file: - for line in file: - if mbedtls_private_access_include in line: - file_has_private_access_include = True - break - - # FileInput redirects stdout to to 'file', so every print in this block will be put inside 'file' - with fileinput.FileInput(file_path, inplace=True) as file: - output_line_number = 1 - # compile regex matching the header's include guard. - re_include_guard = re.compile(r"^#define.*{name}$".format(name=os.path.basename(file_path).replace('.','_').upper())) - for line in file: - insert_private_access_include = False - if re_include_guard.match(line): - insert_private_access_include = not file_has_private_access_include - # every line in file is checked against variables and lines in which they occur - for variable, var_lines in variables.items(): - for var_line in var_lines: - # wrap variable with MBEDTLS_PRIVATE(...) macro - if output_line_number == var_line: - line = re.sub(r"(^.*?\W+)((?!MBEDTLS_PRIVATE\(){var})(\W+.*$)".format(var=variable), r"\1MBEDTLS_PRIVATE(\2)\3", line) - output_line_number += 1 - print(line, end='') # fileinput redirects stdout to the target file - if insert_private_access_include: - print("#include \"mbedtls/private_access.h\"") diff --git a/setup_and_run_MBEDTLS_PRIVATE.sh b/setup_and_run_MBEDTLS_PRIVATE.sh deleted file mode 100755 index aaf0a1cf5..000000000 --- a/setup_and_run_MBEDTLS_PRIVATE.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh - -make clean -sed -i 's/GENERATE_XML = NO/GENERATE_XML = YES/g' doxygen/mbedtls.doxyfile -scripts/config.py full -cd doxygen -doxygen mbedtls.doxyfile -cd .. -python3 apply_MBEDTLS_PRIVATE.py -git checkout include/mbedtls/config.h doxygen/mbedtls.doxyfile - -make clean -sed -i 's/GENERATE_XML = NO/GENERATE_XML = YES/g' doxygen/mbedtls.doxyfile -scripts/config.py set MBEDTLS_ECP_RESTARTABLE -scripts/config.py unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE -scripts/config.py unset MBEDTLS_HAVE_TIME -cd doxygen -doxygen mbedtls.doxyfile -cd .. -python3 apply_MBEDTLS_PRIVATE.py -git checkout include/mbedtls/config.h doxygen/mbedtls.doxyfile - -make clean -sed -i 's/GENERATE_XML = NO/GENERATE_XML = YES/g' doxygen/mbedtls.doxyfile -scripts/config.py realfull -cd doxygen -doxygen mbedtls.doxyfile -cd .. -python3 apply_MBEDTLS_PRIVATE.py -git checkout include/mbedtls/config.h doxygen/mbedtls.doxyfile - From c7319cda78e7d0fe75392ebe44b30c0175af4ffc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 14 Jun 2021 18:01:42 +0200 Subject: [PATCH 169/236] Use UNUSED wherever applicable in derive_input tests Exhaustivity check: ``` --- tests/suites/test_suite_psa_crypto.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 9968cd16f..550c99ed4 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2779,19 +2779,19 @@ derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY PSA key derivation: HKDF-SHA-256, good case, omitted salt depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:0:"":UNUSED:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: HKDF-SHA-256, good case, info first depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:0:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: HKDF-SHA-256, good case, info after salt depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:0:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: HKDF-SHA-256, good case, omitted salt, info first depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:0:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: HKDF-SHA-256, good case, key output depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 From af5bd67f6e9b9dd6adaf139328f4d976e6fb0e5d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 14 Jun 2021 18:05:37 +0200 Subject: [PATCH 170/236] Fix copypasta in test data Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 550c99ed4..adfc4a1c1 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2783,11 +2783,11 @@ derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION PSA key derivation: HKDF-SHA-256, good case, info first depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: HKDF-SHA-256, good case, info after salt depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 -derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS +derive_input:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: HKDF-SHA-256, good case, omitted salt, info first depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 From b9ccb25f33e4521df3c7e874a17d876141f6429e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 23:09:13 +0200 Subject: [PATCH 171/236] Starter-class documentation of alternative implementations Signed-off-by: Gilles Peskine --- .../alternative-implementations.md | 66 +++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 docs/architecture/alternative-implementations.md diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md new file mode 100644 index 000000000..7b8b65ef3 --- /dev/null +++ b/docs/architecture/alternative-implementations.md @@ -0,0 +1,66 @@ +Alternative implementations of Mbed TLS functionality +===================================================== + +This document describes how parts of the Mbed TLS functionality can be replaced at compile time to integrate the library on a platform. + +This document is an overview. It is not exhaustive. Please consult the documentation of individual modules and read the library header files for more details. + +## Platform integration + +Mbed TLS works out of the box on Unix/Linux/POSIX-like systems and on Windows. On embedded platforms, you may need to customize some aspects of how Mbed TLS interacts with the underlying platform. This section discusses the main areas that can be configured. + +The platform module (`include/mbedtls/platform.h`) controls how Mbed TLS accesses standard library features such as memory management (`calloc`, `free`), `printf`, `exit`. You can define custom functions instead of the ones from the C standard library through `MBEDTLS_PLATFORM_XXX` options in the configuration file. Many options have two mechanisms: either define `MBEDTLS_PLATFORM_XXX_MACRO` to the name of a function to call instead of the standard function `xxx`, or define `MBEDTLS_PLATFORM_XXX_ALT` and [register an alternative implementation during the platform setup](#alternative-implementations-of-platform-functions). + +The storage of the non-volatile seed for random generation, enabled with `MBEDTLS_ENTROPY_NV_SEED`, is also controlled via the platform module. + +For timing functions, you can [declare an alternative implementation of the timing module](#module-alternative-implementations). + +On multithreaded platforms, [declare an alternative implementation of the threading module](#module-alternative-implementations). + +To configure entropy sources (hardware random generators), see the `MBEDTLS_ENTROPY_XXX` options in the configuration file. + +For networking, the `net_sockets` module does not currently support alternative implementations. If this module does not work on your platform, disable `MBEDTLS_NET_C` and use custom functions for TLS. + +If your platform has a cryptographic accelerator, you can use it via a [PSA driver](#psa-cryptography-drivers) or an [declare an alternative implementation of the corresponding module(s)](#module-alternative-implementations) or [specific functions](#function-alternative-implementations). + +## PSA cryptography drivers + +On platforms where a hardware cryptographic engine is present, you can implement a driver for this engine in the PSA interface. Drivers are supported for cryptographic operations with transparent keys (keys available in cleartext), for cryptographic operations with opaque keys (keys that are only available inside the cryptographic engine), and for random generation. Calls to `psa_xxx` functions that perform cryptographic operations are directed to drivers instead of the built-in code as applicable. See the [PSA cryptography driver interface specification](docs/proposed/psa-driver-interface.md), the [Mbed TLS PSA driver developer guide](docs/proposed/psa-driver-developer-guide.md) and the [Mbed TLS PSA driver integration guide](docs/proposed/psa-driver-integration-guide.md) for more information. + +As of Mbed TLS 3.0, this interface is still experimental and subject to change, and not all operations support drivers yet. The configuration option `MBEDTLS_USE_PSA_CRYPTO` causes parts of the `mbedtls_xxx` API to use PSA crypto and therefore to support drivers, however it is not yet compatible with all drivers. + +## Module alternative implementations + +You can replace the code of some modules of Mbed TLS at compile time by a custom implementation. This is possible for low-level cryptography modules (symmetric algorithms, DHM, RSA, ECP, ECJPAKE) and for some platform-related modules (threading, timing). Such custom implementations are called “alternative implementations”, or “ALT implementations” for short. + +The general principle of an alternative implementation is: +* Enable `MBEDTLS_XXX_ALT` in the compile-time configuration where XXX is the module name. For example, `MBEDTLS_AES_ALT` for an implementation of the AES module. This is in addition to enabling `MBEDTLS_XXX_C`. +* Create a header file `xxx_alt.h` that defines the context type(s) used by the module. For example, `mbedtls_aes_context` for AES. +* Implement all the functions from the module, i.e. the functions declared in `include/mbedtls/xxx.h`. + +See https://tls.mbed.org/kb/development/hw_acc_guidelines for a more detailed guide. + +## Function alternative implementations + +In some cases, it is possible to replace a single function or a small set of functions instead of [providing an alternative implementation of the whole module](#module-alternative-implementations). + +### Alternative implementations of cryptographic functions + +Options to replace individual functions of cryptographic modules generally have a name obtained by upper-casing the function name and appending `_ALT`. If the function name contains `_internal`, `_ext` or `_ret`, this is removed in the `_ALT` symbol. When the corresponding option is enabled, the built-in implementation of the function will not be compiled, and you must provide an alternative implementation at link time. + +For example, enable `MBEDTLS_AES_ENCRYPT_ALT` at compile time and provide your own implementation of `mbedtls_aes_encrypt()` to provide an accelerated implementation of AES encryption that is compatible with the built-in key schedule. If you wish to implement key schedule differently, you can also enable `MBEDTLS_AES_SETKEY_ENC_ALT` and implement `mbedtls_aes_setkey_enc()`. + +Another example: enable `MBEDTLS_SHA256_PROCESS_ALT` and implement `mbedtls_internal_sha256_process()` to provide an accelerated implementation of SHA-256 and SHA-224. + +Note that since alternative implementations of individual functions cooperate with the built-in implementation of other functions, you must use the same layout for context objects as the built-in implementation. If you want to use different context types, you need to [provide an alternative implementation of the whole module](#module-alternative-implementations). + +### Alternative implementations of platform functions + +Several platform functions can be reconfigured dynamically by following the process described here. To reconfigure how Mbed TLS calls the standard library function `xxx()`: + +* Define the symbol `MBEDTLS_PLATFORM_XXX_ALT` at compile time. +* During the initialization of your application, set the global variable `mbedtls_xxx` to an alternative implementation of `xxx()`. + +Merely enabling `MBEDTLS_PLATFORM_XXX_ALT` does not change the behavior: by default, `mbedtls_xxx` points to the standard function `xxx`. + +Note that there are variations on the naming pattern. Consult the documentation of individual configuration options and of the platform module for details. From 6a2fb618960a6bb228d886b5faab81794c21013c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 24 May 2021 22:25:04 +0200 Subject: [PATCH 172/236] Rename library/ecp_alt.h to ecp_internal_alt.h library/ecp_alt.h (declaring individual functions of the ECP module that can be substituted, included when building the library with MBEDTLS_ECP_INTERNAL_ALT enabled) clashes with ecp_alt.h (not provided, declaring types of the ECP module when the whole implementation is substituted, included when building the library with MBEDTLS_ECP_ALT enabled). Depending on the search path during build, this can make MBEDTLS_ECP_ALT unusable. Rename library/ecp_alt.h to follow the naming convention of other alt headers: MBEDTLS_XXX_ALT corresponds to xxx_alt.h. Signed-off-by: Gilles Peskine --- ChangeLog | 2 +- docs/3.0-migration-guide.md | 2 +- library/ecp.c | 2 +- library/{ecp_alt.h => ecp_internal_alt.h} | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) rename library/{ecp_alt.h => ecp_internal_alt.h} (99%) diff --git a/ChangeLog b/ChangeLog index dc6e4515d..ddaf3fd9f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,7 +22,7 @@ API changes Various helpers and definitions available for use in alt implementations have been moved out of the include/ directory and into the library/ directory. The files concerned are ecp_internal.h and rsa_internal.h - which have also been renamed to ecp_alt.h and rsa_alt_helpers.h + which have also been renamed to ecp_internal_alt.h and rsa_alt_helpers.h respectively. * Move internal headers. Header files that were only meant for the library's internal use and diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index 2d031c6a4..a4a59b889 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -59,7 +59,7 @@ were documented as internal, despite being in the public include directory. If you're providing alt implementations of ECP or RSA, you'll need to add our `library` directory to your include path when building your alt implementations, and note that `ecp_internal.h` and `rsa_internal.h` have been -renamed to `ecp_alt.h` and `rsa_alt_helpers.h` respectively. +renamed to `ecp_internal_alt.h` and `rsa_alt_helpers.h` respectively. If you're a library user and used to rely on having access to a structure or function that's now in a private header, please reach out on the mailing list diff --git a/library/ecp.c b/library/ecp.c index f450056c0..044bbe1d1 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -99,7 +99,7 @@ #define mbedtls_free free #endif -#include "ecp_alt.h" +#include "ecp_internal_alt.h" #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) #if defined(MBEDTLS_HMAC_DRBG_C) diff --git a/library/ecp_alt.h b/library/ecp_internal_alt.h similarity index 99% rename from library/ecp_alt.h rename to library/ecp_internal_alt.h index 6b1b29f70..9b157eaa3 100644 --- a/library/ecp_alt.h +++ b/library/ecp_internal_alt.h @@ -1,5 +1,5 @@ /** - * \file ecp_alt.h + * \file ecp_internal_alt.h * * \brief Function declarations for alternative implementation of elliptic curve * point arithmetic. @@ -293,5 +293,5 @@ int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp, #endif /* MBEDTLS_ECP_INTERNAL_ALT */ -#endif /* ecp_alt.h */ +#endif /* ecp_internal_alt.h */ From 9ef1ea7444c21ca24535bb1367dcbbc533e1a9ec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 May 2021 00:16:18 +0200 Subject: [PATCH 173/236] Move the definition of derived values out of the settings section Alternative implementations must no longer define these macros. Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 05c33ff02..8cb4fb4a5 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -249,9 +249,6 @@ mbedtls_ecp_group; #define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ #endif -#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) -#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) - #if !defined(MBEDTLS_ECP_WINDOW_SIZE) /* * Maximum "window" size used for point multiplication. @@ -297,6 +294,9 @@ mbedtls_ecp_group; #include "ecp_alt.h" #endif /* MBEDTLS_ECP_ALT */ +#define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) +#define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) + #if defined(MBEDTLS_ECP_RESTARTABLE) /** From d0b16303bb150868138467dba5c232386fc31326 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 28 May 2021 00:17:26 +0200 Subject: [PATCH 174/236] Determine MBEDTLS_ECP_MAX_BITS automatically MBEDTLS_ECP_MAX_BITS doesn't make sense as a configuration option: it must not be smaller than the largest supported curve, and it's useless to set it to a larger value. So unconditionally set it to the size of the largest supported curve. Remove it from the build configuration. Alternative implementations must no longer need define this macro. Signed-off-by: Gilles Peskine --- configs/config-suite-b.h | 3 +-- configs/config-thread.h | 3 +-- include/mbedtls/config.h | 1 - include/mbedtls/ecp.h | 45 +++++++++++++++++++++++++++++++++------- 4 files changed, 40 insertions(+), 12 deletions(-) diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 28e644312..b62bdfabd 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -84,8 +84,7 @@ #define MBEDTLS_AES_ROM_TABLES /* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_ECP_MAX_BITS 384 -#define MBEDTLS_MPI_MAX_SIZE 48 // 384 bits is 48 bytes +#define MBEDTLS_MPI_MAX_SIZE 48 // 384-bit EC curve = 48 bytes /* Save RAM at the expense of speed, see ecp.h */ #define MBEDTLS_ECP_WINDOW_SIZE 2 diff --git a/configs/config-thread.h b/configs/config-thread.h index bce9668fd..c1937de80 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -85,8 +85,7 @@ #define MBEDTLS_AES_ROM_TABLES /* Save RAM by adjusting to our exact needs */ -#define MBEDTLS_ECP_MAX_BITS 256 -#define MBEDTLS_MPI_MAX_SIZE 32 // 256 bits is 32 bytes +#define MBEDTLS_MPI_MAX_SIZE 32 // 256-bit EC curve = 32 bytes /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */ #define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 3139b223d..57783f8be 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3155,7 +3155,6 @@ //#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384 /**< Maximum size of (re)seed buffer */ /* ECP options */ -//#define MBEDTLS_ECP_MAX_BITS 521 /**< Maximum bit size of groups */ //#define MBEDTLS_ECP_WINDOW_SIZE 6 /**< Maximum window size used */ //#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 /**< Enable fixed-point speed-up */ diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 8cb4fb4a5..dceca3ef9 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -242,13 +242,6 @@ mbedtls_ecp_group; * \{ */ -#if !defined(MBEDTLS_ECP_MAX_BITS) -/** - * The maximum size of the groups, that is, of \c N and \c P. - */ -#define MBEDTLS_ECP_MAX_BITS 521 /**< The maximum size of groups, in bits. */ -#endif - #if !defined(MBEDTLS_ECP_WINDOW_SIZE) /* * Maximum "window" size used for point multiplication. @@ -294,6 +287,44 @@ mbedtls_ecp_group; #include "ecp_alt.h" #endif /* MBEDTLS_ECP_ALT */ +/** + * The maximum size of the groups, that is, of \c N and \c P. + */ +#if !defined(MBEDTLS_ECP_C) +/* Dummy definition to help code that has optional ECP support and + * defines an MBEDTLS_ECP_MAX_BYTES-sized array unconditionally. */ +#define MBEDTLS_ECP_MAX_BITS 1 +/* Note: the curves must be listed in DECREASING size! */ +#elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 521 +#elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 512 +#elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 448 +#elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 384 +#elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 384 +#elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 256 +#elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 256 +#elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 256 +#elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 255 +#elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224 +#elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 224 +#elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 192 +#elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +#define MBEDTLS_ECP_MAX_BITS 192 +#else +#error "Missing definition of MBEDTLS_ECP_MAX_BITS" +#endif + #define MBEDTLS_ECP_MAX_BYTES ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 ) #define MBEDTLS_ECP_MAX_PT_LEN ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 ) From 6e1387abed085805d21d414b665e29e3943d53ad Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Jun 2021 20:24:51 +0200 Subject: [PATCH 175/236] Update MBEDTLS_ECP_MAX_BITS when adding a curve Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index dceca3ef9..c098a0a5d 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -93,6 +93,7 @@ extern "C" { * - Add it at the end of this enum, otherwise you'll break the ABI by * changing the numerical value for existing curves. * - Increment MBEDTLS_ECP_DP_MAX below if needed. + * - Update the calculation of MBEDTLS_ECP_MAX_BITS below. * - Add the corresponding MBEDTLS_ECP_DP_xxx_ENABLED macro definition to * config.h. * - List the curve as a dependency of MBEDTLS_ECP_C and From 601d34396ca4ae0787882dbed0af733029299ae9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Jun 2021 20:27:01 +0200 Subject: [PATCH 176/236] Update TLS presets when adding a curve Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index c098a0a5d..61d29a99a 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -102,7 +102,8 @@ extern "C" { * MBEDTLS_ECP_yyy_ENABLED above. * - Add the necessary definitions to ecp_curves.c. * - Add the curve to the ecp_supported_curves array in ecp.c. - * - Add the curve to applicable profiles in x509_crt.c if applicable. + * - Add the curve to applicable profiles in x509_crt.c. + * - Add the curve to applicable presets in ssl_tls.c. */ typedef enum { From 814d0129ec60343e107e0477d3211f69cbe360d7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 21:44:25 +0200 Subject: [PATCH 177/236] Test calculated MBEDTLS_ECP_MAX_xxx constants in unit tests Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ecp.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index a697e72ec..f2b637614 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -65,6 +65,8 @@ void mbedtls_ecp_curve_info( int id, int tls_id, int size, char * name ) TEST_ASSERT( by_id == by_name ); TEST_ASSERT( by_id->bit_size == size ); + TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BITS ); + TEST_ASSERT( size <= MBEDTLS_ECP_MAX_BYTES * 8 ); } /* END_CASE */ @@ -473,6 +475,7 @@ void ecp_muladd( int id, TEST_EQUAL( 0, mbedtls_ecp_point_write_binary( &grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED, &len, actual_result, sizeof( actual_result ) ) ); + TEST_ASSERT( len <= MBEDTLS_ECP_MAX_PT_LEN ); ASSERT_COMPARE( expected_result->x, expected_result->len, actual_result, len ); @@ -544,6 +547,7 @@ void ecp_write_binary( int id, char * x, char * y, char * z, int format, if( ret == 0 ) { + TEST_ASSERT( olen <= MBEDTLS_ECP_MAX_PT_LEN ); TEST_ASSERT( mbedtls_test_hexcmp( buf, out->x, olen, out->len ) == 0 ); } From a1b44dd80844aa7ded01ab0b78eecb05cf84a582 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 21:52:28 +0200 Subject: [PATCH 178/236] Changelog entry for MBEDTLS_ECP_MAX_BITS automatic determination Signed-off-by: Gilles Peskine --- ChangeLog.d/ecp_max_bits.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/ecp_max_bits.txt diff --git a/ChangeLog.d/ecp_max_bits.txt b/ChangeLog.d/ecp_max_bits.txt new file mode 100644 index 000000000..b95246919 --- /dev/null +++ b/ChangeLog.d/ecp_max_bits.txt @@ -0,0 +1,3 @@ +Removals + * MBEDTLS_ECP_MAX_BITS is no longer a configuration option because it is + now determined automatically based on supported curves. From c5048db24ce555a55dd3d500ed622554e39687c5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 24 May 2021 22:51:48 +0200 Subject: [PATCH 179/236] Create xxx_alt.h headers for testing These headers define the context types that alternative implementations must provide. The context types are dummy types, suitable for building but not meant to be usable by an implementation. This is the output of the following script: ``` perl -0777 -ne ' m@^#if !defined\((MBEDTLS_\w+_ALT)\).*\n((?:.*\n)*?)#else.*\n#include "(.*_alt\.h)"\n#endif@m or next; $symbol = $1; $content = $2; $header = $3; $header_symbol = $header; $header_symbol =~ y/a-z./A-Z_/; m@/\*[ *\n]*Copyright .*?\*/@s or die; $copyright = $&; open OUT, ">tests/include/alt-dummy/$header" or die; $content =~ s@//.*@@mg; $content =~ s@/\*.*?\*/@@sg; $content =~ s@\{.*?\}@{\n int dummy;\n}@sg; $content =~ s@ +$@@mg; $content =~ s@\n{3,}@\n\n@g; $content =~ s@\A\n+@@; $content =~ s@\n*\Z@\n@; print OUT "/* $header with dummy types for $symbol */\n$copyright\n\n#ifndef $header_symbol\n#define $header_symbol\n\n$content\n\n#endif /* $header */\n" or die; close OUT or die; ' include/mbedtls/*.h ``` Signed-off-by: Gilles Peskine --- tests/include/alt-dummy/aes_alt.h | 37 ++++++++++++++++++++++ tests/include/alt-dummy/arc4_alt.h | 30 ++++++++++++++++++ tests/include/alt-dummy/aria_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/blowfish_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/camellia_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/ccm_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/chacha20_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/chachapoly_alt.h | 31 +++++++++++++++++++ tests/include/alt-dummy/cmac_alt.h | 28 +++++++++++++++++ tests/include/alt-dummy/des_alt.h | 36 ++++++++++++++++++++++ tests/include/alt-dummy/dhm_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/ecjpake_alt.h | 28 +++++++++++++++++ tests/include/alt-dummy/ecp_alt.h | 39 ++++++++++++++++++++++++ tests/include/alt-dummy/gcm_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/md2_alt.h | 30 ++++++++++++++++++ tests/include/alt-dummy/md4_alt.h | 30 ++++++++++++++++++ tests/include/alt-dummy/md5_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/nist_kw_alt.h | 27 ++++++++++++++++ tests/include/alt-dummy/platform_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/poly1305_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/ripemd160_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/rsa_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/sha1_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/sha256_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/sha512_alt.h | 29 ++++++++++++++++++ tests/include/alt-dummy/timing_alt.h | 33 ++++++++++++++++++++ tests/include/alt-dummy/xtea_alt.h | 29 ++++++++++++++++++ 27 files changed, 813 insertions(+) create mode 100644 tests/include/alt-dummy/aes_alt.h create mode 100644 tests/include/alt-dummy/arc4_alt.h create mode 100644 tests/include/alt-dummy/aria_alt.h create mode 100644 tests/include/alt-dummy/blowfish_alt.h create mode 100644 tests/include/alt-dummy/camellia_alt.h create mode 100644 tests/include/alt-dummy/ccm_alt.h create mode 100644 tests/include/alt-dummy/chacha20_alt.h create mode 100644 tests/include/alt-dummy/chachapoly_alt.h create mode 100644 tests/include/alt-dummy/cmac_alt.h create mode 100644 tests/include/alt-dummy/des_alt.h create mode 100644 tests/include/alt-dummy/dhm_alt.h create mode 100644 tests/include/alt-dummy/ecjpake_alt.h create mode 100644 tests/include/alt-dummy/ecp_alt.h create mode 100644 tests/include/alt-dummy/gcm_alt.h create mode 100644 tests/include/alt-dummy/md2_alt.h create mode 100644 tests/include/alt-dummy/md4_alt.h create mode 100644 tests/include/alt-dummy/md5_alt.h create mode 100644 tests/include/alt-dummy/nist_kw_alt.h create mode 100644 tests/include/alt-dummy/platform_alt.h create mode 100644 tests/include/alt-dummy/poly1305_alt.h create mode 100644 tests/include/alt-dummy/ripemd160_alt.h create mode 100644 tests/include/alt-dummy/rsa_alt.h create mode 100644 tests/include/alt-dummy/sha1_alt.h create mode 100644 tests/include/alt-dummy/sha256_alt.h create mode 100644 tests/include/alt-dummy/sha512_alt.h create mode 100644 tests/include/alt-dummy/timing_alt.h create mode 100644 tests/include/alt-dummy/xtea_alt.h diff --git a/tests/include/alt-dummy/aes_alt.h b/tests/include/alt-dummy/aes_alt.h new file mode 100644 index 000000000..f226188fd --- /dev/null +++ b/tests/include/alt-dummy/aes_alt.h @@ -0,0 +1,37 @@ +/* aes_alt.h with dummy types for MBEDTLS_AES_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef AES_ALT_H +#define AES_ALT_H + +typedef struct mbedtls_aes_context +{ + int dummy; +} +mbedtls_aes_context; + +#if defined(MBEDTLS_CIPHER_MODE_XTS) + +typedef struct mbedtls_aes_xts_context +{ + int dummy; +} mbedtls_aes_xts_context; +#endif + + +#endif /* aes_alt.h */ diff --git a/tests/include/alt-dummy/arc4_alt.h b/tests/include/alt-dummy/arc4_alt.h new file mode 100644 index 000000000..b8c2e86a0 --- /dev/null +++ b/tests/include/alt-dummy/arc4_alt.h @@ -0,0 +1,30 @@ +/* arc4_alt.h with dummy types for MBEDTLS_ARC4_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef ARC4_ALT_H +#define ARC4_ALT_H + +typedef struct mbedtls_arc4_context +{ + int dummy; +} +mbedtls_arc4_context; + + +#endif /* arc4_alt.h */ diff --git a/tests/include/alt-dummy/aria_alt.h b/tests/include/alt-dummy/aria_alt.h new file mode 100644 index 000000000..5f2335b8f --- /dev/null +++ b/tests/include/alt-dummy/aria_alt.h @@ -0,0 +1,29 @@ +/* aria_alt.h with dummy types for MBEDTLS_ARIA_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ARIA_ALT_H +#define ARIA_ALT_H + +typedef struct mbedtls_aria_context +{ + int dummy; +} +mbedtls_aria_context; + + +#endif /* aria_alt.h */ diff --git a/tests/include/alt-dummy/blowfish_alt.h b/tests/include/alt-dummy/blowfish_alt.h new file mode 100644 index 000000000..5a4f739d5 --- /dev/null +++ b/tests/include/alt-dummy/blowfish_alt.h @@ -0,0 +1,29 @@ +/* blowfish_alt.h with dummy types for MBEDTLS_BLOWFISH_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BLOWFISH_ALT_H +#define BLOWFISH_ALT_H + +typedef struct mbedtls_blowfish_context +{ + int dummy; +} +mbedtls_blowfish_context; + + +#endif /* blowfish_alt.h */ diff --git a/tests/include/alt-dummy/camellia_alt.h b/tests/include/alt-dummy/camellia_alt.h new file mode 100644 index 000000000..c23d1b4c0 --- /dev/null +++ b/tests/include/alt-dummy/camellia_alt.h @@ -0,0 +1,29 @@ +/* camellia_alt.h with dummy types for MBEDTLS_CAMELLIA_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CAMELLIA_ALT_H +#define CAMELLIA_ALT_H + +typedef struct mbedtls_camellia_context +{ + int dummy; +} +mbedtls_camellia_context; + + +#endif /* camellia_alt.h */ diff --git a/tests/include/alt-dummy/ccm_alt.h b/tests/include/alt-dummy/ccm_alt.h new file mode 100644 index 000000000..dcb834ed6 --- /dev/null +++ b/tests/include/alt-dummy/ccm_alt.h @@ -0,0 +1,29 @@ +/* ccm_alt.h with dummy types for MBEDTLS_CCM_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CCM_ALT_H +#define CCM_ALT_H + +typedef struct mbedtls_ccm_context +{ + int dummy; +} +mbedtls_ccm_context; + + +#endif /* ccm_alt.h */ diff --git a/tests/include/alt-dummy/chacha20_alt.h b/tests/include/alt-dummy/chacha20_alt.h new file mode 100644 index 000000000..7a5a25cab --- /dev/null +++ b/tests/include/alt-dummy/chacha20_alt.h @@ -0,0 +1,29 @@ +/* chacha20_alt.h with dummy types for MBEDTLS_CHACHA20_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CHACHA20_ALT_H +#define CHACHA20_ALT_H + +typedef struct mbedtls_chacha20_context +{ + int dummy; +} +mbedtls_chacha20_context; + + +#endif /* chacha20_alt.h */ diff --git a/tests/include/alt-dummy/chachapoly_alt.h b/tests/include/alt-dummy/chachapoly_alt.h new file mode 100644 index 000000000..448517d7d --- /dev/null +++ b/tests/include/alt-dummy/chachapoly_alt.h @@ -0,0 +1,31 @@ +/* chachapoly_alt.h with dummy types for MBEDTLS_CHACHAPOLY_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CHACHAPOLY_ALT_H +#define CHACHAPOLY_ALT_H + +#include "mbedtls/chacha20.h" + +typedef struct mbedtls_chachapoly_context +{ + int dummy; +} +mbedtls_chachapoly_context; + + +#endif /* chachapoly_alt.h */ diff --git a/tests/include/alt-dummy/cmac_alt.h b/tests/include/alt-dummy/cmac_alt.h new file mode 100644 index 000000000..4c9feee33 --- /dev/null +++ b/tests/include/alt-dummy/cmac_alt.h @@ -0,0 +1,28 @@ +/* cmac_alt.h with dummy types for MBEDTLS_CMAC_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef CMAC_ALT_H +#define CMAC_ALT_H + +struct mbedtls_cmac_context_t +{ + int dummy; +}; + + +#endif /* cmac_alt.h */ diff --git a/tests/include/alt-dummy/des_alt.h b/tests/include/alt-dummy/des_alt.h new file mode 100644 index 000000000..e5a0bd3aa --- /dev/null +++ b/tests/include/alt-dummy/des_alt.h @@ -0,0 +1,36 @@ +/* des_alt.h with dummy types for MBEDTLS_DES_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef DES_ALT_H +#define DES_ALT_H + +typedef struct mbedtls_des_context +{ + int dummy; +} +mbedtls_des_context; + +typedef struct mbedtls_des3_context +{ + int dummy; +} +mbedtls_des3_context; + + +#endif /* des_alt.h */ diff --git a/tests/include/alt-dummy/dhm_alt.h b/tests/include/alt-dummy/dhm_alt.h new file mode 100644 index 000000000..6289a41db --- /dev/null +++ b/tests/include/alt-dummy/dhm_alt.h @@ -0,0 +1,29 @@ +/* dhm_alt.h with dummy types for MBEDTLS_DHM_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DHM_ALT_H +#define DHM_ALT_H + +typedef struct mbedtls_dhm_context +{ + int dummy; +} +mbedtls_dhm_context; + + +#endif /* dhm_alt.h */ diff --git a/tests/include/alt-dummy/ecjpake_alt.h b/tests/include/alt-dummy/ecjpake_alt.h new file mode 100644 index 000000000..8de0fcf8e --- /dev/null +++ b/tests/include/alt-dummy/ecjpake_alt.h @@ -0,0 +1,28 @@ +/* ecjpake_alt.h with dummy types for MBEDTLS_ECJPAKE_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ECJPAKE_ALT_H +#define ECJPAKE_ALT_H + +typedef struct mbedtls_ecjpake_context +{ + int dummy; +} mbedtls_ecjpake_context; + + +#endif /* ecjpake_alt.h */ diff --git a/tests/include/alt-dummy/ecp_alt.h b/tests/include/alt-dummy/ecp_alt.h new file mode 100644 index 000000000..3628bb3da --- /dev/null +++ b/tests/include/alt-dummy/ecp_alt.h @@ -0,0 +1,39 @@ +/* ecp_alt.h with dummy types for MBEDTLS_ECP_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ECP_ALT_H +#define ECP_ALT_H + +typedef struct mbedtls_ecp_group +{ + int dummy; +} +mbedtls_ecp_group; + +#if !defined(MBEDTLS_ECP_WINDOW_SIZE) + +#define MBEDTLS_ECP_WINDOW_SIZE 6 +#endif + +#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) + +#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 +#endif + + +#endif /* ecp_alt.h */ diff --git a/tests/include/alt-dummy/gcm_alt.h b/tests/include/alt-dummy/gcm_alt.h new file mode 100644 index 000000000..94986ff48 --- /dev/null +++ b/tests/include/alt-dummy/gcm_alt.h @@ -0,0 +1,29 @@ +/* gcm_alt.h with dummy types for MBEDTLS_GCM_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef GCM_ALT_H +#define GCM_ALT_H + +typedef struct mbedtls_gcm_context +{ + int dummy; +} +mbedtls_gcm_context; + + +#endif /* gcm_alt.h */ diff --git a/tests/include/alt-dummy/md2_alt.h b/tests/include/alt-dummy/md2_alt.h new file mode 100644 index 000000000..70c7f1519 --- /dev/null +++ b/tests/include/alt-dummy/md2_alt.h @@ -0,0 +1,30 @@ +/* md2_alt.h with dummy types for MBEDTLS_MD2_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef MD2_ALT_H +#define MD2_ALT_H + +typedef struct mbedtls_md2_context +{ + int dummy; +} +mbedtls_md2_context; + + +#endif /* md2_alt.h */ diff --git a/tests/include/alt-dummy/md4_alt.h b/tests/include/alt-dummy/md4_alt.h new file mode 100644 index 000000000..db13f3d8d --- /dev/null +++ b/tests/include/alt-dummy/md4_alt.h @@ -0,0 +1,30 @@ +/* md4_alt.h with dummy types for MBEDTLS_MD4_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#ifndef MD4_ALT_H +#define MD4_ALT_H + +typedef struct mbedtls_md4_context +{ + int dummy; +} +mbedtls_md4_context; + + +#endif /* md4_alt.h */ diff --git a/tests/include/alt-dummy/md5_alt.h b/tests/include/alt-dummy/md5_alt.h new file mode 100644 index 000000000..c1191479d --- /dev/null +++ b/tests/include/alt-dummy/md5_alt.h @@ -0,0 +1,29 @@ +/* md5_alt.h with dummy types for MBEDTLS_MD5_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MD5_ALT_H +#define MD5_ALT_H + +typedef struct mbedtls_md5_context +{ + int dummy; +} +mbedtls_md5_context; + + +#endif /* md5_alt.h */ diff --git a/tests/include/alt-dummy/nist_kw_alt.h b/tests/include/alt-dummy/nist_kw_alt.h new file mode 100644 index 000000000..8fec116be --- /dev/null +++ b/tests/include/alt-dummy/nist_kw_alt.h @@ -0,0 +1,27 @@ +/* nist_kw_alt.h with dummy types for MBEDTLS_NIST_KW_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef NIST_KW_ALT_H +#define NIST_KW_ALT_H + +typedef struct { + int dummy; +} mbedtls_nist_kw_context; + + +#endif /* nist_kw_alt.h */ diff --git a/tests/include/alt-dummy/platform_alt.h b/tests/include/alt-dummy/platform_alt.h new file mode 100644 index 000000000..2bf712de7 --- /dev/null +++ b/tests/include/alt-dummy/platform_alt.h @@ -0,0 +1,29 @@ +/* platform_alt.h with dummy types for MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PLATFORM_ALT_H +#define PLATFORM_ALT_H + +typedef struct mbedtls_platform_context +{ + int dummy; +} +mbedtls_platform_context; + + +#endif /* platform_alt.h */ diff --git a/tests/include/alt-dummy/poly1305_alt.h b/tests/include/alt-dummy/poly1305_alt.h new file mode 100644 index 000000000..b8c12104a --- /dev/null +++ b/tests/include/alt-dummy/poly1305_alt.h @@ -0,0 +1,29 @@ +/* poly1305_alt.h with dummy types for MBEDTLS_POLY1305_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef POLY1305_ALT_H +#define POLY1305_ALT_H + +typedef struct mbedtls_poly1305_context +{ + int dummy; +} +mbedtls_poly1305_context; + + +#endif /* poly1305_alt.h */ diff --git a/tests/include/alt-dummy/ripemd160_alt.h b/tests/include/alt-dummy/ripemd160_alt.h new file mode 100644 index 000000000..722aeeb5d --- /dev/null +++ b/tests/include/alt-dummy/ripemd160_alt.h @@ -0,0 +1,29 @@ +/* ripemd160_alt.h with dummy types for MBEDTLS_RIPEMD160_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef RIPEMD160_ALT_H +#define RIPEMD160_ALT_H + +typedef struct mbedtls_ripemd160_context +{ + int dummy; +} +mbedtls_ripemd160_context; + + +#endif /* ripemd160_alt.h */ diff --git a/tests/include/alt-dummy/rsa_alt.h b/tests/include/alt-dummy/rsa_alt.h new file mode 100644 index 000000000..ae80dbaa4 --- /dev/null +++ b/tests/include/alt-dummy/rsa_alt.h @@ -0,0 +1,29 @@ +/* rsa_alt.h with dummy types for MBEDTLS_RSA_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef RSA_ALT_H +#define RSA_ALT_H + +typedef struct mbedtls_rsa_context +{ + int dummy; +} +mbedtls_rsa_context; + + +#endif /* rsa_alt.h */ diff --git a/tests/include/alt-dummy/sha1_alt.h b/tests/include/alt-dummy/sha1_alt.h new file mode 100644 index 000000000..df2990b5b --- /dev/null +++ b/tests/include/alt-dummy/sha1_alt.h @@ -0,0 +1,29 @@ +/* sha1_alt.h with dummy types for MBEDTLS_SHA1_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SHA1_ALT_H +#define SHA1_ALT_H + +typedef struct mbedtls_sha1_context +{ + int dummy; +} +mbedtls_sha1_context; + + +#endif /* sha1_alt.h */ diff --git a/tests/include/alt-dummy/sha256_alt.h b/tests/include/alt-dummy/sha256_alt.h new file mode 100644 index 000000000..7e501ed91 --- /dev/null +++ b/tests/include/alt-dummy/sha256_alt.h @@ -0,0 +1,29 @@ +/* sha256_alt.h with dummy types for MBEDTLS_SHA256_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SHA256_ALT_H +#define SHA256_ALT_H + +typedef struct mbedtls_sha256_context +{ + int dummy; +} +mbedtls_sha256_context; + + +#endif /* sha256_alt.h */ diff --git a/tests/include/alt-dummy/sha512_alt.h b/tests/include/alt-dummy/sha512_alt.h new file mode 100644 index 000000000..45c959923 --- /dev/null +++ b/tests/include/alt-dummy/sha512_alt.h @@ -0,0 +1,29 @@ +/* sha512_alt.h with dummy types for MBEDTLS_SHA512_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SHA512_ALT_H +#define SHA512_ALT_H + +typedef struct mbedtls_sha512_context +{ + int dummy; +} +mbedtls_sha512_context; + + +#endif /* sha512_alt.h */ diff --git a/tests/include/alt-dummy/timing_alt.h b/tests/include/alt-dummy/timing_alt.h new file mode 100644 index 000000000..f2da154f1 --- /dev/null +++ b/tests/include/alt-dummy/timing_alt.h @@ -0,0 +1,33 @@ +/* timing_alt.h with dummy types for MBEDTLS_TIMING_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TIMING_ALT_H +#define TIMING_ALT_H + +struct mbedtls_timing_hr_time +{ + int dummy; +}; + +typedef struct mbedtls_timing_delay_context +{ + int dummy; +} mbedtls_timing_delay_context; + + +#endif /* timing_alt.h */ diff --git a/tests/include/alt-dummy/xtea_alt.h b/tests/include/alt-dummy/xtea_alt.h new file mode 100644 index 000000000..cb21a3a54 --- /dev/null +++ b/tests/include/alt-dummy/xtea_alt.h @@ -0,0 +1,29 @@ +/* xtea_alt.h with dummy types for MBEDTLS_XTEA_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef XTEA_ALT_H +#define XTEA_ALT_H + +typedef struct mbedtls_xtea_context +{ + int dummy; +} +mbedtls_xtea_context; + + +#endif /* xtea_alt.h */ From a0ebaefef96535023da623a587b9c3286c3137b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 24 May 2021 23:17:57 +0200 Subject: [PATCH 180/236] Create threading_alt.h header for testing Follow-up to "Create xxx_alt.h headers for testing". The inclusion of threading_alt.h in include/mbedtls/threading.h does not follow the same pattern as the others so it was missed by the script. Signed-off-by: Gilles Peskine --- tests/include/alt-dummy/threading_alt.h | 27 +++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 tests/include/alt-dummy/threading_alt.h diff --git a/tests/include/alt-dummy/threading_alt.h b/tests/include/alt-dummy/threading_alt.h new file mode 100644 index 000000000..ff2fed5e2 --- /dev/null +++ b/tests/include/alt-dummy/threading_alt.h @@ -0,0 +1,27 @@ +/* threading_alt.h with dummy types for MBEDTLS_THREADING_ALT */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef THREADING_ALT_H +#define THREADING_ALT_H + +typedef struct mbedtls_threading_mutex_t +{ + int dummy; +} mbedtls_threading_mutex_t; + +#endif /* threading_alt.h */ From 8e90cf49ca3a305aff9af32d5f52534866f37887 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 May 2021 22:12:57 +0200 Subject: [PATCH 181/236] config.py: new command line commands set-all and unset-all The new method `Config.change_matching` and the new command-line commands `set-all` and `unset-all` change a batch of existing boolean settings to the desired state (active or inactive). Signed-off-by: Gilles Peskine --- scripts/config.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/scripts/config.py b/scripts/config.py index b85745a2a..e27f32270 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -147,6 +147,15 @@ class Config: setting.active = adapter(setting.name, setting.active, setting.section) + def change_matching(self, regexs, enable): + """Change all symbols matching one of the regexs to the desired state.""" + if not regexs: + return + regex = re.compile('|'.join(regexs)) + for setting in self.settings.values(): + if regex.search(setting.name): + setting.active = enable + def is_full_section(section): """Is this section affected by "config.py full" and friends?""" return section.endswith('support') or section.endswith('modules') @@ -454,11 +463,21 @@ if __name__ == '__main__': parser_set.add_argument('symbol', metavar='SYMBOL') parser_set.add_argument('value', metavar='VALUE', nargs='?', default='') + parser_set_all = subparsers.add_parser('set-all', + help="""Uncomment all #define + whose name contains a match for + REGEX.""") + parser_set_all.add_argument('regexs', metavar='REGEX', nargs='*') parser_unset = subparsers.add_parser('unset', help="""Comment out the #define for SYMBOL. Do nothing if none is present.""") parser_unset.add_argument('symbol', metavar='SYMBOL') + parser_unset_all = subparsers.add_parser('unset-all', + help="""Comment out all #define + whose name contains a match for + REGEX.""") + parser_unset_all.add_argument('regexs', metavar='REGEX', nargs='*') def add_adapter(name, function, description): subparser = subparsers.add_parser(name, help=description) @@ -505,8 +524,12 @@ if __name__ == '__main__': .format(args.symbol, config.filename)) return 1 config.set(args.symbol, value=args.value) + elif args.command == 'set-all': + config.change_matching(args.regexs, True) elif args.command == 'unset': config.unset(args.symbol) + elif args.command == 'unset-all': + config.change_matching(args.regexs, False) else: config.adapt(args.adapter) config.write(args.write) From cc73cc55e806349c9ad824a53310eed15bc715a2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 May 2021 09:04:46 +0200 Subject: [PATCH 182/236] Test the build with whole-module alternative implementations Use headers defining dummy context types. The test does not pass yet. I plan to fix this in subsequent commits. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2df65a5b4..53b4e250e 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1364,6 +1364,26 @@ component_build_default_make_gcc_and_cxx () { make TEST_CPP=1 } +component_build_module_alt () { + msg "build: MBEDTLS_XXX_ALT" # ~30s + scripts/config.py full + # Disable options that are incompatible with some ALT implementations. + # aesni.c and padlock.c reference mbedtls_aes_context fields directly. + scripts/config.py unset MBEDTLS_AESNI_C + scripts/config.py unset MBEDTLS_PADLOCK_C + # The debug code accesses DHM context fields directly, so it is + # incompatible with MBEDTLS_DHM_ALT. + scripts/config.py unset MBEDTLS_DEBUG_C + # You can only have one threading implementation: alt or pthread, not both. + scripts/config.py unset MBEDTLS_THREADING_PTHREAD + # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable + # MBEDTLS_XXX_YYY_ALT which are for single functions. + scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT' + # We can only compile, not link, since we don't have any implementations + # suitable for testing with the dummy alt headers. + make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib +} + component_test_no_use_psa_crypto_full_cmake_asan() { # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan" From d41d59e9006c01fa8783ccfea168bf9e6e0820dd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 May 2021 09:19:45 +0200 Subject: [PATCH 183/236] Timing: support ALT implementations in self-test Don't assume that the context has a timer field if MBEDTLS_TIMING_ALT is defined. Signed-off-by: Gilles Peskine --- library/timing.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/library/timing.c b/library/timing.c index eb4146132..664fde082 100644 --- a/library/timing.c +++ b/library/timing.c @@ -387,6 +387,21 @@ static void busy_msleep( unsigned long msec ) (void) j; } +static void print_timers( struct mbedtls_timing_hr_time *hires, + mbedtls_timing_delay_context *ctx ) +{ +#if defined(MBEDTLS_TIMING_ALT) + mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=?? status(ctx)=%d\n", + mbedtls_timing_get_timer( hires, 0 ), + mbedtls_timing_get_delay( ctx ) ); +#else + mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n", + mbedtls_timing_get_timer( hires, 0 ), + mbedtls_timing_get_timer( &ctx->timer, 0 ), + mbedtls_timing_get_delay( ctx ) ); +#endif +} + #define FAIL do \ { \ if( verbose != 0 ) \ @@ -395,10 +410,7 @@ static void busy_msleep( unsigned long msec ) mbedtls_printf( " cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d a=%lu b=%lu\n", \ cycles, ratio, millisecs, secs, hardfail, \ (unsigned long) a, (unsigned long) b ); \ - mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n", \ - mbedtls_timing_get_timer( &hires, 0 ), \ - mbedtls_timing_get_timer( &ctx.timer, 0 ), \ - mbedtls_timing_get_delay( &ctx ) ); \ + print_timers( &hires, &ctx ); \ } \ return( 1 ); \ } while( 0 ) From 85b1bc65a0f84aa6e453f316ce73e778b2cf8717 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 25 May 2021 09:20:26 +0200 Subject: [PATCH 184/236] pk_debug: build with RSA_ALT implementations When MBEDTLS_RSA_ALT is defined, mbedtls_rsa_context does not necessarily have fields called N and E of type mbedtls_mpi. Don't emit pk_debug information with MBEDTLS_RSA_ALT. This is not ideal but at least the library compiles. Signed-off-by: Gilles Peskine --- library/pk_wrap.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index ec0ff45cc..7c317c52d 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -178,6 +178,11 @@ static void rsa_free_wrap( void *ctx ) static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items ) { +#if defined(MBEDTLS_RSA_ALT) + /* Not supported */ + (void) ctx; + (void) items; +#else items->type = MBEDTLS_PK_DEBUG_MPI; items->name = "rsa.N"; items->value = &( ((mbedtls_rsa_context *) ctx)->N ); @@ -187,6 +192,7 @@ static void rsa_debug( const void *ctx, mbedtls_pk_debug_item *items ) items->type = MBEDTLS_PK_DEBUG_MPI; items->name = "rsa.E"; items->value = &( ((mbedtls_rsa_context *) ctx)->E ); +#endif } const mbedtls_pk_info_t mbedtls_rsa_info = { From 487bbf68053143cdcb27cc60a91caf7738d86b68 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 May 2021 22:17:07 +0200 Subject: [PATCH 185/236] DHM: new functions to query the length of the modulus Add two functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() to query the length of the modulus in bytes or bits. Remove the len field: the cost of calling mbedtls_dhm_get_len() each time it's needed is negligible, and this improves the abstraction of the DHM module. Signed-off-by: Gilles Peskine --- ChangeLog.d/dhm-fields.txt | 7 +++++++ include/mbedtls/dhm.h | 21 ++++++++++++++++++++- library/dhm.c | 23 +++++++++++++---------- library/ssl_cli.c | 10 +++++----- library/ssl_srv.c | 2 +- programs/pkey/dh_client.c | 7 ++++--- programs/pkey/dh_server.c | 4 ++-- programs/test/benchmark.c | 7 ++++--- tests/suites/test_suite_dhm.function | 3 ++- 9 files changed, 58 insertions(+), 26 deletions(-) create mode 100644 ChangeLog.d/dhm-fields.txt diff --git a/ChangeLog.d/dhm-fields.txt b/ChangeLog.d/dhm-fields.txt new file mode 100644 index 000000000..620e3dc9a --- /dev/null +++ b/ChangeLog.d/dhm-fields.txt @@ -0,0 +1,7 @@ +Features + * The new functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() + query the size of the modulus in a Diffie-Hellman context. + +API changes + * Instead of accessing the len field of a DHM context, which is no longer + supported, use the new function mbedtls_dhm_get_len() . diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 6c8ca037c..3f7206e3b 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -96,7 +96,6 @@ extern "C" { */ typedef struct mbedtls_dhm_context { - size_t MBEDTLS_PRIVATE(len); /*!< The size of \p P in Bytes. */ mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus. */ mbedtls_mpi MBEDTLS_PRIVATE(G); /*!< The generator. */ mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< Our secret value. */ @@ -282,6 +281,26 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +/** + * \brief This function returns the size of the prime modulus in bits. + * + * \param ctx The DHM context to query. + * + * \return The size of the prime modulus in bits, + * i.e. the number n such that 2^(n-1) <= P < 2^n. + */ +size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx ); + +/** + * \brief This function returns the size of the prime modulus in bytes. + * + * \param ctx The DHM context to query. + * + * \return The size of the prime modulus in bytes, + * i.e. the number n such that 2^(8*(n-1)) <= P < 2^(8*n). + */ +size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx ); + /** * \brief This function frees and clears the components * of a DHM context. diff --git a/library/dhm.c b/library/dhm.c index accd5a85c..2543be194 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -124,6 +124,16 @@ void mbedtls_dhm_init( mbedtls_dhm_context *ctx ) memset( ctx, 0, sizeof( mbedtls_dhm_context ) ); } +size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx ) +{ + return( mbedtls_mpi_bitlen( &ctx->P ) ); +} + +size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx ) +{ + return( mbedtls_mpi_size( &ctx->P ) ); +} + /* * Parse the ServerKeyExchange parameters */ @@ -144,8 +154,6 @@ int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx, if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 ) return( ret ); - ctx->len = mbedtls_mpi_size( &ctx->P ); - return( 0 ); } @@ -247,8 +255,6 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, *olen = p - output; - ctx->len = n1; - cleanup: if( ret != 0 && ret > -128 ) ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret ); @@ -273,7 +279,6 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) ); } - ctx->len = mbedtls_mpi_size( &ctx->P ); return( 0 ); } @@ -287,7 +292,7 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, DHM_VALIDATE_RET( ctx != NULL ); DHM_VALIDATE_RET( input != NULL ); - if( ilen < 1 || ilen > ctx->len ) + if( ilen < 1 || ilen > mbedtls_dhm_get_len( ctx ) ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 ) @@ -309,7 +314,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, DHM_VALIDATE_RET( output != NULL ); DHM_VALIDATE_RET( f_rng != NULL ); - if( olen < 1 || olen > ctx->len ) + if( olen < 1 || olen > mbedtls_dhm_get_len( ctx ) ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); ret = dhm_make_common( ctx, x_size, f_rng, p_rng ); @@ -408,7 +413,7 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, DHM_VALIDATE_RET( output != NULL ); DHM_VALIDATE_RET( olen != NULL ); - if( output_size < ctx->len ) + if( output_size < mbedtls_dhm_get_len( ctx ) ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); if( ( ret = dhm_check_range( &ctx->GY, &ctx->P ) ) != 0 ) @@ -564,8 +569,6 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, ret = 0; - dhm->len = mbedtls_mpi_size( &dhm->P ); - exit: #if defined(MBEDTLS_PEM_PARSE_C) mbedtls_pem_free( &pem ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 12ed0fbb2..1bacd6497 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2553,7 +2553,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, return( ret ); } - dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P ); + dhm_actual_bitlen = mbedtls_dhm_get_bitlen( &ssl->handshake->dhm_ctx ); if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %" MBEDTLS_PRINTF_SIZET " < %u", @@ -3588,14 +3588,14 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) /* * DHM key exchange -- send G^X mod P */ - content_len = ssl->handshake->dhm_ctx.len; + content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ); ssl->out_msg[4] = (unsigned char)( content_len >> 8 ); ssl->out_msg[5] = (unsigned char)( content_len ); header_len = 6; ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), + (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ), &ssl->out_msg[header_len], content_len, ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) @@ -3848,7 +3848,7 @@ ecdh_calc_secret: /* * ClientDiffieHellmanPublic public (DHM send G^X mod P) */ - content_len = ssl->handshake->dhm_ctx.len; + content_len = mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ); if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) @@ -3862,7 +3862,7 @@ ecdh_calc_secret: ssl->out_msg[header_len++] = (unsigned char)( content_len ); ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), + (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ), &ssl->out_msg[header_len], content_len, ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 4fe6b02f1..cf4b7c5e5 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -3049,7 +3049,7 @@ static int ssl_prepare_server_key_exchange( mbedtls_ssl_context *ssl, if( ( ret = mbedtls_dhm_make_params( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), + (int) mbedtls_dhm_get_len( &ssl->handshake->dhm_ctx ), ssl->out_msg + ssl->out_msglen, &len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c index 101b0bbb6..d68dc2477 100644 --- a/programs/pkey/dh_client.c +++ b/programs/pkey/dh_client.c @@ -192,7 +192,8 @@ int main( void ) goto exit; } - if( dhm.MBEDTLS_PRIVATE(len) < 64 || dhm.MBEDTLS_PRIVATE(len) > 512 ) + n = mbedtls_dhm_get_len( &dhm ); + if( n < 64 || n > 512 ) { mbedtls_printf( " failed\n ! Invalid DHM modulus size\n\n" ); goto exit; @@ -232,8 +233,8 @@ int main( void ) mbedtls_printf( "\n . Sending own public value to server" ); fflush( stdout ); - n = dhm.MBEDTLS_PRIVATE(len); - if( ( ret = mbedtls_dhm_make_public( &dhm, (int) dhm.MBEDTLS_PRIVATE(len), buf, n, + n = mbedtls_dhm_get_len( &dhm ); + if( ( ret = mbedtls_dhm_make_public( &dhm, (int) n, buf, n, mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_dhm_make_public returned %d\n\n", ret ); diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 745e68a94..9d51c14a8 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -254,14 +254,14 @@ int main( void ) memset( buf, 0, sizeof( buf ) ); - n = dhm.MBEDTLS_PRIVATE(len); + n = mbedtls_dhm_get_len( &dhm ); if( ( ret = mbedtls_net_recv( &client_fd, buf, n ) ) != (int) n ) { mbedtls_printf( " failed\n ! mbedtls_net_recv returned %d\n\n", ret ); goto exit; } - if( ( ret = mbedtls_dhm_read_public( &dhm, buf, dhm.MBEDTLS_PRIVATE(len) ) ) != 0 ) + if( ( ret = mbedtls_dhm_read_public( &dhm, buf, n ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_dhm_read_public returned %d\n\n", ret ); goto exit; diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index e580fb248..148e6da47 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -827,6 +827,7 @@ int main( int argc, char *argv[] ) mbedtls_dhm_context dhm; size_t olen; + size_t n; for( i = 0; (size_t) i < sizeof( dhm_sizes ) / sizeof( dhm_sizes[0] ); i++ ) { mbedtls_dhm_init( &dhm ); @@ -839,14 +840,14 @@ int main( int argc, char *argv[] ) mbedtls_exit( 1 ); } - dhm.len = mbedtls_mpi_size( &dhm.P ); - mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, myrand, NULL ); + n = mbedtls_mpi_size( &dhm.P ); + mbedtls_dhm_make_public( &dhm, (int) n, buf, n, myrand, NULL ); if( mbedtls_mpi_copy( &dhm.GY, &dhm.GX ) != 0 ) mbedtls_exit( 1 ); mbedtls_snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] ); TIME_PUBLIC( title, "handshake", - ret |= mbedtls_dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, + ret |= mbedtls_dhm_make_public( &dhm, (int) n, buf, n, myrand, NULL ); ret |= mbedtls_dhm_calc_secret( &dhm, buf, sizeof( buf ), &olen, myrand, NULL ) ); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index c4d78def6..7e01eb71f 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -229,7 +229,8 @@ void dhm_file( char * filename, char * p, char * g, int len ) TEST_ASSERT( mbedtls_dhm_parse_dhmfile( &ctx, filename ) == 0 ); - TEST_ASSERT( ctx.len == (size_t) len ); + TEST_EQUAL( mbedtls_dhm_get_len( &ctx ), (size_t) len ); + TEST_EQUAL( mbedtls_dhm_get_bitlen( &ctx ), mbedtls_mpi_bitlen( &P ) ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &P ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.G, &G ) == 0 ); From 71acc6e8d97dd6e4e3e3bbf5c99f1bcb2212ead7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 May 2021 22:50:53 +0200 Subject: [PATCH 186/236] New function mbedtls_dhm_get_value to copy a field of a DHM context Reduce the need to break the DHM abstraction by accessing the context directly. Signed-off-by: Gilles Peskine --- ChangeLog.d/dhm-fields.txt | 2 ++ include/mbedtls/dhm.h | 27 ++++++++++++++++++++ library/dhm.c | 31 +++++++++++++++++++++++ library/ssl_tls.c | 6 +++-- tests/suites/test_suite_dhm.function | 37 ++++++++++++++++++++++++++-- 5 files changed, 99 insertions(+), 4 deletions(-) diff --git a/ChangeLog.d/dhm-fields.txt b/ChangeLog.d/dhm-fields.txt index 620e3dc9a..4d5c751fb 100644 --- a/ChangeLog.d/dhm-fields.txt +++ b/ChangeLog.d/dhm-fields.txt @@ -1,6 +1,8 @@ Features * The new functions mbedtls_dhm_get_len() and mbedtls_dhm_get_bitlen() query the size of the modulus in a Diffie-Hellman context. + * The new function mbedtls_dhm_get_value() copy a field out of a + Diffie-Hellman context. API changes * Instead of accessing the len field of a DHM context, which is no longer diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 3f7206e3b..6c319f804 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -85,6 +85,17 @@ #define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480 /**< Read or write of file failed. */ #define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580 /**< Setting the modulus and generator failed. */ +/** Which parameter to access in mbedtls_dhm_get_value(). */ +typedef enum +{ + MBEDTLS_DHM_PARAM_P, /*!< The prime modulus. */ + MBEDTLS_DHM_PARAM_G, /*!< The generator. */ + MBEDTLS_DHM_PARAM_X, /*!< Our secret value. */ + MBEDTLS_DHM_PARAM_GX, /*!< Our public key = \c G^X mod \c P. */ + MBEDTLS_DHM_PARAM_GY, /*!< The public key of the peer = \c G^Y mod \c P. */ + MBEDTLS_DHM_PARAM_K, /*!< The shared secret = \c G^(XY) mod \c P. */ +} mbedtls_dhm_parameter; + #ifdef __cplusplus extern "C" { #endif @@ -301,6 +312,22 @@ size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx ); */ size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx ); +/** + * \brief This function copies a parameter of a DHM key. + * + * \param dest The MPI object to copy the value into. It must be + * initialized. + * \param ctx The DHM context to query. + * \param param The parameter to copy. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid. + * \return An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails. + */ +int mbedtls_dhm_get_value( mbedtls_mpi *dest, + const mbedtls_dhm_context *ctx, + mbedtls_dhm_parameter param ); + /** * \brief This function frees and clears the components * of a DHM context. diff --git a/library/dhm.c b/library/dhm.c index 2543be194..cb9299fab 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -134,6 +134,37 @@ size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx ) return( mbedtls_mpi_size( &ctx->P ) ); } +int mbedtls_dhm_get_value( mbedtls_mpi *dest, + const mbedtls_dhm_context *ctx, + mbedtls_dhm_parameter param ) +{ + const mbedtls_mpi *src = NULL; + switch( param ) + { + case MBEDTLS_DHM_PARAM_P: + src = &ctx->P; + break; + case MBEDTLS_DHM_PARAM_G: + src = &ctx->G; + break; + case MBEDTLS_DHM_PARAM_X: + src = &ctx->X; + break; + case MBEDTLS_DHM_PARAM_GX: + src = &ctx->GX; + break; + case MBEDTLS_DHM_PARAM_GY: + src = &ctx->GY; + break; + case MBEDTLS_DHM_PARAM_K: + src = &ctx->K; + break; + default: + return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + } + return( mbedtls_mpi_copy( dest, src ) ); +} + /* * Parse the ServerKeyExchange parameters */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 3bdc1cfa4..bef686403 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3871,8 +3871,10 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_mpi_copy( &conf->dhm_P, &dhm_ctx->P ) ) != 0 || - ( ret = mbedtls_mpi_copy( &conf->dhm_G, &dhm_ctx->G ) ) != 0 ) + if( ( ret = mbedtls_dhm_get_value( &conf->dhm_P, dhm_ctx, + MBEDTLS_DHM_PARAM_P ) ) != 0 || + ( ret = mbedtls_dhm_get_value( &conf->dhm_G, dhm_ctx, + MBEDTLS_DHM_PARAM_G ) ) != 0 ) { mbedtls_mpi_free( &conf->dhm_P ); mbedtls_mpi_free( &conf->dhm_G ); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index 7e01eb71f..d48c4e38e 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -1,6 +1,23 @@ /* BEGIN_HEADER */ #include "mbedtls/dhm.h" +int check_get_value( const mbedtls_dhm_context *ctx, + mbedtls_dhm_parameter param, + const mbedtls_mpi *expected ) +{ + mbedtls_mpi actual; + int ok = 0; + mbedtls_mpi_init( &actual ); + + TEST_ASSERT( mbedtls_dhm_get_value( &actual, ctx, param ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &actual, expected ) == 0 ); + ok = 1; + +exit: + mbedtls_mpi_free( &actual ); + return( ok ); +} + /* Sanity checks on a Diffie-Hellman parameter: check the length-value * syntax and check that the value is the expected one (taken from the * DHM context by the caller). */ @@ -102,6 +119,8 @@ void dhm_do_dhm( int radix_P, char *input_P, int x_size, TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &ctx_srv.G, radix_G, input_G ) == 0 ); pub_cli_len = mbedtls_mpi_size( &ctx_srv.P ); + TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_P, &ctx_srv.P ) ); + TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_G, &ctx_srv.G ) ); /* * First key exchange @@ -118,6 +137,9 @@ void dhm_do_dhm( int radix_P, char *input_P, int x_size, ske[ske_len++] = 0; ske[ske_len++] = 0; TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); + /* The domain parameters must be the same on both side. */ + TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_P, &ctx_srv.P ) ); + TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_G, &ctx_srv.G ) ); TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &mbedtls_test_rnd_pseudo_rand, @@ -134,6 +156,17 @@ void dhm_do_dhm( int radix_P, char *input_P, int x_size, TEST_ASSERT( sec_srv_len != 0 ); TEST_ASSERT( memcmp( sec_srv, sec_cli, sec_srv_len ) == 0 ); + /* Internal value checks */ + TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_X, &ctx_cli.X ) ); + TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_X, &ctx_srv.X ) ); + /* Cross-checks */ + TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_GX, &ctx_srv.GY ) ); + TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_GY, &ctx_srv.GX ) ); + TEST_ASSERT( check_get_value( &ctx_cli, MBEDTLS_DHM_PARAM_K, &ctx_srv.K ) ); + TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_GX, &ctx_cli.GY ) ); + TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_GY, &ctx_cli.GX ) ); + TEST_ASSERT( check_get_value( &ctx_srv, MBEDTLS_DHM_PARAM_K, &ctx_cli.K ) ); + /* Re-do calc_secret on server a few times to test update of blinding values */ for( i = 0; i < 3; i++ ) { @@ -231,8 +264,8 @@ void dhm_file( char * filename, char * p, char * g, int len ) TEST_EQUAL( mbedtls_dhm_get_len( &ctx ), (size_t) len ); TEST_EQUAL( mbedtls_dhm_get_bitlen( &ctx ), mbedtls_mpi_bitlen( &P ) ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.P, &P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &ctx.G, &G ) == 0 ); + TEST_ASSERT( check_get_value( &ctx, MBEDTLS_DHM_PARAM_P, &P ) ); + TEST_ASSERT( check_get_value( &ctx, MBEDTLS_DHM_PARAM_G, &G ) ); exit: mbedtls_mpi_free( &P ); mbedtls_mpi_free( &G ); From cd07e22048e650562873b9ee76f3e690fb6d9516 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 May 2021 23:17:34 +0200 Subject: [PATCH 187/236] New function mbedtls_ecjpake_set_point_format Use this instead of accessing the field directly. Signed-off-by: Gilles Peskine --- ChangeLog.d/ecjpake-point_format.txt | 4 ++++ include/mbedtls/ecjpake.h | 15 +++++++++++++++ library/ecjpake.c | 14 ++++++++++++++ library/ssl_cli.c | 3 ++- library/ssl_srv.c | 3 ++- 5 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/ecjpake-point_format.txt diff --git a/ChangeLog.d/ecjpake-point_format.txt b/ChangeLog.d/ecjpake-point_format.txt new file mode 100644 index 000000000..6e05b2339 --- /dev/null +++ b/ChangeLog.d/ecjpake-point_format.txt @@ -0,0 +1,4 @@ +Features + * Use the new function mbedtls_ecjpake_set_point_format() to select the + point format for ECJPAKE instead of accessing the point_format field + directly, which is no longer supported. diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index 0c8e8c927..27a091d50 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -131,6 +131,21 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, const unsigned char *secret, size_t len ); +/** + * \brief Set the point format for future reads and writes. + * + * \param ctx The ECJPAKE context to configure. + * \param point_format The point format to use: + * #MBEDTLS_ECP_PF_UNCOMPRESSED (default) + * or #MBEDTLS_ECP_PF_COMPRESSED. + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p point_format + * is invalid. + */ +int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx, + int point_format ); + /** * \brief Check if an ECJPAKE context is ready for use. * diff --git a/library/ecjpake.c b/library/ecjpake.c index 464ff51cc..de43ddb70 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -128,6 +128,20 @@ cleanup: return( ret ); } +int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx, + int point_format ) +{ + switch( point_format ) + { + case MBEDTLS_ECP_PF_UNCOMPRESSED: + case MBEDTLS_ECP_PF_COMPRESSED: + ctx->point_format = point_format; + return( 0 ); + default: + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + } +} + /* * Check if context is ready for use */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 1bacd6497..9a441385d 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1663,7 +1663,8 @@ static int ssl_parse_supported_point_formats_ext( mbedtls_ssl_context *ssl, ssl->handshake->ecdh_ctx.point_format = p[0]; #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - ssl->handshake->ecjpake_ctx.point_format = p[0]; + mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx, + p[0] ); #endif MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) ); return( 0 ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index cf4b7c5e5..d9ad607cd 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -407,7 +407,8 @@ static int ssl_parse_supported_point_formats( mbedtls_ssl_context *ssl, ssl->handshake->ecdh_ctx.point_format = p[0]; #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - ssl->handshake->ecjpake_ctx.point_format = p[0]; + mbedtls_ecjpake_set_point_format( &ssl->handshake->ecjpake_ctx, + p[0] ); #endif MBEDTLS_SSL_DEBUG_MSG( 4, ( "point format selected: %d", p[0] ) ); return( 0 ); From bf69ea5b8f882af439ac3b288b7063ce6757e730 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 27 May 2021 23:53:07 +0200 Subject: [PATCH 188/236] Make some fields of mbedtls_ecp_group public The Mbed TLS code relies heavily on reading certain fields of mbedtls_ecp_group directly. Make these fields public. Require that MBEDTLS_ECP_ALT alternative implementations have them. Signed-off-by: Gilles Peskine --- include/mbedtls/ecp.h | 32 ++++++++++++++++++++------------ programs/pkey/ecdsa.c | 2 +- programs/pkey/gen_key.c | 2 +- 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 61d29a99a..49e85d941 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -206,25 +206,33 @@ mbedtls_ecp_point; * additions or subtractions. Therefore, it is only an approximative modular * reduction. It must return 0 on success and non-zero on failure. * - * \note Alternative implementations must keep the group IDs distinct. If - * two group structures have the same ID, then they must be - * identical. - * + * \note Alternative implementations of the ECP module must obey the + * following constraints. + * * Group IDs must be distinct: if two group structures have + * the same ID, then they must be identical. + * * The fields \c id, \c P, \c A, \c B, \c G, \c N, + * \c pbits and \c nbits must have the same type and semantics + * as in the built-in implementation. + * They must be available for reading, but direct modification + * of these fields does not need to be supported. + * They do not need to be at the same offset in the structure. */ typedef struct mbedtls_ecp_group { - mbedtls_ecp_group_id MBEDTLS_PRIVATE(id); /*!< An internal group identifier. */ - mbedtls_mpi MBEDTLS_PRIVATE(P); /*!< The prime modulus of the base field. */ - mbedtls_mpi MBEDTLS_PRIVATE(A); /*!< For Short Weierstrass: \p A in the equation. For + mbedtls_ecp_group_id id; /*!< An internal group identifier. */ + mbedtls_mpi P; /*!< The prime modulus of the base field. */ + mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For Montgomery curves: (A + 2) / 4. */ - mbedtls_mpi MBEDTLS_PRIVATE(B); /*!< For Short Weierstrass: \p B in the equation. + mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation. For Montgomery curves: unused. */ - mbedtls_ecp_point MBEDTLS_PRIVATE(G); /*!< The generator of the subgroup used. */ - mbedtls_mpi MBEDTLS_PRIVATE(N); /*!< The order of \p G. */ - size_t MBEDTLS_PRIVATE(pbits); /*!< The number of bits in \p P.*/ - size_t MBEDTLS_PRIVATE(nbits); /*!< For Short Weierstrass: The number of bits in \p P. + mbedtls_ecp_point G; /*!< The generator of the subgroup used. */ + mbedtls_mpi N; /*!< The order of \p G. */ + size_t pbits; /*!< The number of bits in \p P.*/ + size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P. For Montgomery curves: the number of bits in the private keys. */ + /* End of public fields */ + unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are static. */ int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction mod \p P (see above).*/ diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c index 3dacd75d3..3dd85bf90 100644 --- a/programs/pkey/ecdsa.c +++ b/programs/pkey/ecdsa.c @@ -156,7 +156,7 @@ int main( int argc, char *argv[] ) goto exit; } - mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).MBEDTLS_PRIVATE(pbits) ); + mbedtls_printf( " ok (key size: %d bits)\n", (int) ctx_sign.MBEDTLS_PRIVATE(grp).pbits ); dump_pubkey( " + Public key: ", &ctx_sign ); diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 9ad1190fc..941553012 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -395,7 +395,7 @@ int main( int argc, char *argv[] ) { mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( key ); mbedtls_printf( "curve: %s\n", - mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).MBEDTLS_PRIVATE(id) )->MBEDTLS_PRIVATE(name) ); + mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->MBEDTLS_PRIVATE(name) ); mbedtls_mpi_write_file( "X_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(X), 16, NULL ); mbedtls_mpi_write_file( "Y_Q: ", &ecp->MBEDTLS_PRIVATE(Q).MBEDTLS_PRIVATE(Y), 16, NULL ); mbedtls_mpi_write_file( "D: ", &ecp->MBEDTLS_PRIVATE(d) , 16, NULL ); From ad7f53cdb35644304350b077a9ac11e5ec588036 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 21:20:30 +0200 Subject: [PATCH 189/236] Define public fields of mbedtls_ecp_group in alt test header And don't define configuration macros that only apply to the built-in implementation. Signed-off-by: Gilles Peskine --- tests/include/alt-dummy/ecp_alt.h | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/tests/include/alt-dummy/ecp_alt.h b/tests/include/alt-dummy/ecp_alt.h index 3628bb3da..d263871c4 100644 --- a/tests/include/alt-dummy/ecp_alt.h +++ b/tests/include/alt-dummy/ecp_alt.h @@ -21,19 +21,15 @@ typedef struct mbedtls_ecp_group { - int dummy; + const mbedtls_ecp_group_id id; + const mbedtls_mpi P; + const mbedtls_mpi A; + const mbedtls_mpi B; + const mbedtls_ecp_point G; + const mbedtls_mpi N; + const size_t pbits; + const size_t nbits; } mbedtls_ecp_group; -#if !defined(MBEDTLS_ECP_WINDOW_SIZE) - -#define MBEDTLS_ECP_WINDOW_SIZE 6 -#endif - -#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM) - -#define MBEDTLS_ECP_FIXED_POINT_OPTIM 1 -#endif - - #endif /* ecp_alt.h */ From 5c3f18d37cc46b102218f2857a7db694aee76f43 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 21:21:12 +0200 Subject: [PATCH 190/236] MBEDTLS_PK_PARSE_EC_EXTENDED is incompatible with MBEDTLS_ECP_ALT ... unless the alt implementation defines a group structure that's mostly compatible with the built-in one and supports partially filled group structures in the same way. It would be possible to rewrite the SpecifiedECDomain parsing code to avoid requiring support for partially filled group structures, but that's too complicated to do now. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 53b4e250e..6f1f9c31c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1376,6 +1376,9 @@ component_build_module_alt () { scripts/config.py unset MBEDTLS_DEBUG_C # You can only have one threading implementation: alt or pthread, not both. scripts/config.py unset MBEDTLS_THREADING_PTHREAD + # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields + # directly and assumes the implementation works with partial groups. + scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable # MBEDTLS_XXX_YYY_ALT which are for single functions. scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT' From 1628a9c1405eb69f5abd6e1a91d25d76a9da68fe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 22:09:58 +0200 Subject: [PATCH 191/236] MBEDTLS_DEBUG_C is compatible with every whole-module ALT except DHM It would be possible to make SSL debugging compatible with MBEDTLS_DHM_ALT, but too much low-priority work right now, so don't require it. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6f1f9c31c..142309957 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1371,9 +1371,6 @@ component_build_module_alt () { # aesni.c and padlock.c reference mbedtls_aes_context fields directly. scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_PADLOCK_C - # The debug code accesses DHM context fields directly, so it is - # incompatible with MBEDTLS_DHM_ALT. - scripts/config.py unset MBEDTLS_DEBUG_C # You can only have one threading implementation: alt or pthread, not both. scripts/config.py unset MBEDTLS_THREADING_PTHREAD # The SpecifiedECDomain parsing code accesses mbedtls_ecp_group fields @@ -1382,6 +1379,18 @@ component_build_module_alt () { # Enable all MBEDTLS_XXX_ALT for whole modules. Do not enable # MBEDTLS_XXX_YYY_ALT which are for single functions. scripts/config.py set-all 'MBEDTLS_([A-Z0-9]*|NIST_KW)_ALT' + scripts/config.py unset MBEDTLS_DHM_ALT #incompatible with MBEDTLS_DEBUG_C + # We can only compile, not link, since we don't have any implementations + # suitable for testing with the dummy alt headers. + make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib +} + +component_build_dhm_alt () { + msg "build: MBEDTLS_DHM_ALT" # ~30s + scripts/config.py full + scripts/config.py set MBEDTLS_DHM_ALT + # debug.c currently references mbedtls_dhm_context fields directly. + scripts/config.py unset MBEDTLS_DEBUG_C # We can only compile, not link, since we don't have any implementations # suitable for testing with the dummy alt headers. make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib From f35c42bdb9c1f4aced727d52534552a8f9f5ce68 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 31 May 2021 23:30:01 +0200 Subject: [PATCH 192/236] Document the remaining constraints on ALT context types Signed-off-by: Gilles Peskine --- ChangeLog.d/alt-context-relaxation.txt | 6 ++++++ docs/architecture/alternative-implementations.md | 11 +++++++++++ 2 files changed, 17 insertions(+) create mode 100644 ChangeLog.d/alt-context-relaxation.txt diff --git a/ChangeLog.d/alt-context-relaxation.txt b/ChangeLog.d/alt-context-relaxation.txt new file mode 100644 index 000000000..10fd47619 --- /dev/null +++ b/ChangeLog.d/alt-context-relaxation.txt @@ -0,0 +1,6 @@ +Features + * Alternative implementations of the AES, DHM, ECJPAKE, ECP, RSA and timing + modules had undocumented constraints on their context types. These + constraints have been relaxed. + See docs/architecture/alternative-implementations.md for the remaining + constraints. diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md index 7b8b65ef3..4c4a2ad1b 100644 --- a/docs/architecture/alternative-implementations.md +++ b/docs/architecture/alternative-implementations.md @@ -40,6 +40,17 @@ The general principle of an alternative implementation is: See https://tls.mbed.org/kb/development/hw_acc_guidelines for a more detailed guide. +### Constraints on context types + +Generally, alternative implementations can define their context types to any C type except incomplete and array types (although they would normally be `struct` types). This section lists some known limitations where the context type needs to be a structure with certain fields. + +Where a context type needs to have a certain field, the field must have the same type and semantics as in the built-in implementation, but does not need to be at the same position in the structure. Furthermore, unless otherwise indicated, only read access is necessary: the field can be `const`, and modifications to it do not need to be supported. For example, if an alternative implementation of asymmetric cryptography uses a different representation of large integers, it is sufficient to provide a read-only copy of the fields listed here of type `mbedtls_mpi`. + +* AES: if `MBEDTLS_AESNI_C` or `MBEDTLS_PADLOCK_C` is enabled, `mbedtls_aes_context` must have the fields `nr` and `rk`. +* DHM: if `MBEDTLS_DEBUG_C` is enabled, `mbedtls_dhm_context` must have the fields `P`, `Q`, `G`, `GX`, `GY` and `K`. +* ECP: `mbedtls_ecp_group` must have the fields `id`, `P`, `A`, `B`, `G`, `N`, `pbits` and `nbits`. + * If `MBEDTLS_PK_PARSE_EC_EXTENDED` is enabled, those fields must be writable, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`, `A` and `B` are set. + ## Function alternative implementations In some cases, it is possible to replace a single function or a small set of functions instead of [providing an alternative implementation of the whole module](#module-alternative-implementations). From a71db94c66b1be240e4b8af58fd4466ddc3b827b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 1 Jun 2021 21:30:51 +0200 Subject: [PATCH 193/236] Document that contexts must be movable Fix #4451. Signed-off-by: Gilles Peskine --- docs/architecture/alternative-implementations.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md index 4c4a2ad1b..bd8450553 100644 --- a/docs/architecture/alternative-implementations.md +++ b/docs/architecture/alternative-implementations.md @@ -51,6 +51,18 @@ Where a context type needs to have a certain field, the field must have the same * ECP: `mbedtls_ecp_group` must have the fields `id`, `P`, `A`, `B`, `G`, `N`, `pbits` and `nbits`. * If `MBEDTLS_PK_PARSE_EC_EXTENDED` is enabled, those fields must be writable, and `mbedtls_ecp_point_read_binary()` must support a group structure where only `P`, `pbits`, `A` and `B` are set. +It must be possible to move a context object in memory (except during the execution of a library function that takes this context as an argument). (This is necessary, for example, to support applications that populate a context on the stack of an inner function and then copy the context upwards through the call chain, or applications written in a language with automatic memory management that can move objects on the heap.) That is, call sequences like the following must work: +``` +mbedtls_xxx_context ctx1, ctx2; +mbedtls_xxx_init(&ctx1); +mbedtls_xxx_setup(&ctx1, …); +ctx2 = ctx1; +memset(&ctx1, 0, sizeof(ctx1)); +mbedtls_xxx_do_stuff(&ctx2, …); +mbedtls_xxx_free(&ctx2); +``` +In practice, this means that a pointer to a context or to a part of a context does not remain valid across function calls. Alternative implementations do not need to support copying of contexts: contexts can only be cloned through explicit `clone()` functions. + ## Function alternative implementations In some cases, it is possible to replace a single function or a small set of functions instead of [providing an alternative implementation of the whole module](#module-alternative-implementations). From bf26bef157773ed9ce7913629b6c0f6daaf94c5b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Jun 2021 20:15:31 +0200 Subject: [PATCH 194/236] Discuss the durability of PSA drivers vs ALT when introducing them Signed-off-by: Gilles Peskine --- docs/architecture/alternative-implementations.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md index bd8450553..eadb61b4c 100644 --- a/docs/architecture/alternative-implementations.md +++ b/docs/architecture/alternative-implementations.md @@ -21,7 +21,7 @@ To configure entropy sources (hardware random generators), see the `MBEDTLS_ENTR For networking, the `net_sockets` module does not currently support alternative implementations. If this module does not work on your platform, disable `MBEDTLS_NET_C` and use custom functions for TLS. -If your platform has a cryptographic accelerator, you can use it via a [PSA driver](#psa-cryptography-drivers) or an [declare an alternative implementation of the corresponding module(s)](#module-alternative-implementations) or [specific functions](#function-alternative-implementations). +If your platform has a cryptographic accelerator, you can use it via a [PSA driver](#psa-cryptography-drivers) or declare an [alternative implementation of the corresponding module(s)](#module-alternative-implementations) or [of specific functions](#function-alternative-implementations). PSA drivers will ultimately replace the alternative implementation mechanism, but alternative implementation will remain supported in at least all Mbed TLS versions of the form 3.x. The interface of PSA drivers is currently still experimental and subject to change. ## PSA cryptography drivers From cadd3d860ee5fba1e380200d2866f75843fc3579 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Jun 2021 20:15:55 +0200 Subject: [PATCH 195/236] Give examples of PLATFORM_XXX_ALT Signed-off-by: Gilles Peskine --- docs/architecture/alternative-implementations.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/architecture/alternative-implementations.md b/docs/architecture/alternative-implementations.md index eadb61b4c..7fe6332b4 100644 --- a/docs/architecture/alternative-implementations.md +++ b/docs/architecture/alternative-implementations.md @@ -84,6 +84,8 @@ Several platform functions can be reconfigured dynamically by following the proc * Define the symbol `MBEDTLS_PLATFORM_XXX_ALT` at compile time. * During the initialization of your application, set the global variable `mbedtls_xxx` to an alternative implementation of `xxx()`. +For example, to provide a custom `printf` function at run time, enable `MBEDTLS_PLATFORM_PRINTF_ALT` at compile time and assign to `mbedtls_printf` during the initialization of your application. + Merely enabling `MBEDTLS_PLATFORM_XXX_ALT` does not change the behavior: by default, `mbedtls_xxx` points to the standard function `xxx`. -Note that there are variations on the naming pattern. Consult the documentation of individual configuration options and of the platform module for details. +Note that there are variations on the naming pattern. For example, some configurable functions are activated in pairs, such as `mbedtls_calloc` and `mbedtls_free` via `MBEDTLS_PLATFORM_MEMORY`. Consult the documentation of individual configuration options and of the platform module for details. From e5702489f503f1fc26debc846cb3f4c0ab0b5b66 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 11 Jun 2021 21:59:08 +0200 Subject: [PATCH 196/236] mbedtls_dhm_get_value parameter order: context first, output last mbedtls_dhm_get_value can be seen as either a copy function or a getter function. Given the name and the semantics, it's more of a getter, even if it "gets" by doing a copy. Therefore, put the context first, and the selector next, leaving the output for last. Signed-off-by: Gilles Peskine --- include/mbedtls/dhm.h | 10 +++++----- library/dhm.c | 6 +++--- library/ssl_tls.c | 8 ++++---- tests/suites/test_suite_dhm.function | 2 +- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index 6c319f804..e8c8a82f5 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -315,18 +315,18 @@ size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx ); /** * \brief This function copies a parameter of a DHM key. * - * \param dest The MPI object to copy the value into. It must be - * initialized. * \param ctx The DHM context to query. * \param param The parameter to copy. + * \param dest The MPI object to copy the value into. It must be + * initialized. * * \return \c 0 on success. * \return #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid. * \return An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails. */ -int mbedtls_dhm_get_value( mbedtls_mpi *dest, - const mbedtls_dhm_context *ctx, - mbedtls_dhm_parameter param ); +int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx, + mbedtls_dhm_parameter param, + mbedtls_mpi *dest ); /** * \brief This function frees and clears the components diff --git a/library/dhm.c b/library/dhm.c index cb9299fab..e88f3a2c7 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -134,9 +134,9 @@ size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx ) return( mbedtls_mpi_size( &ctx->P ) ); } -int mbedtls_dhm_get_value( mbedtls_mpi *dest, - const mbedtls_dhm_context *ctx, - mbedtls_dhm_parameter param ) +int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx, + mbedtls_dhm_parameter param, + mbedtls_mpi *dest ) { const mbedtls_mpi *src = NULL; switch( param ) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index bef686403..560597dec 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3871,10 +3871,10 @@ int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if( ( ret = mbedtls_dhm_get_value( &conf->dhm_P, dhm_ctx, - MBEDTLS_DHM_PARAM_P ) ) != 0 || - ( ret = mbedtls_dhm_get_value( &conf->dhm_G, dhm_ctx, - MBEDTLS_DHM_PARAM_G ) ) != 0 ) + if( ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_P, + &conf->dhm_P ) ) != 0 || + ( ret = mbedtls_dhm_get_value( dhm_ctx, MBEDTLS_DHM_PARAM_G, + &conf->dhm_G ) ) != 0 ) { mbedtls_mpi_free( &conf->dhm_P ); mbedtls_mpi_free( &conf->dhm_G ); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index d48c4e38e..62e634a7f 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -9,7 +9,7 @@ int check_get_value( const mbedtls_dhm_context *ctx, int ok = 0; mbedtls_mpi_init( &actual ); - TEST_ASSERT( mbedtls_dhm_get_value( &actual, ctx, param ) == 0 ); + TEST_ASSERT( mbedtls_dhm_get_value( ctx, param, &actual ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &actual, expected ) == 0 ); ok = 1; From 28a4a963fcd45c0ff699cce57310f71085594f70 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Tue, 15 Jun 2021 00:18:32 +0200 Subject: [PATCH 197/236] Corrections to the docs wording and changes to aux scripts Signed-off-by: TRodziewicz --- ChangeLog.d/issue4212.txt | 37 +++------------- .../rename_the__ret_functions.md | 42 +++++++++++++++++-- tests/scripts/list-enum-consts.pl | 3 +- tests/scripts/list-identifiers.sh | 4 +- 4 files changed, 47 insertions(+), 39 deletions(-) diff --git a/ChangeLog.d/issue4212.txt b/ChangeLog.d/issue4212.txt index 4943d71c5..9e72ca9d7 100644 --- a/ChangeLog.d/issue4212.txt +++ b/ChangeLog.d/issue4212.txt @@ -1,33 +1,6 @@ API changes - * Rename functions whose deprecated variants have been removed via #4029: - mbedtls_ctr_drbg_update_ret -> mbedtls_ctr_drbg_update - mbedtls_hmac_drbg_update_ret -> mbedtls_hmac_drbg_update - mbedtls_md2_starts_ret -> mbedtls_md2_starts - mbedtls_md2_update_ret -> mbedtls_md2_update - mbedtls_md2_finish_ret -> mbedtls_md2_finish - mbedtls_md2_ret -> mbedtls_md2 - mbedtls_md4_starts_ret -> mbedtls_md4_starts - mbedtls_md4_update_ret -> mbedtls_md4_update - mbedtls_md4_finish_ret -> mbedtls_md4_finish - mbedtls_md4_ret -> mbedtls_md4 - mbedtls_md5_starts_ret -> mbedtls_md5_starts - mbedtls_md5_update_ret -> mbedtls_md5_update - mbedtls_md5_finish_ret -> mbedtls_md5_finish - mbedtls_md5_ret -> mbedtls_md5 - mbedtls_ripemd160_starts_ret -> mbedtls_ripemd160_starts - mbedtls_ripemd160_update_ret -> mbedtls_ripemd160_update - mbedtls_ripemd160_finish_ret -> mbedtls_ripemd160_finish - mbedtls_ripemd160_ret -> mbedtls_ripemd160 - mbedtls_sha1_starts_ret -> mbedtls_sha1_starts - mbedtls_sha1_update_ret -> mbedtls_sha1_update - mbedtls_sha1_finish_ret -> mbedtls_sha1_finish - mbedtls_sha1_ret -> mbedtls_sha1 - mbedtls_sha256_starts_ret -> mbedtls_sha256_starts - mbedtls_sha256_update_ret -> mbedtls_sha256_update - mbedtls_sha256_finish_ret -> mbedtls_sha256_finish - mbedtls_sha256_ret -> mbedtls_sha256 - mbedtls_sha512_starts_ret -> mbedtls_sha512_starts - mbedtls_sha512_update_ret -> mbedtls_sha512_update - mbedtls_sha512_finish_ret -> mbedtls_sha512_finish - mbedtls_sha512_ret -> mbedtls_sha512. - Fixes #4212. + * In modules that implement cryptographic hash functions, many functions + mbedtls_xxx() now return int instead of void, and the corresponding + function mbedtls_xxx_ret() which was identical except for returning int + has been removed. This also concerns mbedtls_xxx_drbg_update(). See the + migration guide for more information. Fixes #4212. diff --git a/docs/3.0-migration-guide.d/rename_the__ret_functions.md b/docs/3.0-migration-guide.d/rename_the__ret_functions.md index c6fe71429..44435f872 100644 --- a/docs/3.0-migration-guide.d/rename_the__ret_functions.md +++ b/docs/3.0-migration-guide.d/rename_the__ret_functions.md @@ -1,15 +1,51 @@ Rename mbedtls_*_ret() cryptography functions whose deprecated variants -have been removed in #4029 --------------------------- +have been removed +----------------- This change affects users who were using the `mbedtls_*_ret()` cryptography functions. Those functions were created based on now-deprecated functions according to a requirement that a function needs to return a value. This change brings back the -original names of those functions. +original names of those functions. The renamed functions are: + +| name before this change | after the change | +|------------------------------|--------------------------| +| mbedtls_ctr_drbg_update_ret | mbedtls_ctr_drbg_update | +| mbedtls_hmac_drbg_update_ret | mbedtls_hmac_drbg_update | +| mbedtls_md2_starts_ret | mbedtls_md2_starts | +| mbedtls_md2_update_ret | mbedtls_md2_update | +| mbedtls_md2_finish_ret | mbedtls_md2_finish | +| mbedtls_md2_ret | mbedtls_md2 | +| mbedtls_md4_starts_ret | mbedtls_md4_starts | +| mbedtls_md4_update_ret | mbedtls_md4_update | +| mbedtls_md4_finish_ret | mbedtls_md4_finish | +| mbedtls_md4_ret | mbedtls_md4 | +| mbedtls_md5_starts_ret | mbedtls_md5_starts | +| mbedtls_md5_update_ret | mbedtls_md5_update | +| mbedtls_md5_finish_ret | mbedtls_md5_finish | +| mbedtls_md5_ret | mbedtls_md5 | +| mbedtls_ripemd160_starts_ret | mbedtls_ripemd160_starts | +| mbedtls_ripemd160_update_ret | mbedtls_ripemd160_update | +| mbedtls_ripemd160_finish_ret | mbedtls_ripemd160_finish | +| mbedtls_ripemd160_ret | mbedtls_ripemd160 | +| mbedtls_sha1_starts_ret | mbedtls_sha1_starts | +| mbedtls_sha1_update_ret | mbedtls_sha1_update | +| mbedtls_sha1_finish_ret | mbedtls_sha1_finish | +| mbedtls_sha1_ret | mbedtls_sha1 | +| mbedtls_sha256_starts_ret | mbedtls_sha256_starts | +| mbedtls_sha256_update_ret | mbedtls_sha256_update | +| mbedtls_sha256_finish_ret | mbedtls_sha256_finish | +| mbedtls_sha256_ret | mbedtls_sha256 | +| mbedtls_sha512_starts_ret | mbedtls_sha512_starts | +| mbedtls_sha512_update_ret | mbedtls_sha512_update | +| mbedtls_sha512_finish_ret | mbedtls_sha512_finish | +| mbedtls_sha512_ret | mbedtls_sha512 | To migrate to the this change the user can keep the `*_ret` names in their code and include the `compat_2.x.h` header file which holds macros with proper renaming or to rename those function in their code according to the list from mentioned header file. + + + diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl index 225612f8e..6d9369307 100755 --- a/tests/scripts/list-enum-consts.pl +++ b/tests/scripts/list-enum-consts.pl @@ -23,8 +23,7 @@ use open qw(:std utf8); -d 'include/mbedtls' or die "$0: must be run from root\n"; -@ARGV = ; -push @ARGV, ; +@ARGV = grep { ! /compat-2\.x\.h/ } ; push @ARGV, "3rdparty/everest/include/everest/everest.h"; push @ARGV, "3rdparty/everest/include/everest/x25519.h"; push @ARGV, glob("library/*.h"); diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh index b8a6d5352..9698fc86c 100755 --- a/tests/scripts/list-identifiers.sh +++ b/tests/scripts/list-identifiers.sh @@ -47,9 +47,9 @@ done if [ $INTERNAL ] then - HEADERS=$( ls library/*.h ) + HEADERS=$( ls include/mbedtls/*_internal.h library/*.h | egrep -v 'compat-2\.x\.h' ) else - HEADERS=$( ls include/mbedtls/*.h include/psa/*.h library/*.h ) + HEADERS=$( ls include/mbedtls/*.h include/psa/*.h library/*.h | egrep -v 'compat-2\.x\.h' ) HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h" fi From d854083773d802d117aeaaa8e69aeee699e58dae Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Thu, 10 Jun 2021 15:16:50 +0200 Subject: [PATCH 198/236] Move part of timing module out of the library Signed-off-by: TRodziewicz --- include/mbedtls/config.h | 4 +- include/mbedtls/timing.h | 35 +- library/entropy.c | 5 - library/entropy_poll.c | 18 - library/entropy_poll.h | 9 - library/timing.c | 368 ------------------ programs/test/benchmark.c | 247 ++++++++++++ programs/test/selftest.c | 4 - .../test_suite_psa_crypto_init.function | 6 - tests/suites/test_suite_timing.data | 9 - tests/suites/test_suite_timing.function | 26 -- 11 files changed, 251 insertions(+), 480 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 16f8f8b35..1626efb08 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -268,7 +268,7 @@ /** * \def MBEDTLS_TIMING_ALT * - * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(), + * Uncomment to provide your own alternate implementation for * mbedtls_timing_get_timer(), mbedtls_set_alarm(), mbedtls_set/get_delay() * * Only works if you have MBEDTLS_TIMING_C enabled. @@ -1015,7 +1015,7 @@ * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES * * Do not add default entropy sources. These are the platform specific - * or mbedtls_timing_hardclock poll function. + * poll function. * * This is useful to have more control over the added entropy sources in an * application. diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 7669bb9b3..9ea5c2966 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -63,21 +63,11 @@ typedef struct mbedtls_timing_delay_context extern volatile int mbedtls_timing_alarmed; -/** - * \brief Return the CPU cycle counter value - * - * \warning This is only a best effort! Do not rely on this! - * In particular, it is known to be unreliable on virtual - * machines. - * - * \note This value starts at an unspecified origin and - * may wrap around. - */ -unsigned long mbedtls_timing_hardclock( void ); - /** * \brief Return the elapsed time in milliseconds * + * \warning May change without notice + * * \param val points to a timer structure * \param reset If 0, query the elapsed time. Otherwise (re)start the timer. * @@ -94,18 +84,6 @@ unsigned long mbedtls_timing_hardclock( void ); */ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ); -/** - * \brief Setup an alarm clock - * - * \param seconds delay before the "mbedtls_timing_alarmed" flag is set - * (must be >=0) - * - * \warning Only one alarm at a time is supported. In a threaded - * context, this means one for the whole process, not one per - * thread. - */ -void mbedtls_set_alarm( int seconds ); - /** * \brief Set a pair of delays to watch * (See \c mbedtls_timing_get_delay().) @@ -136,15 +114,6 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); */ int mbedtls_timing_get_delay( void *data ); -#if defined(MBEDTLS_SELF_TEST) -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if a test failed - */ -int mbedtls_timing_self_test( int verbose ); -#endif - #ifdef __cplusplus } #endif diff --git a/library/entropy.c b/library/entropy.c index cc686282a..e652e99a5 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -73,11 +73,6 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_SOURCE_STRONG ); #endif -#if defined(MBEDTLS_TIMING_C) - mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL, - MBEDTLS_ENTROPY_MIN_HARDCLOCK, - MBEDTLS_ENTROPY_SOURCE_WEAK ); -#endif #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL, MBEDTLS_ENTROPY_MIN_HARDWARE, diff --git a/library/entropy_poll.c b/library/entropy_poll.c index e5d75c5b3..bccc03478 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -211,24 +211,6 @@ int mbedtls_platform_entropy_poll( void *data, #endif /* _WIN32 && !EFIX64 && !EFI32 */ #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ -#if defined(MBEDTLS_TIMING_C) -int mbedtls_hardclock_poll( void *data, - unsigned char *output, size_t len, size_t *olen ) -{ - unsigned long timer = mbedtls_timing_hardclock(); - ((void) data); - *olen = 0; - - if( len < sizeof(unsigned long) ) - return( 0 ); - - memcpy( output, &timer, sizeof(unsigned long) ); - *olen = sizeof(unsigned long); - - return( 0 ); -} -#endif /* MBEDTLS_TIMING_C */ - #if defined(MBEDTLS_ENTROPY_NV_SEED) int mbedtls_nv_seed_poll( void *data, unsigned char *output, size_t len, size_t *olen ) diff --git a/library/entropy_poll.h b/library/entropy_poll.h index 9120fe5a0..bf268892d 100644 --- a/library/entropy_poll.h +++ b/library/entropy_poll.h @@ -38,7 +38,6 @@ extern "C" { * Default thresholds for built-in sources, in bytes */ #define MBEDTLS_ENTROPY_MIN_PLATFORM 32 /**< Minimum for platform source */ -#define MBEDTLS_ENTROPY_MIN_HARDCLOCK 4 /**< Minimum for mbedtls_timing_hardclock() */ #if !defined(MBEDTLS_ENTROPY_MIN_HARDWARE) #define MBEDTLS_ENTROPY_MIN_HARDWARE 32 /**< Minimum for the hardware source */ #endif @@ -51,14 +50,6 @@ int mbedtls_platform_entropy_poll( void *data, unsigned char *output, size_t len, size_t *olen ); #endif -#if defined(MBEDTLS_TIMING_C) -/** - * \brief mbedtls_timing_hardclock-based entropy poll callback - */ -int mbedtls_hardclock_poll( void *data, - unsigned char *output, size_t len, size_t *olen ); -#endif - #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) /** * \brief Entropy poll callback for a hardware source diff --git a/library/timing.c b/library/timing.c index 664fde082..764ff7d5d 100644 --- a/library/timing.c +++ b/library/timing.c @@ -67,172 +67,6 @@ struct _hr_time #endif /* _WIN32 && !EFIX64 && !EFI32 */ -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - ( defined(_MSC_VER) && defined(_M_IX86) ) || defined(__WATCOMC__) - -#define HAVE_HARDCLOCK - -unsigned long mbedtls_timing_hardclock( void ) -{ - unsigned long tsc; - __asm rdtsc - __asm mov [tsc], eax - return( tsc ); -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */ - -/* some versions of mingw-64 have 32-bit longs even on x84_64 */ -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && ( defined(__i386__) || ( \ - ( defined(__amd64__) || defined( __x86_64__) ) && __SIZEOF_LONG__ == 4 ) ) - -#define HAVE_HARDCLOCK - -unsigned long mbedtls_timing_hardclock( void ) -{ - unsigned long lo, hi; - asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) ); - return( lo ); -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __i386__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && ( defined(__amd64__) || defined(__x86_64__) ) - -#define HAVE_HARDCLOCK - -unsigned long mbedtls_timing_hardclock( void ) -{ - unsigned long lo, hi; - asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) ); - return( lo | ( hi << 32 ) ); -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && ( __amd64__ || __x86_64__ ) */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && ( defined(__powerpc__) || defined(__ppc__) ) - -#define HAVE_HARDCLOCK - -unsigned long mbedtls_timing_hardclock( void ) -{ - unsigned long tbl, tbu0, tbu1; - - do - { - asm volatile( "mftbu %0" : "=r" (tbu0) ); - asm volatile( "mftb %0" : "=r" (tbl ) ); - asm volatile( "mftbu %0" : "=r" (tbu1) ); - } - while( tbu0 != tbu1 ); - - return( tbl ); -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && ( __powerpc__ || __ppc__ ) */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__sparc64__) - -#if defined(__OpenBSD__) -#warning OpenBSD does not allow access to tick register using software version instead -#else -#define HAVE_HARDCLOCK - -unsigned long mbedtls_timing_hardclock( void ) -{ - unsigned long tick; - asm volatile( "rdpr %%tick, %0;" : "=&r" (tick) ); - return( tick ); -} -#endif /* __OpenBSD__ */ -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __sparc64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__sparc__) && !defined(__sparc64__) - -#define HAVE_HARDCLOCK - -unsigned long mbedtls_timing_hardclock( void ) -{ - unsigned long tick; - asm volatile( ".byte 0x83, 0x41, 0x00, 0x00" ); - asm volatile( "mov %%g1, %0" : "=r" (tick) ); - return( tick ); -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __sparc__ && !__sparc64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__alpha__) - -#define HAVE_HARDCLOCK - -unsigned long mbedtls_timing_hardclock( void ) -{ - unsigned long cc; - asm volatile( "rpcc %0" : "=r" (cc) ); - return( cc & 0xFFFFFFFF ); -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __alpha__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(__ia64__) - -#define HAVE_HARDCLOCK - -unsigned long mbedtls_timing_hardclock( void ) -{ - unsigned long itc; - asm volatile( "mov %0 = ar.itc" : "=r" (itc) ); - return( itc ); -} -#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && - __GNUC__ && __ia64__ */ - -#if !defined(HAVE_HARDCLOCK) && defined(_MSC_VER) && \ - !defined(EFIX64) && !defined(EFI32) - -#define HAVE_HARDCLOCK - -unsigned long mbedtls_timing_hardclock( void ) -{ - LARGE_INTEGER offset; - - QueryPerformanceCounter( &offset ); - - return( (unsigned long)( offset.QuadPart ) ); -} -#endif /* !HAVE_HARDCLOCK && _MSC_VER && !EFIX64 && !EFI32 */ - -#if !defined(HAVE_HARDCLOCK) - -#define HAVE_HARDCLOCK - -static int hardclock_init = 0; -static struct timeval tv_init; - -unsigned long mbedtls_timing_hardclock( void ) -{ - struct timeval tv_cur; - - if( hardclock_init == 0 ) - { - gettimeofday( &tv_init, NULL ); - hardclock_init = 1; - } - - gettimeofday( &tv_cur, NULL ); - return( ( tv_cur.tv_sec - tv_init.tv_sec ) * 1000000 - + ( tv_cur.tv_usec - tv_init.tv_usec ) ); -} -#endif /* !HAVE_HARDCLOCK */ - volatile int mbedtls_timing_alarmed = 0; #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) @@ -258,33 +92,6 @@ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int } } -/* It's OK to use a global because alarm() is supposed to be global anyway */ -static DWORD alarmMs; - -static void TimerProc( void *TimerContext ) -{ - (void) TimerContext; - Sleep( alarmMs ); - mbedtls_timing_alarmed = 1; - /* _endthread will be called implicitly on return - * That ensures execution of thread funcition's epilogue */ -} - -void mbedtls_set_alarm( int seconds ) -{ - if( seconds == 0 ) - { - /* No need to create a thread for this simple case. - * Also, this shorcut is more reliable at least on MinGW32 */ - mbedtls_timing_alarmed = 1; - return; - } - - mbedtls_timing_alarmed = 0; - alarmMs = seconds * 1000; - (void) _beginthread( TimerProc, 0, NULL ); -} - #else /* _WIN32 && !EFIX64 && !EFI32 */ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) @@ -307,25 +114,6 @@ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int } } -static void sighandler( int signum ) -{ - mbedtls_timing_alarmed = 1; - signal( signum, sighandler ); -} - -void mbedtls_set_alarm( int seconds ) -{ - mbedtls_timing_alarmed = 0; - signal( SIGALRM, sighandler ); - alarm( seconds ); - if( seconds == 0 ) - { - /* alarm(0) cancelled any previous pending alarm, but the - handler won't fire, so raise the flag straight away. */ - mbedtls_timing_alarmed = 1; - } -} - #endif /* _WIN32 && !EFIX64 && !EFI32 */ /* @@ -368,40 +156,6 @@ int mbedtls_timing_get_delay( void *data ) #if defined(MBEDTLS_SELF_TEST) -/* - * Busy-waits for the given number of milliseconds. - * Used for testing mbedtls_timing_hardclock. - */ -static void busy_msleep( unsigned long msec ) -{ - struct mbedtls_timing_hr_time hires; - unsigned long i = 0; /* for busy-waiting */ - volatile unsigned long j; /* to prevent optimisation */ - - (void) mbedtls_timing_get_timer( &hires, 1 ); - - while( mbedtls_timing_get_timer( &hires, 0 ) < msec ) - i++; - - j = i; - (void) j; -} - -static void print_timers( struct mbedtls_timing_hr_time *hires, - mbedtls_timing_delay_context *ctx ) -{ -#if defined(MBEDTLS_TIMING_ALT) - mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=?? status(ctx)=%d\n", - mbedtls_timing_get_timer( hires, 0 ), - mbedtls_timing_get_delay( ctx ) ); -#else - mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n", - mbedtls_timing_get_timer( hires, 0 ), - mbedtls_timing_get_timer( &ctx->timer, 0 ), - mbedtls_timing_get_delay( ctx ) ); -#endif -} - #define FAIL do \ { \ if( verbose != 0 ) \ @@ -415,128 +169,6 @@ static void print_timers( struct mbedtls_timing_hr_time *hires, return( 1 ); \ } while( 0 ) -/* - * Checkup routine - * - * Warning: this is work in progress, some tests may not be reliable enough - * yet! False positives may happen. - */ -int mbedtls_timing_self_test( int verbose ) -{ - unsigned long cycles = 0, ratio = 0; - unsigned long millisecs = 0, secs = 0; - int hardfail = 0; - struct mbedtls_timing_hr_time hires; - uint32_t a = 0, b = 0; - mbedtls_timing_delay_context ctx; - - if( verbose != 0 ) - mbedtls_printf( " TIMING tests note: will take some time!\n" ); - - if( verbose != 0 ) - mbedtls_printf( " TIMING test #1 (set_alarm / get_timer): " ); - - { - secs = 1; - - (void) mbedtls_timing_get_timer( &hires, 1 ); - - mbedtls_set_alarm( (int) secs ); - while( !mbedtls_timing_alarmed ) - ; - - millisecs = mbedtls_timing_get_timer( &hires, 0 ); - - /* For some reason on Windows it looks like alarm has an extra delay - * (maybe related to creating a new thread). Allow some room here. */ - if( millisecs < 800 * secs || millisecs > 1200 * secs + 300 ) - FAIL; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - - if( verbose != 0 ) - mbedtls_printf( " TIMING test #2 (set/get_delay ): " ); - - { - a = 800; - b = 400; - mbedtls_timing_set_delay( &ctx, a, a + b ); /* T = 0 */ - - busy_msleep( a - a / 4 ); /* T = a - a/4 */ - if( mbedtls_timing_get_delay( &ctx ) != 0 ) - FAIL; - - busy_msleep( a / 4 + b / 4 ); /* T = a + b/4 */ - if( mbedtls_timing_get_delay( &ctx ) != 1 ) - FAIL; - - busy_msleep( b ); /* T = a + b + b/4 */ - if( mbedtls_timing_get_delay( &ctx ) != 2 ) - FAIL; - } - - mbedtls_timing_set_delay( &ctx, 0, 0 ); - busy_msleep( 200 ); - if( mbedtls_timing_get_delay( &ctx ) != -1 ) - FAIL; - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - - if( verbose != 0 ) - mbedtls_printf( " TIMING test #3 (hardclock / get_timer): " ); - - /* - * Allow one failure for possible counter wrapping. - * On a 4Ghz 32-bit machine the cycle counter wraps about once per second; - * since the whole test is about 10ms, it shouldn't happen twice in a row. - */ - -hard_test: - if( hardfail > 1 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed (ignored)\n" ); - - goto hard_test_done; - } - - /* Get a reference ratio cycles/ms */ - millisecs = 1; - cycles = mbedtls_timing_hardclock(); - busy_msleep( millisecs ); - cycles = mbedtls_timing_hardclock() - cycles; - ratio = cycles / millisecs; - - /* Check that the ratio is mostly constant */ - for( millisecs = 2; millisecs <= 4; millisecs++ ) - { - cycles = mbedtls_timing_hardclock(); - busy_msleep( millisecs ); - cycles = mbedtls_timing_hardclock() - cycles; - - /* Allow variation up to 20% */ - if( cycles / millisecs < ratio - ratio / 5 || - cycles / millisecs > ratio + ratio / 5 ) - { - hardfail++; - goto hard_test; - } - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - -hard_test_done: - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - - return( 0 ); -} - #endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_TIMING_C */ diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 148e6da47..2f9a67395 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -77,10 +77,37 @@ int main( void ) #include "mbedtls/error.h" +#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) + +#include +#include + +struct _hr_time +{ + LARGE_INTEGER start; +}; + +#else + +#include +#include +#include +#include +#include + +struct _hr_time +{ + struct timeval start; +}; + +#endif /* _WIN32 && !EFIX64 && !EFI32 */ + #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" #endif +static void mbedtls_set_alarm( int seconds ); + /* * For heap usage estimates, we need an estimate of the overhead per allocated * block. ptmalloc2/3 (used in gnu libc for instance) uses 2 size_t per block, @@ -212,6 +239,226 @@ do { \ } \ } while( 0 ) +#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ + ( defined(_MSC_VER) && defined(_M_IX86) ) || defined(__WATCOMC__) + +#define HAVE_HARDCLOCK + +unsigned long mbedtls_timing_hardclock( void ) +{ + unsigned long tsc; + __asm rdtsc + __asm mov [tsc], eax + return( tsc ); +} +#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && + ( _MSC_VER && _M_IX86 ) || __WATCOMC__ */ + +/* some versions of mingw-64 have 32-bit longs even on x84_64 */ +#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ + defined(__GNUC__) && ( defined(__i386__) || ( \ + ( defined(__amd64__) || defined( __x86_64__) ) && __SIZEOF_LONG__ == 4 ) ) + +#define HAVE_HARDCLOCK + +unsigned long mbedtls_timing_hardclock( void ) +{ + unsigned long lo, hi; + asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) ); + return( lo ); +} +#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && + __GNUC__ && __i386__ */ + +#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ + defined(__GNUC__) && ( defined(__amd64__) || defined(__x86_64__) ) + +#define HAVE_HARDCLOCK + +unsigned long mbedtls_timing_hardclock( void ) +{ + unsigned long lo, hi; + asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) ); + return( lo | ( hi << 32 ) ); +} +#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && + __GNUC__ && ( __amd64__ || __x86_64__ ) */ + +#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ + defined(__GNUC__) && ( defined(__powerpc__) || defined(__ppc__) ) + +#define HAVE_HARDCLOCK + +unsigned long mbedtls_timing_hardclock( void ) +{ + unsigned long tbl, tbu0, tbu1; + + do + { + asm volatile( "mftbu %0" : "=r" (tbu0) ); + asm volatile( "mftb %0" : "=r" (tbl ) ); + asm volatile( "mftbu %0" : "=r" (tbu1) ); + } + while( tbu0 != tbu1 ); + + return( tbl ); +} +#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && + __GNUC__ && ( __powerpc__ || __ppc__ ) */ + +#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ + defined(__GNUC__) && defined(__sparc64__) + +#if defined(__OpenBSD__) +#warning OpenBSD does not allow access to tick register using software version instead +#else +#define HAVE_HARDCLOCK + +unsigned long mbedtls_timing_hardclock( void ) +{ + unsigned long tick; + asm volatile( "rdpr %%tick, %0;" : "=&r" (tick) ); + return( tick ); +} +#endif /* __OpenBSD__ */ +#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && + __GNUC__ && __sparc64__ */ + +#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ + defined(__GNUC__) && defined(__sparc__) && !defined(__sparc64__) + +#define HAVE_HARDCLOCK + +unsigned long mbedtls_timing_hardclock( void ) +{ + unsigned long tick; + asm volatile( ".byte 0x83, 0x41, 0x00, 0x00" ); + asm volatile( "mov %%g1, %0" : "=r" (tick) ); + return( tick ); +} +#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && + __GNUC__ && __sparc__ && !__sparc64__ */ + +#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ + defined(__GNUC__) && defined(__alpha__) + +#define HAVE_HARDCLOCK + +unsigned long mbedtls_timing_hardclock( void ) +{ + unsigned long cc; + asm volatile( "rpcc %0" : "=r" (cc) ); + return( cc & 0xFFFFFFFF ); +} +#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && + __GNUC__ && __alpha__ */ + +#if !defined(HAVE_HARDCLOCK) && defined(MBEDTLS_HAVE_ASM) && \ + defined(__GNUC__) && defined(__ia64__) + +#define HAVE_HARDCLOCK + +unsigned long mbedtls_timing_hardclock( void ) +{ + unsigned long itc; + asm volatile( "mov %0 = ar.itc" : "=r" (itc) ); + return( itc ); +} +#endif /* !HAVE_HARDCLOCK && MBEDTLS_HAVE_ASM && + __GNUC__ && __ia64__ */ + +#if !defined(HAVE_HARDCLOCK) && defined(_MSC_VER) && \ + !defined(EFIX64) && !defined(EFI32) + +#define HAVE_HARDCLOCK + +unsigned long mbedtls_timing_hardclock( void ) +{ + LARGE_INTEGER offset; + + QueryPerformanceCounter( &offset ); + + return( (unsigned long)( offset.QuadPart ) ); +} +#endif /* !HAVE_HARDCLOCK && _MSC_VER && !EFIX64 && !EFI32 */ + +#if !defined(HAVE_HARDCLOCK) + +#define HAVE_HARDCLOCK + +static int hardclock_init = 0; +static struct timeval tv_init; + +unsigned long mbedtls_timing_hardclock( void ) +{ + struct timeval tv_cur; + + if( hardclock_init == 0 ) + { + gettimeofday( &tv_init, NULL ); + hardclock_init = 1; + } + + gettimeofday( &tv_cur, NULL ); + return( ( tv_cur.tv_sec - tv_init.tv_sec ) * 1000000 + + ( tv_cur.tv_usec - tv_init.tv_usec ) ); +} +#endif /* !HAVE_HARDCLOCK */ + +volatile int mbedtls_timing_alarmed = 0; + +#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) + +/* It's OK to use a global because alarm() is supposed to be global anyway */ +static DWORD alarmMs; + +static void TimerProc( void *TimerContext ) +{ + (void) TimerContext; + Sleep( alarmMs ); + mbedtls_timing_alarmed = 1; + /* _endthread will be called implicitly on return + * That ensures execution of thread funcition's epilogue */ +} + +static void mbedtls_set_alarm( int seconds ) +{ + if( seconds == 0 ) + { + /* No need to create a thread for this simple case. + * Also, this shorcut is more reliable at least on MinGW32 */ + mbedtls_timing_alarmed = 1; + return; + } + + mbedtls_timing_alarmed = 0; + alarmMs = seconds * 1000; + (void) _beginthread( TimerProc, 0, NULL ); +} + +#else /* _WIN32 && !EFIX64 && !EFI32 */ + +static void sighandler( int signum ) +{ + mbedtls_timing_alarmed = 1; + signal( signum, sighandler ); +} + +static void mbedtls_set_alarm( int seconds ) +{ + mbedtls_timing_alarmed = 0; + signal( SIGALRM, sighandler ); + alarm( seconds ); + if( seconds == 0 ) + { + /* alarm(0) cancelled any previous pending alarm, but the + handler won't fire, so raise the flag straight away. */ + mbedtls_timing_alarmed = 1; + } +} + +#endif /* _WIN32 && !EFIX64 && !EFI32 */ + static int myrand( void *rng_state, unsigned char *output, size_t len ) { size_t use_len; diff --git a/programs/test/selftest.c b/programs/test/selftest.c index a3e306ce9..5e7eddf59 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -346,10 +346,6 @@ const selftest_t selftests[] = #if defined(MBEDTLS_PKCS5_C) {"pkcs5", mbedtls_pkcs5_self_test}, #endif -/* Slower test after the faster ones */ -#if defined(MBEDTLS_TIMING_C) - {"timing", mbedtls_timing_self_test}, -#endif /* Heap test comes last */ #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) {"memory_buffer_alloc", mbedtls_memory_buffer_alloc_free_and_self_test}, diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index d612548d7..9f72b47a4 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -85,12 +85,6 @@ static void custom_entropy_init( mbedtls_entropy_context *ctx ) MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_SOURCE_STRONG ); #endif -#if defined(MBEDTLS_TIMING_C) - if( custom_entropy_sources_mask & ENTROPY_SOURCE_TIMING ) - mbedtls_entropy_add_source( ctx, mbedtls_hardclock_poll, NULL, - MBEDTLS_ENTROPY_MIN_HARDCLOCK, - MBEDTLS_ENTROPY_SOURCE_WEAK ); -#endif #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT) if( custom_entropy_sources_mask & ENTROPY_SOURCE_HARDWARE ) mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL, diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data index 2522da1ea..de89239e7 100644 --- a/tests/suites/test_suite_timing.data +++ b/tests/suites/test_suite_timing.data @@ -1,15 +1,6 @@ -Timing: hardclock -timing_hardclock: - Timing: get timer timing_get_timer: -Timing: set alarm with no delay -timing_set_alarm:0: - -Timing: set alarm with 1s delay -timing_set_alarm:1: - Timing: delay 0ms timing_delay:0: diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function index 74dc82317..3483d85f3 100644 --- a/tests/suites/test_suite_timing.function +++ b/tests/suites/test_suite_timing.function @@ -16,15 +16,6 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE */ -void timing_hardclock( ) -{ - (void) mbedtls_timing_hardclock(); - /* This goto is added to avoid warnings from the generated code. */ - goto exit; -} -/* END_CASE */ - /* BEGIN_CASE */ void timing_get_timer( ) { @@ -36,23 +27,6 @@ void timing_get_timer( ) } /* END_CASE */ -/* BEGIN_CASE */ -void timing_set_alarm( int seconds ) -{ - if( seconds == 0 ) - { - mbedtls_set_alarm( seconds ); - TEST_ASSERT( mbedtls_timing_alarmed == 1 ); - } - else - { - mbedtls_set_alarm( seconds ); - TEST_ASSERT( mbedtls_timing_alarmed == 0 || - mbedtls_timing_alarmed == 1 ); - } -} -/* END_CASE */ - /* BEGIN_CASE */ void timing_delay( int fin_ms ) { From 90f304ff1a2c72bd9949ae665728b6c7bfbf338e Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 11 Jun 2021 11:56:47 +0200 Subject: [PATCH 199/236] Fixing test_clang_opt (asm not defined) Signed-off-by: TRodziewicz --- include/mbedtls/config.h | 1 - library/timing.c | 4 ---- programs/test/benchmark.c | 4 ++++ 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 1626efb08..74b82221d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -47,7 +47,6 @@ * * Used in: * library/aria.c - * library/timing.c * library/bn_mul.h * * Required by: diff --git a/library/timing.c b/library/timing.c index 764ff7d5d..7964102e6 100644 --- a/library/timing.c +++ b/library/timing.c @@ -38,10 +38,6 @@ #error "This module only works on Unix and Windows, see MBEDTLS_TIMING_C in config.h" #endif -#ifndef asm -#define asm __asm -#endif - #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 2f9a67395..b4b8c283d 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -77,6 +77,10 @@ int main( void ) #include "mbedtls/error.h" +#ifndef asm +#define asm __asm +#endif + #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) #include From 9a9609ee067cce9d9c21124fb3cee9a79f62673a Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 11 Jun 2021 13:35:10 +0200 Subject: [PATCH 200/236] Make static all the functions moved to bechmark.c Signed-off-by: TRodziewicz --- programs/test/benchmark.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index b4b8c283d..cbda79866 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -248,7 +248,7 @@ do { \ #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +static unsigned long mbedtls_timing_hardclock( void ) { unsigned long tsc; __asm rdtsc @@ -265,7 +265,7 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +static unsigned long mbedtls_timing_hardclock( void ) { unsigned long lo, hi; asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) ); @@ -279,7 +279,7 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +static unsigned long mbedtls_timing_hardclock( void ) { unsigned long lo, hi; asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) ); @@ -293,7 +293,7 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +static unsigned long mbedtls_timing_hardclock( void ) { unsigned long tbl, tbu0, tbu1; @@ -318,7 +318,7 @@ unsigned long mbedtls_timing_hardclock( void ) #else #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +static unsigned long mbedtls_timing_hardclock( void ) { unsigned long tick; asm volatile( "rdpr %%tick, %0;" : "=&r" (tick) ); @@ -333,7 +333,7 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +static unsigned long mbedtls_timing_hardclock( void ) { unsigned long tick; asm volatile( ".byte 0x83, 0x41, 0x00, 0x00" ); @@ -348,7 +348,7 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +static unsigned long mbedtls_timing_hardclock( void ) { unsigned long cc; asm volatile( "rpcc %0" : "=r" (cc) ); @@ -362,7 +362,7 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +static unsigned long mbedtls_timing_hardclock( void ) { unsigned long itc; asm volatile( "mov %0 = ar.itc" : "=r" (itc) ); @@ -376,7 +376,7 @@ unsigned long mbedtls_timing_hardclock( void ) #define HAVE_HARDCLOCK -unsigned long mbedtls_timing_hardclock( void ) +static unsigned long mbedtls_timing_hardclock( void ) { LARGE_INTEGER offset; @@ -393,7 +393,7 @@ unsigned long mbedtls_timing_hardclock( void ) static int hardclock_init = 0; static struct timeval tv_init; -unsigned long mbedtls_timing_hardclock( void ) +static unsigned long mbedtls_timing_hardclock( void ) { struct timeval tv_cur; From 5bbbb5ed28dafd3dde7e7969909a42946b420cb0 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 11 Jun 2021 14:02:06 +0200 Subject: [PATCH 201/236] Remove the mbedtls_printf and FAIL macros Signed-off-by: TRodziewicz --- library/timing.c | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/library/timing.c b/library/timing.c index 7964102e6..d87d8b6ca 100644 --- a/library/timing.c +++ b/library/timing.c @@ -19,13 +19,6 @@ #include "common.h" -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif - #if defined(MBEDTLS_TIMING_C) #include "mbedtls/timing.h" @@ -149,22 +142,4 @@ int mbedtls_timing_get_delay( void *data ) } #endif /* !MBEDTLS_TIMING_ALT */ - -#if defined(MBEDTLS_SELF_TEST) - -#define FAIL do \ - { \ - if( verbose != 0 ) \ - { \ - mbedtls_printf( "failed at line %d\n", __LINE__ ); \ - mbedtls_printf( " cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d a=%lu b=%lu\n", \ - cycles, ratio, millisecs, secs, hardfail, \ - (unsigned long) a, (unsigned long) b ); \ - print_timers( &hires, &ctx ); \ - } \ - return( 1 ); \ - } while( 0 ) - -#endif /* MBEDTLS_SELF_TEST */ - #endif /* MBEDTLS_TIMING_C */ From 9c90226df17f1ba39107bb4029a2baf84fc2462b Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 11 Jun 2021 14:30:01 +0200 Subject: [PATCH 202/236] Addition of the migration guide and change log files Signed-off-by: TRodziewicz --- ChangeLog.d/issue4083.txt | 5 +++++ .../move_part_of_timing_module_out_of_the_library.md | 12 ++++++++++++ 2 files changed, 17 insertions(+) create mode 100644 ChangeLog.d/issue4083.txt create mode 100644 docs/3.0-migration-guide.d/move_part_of_timing_module_out_of_the_library.md diff --git a/ChangeLog.d/issue4083.txt b/ChangeLog.d/issue4083.txt new file mode 100644 index 000000000..f3f7e31b0 --- /dev/null +++ b/ChangeLog.d/issue4083.txt @@ -0,0 +1,5 @@ +Changes + * Remove the following functions: mbedtls_timing_self_test() and + mbedtls_hardclock_poll(). Move the following functions to the benchmark.c + file and make them static: mbedtls_timing_hardclock() and + mbedtls_set_alarm(). Fixes #4083. diff --git a/docs/3.0-migration-guide.d/move_part_of_timing_module_out_of_the_library.md b/docs/3.0-migration-guide.d/move_part_of_timing_module_out_of_the_library.md new file mode 100644 index 000000000..f0b539c8f --- /dev/null +++ b/docs/3.0-migration-guide.d/move_part_of_timing_module_out_of_the_library.md @@ -0,0 +1,12 @@ +Move part of timing module out of the library +-- + +The change affects users who use any of the following functions: +`mbedtls_timing_self_test()`, `mbedtls_hardclock_poll()`, +`mbedtls_timing_hardclock()` and `mbedtls_set_alarm()`. + +This change is the first step of a plan of removal of the `timing.c` from the +library. The plan is to move all the timing functions to the `platform.c` file. + +For users who still need removed functions the migration path is to re-implement +them as a platform support code. From 10e8cf5fef7e062927bfbec69ad85fbf491b4299 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 31 May 2021 17:58:57 +0200 Subject: [PATCH 203/236] Remove MD2, MD4, RC4, Blowfish and XTEA Signed-off-by: TRodziewicz --- configs/config-symmetric-only.h | 5 - doxygen/input/doc_encdec.h | 4 - doxygen/input/doc_hashing.h | 2 +- include/mbedtls/arc4.h | 142 ---- include/mbedtls/blowfish.h | 279 ------- include/mbedtls/cipher.h | 13 +- include/mbedtls/config.h | 85 +-- include/mbedtls/config_psa.h | 34 - include/mbedtls/error.h | 5 - include/mbedtls/md.h | 4 +- include/mbedtls/md2.h | 204 ------ include/mbedtls/md4.h | 207 ------ include/mbedtls/oid.h | 8 - include/mbedtls/pkcs12.h | 19 - include/mbedtls/psa_util.h | 8 - include/mbedtls/xtea.h | 135 ---- include/psa/crypto.h | 1 - include/psa/crypto_builtin_primitives.h | 12 +- include/psa/crypto_config.h | 3 - include/psa/crypto_sizes.h | 2 - include/psa/crypto_values.h | 11 - library/CMakeLists.txt | 5 - library/Makefile | 5 - library/arc4.c | 195 ----- library/blowfish.c | 690 ------------------ library/cipher_wrap.c | 244 ------- library/md.c | 114 --- library/md2.c | 321 -------- library/md4.c | 444 ----------- library/md_wrap.h | 6 - library/oid.c | 24 - library/pkcs12.c | 45 -- library/pkparse.c | 18 - library/psa_crypto.c | 20 - library/psa_crypto_cipher.c | 3 - library/psa_crypto_hash.c | 80 -- library/psa_crypto_mac.c | 4 - library/xtea.c | 271 ------- programs/ssl/ssl_context_info.c | 6 - programs/test/benchmark.c | 61 +- programs/test/cpp_dummy_build.cpp | 5 - programs/test/selftest.c | 16 - programs/x509/cert_req.c | 2 +- programs/x509/cert_write.c | 2 +- scripts/data_files/query_config.fmt | 5 - scripts/generate_errors.pl | 6 +- scripts/mbedtls_dev/crypto_knowledge.py | 1 - tests/CMakeLists.txt | 5 - tests/data_files/Makefile | 48 +- tests/data_files/cert_md2.crt | 20 - tests/data_files/cert_md2.csr | 16 - tests/data_files/cert_md4.crt | 20 - tests/data_files/cert_md4.csr | 16 - tests/data_files/crl_md2.pem | 11 - tests/data_files/crl_md4.pem | 11 - tests/data_files/server1.req.md4 | 16 - tests/include/test/psa_exercise_key.h | 9 +- tests/scripts/all.sh | 71 +- tests/scripts/basic-build-test.sh | 4 +- tests/scripts/depends-hashes.pl | 2 - tests/scripts/set_psa_test_dependencies.py | 5 - tests/suites/test_suite_arc4.data | 27 - tests/suites/test_suite_arc4.function | 37 - tests/suites/test_suite_blowfish.data | 311 -------- tests/suites/test_suite_blowfish.function | 216 ------ tests/suites/test_suite_ccm.data | 4 - tests/suites/test_suite_cipher.arc4.data | 107 --- tests/suites/test_suite_cipher.blowfish.data | 607 --------------- tests/suites/test_suite_cipher.padding.data | 16 - tests/suites/test_suite_hkdf.data | 42 +- tests/suites/test_suite_md.data | 208 ------ tests/suites/test_suite_mdx.data | 50 +- tests/suites/test_suite_mdx.function | 56 -- tests/suites/test_suite_nist_kw.data | 4 - tests/suites/test_suite_pkparse.data | 70 +- tests/suites/test_suite_psa_crypto.data | 25 - tests/suites/test_suite_psa_crypto_hash.data | 120 --- .../test_suite_psa_crypto_metadata.data | 20 - tests/suites/test_suite_rsa.data | 34 +- tests/suites/test_suite_rsa.function | 2 - tests/suites/test_suite_ssl.data | 640 ---------------- tests/suites/test_suite_x509parse.data | 220 +++--- tests/suites/test_suite_x509write.data | 4 - tests/suites/test_suite_xtea.data | 76 -- tests/suites/test_suite_xtea.function | 86 --- 85 files changed, 159 insertions(+), 6853 deletions(-) delete mode 100644 include/mbedtls/arc4.h delete mode 100644 include/mbedtls/blowfish.h delete mode 100644 include/mbedtls/md2.h delete mode 100644 include/mbedtls/md4.h delete mode 100644 include/mbedtls/xtea.h delete mode 100644 library/arc4.c delete mode 100644 library/blowfish.c delete mode 100644 library/md2.c delete mode 100644 library/md4.c delete mode 100644 library/xtea.c delete mode 100644 tests/data_files/cert_md2.crt delete mode 100644 tests/data_files/cert_md2.csr delete mode 100644 tests/data_files/cert_md4.crt delete mode 100644 tests/data_files/cert_md4.csr delete mode 100644 tests/data_files/crl_md2.pem delete mode 100644 tests/data_files/crl_md4.pem delete mode 100644 tests/data_files/server1.req.md4 delete mode 100644 tests/suites/test_suite_arc4.data delete mode 100644 tests/suites/test_suite_arc4.function delete mode 100644 tests/suites/test_suite_blowfish.data delete mode 100644 tests/suites/test_suite_blowfish.function delete mode 100644 tests/suites/test_suite_cipher.arc4.data delete mode 100644 tests/suites/test_suite_cipher.blowfish.data delete mode 100644 tests/suites/test_suite_xtea.data delete mode 100644 tests/suites/test_suite_xtea.function diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h index 29e77b52c..5b1006327 100644 --- a/configs/config-symmetric-only.h +++ b/configs/config-symmetric-only.h @@ -47,11 +47,9 @@ /* Mbed Crypto modules */ #define MBEDTLS_AES_C -#define MBEDTLS_ARC4_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_BASE64_C -#define MBEDTLS_BLOWFISH_C #define MBEDTLS_CAMELLIA_C #define MBEDTLS_ARIA_C #define MBEDTLS_CCM_C @@ -68,8 +66,6 @@ #define MBEDTLS_HMAC_DRBG_C #define MBEDTLS_NIST_KW_C #define MBEDTLS_MD_C -#define MBEDTLS_MD2_C -#define MBEDTLS_MD4_C #define MBEDTLS_MD5_C #define MBEDTLS_OID_C #define MBEDTLS_PEM_PARSE_C @@ -94,7 +90,6 @@ //#define MBEDTLS_THREADING_C #define MBEDTLS_TIMING_C #define MBEDTLS_VERSION_C -#define MBEDTLS_XTEA_C #include "mbedtls/config_psa.h" diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h index 46fb04fe3..96734bdd8 100644 --- a/doxygen/input/doc_encdec.h +++ b/doxygen/input/doc_encdec.h @@ -45,15 +45,11 @@ * - Symmetric: * - AES (see \c mbedtls_aes_crypt_ecb(), \c mbedtls_aes_crypt_cbc(), \c mbedtls_aes_crypt_cfb128() and * \c mbedtls_aes_crypt_ctr()). - * - ARCFOUR (see \c mbedtls_arc4_crypt()). - * - Blowfish / BF (see \c mbedtls_blowfish_crypt_ecb(), \c mbedtls_blowfish_crypt_cbc(), - * \c mbedtls_blowfish_crypt_cfb64() and \c mbedtls_blowfish_crypt_ctr()) * - Camellia (see \c mbedtls_camellia_crypt_ecb(), \c mbedtls_camellia_crypt_cbc(), * \c mbedtls_camellia_crypt_cfb128() and \c mbedtls_camellia_crypt_ctr()). * - DES/3DES (see \c mbedtls_des_crypt_ecb(), \c mbedtls_des_crypt_cbc(), \c mbedtls_des3_crypt_ecb() * and \c mbedtls_des3_crypt_cbc()). * - GCM (AES-GCM and CAMELLIA-GCM) (see \c mbedtls_gcm_init()) - * - XTEA (see \c mbedtls_xtea_crypt_ecb()). * - Asymmetric: * - Diffie-Hellman-Merkle (see \c mbedtls_dhm_read_public(), \c mbedtls_dhm_make_public() * and \c mbedtls_dhm_calc_secret()). diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h index aaa0c7890..42a3754e1 100644 --- a/doxygen/input/doc_hashing.h +++ b/doxygen/input/doc_hashing.h @@ -34,7 +34,7 @@ * \c mbedtls_md_setup()) * * The following hashing-algorithms are provided: - * - MD2, MD4, MD5 128-bit one-way hash functions by Ron Rivest. + * - MD5 128-bit one-way hash functions by Ron Rivest. * - SHA-1, SHA-256, SHA-384/512 160-bit or more one-way hash functions by * NIST and NSA. * diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h deleted file mode 100644 index 631365120..000000000 --- a/include/mbedtls/arc4.h +++ /dev/null @@ -1,142 +0,0 @@ -/** - * \file arc4.h - * - * \brief The ARCFOUR stream cipher - * - * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers instead. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -#ifndef MBEDTLS_ARC4_H -#define MBEDTLS_ARC4_H -#include "mbedtls/private_access.h" - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_ARC4_ALT) -// Regular implementation -// - -/** - * \brief ARC4 context structure - * - * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers instead. - * - */ -typedef struct mbedtls_arc4_context -{ - int MBEDTLS_PRIVATE(x); /*!< permutation index */ - int MBEDTLS_PRIVATE(y); /*!< permutation index */ - unsigned char MBEDTLS_PRIVATE(m)[256]; /*!< permutation table */ -} -mbedtls_arc4_context; - -#else /* MBEDTLS_ARC4_ALT */ -#include "arc4_alt.h" -#endif /* MBEDTLS_ARC4_ALT */ - -/** - * \brief Initialize ARC4 context - * - * \param ctx ARC4 context to be initialized - * - * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - * - */ -void mbedtls_arc4_init( mbedtls_arc4_context *ctx ); - -/** - * \brief Clear ARC4 context - * - * \param ctx ARC4 context to be cleared - * - * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - * - */ -void mbedtls_arc4_free( mbedtls_arc4_context *ctx ); - -/** - * \brief ARC4 key schedule - * - * \param ctx ARC4 context to be setup - * \param key the secret key - * \param keylen length of the key, in bytes - * - * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - * - */ -void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, - unsigned int keylen ); - -/** - * \brief ARC4 cipher function - * - * \param ctx ARC4 context - * \param length length of the input data - * \param input buffer holding the input data - * \param output buffer for the output data - * - * \return 0 if successful - * - * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - * - */ -int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, - unsigned char *output ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - * - * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. We recommend considering stronger ciphers - * instead. - * - */ -int mbedtls_arc4_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* arc4.h */ diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h deleted file mode 100644 index e54d4914d..000000000 --- a/include/mbedtls/blowfish.h +++ /dev/null @@ -1,279 +0,0 @@ -/** - * \file blowfish.h - * - * \brief Blowfish block cipher - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_BLOWFISH_H -#define MBEDTLS_BLOWFISH_H -#include "mbedtls/private_access.h" - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include -#include - -#include "mbedtls/platform_util.h" - -#define MBEDTLS_BLOWFISH_ENCRYPT 1 -#define MBEDTLS_BLOWFISH_DECRYPT 0 -#define MBEDTLS_BLOWFISH_MAX_KEY_BITS 448 -#define MBEDTLS_BLOWFISH_MIN_KEY_BITS 32 -#define MBEDTLS_BLOWFISH_ROUNDS 16 /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */ -#define MBEDTLS_BLOWFISH_BLOCKSIZE 8 /* Blowfish uses 64 bit blocks */ - -#define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */ - -#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_BLOWFISH_ALT) -// Regular implementation -// - -/** - * \brief Blowfish context structure - */ -typedef struct mbedtls_blowfish_context -{ - uint32_t MBEDTLS_PRIVATE(P)[MBEDTLS_BLOWFISH_ROUNDS + 2]; /*!< Blowfish round keys */ - uint32_t MBEDTLS_PRIVATE(S)[4][256]; /*!< key dependent S-boxes */ -} -mbedtls_blowfish_context; - -#else /* MBEDTLS_BLOWFISH_ALT */ -#include "blowfish_alt.h" -#endif /* MBEDTLS_BLOWFISH_ALT */ - -/** - * \brief Initialize a Blowfish context. - * - * \param ctx The Blowfish context to be initialized. - * This must not be \c NULL. - */ -void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ); - -/** - * \brief Clear a Blowfish context. - * - * \param ctx The Blowfish context to be cleared. - * This may be \c NULL, in which case this function - * returns immediately. If it is not \c NULL, it must - * point to an initialized Blowfish context. - */ -void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ); - -/** - * \brief Perform a Blowfish key schedule operation. - * - * \param ctx The Blowfish context to perform the key schedule on. - * \param key The encryption key. This must be a readable buffer of - * length \p keybits Bits. - * \param keybits The length of \p key in Bits. This must be between - * \c 32 and \c 448 and a multiple of \c 8. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key, - unsigned int keybits ); - -/** - * \brief Perform a Blowfish-ECB block encryption/decryption operation. - * - * \param ctx The Blowfish context to use. This must be initialized - * and bound to a key. - * \param mode The mode of operation. Possible values are - * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or - * #MBEDTLS_BLOWFISH_DECRYPT for decryption. - * \param input The input block. This must be a readable buffer - * of size \c 8 Bytes. - * \param output The output block. This must be a writable buffer - * of size \c 8 Bytes. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, - int mode, - const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE], - unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] ); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/** - * \brief Perform a Blowfish-CBC buffer encryption/decryption operation. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx The Blowfish context to use. This must be initialized - * and bound to a key. - * \param mode The mode of operation. Possible values are - * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or - * #MBEDTLS_BLOWFISH_DECRYPT for decryption. - * \param length The length of the input data in Bytes. This must be - * multiple of \c 8. - * \param iv The initialization vector. This must be a read/write buffer - * of length \c 8 Bytes. It is updated by this function. - * \param input The input data. This must be a readable buffer of length - * \p length Bytes. - * \param output The output data. This must be a writable buffer of length - * \p length Bytes. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, - int mode, - size_t length, - unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -/** - * \brief Perform a Blowfish CFB buffer encryption/decryption operation. - * - * \note Upon exit, the content of the IV is updated so that you can - * call the function same function again on the following - * block(s) of data and get the same result as if it was - * encrypted in one call. This allows a "streaming" usage. - * If on the other hand you need to retain the contents of the - * IV, you should either save it manually or use the cipher - * module instead. - * - * \param ctx The Blowfish context to use. This must be initialized - * and bound to a key. - * \param mode The mode of operation. Possible values are - * #MBEDTLS_BLOWFISH_ENCRYPT for encryption, or - * #MBEDTLS_BLOWFISH_DECRYPT for decryption. - * \param length The length of the input data in Bytes. - * \param iv_off The offset in the initialiation vector. - * The value pointed to must be smaller than \c 8 Bytes. - * It is updated by this function to support the aforementioned - * streaming usage. - * \param iv The initialization vector. This must be a read/write buffer - * of size \c 8 Bytes. It is updated after use. - * \param input The input data. This must be a readable buffer of length - * \p length Bytes. - * \param output The output data. This must be a writable buffer of length - * \p length Bytes. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); -#endif /*MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -/** - * \brief Perform a Blowfish-CTR buffer encryption/decryption operation. - * - * \warning You must never reuse a nonce value with the same key. Doing so - * would void the encryption for the two messages encrypted with - * the same nonce and key. - * - * There are two common strategies for managing nonces with CTR: - * - * 1. You can handle everything as a single message processed over - * successive calls to this function. In that case, you want to - * set \p nonce_counter and \p nc_off to 0 for the first call, and - * then preserve the values of \p nonce_counter, \p nc_off and \p - * stream_block across calls to this function as they will be - * updated by this function. - * - * With this strategy, you must not encrypt more than 2**64 - * blocks of data with the same key. - * - * 2. You can encrypt separate messages by dividing the \p - * nonce_counter buffer in two areas: the first one used for a - * per-message nonce, handled by yourself, and the second one - * updated by this function internally. - * - * For example, you might reserve the first 4 bytes for the - * per-message nonce, and the last 4 bytes for internal use. In that - * case, before calling this function on a new message you need to - * set the first 4 bytes of \p nonce_counter to your chosen nonce - * value, the last 4 to 0, and \p nc_off to 0 (which will cause \p - * stream_block to be ignored). That way, you can encrypt at most - * 2**32 messages of up to 2**32 blocks each with the same key. - * - * The per-message nonce (or information sufficient to reconstruct - * it) needs to be communicated with the ciphertext and must be unique. - * The recommended way to ensure uniqueness is to use a message - * counter. - * - * Note that for both stategies, sizes are measured in blocks and - * that a Blowfish block is 8 bytes. - * - * \warning Upon return, \p stream_block contains sensitive data. Its - * content must not be written to insecure storage and should be - * securely discarded as soon as it's no longer needed. - * - * \param ctx The Blowfish context to use. This must be initialized - * and bound to a key. - * \param length The length of the input data in Bytes. - * \param nc_off The offset in the current stream_block (for resuming - * within current cipher stream). The offset pointer - * should be \c 0 at the start of a stream and must be - * smaller than \c 8. It is updated by this function. - * \param nonce_counter The 64-bit nonce and counter. This must point to a - * read/write buffer of length \c 8 Bytes. - * \param stream_block The saved stream-block for resuming. This must point to - * a read/write buffer of length \c 8 Bytes. - * \param input The input data. This must be a readable buffer of - * length \p length Bytes. - * \param output The output data. This must be a writable buffer of - * length \p length Bytes. - * - * \return \c 0 if successful. - * \return A negative error code on failure. - */ -int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], - unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ); -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -#ifdef __cplusplus -} -#endif - -#endif /* blowfish.h */ diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h index 25e1d8d67..63c53094f 100644 --- a/include/mbedtls/cipher.h +++ b/include/mbedtls/cipher.h @@ -45,7 +45,7 @@ #define MBEDTLS_CIPHER_MODE_WITH_PADDING #endif -#if defined(MBEDTLS_ARC4_C) || defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ +#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || \ defined(MBEDTLS_CHACHA20_C) #define MBEDTLS_CIPHER_MODE_STREAM #endif @@ -73,7 +73,7 @@ extern "C" { /** * \brief Supported cipher types. * - * \warning RC4 and DES are considered weak ciphers and their use + * \warning DES is considered weak cipher and its use * constitutes a security risk. Arm recommends considering stronger * ciphers instead. */ @@ -84,8 +84,6 @@ typedef enum { MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */ MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */ MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */ - MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */ - MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */ MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */ MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */ } mbedtls_cipher_id_t; @@ -93,7 +91,7 @@ typedef enum { /** * \brief Supported {cipher type, cipher mode} pairs. * - * \warning RC4 and DES are considered weak ciphers and their use + * \warning DES is considered weak cipher and its use * constitutes a security risk. Arm recommends considering stronger * ciphers instead. */ @@ -136,11 +134,6 @@ typedef enum { MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */ MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */ MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */ - MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */ - MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */ - MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */ - MBEDTLS_CIPHER_BLOWFISH_CTR, /**< Blowfish cipher with CTR mode. */ - MBEDTLS_CIPHER_ARC4_128, /**< RC4 cipher with 128-bit mode. */ MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */ MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */ MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 16f8f8b35..b566bc789 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -297,16 +297,14 @@ * Uncomment a macro to enable alternate implementation of the corresponding * module. * - * \warning MD2, MD4, MD5, ARC4, DES and SHA-1 are considered weak and their + * \warning MD5, DES and SHA-1 are considered weak and their * use constitutes a security risk. If possible, we recommend * avoiding dependencies on them, and considering stronger message * digests and ciphers instead. * */ //#define MBEDTLS_AES_ALT -//#define MBEDTLS_ARC4_ALT //#define MBEDTLS_ARIA_ALT -//#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_CCM_ALT //#define MBEDTLS_CHACHA20_ALT @@ -317,8 +315,6 @@ //#define MBEDTLS_ECJPAKE_ALT //#define MBEDTLS_GCM_ALT //#define MBEDTLS_NIST_KW_ALT -//#define MBEDTLS_MD2_ALT -//#define MBEDTLS_MD4_ALT //#define MBEDTLS_MD5_ALT //#define MBEDTLS_POLY1305_ALT //#define MBEDTLS_RIPEMD160_ALT @@ -326,7 +322,6 @@ //#define MBEDTLS_SHA1_ALT //#define MBEDTLS_SHA256_ALT //#define MBEDTLS_SHA512_ALT -//#define MBEDTLS_XTEA_ALT /* * When replacing the elliptic curve module, pleace consider, that it is @@ -340,8 +335,6 @@ //#define MBEDTLS_ECP_ALT /** - * \def MBEDTLS_MD2_PROCESS_ALT - * * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you * alternate core implementation of symmetric crypto or hash function. Keep in * mind that function prototypes should remain the same. @@ -362,7 +355,7 @@ * Uncomment a macro to enable alternate implementation of the corresponding * function. * - * \warning MD2, MD4, MD5, DES and SHA-1 are considered weak and their use + * \warning MD5, DES and SHA-1 are considered weak and their use * constitutes a security risk. If possible, we recommend avoiding * dependencies on them, and considering stronger message digests * and ciphers instead. @@ -376,8 +369,6 @@ * implementation should be provided for mbedtls_ecdsa_sign_det_ext(). * */ -//#define MBEDTLS_MD2_PROCESS_ALT -//#define MBEDTLS_MD4_PROCESS_ALT //#define MBEDTLS_MD5_PROCESS_ALT //#define MBEDTLS_RIPEMD160_PROCESS_ALT //#define MBEDTLS_SHA1_PROCESS_ALT @@ -1940,24 +1931,6 @@ */ #define MBEDTLS_AES_C -/** - * \def MBEDTLS_ARC4_C - * - * Enable the ARCFOUR stream cipher. - * - * Module: library/arc4.c - * Caller: library/cipher.c - * - * This module enables the following ciphersuites (if other requisites are - * enabled as well): - * - * \warning ARC4 is considered a weak cipher and its use constitutes a - * security risk. If possible, we recommend avoidng dependencies on - * it, and considering stronger ciphers instead. - * - */ -#define MBEDTLS_ARC4_C - /** * \def MBEDTLS_ASN1_PARSE_C * @@ -2015,15 +1988,6 @@ */ #define MBEDTLS_BIGNUM_C -/** - * \def MBEDTLS_BLOWFISH_C - * - * Enable the Blowfish block cipher. - * - * Module: library/blowfish.c - */ -#define MBEDTLS_BLOWFISH_C - /** * \def MBEDTLS_CAMELLIA_C * @@ -2426,40 +2390,6 @@ */ #define MBEDTLS_MD_C -/** - * \def MBEDTLS_MD2_C - * - * Enable the MD2 hash algorithm. - * - * Module: library/md2.c - * Caller: - * - * Uncomment to enable support for (rare) MD2-signed X.509 certs. - * - * \warning MD2 is considered a weak message digest and its use constitutes a - * security risk. If possible, we recommend avoiding dependencies on - * it, and considering stronger message digests instead. - * - */ -//#define MBEDTLS_MD2_C - -/** - * \def MBEDTLS_MD4_C - * - * Enable the MD4 hash algorithm. - * - * Module: library/md4.c - * Caller: - * - * Uncomment to enable support for (rare) MD4-signed X.509 certs. - * - * \warning MD4 is considered a weak message digest and its use constitutes a - * security risk. If possible, we recommend avoiding dependencies on - * it, and considering stronger message digests instead. - * - */ -//#define MBEDTLS_MD4_C - /** * \def MBEDTLS_MD5_C * @@ -2655,7 +2585,6 @@ * Caller: library/pkparse.c * * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C - * Can use: MBEDTLS_ARC4_C * * This module enables PKCS#12 functions. */ @@ -3100,16 +3029,6 @@ */ #define MBEDTLS_X509_CSR_WRITE_C -/** - * \def MBEDTLS_XTEA_C - * - * Enable the XTEA block cipher. - * - * Module: library/xtea.c - * Caller: - */ -#define MBEDTLS_XTEA_C - /* \} name SECTION: mbed TLS modules */ /** diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index f5db94ea0..a0f2637fb 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -103,16 +103,6 @@ extern "C" { #endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ #endif /* PSA_WANT_ALG_HMAC */ -#if defined(PSA_WANT_ALG_MD2) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD2) -#define MBEDTLS_PSA_BUILTIN_ALG_MD2 1 -#define MBEDTLS_MD2_C -#endif - -#if defined(PSA_WANT_ALG_MD4) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD4) -#define MBEDTLS_PSA_BUILTIN_ALG_MD4 1 -#define MBEDTLS_MD4_C -#endif - #if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5) #define MBEDTLS_PSA_BUILTIN_ALG_MD5 1 #define MBEDTLS_MD5_C @@ -277,13 +267,6 @@ extern "C" { #endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */ #endif /* PSA_WANT_KEY_TYPE_AES */ -#if defined(PSA_WANT_KEY_TYPE_ARC4) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4 1 -#define MBEDTLS_ARC4_C -#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4 */ -#endif /* PSA_WANT_KEY_TYPE_ARC4 */ - #if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA) #define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1 @@ -591,16 +574,6 @@ extern "C" { #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 #endif /* MBEDTLS_MD_C */ -#if defined(MBEDTLS_MD2_C) -#define MBEDTLS_PSA_BUILTIN_ALG_MD2 1 -#define PSA_WANT_ALG_MD2 1 -#endif - -#if defined(MBEDTLS_MD4_C) -#define MBEDTLS_PSA_BUILTIN_ALG_MD4 1 -#define PSA_WANT_ALG_MD4 1 -#endif - #if defined(MBEDTLS_MD5_C) #define MBEDTLS_PSA_BUILTIN_ALG_MD5 1 #define PSA_WANT_ALG_MD5 1 @@ -661,13 +634,6 @@ extern "C" { #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 #endif -#if defined(MBEDTLS_ARC4_C) -#define PSA_WANT_KEY_TYPE_ARC4 1 -#define PSA_WANT_ALG_STREAM_CIPHER 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARC4 1 -#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1 -#endif - #if defined(MBEDTLS_CAMELLIA_C) #define PSA_WANT_KEY_TYPE_CAMELLIA 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 199ea3df9..2835fd55c 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -61,11 +61,9 @@ * ERROR 2 0x006E 0x0001 * MPI 7 0x0002-0x0010 * GCM 3 0x0012-0x0014 0x0013-0x0013 - * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 * THREADING 3 0x001A-0x001E * AES 5 0x0020-0x0022 0x0021-0x0025 * CAMELLIA 3 0x0024-0x0026 0x0027-0x0027 - * XTEA 2 0x0028-0x0028 0x0029-0x0029 * BASE64 2 0x002A-0x002C * OID 1 0x002E-0x002E 0x000B-0x000B * PADLOCK 1 0x0030-0x0030 @@ -79,9 +77,6 @@ * PBKDF2 1 0x007C-0x007C * HMAC_DRBG 4 0x0003-0x0009 * CCM 3 0x000D-0x0011 - * ARC4 1 0x0019-0x0019 - * MD2 1 0x002B-0x002B - * MD4 1 0x002D-0x002D * MD5 1 0x002F-0x002F * RIPEMD160 1 0x0031-0x0031 * SHA1 1 0x0035-0x0035 0x0073-0x0073 diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 21dc7c4aa..7bf821340 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -46,15 +46,13 @@ extern "C" { /** * \brief Supported message digests. * - * \warning MD2, MD4, MD5 and SHA-1 are considered weak message digests and + * \warning MD5 and SHA-1 are considered weak message digests and * their use constitutes a security risk. We recommend considering * stronger message digests instead. * */ typedef enum { MBEDTLS_MD_NONE=0, /**< None. */ - MBEDTLS_MD_MD2, /**< The MD2 message digest. */ - MBEDTLS_MD_MD4, /**< The MD4 message digest. */ MBEDTLS_MD_MD5, /**< The MD5 message digest. */ MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */ MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */ diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h deleted file mode 100644 index efb11ffc9..000000000 --- a/include/mbedtls/md2.h +++ /dev/null @@ -1,204 +0,0 @@ -/** - * \file md2.h - * - * \brief MD2 message digest algorithm (hash function) - * - * \warning MD2 is considered a weak message digest and its use constitutes a - * security risk. We recommend considering stronger message digests - * instead. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -#ifndef MBEDTLS_MD2_H -#define MBEDTLS_MD2_H -#include "mbedtls/private_access.h" - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_MD2_ALT) -// Regular implementation -// - -/** - * \brief MD2 context structure - * - * \warning MD2 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -typedef struct mbedtls_md2_context -{ - unsigned char MBEDTLS_PRIVATE(cksum)[16]; /*!< checksum of the data block */ - unsigned char MBEDTLS_PRIVATE(state)[48]; /*!< intermediate digest state */ - unsigned char MBEDTLS_PRIVATE(buffer)[16]; /*!< data block being processed */ - size_t MBEDTLS_PRIVATE(left); /*!< amount of data in buffer */ -} -mbedtls_md2_context; - -#else /* MBEDTLS_MD2_ALT */ -#include "md2_alt.h" -#endif /* MBEDTLS_MD2_ALT */ - -/** - * \brief Initialize MD2 context - * - * \param ctx MD2 context to be initialized - * - * \warning MD2 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -void mbedtls_md2_init( mbedtls_md2_context *ctx ); - -/** - * \brief Clear MD2 context - * - * \param ctx MD2 context to be cleared - * - * \warning MD2 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -void mbedtls_md2_free( mbedtls_md2_context *ctx ); - -/** - * \brief Clone (the state of) an MD2 context - * - * \param dst The destination context - * \param src The context to be cloned - * - * \warning MD2 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -void mbedtls_md2_clone( mbedtls_md2_context *dst, - const mbedtls_md2_context *src ); - -/** - * \brief MD2 context setup - * - * \param ctx context to be initialized - * - * \return 0 if successful - * - * \warning MD2 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md2_starts( mbedtls_md2_context *ctx ); - -/** - * \brief MD2 process buffer - * - * \param ctx MD2 context - * \param input buffer holding the data - * \param ilen length of the input data - * - * \return 0 if successful - * - * \warning MD2 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md2_update( mbedtls_md2_context *ctx, - const unsigned char *input, - size_t ilen ); - -/** - * \brief MD2 final digest - * - * \param ctx MD2 context - * \param output MD2 checksum result - * - * \return 0 if successful - * - * \warning MD2 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md2_finish( mbedtls_md2_context *ctx, - unsigned char output[16] ); - -/** - * \brief MD2 process data block (internal use only) - * - * \param ctx MD2 context - * - * \return 0 if successful - * - * \warning MD2 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ); - -/** - * \brief Output = MD2( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output MD2 checksum result - * - * \warning MD2 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md2( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - * - * \warning MD2 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md2_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_md2.h */ diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h deleted file mode 100644 index 14f3bc3eb..000000000 --- a/include/mbedtls/md4.h +++ /dev/null @@ -1,207 +0,0 @@ -/** - * \file md4.h - * - * \brief MD4 message digest algorithm (hash function) - * - * \warning MD4 is considered a weak message digest and its use constitutes a - * security risk. We recommend considering stronger message digests - * instead. - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -#ifndef MBEDTLS_MD4_H -#define MBEDTLS_MD4_H -#include "mbedtls/private_access.h" - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_MD4_ALT) -// Regular implementation -// - -/** - * \brief MD4 context structure - * - * \warning MD4 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -typedef struct mbedtls_md4_context -{ - uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed */ - uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state */ - unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed */ -} -mbedtls_md4_context; - -#else /* MBEDTLS_MD4_ALT */ -#include "md4_alt.h" -#endif /* MBEDTLS_MD4_ALT */ - -/** - * \brief Initialize MD4 context - * - * \param ctx MD4 context to be initialized - * - * \warning MD4 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -void mbedtls_md4_init( mbedtls_md4_context *ctx ); - -/** - * \brief Clear MD4 context - * - * \param ctx MD4 context to be cleared - * - * \warning MD4 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -void mbedtls_md4_free( mbedtls_md4_context *ctx ); - -/** - * \brief Clone (the state of) an MD4 context - * - * \param dst The destination context - * \param src The context to be cloned - * - * \warning MD4 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -void mbedtls_md4_clone( mbedtls_md4_context *dst, - const mbedtls_md4_context *src ); - -/** - * \brief MD4 context setup - * - * \param ctx context to be initialized - * - * \return 0 if successful - * - * \warning MD4 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - */ -int mbedtls_md4_starts( mbedtls_md4_context *ctx ); - -/** - * \brief MD4 process buffer - * - * \param ctx MD4 context - * \param input buffer holding the data - * \param ilen length of the input data - * - * \return 0 if successful - * - * \warning MD4 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md4_update( mbedtls_md4_context *ctx, - const unsigned char *input, - size_t ilen ); - -/** - * \brief MD4 final digest - * - * \param ctx MD4 context - * \param output MD4 checksum result - * - * \return 0 if successful - * - * \warning MD4 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md4_finish( mbedtls_md4_context *ctx, - unsigned char output[16] ); - -/** - * \brief MD4 process data block (internal use only) - * - * \param ctx MD4 context - * \param data buffer holding one block of data - * - * \return 0 if successful - * - * \warning MD4 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, - const unsigned char data[64] ); - -/** - * \brief Output = MD4( input buffer ) - * - * \param input buffer holding the data - * \param ilen length of the input data - * \param output MD4 checksum result - * - * \return 0 if successful - * - * \warning MD4 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md4( const unsigned char *input, - size_t ilen, - unsigned char output[16] ); - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - * - * \warning MD4 is considered a weak message digest and its use - * constitutes a security risk. We recommend considering - * stronger message digests instead. - * - */ -int mbedtls_md4_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* mbedtls_md4.h */ diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index c866ebe3b..19210424d 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -231,8 +231,6 @@ * PKCS#1 OIDs */ #define MBEDTLS_OID_PKCS1_RSA MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */ -#define MBEDTLS_OID_PKCS1_MD2 MBEDTLS_OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */ -#define MBEDTLS_OID_PKCS1_MD4 MBEDTLS_OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */ #define MBEDTLS_OID_PKCS1_MD5 MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */ #define MBEDTLS_OID_PKCS1_SHA1 MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */ #define MBEDTLS_OID_PKCS1_SHA224 MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */ @@ -251,8 +249,6 @@ /* * Digest algorithms */ -#define MBEDTLS_OID_DIGEST_ALG_MD2 MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */ -#define MBEDTLS_OID_DIGEST_ALG_MD4 MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */ #define MBEDTLS_OID_DIGEST_ALG_MD5 MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */ #define MBEDTLS_OID_DIGEST_ALG_SHA1 MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */ #define MBEDTLS_OID_DIGEST_ALG_SHA224 MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */ @@ -303,8 +299,6 @@ /* * PKCS#5 PBES1 algorithms */ -#define MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC MBEDTLS_OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */ -#define MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC MBEDTLS_OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */ #define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */ #define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */ #define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */ @@ -320,8 +314,6 @@ */ #define MBEDTLS_OID_PKCS12_PBE MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */ -#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128 MBEDTLS_OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */ -#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40 MBEDTLS_OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */ #define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */ #define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */ #define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */ diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h index 4b8ce7ed0..06092d36e 100644 --- a/include/mbedtls/pkcs12.h +++ b/include/mbedtls/pkcs12.h @@ -52,25 +52,6 @@ extern "C" { #if defined(MBEDTLS_ASN1_PARSE_C) -/** - * \brief PKCS12 Password Based function (encryption / decryption) - * for pbeWithSHAAnd128BitRC4 - * - * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure - * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT - * \param pwd the password used (may be NULL if no password is used) - * \param pwdlen length of the password (may be 0) - * \param input the input data - * \param len data length - * \param output the output buffer - * - * \return 0 if successful, or a MBEDTLS_ERR_XXX code - */ -int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *input, size_t len, - unsigned char *output ); - /** * \brief PKCS12 Password Based function (encryption / decryption) * for cipher-based and mbedtls_md-based PBE's diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index d5feecb9b..d7b9b172d 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -121,14 +121,6 @@ static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg { switch( md_alg ) { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - return( PSA_ALG_MD2 ); -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - return( PSA_ALG_MD4 ); -#endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: return( PSA_ALG_MD5 ); diff --git a/include/mbedtls/xtea.h b/include/mbedtls/xtea.h deleted file mode 100644 index 72c998edf..000000000 --- a/include/mbedtls/xtea.h +++ /dev/null @@ -1,135 +0,0 @@ -/** - * \file xtea.h - * - * \brief XTEA block cipher (32-bit) - */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef MBEDTLS_XTEA_H -#define MBEDTLS_XTEA_H -#include "mbedtls/private_access.h" - -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -#include -#include - -#define MBEDTLS_XTEA_ENCRYPT 1 -#define MBEDTLS_XTEA_DECRYPT 0 - -#define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH -0x0028 /**< The data input has an invalid length. */ - -#ifdef __cplusplus -extern "C" { -#endif - -#if !defined(MBEDTLS_XTEA_ALT) -// Regular implementation -// - -/** - * \brief XTEA context structure - */ -typedef struct mbedtls_xtea_context -{ - uint32_t MBEDTLS_PRIVATE(k)[4]; /*!< key */ -} -mbedtls_xtea_context; - -#else /* MBEDTLS_XTEA_ALT */ -#include "xtea_alt.h" -#endif /* MBEDTLS_XTEA_ALT */ - -/** - * \brief Initialize XTEA context - * - * \param ctx XTEA context to be initialized - */ -void mbedtls_xtea_init( mbedtls_xtea_context *ctx ); - -/** - * \brief Clear XTEA context - * - * \param ctx XTEA context to be cleared - */ -void mbedtls_xtea_free( mbedtls_xtea_context *ctx ); - -/** - * \brief XTEA key schedule - * - * \param ctx XTEA context to be initialized - * \param key the secret key - */ -void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] ); - -/** - * \brief XTEA cipher function - * - * \param ctx XTEA context - * \param mode MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT - * \param input 8-byte input block - * \param output 8-byte output block - * - * \return 0 if successful - */ -int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, - int mode, - const unsigned char input[8], - unsigned char output[8] ); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/** - * \brief XTEA CBC cipher function - * - * \param ctx XTEA context - * \param mode MBEDTLS_XTEA_ENCRYPT or MBEDTLS_XTEA_DECRYPT - * \param length the length of input, multiple of 8 - * \param iv initialization vector for CBC mode - * \param input input block - * \param output output block - * - * \return 0 if successful, - * MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH if the length % 8 != 0 - */ -int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, - int mode, - size_t length, - unsigned char iv[8], - const unsigned char *input, - unsigned char *output); -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_SELF_TEST) - -/** - * \brief Checkup routine - * - * \return 0 if successful, or 1 if the test failed - */ -int mbedtls_xtea_self_test( int verbose ); - -#endif /* MBEDTLS_SELF_TEST */ - -#ifdef __cplusplus -} -#endif - -#endif /* xtea.h */ diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 534902f2d..3532fef4d 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -3682,7 +3682,6 @@ psa_status_t psa_key_derivation_output_bytes( * The following key types defined in this specification follow this scheme: * * - #PSA_KEY_TYPE_AES; - * - #PSA_KEY_TYPE_ARC4; * - #PSA_KEY_TYPE_CAMELLIA; * - #PSA_KEY_TYPE_DERIVE; * - #PSA_KEY_TYPE_HMAC; diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index 674c7d060..20451c95e 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -40,17 +40,13 @@ * Hash multi-part operation definitions. */ -#include "mbedtls/md2.h" -#include "mbedtls/md4.h" #include "mbedtls/md5.h" #include "mbedtls/ripemd160.h" #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_1) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \ @@ -66,12 +62,6 @@ typedef struct union { unsigned MBEDTLS_PRIVATE(dummy); /* Make the union non-empty even with no supported algorithms. */ -#if defined(MBEDTLS_MD2_C) - mbedtls_md2_context MBEDTLS_PRIVATE(md2); -#endif -#if defined(MBEDTLS_MD4_C) - mbedtls_md4_context MBEDTLS_PRIVATE(md4); -#endif #if defined(MBEDTLS_MD5_C) mbedtls_md5_context MBEDTLS_PRIVATE(md5); #endif diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index eb1649242..32ef1c2f2 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -69,8 +69,6 @@ #define PSA_WANT_ALG_GCM 1 #define PSA_WANT_ALG_HKDF 1 #define PSA_WANT_ALG_HMAC 1 -#define PSA_WANT_ALG_MD2 1 -#define PSA_WANT_ALG_MD4 1 #define PSA_WANT_ALG_MD5 1 #define PSA_WANT_ALG_OFB 1 /* PBKDF2-HMAC is not yet supported via the PSA API in Mbed TLS. @@ -118,7 +116,6 @@ #define PSA_WANT_KEY_TYPE_DERIVE 1 #define PSA_WANT_KEY_TYPE_HMAC 1 #define PSA_WANT_KEY_TYPE_AES 1 -#define PSA_WANT_KEY_TYPE_ARC4 1 #define PSA_WANT_KEY_TYPE_CAMELLIA 1 #define PSA_WANT_KEY_TYPE_CHACHA20 1 #define PSA_WANT_KEY_TYPE_DES 1 diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 79f96739b..15cdb416a 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -68,8 +68,6 @@ */ #define PSA_HASH_LENGTH(alg) \ ( \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD2 ? 16 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD4 ? 16 : \ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 31a64647e..391ae60f7 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -481,12 +481,6 @@ * Camellia block cipher. */ #define PSA_KEY_TYPE_CAMELLIA ((psa_key_type_t)0x2403) -/** Key for the RC4 stream cipher. - * - * Note that RC4 is weak and deprecated and should only be used in - * legacy protocols. */ -#define PSA_KEY_TYPE_ARC4 ((psa_key_type_t)0x2002) - /** Key for the ChaCha20 stream cipher or the Chacha20-Poly1305 AEAD algorithm. * * ChaCha20 and the ChaCha20_Poly1305 construction are defined in RFC 7539. @@ -850,10 +844,6 @@ (alg) & PSA_ALG_KEY_DERIVATION_STRETCHING_FLAG) #define PSA_ALG_HASH_MASK ((psa_algorithm_t)0x000000ff) -/** MD2 */ -#define PSA_ALG_MD2 ((psa_algorithm_t)0x02000001) -/** MD4 */ -#define PSA_ALG_MD4 ((psa_algorithm_t)0x02000002) /** MD5 */ #define PSA_ALG_MD5 ((psa_algorithm_t)0x02000003) /** PSA_ALG_RIPEMD160 */ @@ -1115,7 +1105,6 @@ * * The underlying stream cipher is determined by the key type. * - To use ChaCha20, use a key type of #PSA_KEY_TYPE_CHACHA20. - * - To use ARC4, use a key type of #PSA_KEY_TYPE_ARC4. */ #define PSA_ALG_STREAM_CIPHER ((psa_algorithm_t)0x04800100) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index f31820a2f..d6ecba59b 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -13,13 +13,11 @@ endif() set(src_crypto aes.c aesni.c - arc4.c aria.c asn1parse.c asn1write.c base64.c bignum.c - blowfish.c camellia.c ccm.c chacha20.c @@ -42,8 +40,6 @@ set(src_crypto hkdf.c hmac_drbg.c md.c - md2.c - md4.c md5.c memory_buffer_alloc.c mps_reader.c @@ -84,7 +80,6 @@ set(src_crypto timing.c version.c version_features.c - xtea.c ) list(APPEND src_crypto ${thirdparty_src}) diff --git a/library/Makefile b/library/Makefile index 90a477d43..62fd99709 100644 --- a/library/Makefile +++ b/library/Makefile @@ -72,13 +72,11 @@ endif OBJS_CRYPTO= \ aes.o \ aesni.o \ - arc4.o \ aria.o \ asn1parse.o \ asn1write.o \ base64.o \ bignum.o \ - blowfish.o \ camellia.o \ ccm.o \ chacha20.o \ @@ -101,8 +99,6 @@ OBJS_CRYPTO= \ hkdf.o \ hmac_drbg.o \ md.o \ - md2.o \ - md4.o \ md5.o \ memory_buffer_alloc.o \ mps_reader.o \ @@ -143,7 +139,6 @@ OBJS_CRYPTO= \ timing.o \ version.o \ version_features.o \ - xtea.o \ # This line is intentionally left blank include ../3rdparty/Makefile.inc diff --git a/library/arc4.c b/library/arc4.c deleted file mode 100644 index b34dc5e75..000000000 --- a/library/arc4.c +++ /dev/null @@ -1,195 +0,0 @@ -/* - * An implementation of the ARCFOUR algorithm - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The ARCFOUR algorithm was publicly disclosed on 94/09. - * - * http://groups.google.com/group/sci.crypt/msg/10a300c9d21afca0 - */ - -#include "common.h" - -#if defined(MBEDTLS_ARC4_C) - -#include "mbedtls/arc4.h" -#include "mbedtls/platform_util.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#if !defined(MBEDTLS_ARC4_ALT) - -void mbedtls_arc4_init( mbedtls_arc4_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_arc4_context ) ); -} - -void mbedtls_arc4_free( mbedtls_arc4_context *ctx ) -{ - if( ctx == NULL ) - return; - - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_arc4_context ) ); -} - -/* - * ARC4 key schedule - */ -void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key, - unsigned int keylen ) -{ - int i, j, a; - unsigned int k; - unsigned char *m; - - ctx->x = 0; - ctx->y = 0; - m = ctx->m; - - for( i = 0; i < 256; i++ ) - m[i] = (unsigned char) i; - - j = k = 0; - - for( i = 0; i < 256; i++, k++ ) - { - if( k >= keylen ) k = 0; - - a = m[i]; - j = ( j + a + key[k] ) & 0xFF; - m[i] = m[j]; - m[j] = (unsigned char) a; - } -} - -/* - * ARC4 cipher function - */ -int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input, - unsigned char *output ) -{ - int x, y, a, b; - size_t i; - unsigned char *m; - - x = ctx->x; - y = ctx->y; - m = ctx->m; - - for( i = 0; i < length; i++ ) - { - x = ( x + 1 ) & 0xFF; a = m[x]; - y = ( y + a ) & 0xFF; b = m[y]; - - m[x] = (unsigned char) b; - m[y] = (unsigned char) a; - - output[i] = (unsigned char) - ( input[i] ^ m[(unsigned char)( a + b )] ); - } - - ctx->x = x; - ctx->y = y; - - return( 0 ); -} - -#endif /* !MBEDTLS_ARC4_ALT */ - -#if defined(MBEDTLS_SELF_TEST) -/* - * ARC4 tests vectors as posted by Eric Rescorla in sep. 1994: - * - * http://groups.google.com/group/comp.security.misc/msg/10a300c9d21afca0 - */ -static const unsigned char arc4_test_key[3][8] = -{ - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } -}; - -static const unsigned char arc4_test_pt[3][8] = -{ - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } -}; - -static const unsigned char arc4_test_ct[3][8] = -{ - { 0x75, 0xB7, 0x87, 0x80, 0x99, 0xE0, 0xC5, 0x96 }, - { 0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79 }, - { 0xDE, 0x18, 0x89, 0x41, 0xA3, 0x37, 0x5D, 0x3A } -}; - -/* - * Checkup routine - */ -int mbedtls_arc4_self_test( int verbose ) -{ - int i, ret = 0; - unsigned char ibuf[8]; - unsigned char obuf[8]; - mbedtls_arc4_context ctx; - - mbedtls_arc4_init( &ctx ); - - for( i = 0; i < 3; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " ARC4 test #%d: ", i + 1 ); - - memcpy( ibuf, arc4_test_pt[i], 8 ); - - mbedtls_arc4_setup( &ctx, arc4_test_key[i], 8 ); - mbedtls_arc4_crypt( &ctx, 8, ibuf, obuf ); - - if( memcmp( obuf, arc4_test_ct[i], 8 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - -exit: - mbedtls_arc4_free( &ctx ); - - return( ret ); -} - -#endif /* MBEDTLS_SELF_TEST */ - -#endif /* MBEDTLS_ARC4_C */ diff --git a/library/blowfish.c b/library/blowfish.c deleted file mode 100644 index 76da44897..000000000 --- a/library/blowfish.c +++ /dev/null @@ -1,690 +0,0 @@ -/* - * Blowfish implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The Blowfish block cipher was designed by Bruce Schneier in 1993. - * http://www.schneier.com/blowfish.html - * http://en.wikipedia.org/wiki/Blowfish_%28cipher%29 - * - */ - -#include "common.h" - -#if defined(MBEDTLS_BLOWFISH_C) - -#include "mbedtls/blowfish.h" -#include "mbedtls/platform_util.h" - -#include - -#if !defined(MBEDTLS_BLOWFISH_ALT) - -/* Parameter validation macros */ -#define BLOWFISH_VALIDATE_RET( cond ) \ - MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ) -#define BLOWFISH_VALIDATE( cond ) \ - MBEDTLS_INTERNAL_VALIDATE( cond ) - -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} -#endif - -static const uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2] = { - 0x243F6A88L, 0x85A308D3L, 0x13198A2EL, 0x03707344L, - 0xA4093822L, 0x299F31D0L, 0x082EFA98L, 0xEC4E6C89L, - 0x452821E6L, 0x38D01377L, 0xBE5466CFL, 0x34E90C6CL, - 0xC0AC29B7L, 0xC97C50DDL, 0x3F84D5B5L, 0xB5470917L, - 0x9216D5D9L, 0x8979FB1BL -}; - -/* declarations of data at the end of this file */ -static const uint32_t S[4][256]; - -static uint32_t F( mbedtls_blowfish_context *ctx, uint32_t x ) -{ - unsigned short a, b, c, d; - uint32_t y; - - d = (unsigned short)(x & 0xFF); - x >>= 8; - c = (unsigned short)(x & 0xFF); - x >>= 8; - b = (unsigned short)(x & 0xFF); - x >>= 8; - a = (unsigned short)(x & 0xFF); - y = ctx->S[0][a] + ctx->S[1][b]; - y = y ^ ctx->S[2][c]; - y = y + ctx->S[3][d]; - - return( y ); -} - -static void blowfish_enc( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr ) -{ - uint32_t Xl, Xr, temp; - short i; - - Xl = *xl; - Xr = *xr; - - for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS; ++i ) - { - Xl = Xl ^ ctx->P[i]; - Xr = F( ctx, Xl ) ^ Xr; - - temp = Xl; - Xl = Xr; - Xr = temp; - } - - temp = Xl; - Xl = Xr; - Xr = temp; - - Xr = Xr ^ ctx->P[MBEDTLS_BLOWFISH_ROUNDS]; - Xl = Xl ^ ctx->P[MBEDTLS_BLOWFISH_ROUNDS + 1]; - - *xl = Xl; - *xr = Xr; -} - -static void blowfish_dec( mbedtls_blowfish_context *ctx, uint32_t *xl, uint32_t *xr ) -{ - uint32_t Xl, Xr, temp; - short i; - - Xl = *xl; - Xr = *xr; - - for( i = MBEDTLS_BLOWFISH_ROUNDS + 1; i > 1; --i ) - { - Xl = Xl ^ ctx->P[i]; - Xr = F( ctx, Xl ) ^ Xr; - - temp = Xl; - Xl = Xr; - Xr = temp; - } - - temp = Xl; - Xl = Xr; - Xr = temp; - - Xr = Xr ^ ctx->P[1]; - Xl = Xl ^ ctx->P[0]; - - *xl = Xl; - *xr = Xr; -} - -void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx ) -{ - BLOWFISH_VALIDATE( ctx != NULL ); - memset( ctx, 0, sizeof( mbedtls_blowfish_context ) ); -} - -void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx ) -{ - if( ctx == NULL ) - return; - - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_blowfish_context ) ); -} - -/* - * Blowfish key schedule - */ -int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, - const unsigned char *key, - unsigned int keybits ) -{ - unsigned int i, j, k; - uint32_t data, datal, datar; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( key != NULL ); - - if( keybits < MBEDTLS_BLOWFISH_MIN_KEY_BITS || - keybits > MBEDTLS_BLOWFISH_MAX_KEY_BITS || - keybits % 8 != 0 ) - { - return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); - } - - keybits >>= 3; - - for( i = 0; i < 4; i++ ) - { - for( j = 0; j < 256; j++ ) - ctx->S[i][j] = S[i][j]; - } - - j = 0; - for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; ++i ) - { - data = 0x00000000; - for( k = 0; k < 4; ++k ) - { - data = ( data << 8 ) | key[j++]; - if( j >= keybits ) - j = 0; - } - ctx->P[i] = P[i] ^ data; - } - - datal = 0x00000000; - datar = 0x00000000; - - for( i = 0; i < MBEDTLS_BLOWFISH_ROUNDS + 2; i += 2 ) - { - blowfish_enc( ctx, &datal, &datar ); - ctx->P[i] = datal; - ctx->P[i + 1] = datar; - } - - for( i = 0; i < 4; i++ ) - { - for( j = 0; j < 256; j += 2 ) - { - blowfish_enc( ctx, &datal, &datar ); - ctx->S[i][j] = datal; - ctx->S[i][j + 1] = datar; - } - } - return( 0 ); -} - -/* - * Blowfish-ECB block encryption/decryption - */ -int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx, - int mode, - const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE], - unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] ) -{ - uint32_t X0, X1; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT || - mode == MBEDTLS_BLOWFISH_DECRYPT ); - BLOWFISH_VALIDATE_RET( input != NULL ); - BLOWFISH_VALIDATE_RET( output != NULL ); - - GET_UINT32_BE( X0, input, 0 ); - GET_UINT32_BE( X1, input, 4 ); - - if( mode == MBEDTLS_BLOWFISH_DECRYPT ) - { - blowfish_dec( ctx, &X0, &X1 ); - } - else /* MBEDTLS_BLOWFISH_ENCRYPT */ - { - blowfish_enc( ctx, &X0, &X1 ); - } - - PUT_UINT32_BE( X0, output, 0 ); - PUT_UINT32_BE( X1, output, 4 ); - - return( 0 ); -} - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/* - * Blowfish-CBC buffer encryption/decryption - */ -int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx, - int mode, - size_t length, - unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) -{ - int i; - unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE]; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT || - mode == MBEDTLS_BLOWFISH_DECRYPT ); - BLOWFISH_VALIDATE_RET( iv != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || input != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || output != NULL ); - - if( length % MBEDTLS_BLOWFISH_BLOCKSIZE ) - return( MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH ); - - if( mode == MBEDTLS_BLOWFISH_DECRYPT ) - { - while( length > 0 ) - { - memcpy( temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE ); - mbedtls_blowfish_crypt_ecb( ctx, mode, input, output ); - - for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE;i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); - - memcpy( iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE ); - - input += MBEDTLS_BLOWFISH_BLOCKSIZE; - output += MBEDTLS_BLOWFISH_BLOCKSIZE; - length -= MBEDTLS_BLOWFISH_BLOCKSIZE; - } - } - else - { - while( length > 0 ) - { - for( i = 0; i < MBEDTLS_BLOWFISH_BLOCKSIZE; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); - - mbedtls_blowfish_crypt_ecb( ctx, mode, output, output ); - memcpy( iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE ); - - input += MBEDTLS_BLOWFISH_BLOCKSIZE; - output += MBEDTLS_BLOWFISH_BLOCKSIZE; - length -= MBEDTLS_BLOWFISH_BLOCKSIZE; - } - } - - return( 0 ); -} -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -/* - * Blowfish CFB buffer encryption/decryption - */ -int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx, - int mode, - size_t length, - size_t *iv_off, - unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) -{ - int c; - size_t n; - - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( mode == MBEDTLS_BLOWFISH_ENCRYPT || - mode == MBEDTLS_BLOWFISH_DECRYPT ); - BLOWFISH_VALIDATE_RET( iv != NULL ); - BLOWFISH_VALIDATE_RET( iv_off != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || input != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || output != NULL ); - - n = *iv_off; - if( n >= 8 ) - return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); - - if( mode == MBEDTLS_BLOWFISH_DECRYPT ) - { - while( length-- ) - { - if( n == 0 ) - mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv ); - - c = *input++; - *output++ = (unsigned char)( c ^ iv[n] ); - iv[n] = (unsigned char) c; - - n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE; - } - } - else - { - while( length-- ) - { - if( n == 0 ) - mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, iv, iv ); - - iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); - - n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE; - } - } - - *iv_off = n; - - return( 0 ); -} -#endif /*MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -/* - * Blowfish CTR buffer encryption/decryption - */ -int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx, - size_t length, - size_t *nc_off, - unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE], - unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE], - const unsigned char *input, - unsigned char *output ) -{ - int c, i; - size_t n; - BLOWFISH_VALIDATE_RET( ctx != NULL ); - BLOWFISH_VALIDATE_RET( nonce_counter != NULL ); - BLOWFISH_VALIDATE_RET( stream_block != NULL ); - BLOWFISH_VALIDATE_RET( nc_off != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || input != NULL ); - BLOWFISH_VALIDATE_RET( length == 0 || output != NULL ); - - n = *nc_off; - if( n >= 8 ) - return( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA ); - - while( length-- ) - { - if( n == 0 ) { - mbedtls_blowfish_crypt_ecb( ctx, MBEDTLS_BLOWFISH_ENCRYPT, nonce_counter, - stream_block ); - - for( i = MBEDTLS_BLOWFISH_BLOCKSIZE; i > 0; i-- ) - if( ++nonce_counter[i - 1] != 0 ) - break; - } - c = *input++; - *output++ = (unsigned char)( c ^ stream_block[n] ); - - n = ( n + 1 ) % MBEDTLS_BLOWFISH_BLOCKSIZE; - } - - *nc_off = n; - - return( 0 ); -} -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -static const uint32_t S[4][256] = { - { 0xD1310BA6L, 0x98DFB5ACL, 0x2FFD72DBL, 0xD01ADFB7L, - 0xB8E1AFEDL, 0x6A267E96L, 0xBA7C9045L, 0xF12C7F99L, - 0x24A19947L, 0xB3916CF7L, 0x0801F2E2L, 0x858EFC16L, - 0x636920D8L, 0x71574E69L, 0xA458FEA3L, 0xF4933D7EL, - 0x0D95748FL, 0x728EB658L, 0x718BCD58L, 0x82154AEEL, - 0x7B54A41DL, 0xC25A59B5L, 0x9C30D539L, 0x2AF26013L, - 0xC5D1B023L, 0x286085F0L, 0xCA417918L, 0xB8DB38EFL, - 0x8E79DCB0L, 0x603A180EL, 0x6C9E0E8BL, 0xB01E8A3EL, - 0xD71577C1L, 0xBD314B27L, 0x78AF2FDAL, 0x55605C60L, - 0xE65525F3L, 0xAA55AB94L, 0x57489862L, 0x63E81440L, - 0x55CA396AL, 0x2AAB10B6L, 0xB4CC5C34L, 0x1141E8CEL, - 0xA15486AFL, 0x7C72E993L, 0xB3EE1411L, 0x636FBC2AL, - 0x2BA9C55DL, 0x741831F6L, 0xCE5C3E16L, 0x9B87931EL, - 0xAFD6BA33L, 0x6C24CF5CL, 0x7A325381L, 0x28958677L, - 0x3B8F4898L, 0x6B4BB9AFL, 0xC4BFE81BL, 0x66282193L, - 0x61D809CCL, 0xFB21A991L, 0x487CAC60L, 0x5DEC8032L, - 0xEF845D5DL, 0xE98575B1L, 0xDC262302L, 0xEB651B88L, - 0x23893E81L, 0xD396ACC5L, 0x0F6D6FF3L, 0x83F44239L, - 0x2E0B4482L, 0xA4842004L, 0x69C8F04AL, 0x9E1F9B5EL, - 0x21C66842L, 0xF6E96C9AL, 0x670C9C61L, 0xABD388F0L, - 0x6A51A0D2L, 0xD8542F68L, 0x960FA728L, 0xAB5133A3L, - 0x6EEF0B6CL, 0x137A3BE4L, 0xBA3BF050L, 0x7EFB2A98L, - 0xA1F1651DL, 0x39AF0176L, 0x66CA593EL, 0x82430E88L, - 0x8CEE8619L, 0x456F9FB4L, 0x7D84A5C3L, 0x3B8B5EBEL, - 0xE06F75D8L, 0x85C12073L, 0x401A449FL, 0x56C16AA6L, - 0x4ED3AA62L, 0x363F7706L, 0x1BFEDF72L, 0x429B023DL, - 0x37D0D724L, 0xD00A1248L, 0xDB0FEAD3L, 0x49F1C09BL, - 0x075372C9L, 0x80991B7BL, 0x25D479D8L, 0xF6E8DEF7L, - 0xE3FE501AL, 0xB6794C3BL, 0x976CE0BDL, 0x04C006BAL, - 0xC1A94FB6L, 0x409F60C4L, 0x5E5C9EC2L, 0x196A2463L, - 0x68FB6FAFL, 0x3E6C53B5L, 0x1339B2EBL, 0x3B52EC6FL, - 0x6DFC511FL, 0x9B30952CL, 0xCC814544L, 0xAF5EBD09L, - 0xBEE3D004L, 0xDE334AFDL, 0x660F2807L, 0x192E4BB3L, - 0xC0CBA857L, 0x45C8740FL, 0xD20B5F39L, 0xB9D3FBDBL, - 0x5579C0BDL, 0x1A60320AL, 0xD6A100C6L, 0x402C7279L, - 0x679F25FEL, 0xFB1FA3CCL, 0x8EA5E9F8L, 0xDB3222F8L, - 0x3C7516DFL, 0xFD616B15L, 0x2F501EC8L, 0xAD0552ABL, - 0x323DB5FAL, 0xFD238760L, 0x53317B48L, 0x3E00DF82L, - 0x9E5C57BBL, 0xCA6F8CA0L, 0x1A87562EL, 0xDF1769DBL, - 0xD542A8F6L, 0x287EFFC3L, 0xAC6732C6L, 0x8C4F5573L, - 0x695B27B0L, 0xBBCA58C8L, 0xE1FFA35DL, 0xB8F011A0L, - 0x10FA3D98L, 0xFD2183B8L, 0x4AFCB56CL, 0x2DD1D35BL, - 0x9A53E479L, 0xB6F84565L, 0xD28E49BCL, 0x4BFB9790L, - 0xE1DDF2DAL, 0xA4CB7E33L, 0x62FB1341L, 0xCEE4C6E8L, - 0xEF20CADAL, 0x36774C01L, 0xD07E9EFEL, 0x2BF11FB4L, - 0x95DBDA4DL, 0xAE909198L, 0xEAAD8E71L, 0x6B93D5A0L, - 0xD08ED1D0L, 0xAFC725E0L, 0x8E3C5B2FL, 0x8E7594B7L, - 0x8FF6E2FBL, 0xF2122B64L, 0x8888B812L, 0x900DF01CL, - 0x4FAD5EA0L, 0x688FC31CL, 0xD1CFF191L, 0xB3A8C1ADL, - 0x2F2F2218L, 0xBE0E1777L, 0xEA752DFEL, 0x8B021FA1L, - 0xE5A0CC0FL, 0xB56F74E8L, 0x18ACF3D6L, 0xCE89E299L, - 0xB4A84FE0L, 0xFD13E0B7L, 0x7CC43B81L, 0xD2ADA8D9L, - 0x165FA266L, 0x80957705L, 0x93CC7314L, 0x211A1477L, - 0xE6AD2065L, 0x77B5FA86L, 0xC75442F5L, 0xFB9D35CFL, - 0xEBCDAF0CL, 0x7B3E89A0L, 0xD6411BD3L, 0xAE1E7E49L, - 0x00250E2DL, 0x2071B35EL, 0x226800BBL, 0x57B8E0AFL, - 0x2464369BL, 0xF009B91EL, 0x5563911DL, 0x59DFA6AAL, - 0x78C14389L, 0xD95A537FL, 0x207D5BA2L, 0x02E5B9C5L, - 0x83260376L, 0x6295CFA9L, 0x11C81968L, 0x4E734A41L, - 0xB3472DCAL, 0x7B14A94AL, 0x1B510052L, 0x9A532915L, - 0xD60F573FL, 0xBC9BC6E4L, 0x2B60A476L, 0x81E67400L, - 0x08BA6FB5L, 0x571BE91FL, 0xF296EC6BL, 0x2A0DD915L, - 0xB6636521L, 0xE7B9F9B6L, 0xFF34052EL, 0xC5855664L, - 0x53B02D5DL, 0xA99F8FA1L, 0x08BA4799L, 0x6E85076AL }, - { 0x4B7A70E9L, 0xB5B32944L, 0xDB75092EL, 0xC4192623L, - 0xAD6EA6B0L, 0x49A7DF7DL, 0x9CEE60B8L, 0x8FEDB266L, - 0xECAA8C71L, 0x699A17FFL, 0x5664526CL, 0xC2B19EE1L, - 0x193602A5L, 0x75094C29L, 0xA0591340L, 0xE4183A3EL, - 0x3F54989AL, 0x5B429D65L, 0x6B8FE4D6L, 0x99F73FD6L, - 0xA1D29C07L, 0xEFE830F5L, 0x4D2D38E6L, 0xF0255DC1L, - 0x4CDD2086L, 0x8470EB26L, 0x6382E9C6L, 0x021ECC5EL, - 0x09686B3FL, 0x3EBAEFC9L, 0x3C971814L, 0x6B6A70A1L, - 0x687F3584L, 0x52A0E286L, 0xB79C5305L, 0xAA500737L, - 0x3E07841CL, 0x7FDEAE5CL, 0x8E7D44ECL, 0x5716F2B8L, - 0xB03ADA37L, 0xF0500C0DL, 0xF01C1F04L, 0x0200B3FFL, - 0xAE0CF51AL, 0x3CB574B2L, 0x25837A58L, 0xDC0921BDL, - 0xD19113F9L, 0x7CA92FF6L, 0x94324773L, 0x22F54701L, - 0x3AE5E581L, 0x37C2DADCL, 0xC8B57634L, 0x9AF3DDA7L, - 0xA9446146L, 0x0FD0030EL, 0xECC8C73EL, 0xA4751E41L, - 0xE238CD99L, 0x3BEA0E2FL, 0x3280BBA1L, 0x183EB331L, - 0x4E548B38L, 0x4F6DB908L, 0x6F420D03L, 0xF60A04BFL, - 0x2CB81290L, 0x24977C79L, 0x5679B072L, 0xBCAF89AFL, - 0xDE9A771FL, 0xD9930810L, 0xB38BAE12L, 0xDCCF3F2EL, - 0x5512721FL, 0x2E6B7124L, 0x501ADDE6L, 0x9F84CD87L, - 0x7A584718L, 0x7408DA17L, 0xBC9F9ABCL, 0xE94B7D8CL, - 0xEC7AEC3AL, 0xDB851DFAL, 0x63094366L, 0xC464C3D2L, - 0xEF1C1847L, 0x3215D908L, 0xDD433B37L, 0x24C2BA16L, - 0x12A14D43L, 0x2A65C451L, 0x50940002L, 0x133AE4DDL, - 0x71DFF89EL, 0x10314E55L, 0x81AC77D6L, 0x5F11199BL, - 0x043556F1L, 0xD7A3C76BL, 0x3C11183BL, 0x5924A509L, - 0xF28FE6EDL, 0x97F1FBFAL, 0x9EBABF2CL, 0x1E153C6EL, - 0x86E34570L, 0xEAE96FB1L, 0x860E5E0AL, 0x5A3E2AB3L, - 0x771FE71CL, 0x4E3D06FAL, 0x2965DCB9L, 0x99E71D0FL, - 0x803E89D6L, 0x5266C825L, 0x2E4CC978L, 0x9C10B36AL, - 0xC6150EBAL, 0x94E2EA78L, 0xA5FC3C53L, 0x1E0A2DF4L, - 0xF2F74EA7L, 0x361D2B3DL, 0x1939260FL, 0x19C27960L, - 0x5223A708L, 0xF71312B6L, 0xEBADFE6EL, 0xEAC31F66L, - 0xE3BC4595L, 0xA67BC883L, 0xB17F37D1L, 0x018CFF28L, - 0xC332DDEFL, 0xBE6C5AA5L, 0x65582185L, 0x68AB9802L, - 0xEECEA50FL, 0xDB2F953BL, 0x2AEF7DADL, 0x5B6E2F84L, - 0x1521B628L, 0x29076170L, 0xECDD4775L, 0x619F1510L, - 0x13CCA830L, 0xEB61BD96L, 0x0334FE1EL, 0xAA0363CFL, - 0xB5735C90L, 0x4C70A239L, 0xD59E9E0BL, 0xCBAADE14L, - 0xEECC86BCL, 0x60622CA7L, 0x9CAB5CABL, 0xB2F3846EL, - 0x648B1EAFL, 0x19BDF0CAL, 0xA02369B9L, 0x655ABB50L, - 0x40685A32L, 0x3C2AB4B3L, 0x319EE9D5L, 0xC021B8F7L, - 0x9B540B19L, 0x875FA099L, 0x95F7997EL, 0x623D7DA8L, - 0xF837889AL, 0x97E32D77L, 0x11ED935FL, 0x16681281L, - 0x0E358829L, 0xC7E61FD6L, 0x96DEDFA1L, 0x7858BA99L, - 0x57F584A5L, 0x1B227263L, 0x9B83C3FFL, 0x1AC24696L, - 0xCDB30AEBL, 0x532E3054L, 0x8FD948E4L, 0x6DBC3128L, - 0x58EBF2EFL, 0x34C6FFEAL, 0xFE28ED61L, 0xEE7C3C73L, - 0x5D4A14D9L, 0xE864B7E3L, 0x42105D14L, 0x203E13E0L, - 0x45EEE2B6L, 0xA3AAABEAL, 0xDB6C4F15L, 0xFACB4FD0L, - 0xC742F442L, 0xEF6ABBB5L, 0x654F3B1DL, 0x41CD2105L, - 0xD81E799EL, 0x86854DC7L, 0xE44B476AL, 0x3D816250L, - 0xCF62A1F2L, 0x5B8D2646L, 0xFC8883A0L, 0xC1C7B6A3L, - 0x7F1524C3L, 0x69CB7492L, 0x47848A0BL, 0x5692B285L, - 0x095BBF00L, 0xAD19489DL, 0x1462B174L, 0x23820E00L, - 0x58428D2AL, 0x0C55F5EAL, 0x1DADF43EL, 0x233F7061L, - 0x3372F092L, 0x8D937E41L, 0xD65FECF1L, 0x6C223BDBL, - 0x7CDE3759L, 0xCBEE7460L, 0x4085F2A7L, 0xCE77326EL, - 0xA6078084L, 0x19F8509EL, 0xE8EFD855L, 0x61D99735L, - 0xA969A7AAL, 0xC50C06C2L, 0x5A04ABFCL, 0x800BCADCL, - 0x9E447A2EL, 0xC3453484L, 0xFDD56705L, 0x0E1E9EC9L, - 0xDB73DBD3L, 0x105588CDL, 0x675FDA79L, 0xE3674340L, - 0xC5C43465L, 0x713E38D8L, 0x3D28F89EL, 0xF16DFF20L, - 0x153E21E7L, 0x8FB03D4AL, 0xE6E39F2BL, 0xDB83ADF7L }, - { 0xE93D5A68L, 0x948140F7L, 0xF64C261CL, 0x94692934L, - 0x411520F7L, 0x7602D4F7L, 0xBCF46B2EL, 0xD4A20068L, - 0xD4082471L, 0x3320F46AL, 0x43B7D4B7L, 0x500061AFL, - 0x1E39F62EL, 0x97244546L, 0x14214F74L, 0xBF8B8840L, - 0x4D95FC1DL, 0x96B591AFL, 0x70F4DDD3L, 0x66A02F45L, - 0xBFBC09ECL, 0x03BD9785L, 0x7FAC6DD0L, 0x31CB8504L, - 0x96EB27B3L, 0x55FD3941L, 0xDA2547E6L, 0xABCA0A9AL, - 0x28507825L, 0x530429F4L, 0x0A2C86DAL, 0xE9B66DFBL, - 0x68DC1462L, 0xD7486900L, 0x680EC0A4L, 0x27A18DEEL, - 0x4F3FFEA2L, 0xE887AD8CL, 0xB58CE006L, 0x7AF4D6B6L, - 0xAACE1E7CL, 0xD3375FECL, 0xCE78A399L, 0x406B2A42L, - 0x20FE9E35L, 0xD9F385B9L, 0xEE39D7ABL, 0x3B124E8BL, - 0x1DC9FAF7L, 0x4B6D1856L, 0x26A36631L, 0xEAE397B2L, - 0x3A6EFA74L, 0xDD5B4332L, 0x6841E7F7L, 0xCA7820FBL, - 0xFB0AF54EL, 0xD8FEB397L, 0x454056ACL, 0xBA489527L, - 0x55533A3AL, 0x20838D87L, 0xFE6BA9B7L, 0xD096954BL, - 0x55A867BCL, 0xA1159A58L, 0xCCA92963L, 0x99E1DB33L, - 0xA62A4A56L, 0x3F3125F9L, 0x5EF47E1CL, 0x9029317CL, - 0xFDF8E802L, 0x04272F70L, 0x80BB155CL, 0x05282CE3L, - 0x95C11548L, 0xE4C66D22L, 0x48C1133FL, 0xC70F86DCL, - 0x07F9C9EEL, 0x41041F0FL, 0x404779A4L, 0x5D886E17L, - 0x325F51EBL, 0xD59BC0D1L, 0xF2BCC18FL, 0x41113564L, - 0x257B7834L, 0x602A9C60L, 0xDFF8E8A3L, 0x1F636C1BL, - 0x0E12B4C2L, 0x02E1329EL, 0xAF664FD1L, 0xCAD18115L, - 0x6B2395E0L, 0x333E92E1L, 0x3B240B62L, 0xEEBEB922L, - 0x85B2A20EL, 0xE6BA0D99L, 0xDE720C8CL, 0x2DA2F728L, - 0xD0127845L, 0x95B794FDL, 0x647D0862L, 0xE7CCF5F0L, - 0x5449A36FL, 0x877D48FAL, 0xC39DFD27L, 0xF33E8D1EL, - 0x0A476341L, 0x992EFF74L, 0x3A6F6EABL, 0xF4F8FD37L, - 0xA812DC60L, 0xA1EBDDF8L, 0x991BE14CL, 0xDB6E6B0DL, - 0xC67B5510L, 0x6D672C37L, 0x2765D43BL, 0xDCD0E804L, - 0xF1290DC7L, 0xCC00FFA3L, 0xB5390F92L, 0x690FED0BL, - 0x667B9FFBL, 0xCEDB7D9CL, 0xA091CF0BL, 0xD9155EA3L, - 0xBB132F88L, 0x515BAD24L, 0x7B9479BFL, 0x763BD6EBL, - 0x37392EB3L, 0xCC115979L, 0x8026E297L, 0xF42E312DL, - 0x6842ADA7L, 0xC66A2B3BL, 0x12754CCCL, 0x782EF11CL, - 0x6A124237L, 0xB79251E7L, 0x06A1BBE6L, 0x4BFB6350L, - 0x1A6B1018L, 0x11CAEDFAL, 0x3D25BDD8L, 0xE2E1C3C9L, - 0x44421659L, 0x0A121386L, 0xD90CEC6EL, 0xD5ABEA2AL, - 0x64AF674EL, 0xDA86A85FL, 0xBEBFE988L, 0x64E4C3FEL, - 0x9DBC8057L, 0xF0F7C086L, 0x60787BF8L, 0x6003604DL, - 0xD1FD8346L, 0xF6381FB0L, 0x7745AE04L, 0xD736FCCCL, - 0x83426B33L, 0xF01EAB71L, 0xB0804187L, 0x3C005E5FL, - 0x77A057BEL, 0xBDE8AE24L, 0x55464299L, 0xBF582E61L, - 0x4E58F48FL, 0xF2DDFDA2L, 0xF474EF38L, 0x8789BDC2L, - 0x5366F9C3L, 0xC8B38E74L, 0xB475F255L, 0x46FCD9B9L, - 0x7AEB2661L, 0x8B1DDF84L, 0x846A0E79L, 0x915F95E2L, - 0x466E598EL, 0x20B45770L, 0x8CD55591L, 0xC902DE4CL, - 0xB90BACE1L, 0xBB8205D0L, 0x11A86248L, 0x7574A99EL, - 0xB77F19B6L, 0xE0A9DC09L, 0x662D09A1L, 0xC4324633L, - 0xE85A1F02L, 0x09F0BE8CL, 0x4A99A025L, 0x1D6EFE10L, - 0x1AB93D1DL, 0x0BA5A4DFL, 0xA186F20FL, 0x2868F169L, - 0xDCB7DA83L, 0x573906FEL, 0xA1E2CE9BL, 0x4FCD7F52L, - 0x50115E01L, 0xA70683FAL, 0xA002B5C4L, 0x0DE6D027L, - 0x9AF88C27L, 0x773F8641L, 0xC3604C06L, 0x61A806B5L, - 0xF0177A28L, 0xC0F586E0L, 0x006058AAL, 0x30DC7D62L, - 0x11E69ED7L, 0x2338EA63L, 0x53C2DD94L, 0xC2C21634L, - 0xBBCBEE56L, 0x90BCB6DEL, 0xEBFC7DA1L, 0xCE591D76L, - 0x6F05E409L, 0x4B7C0188L, 0x39720A3DL, 0x7C927C24L, - 0x86E3725FL, 0x724D9DB9L, 0x1AC15BB4L, 0xD39EB8FCL, - 0xED545578L, 0x08FCA5B5L, 0xD83D7CD3L, 0x4DAD0FC4L, - 0x1E50EF5EL, 0xB161E6F8L, 0xA28514D9L, 0x6C51133CL, - 0x6FD5C7E7L, 0x56E14EC4L, 0x362ABFCEL, 0xDDC6C837L, - 0xD79A3234L, 0x92638212L, 0x670EFA8EL, 0x406000E0L }, - { 0x3A39CE37L, 0xD3FAF5CFL, 0xABC27737L, 0x5AC52D1BL, - 0x5CB0679EL, 0x4FA33742L, 0xD3822740L, 0x99BC9BBEL, - 0xD5118E9DL, 0xBF0F7315L, 0xD62D1C7EL, 0xC700C47BL, - 0xB78C1B6BL, 0x21A19045L, 0xB26EB1BEL, 0x6A366EB4L, - 0x5748AB2FL, 0xBC946E79L, 0xC6A376D2L, 0x6549C2C8L, - 0x530FF8EEL, 0x468DDE7DL, 0xD5730A1DL, 0x4CD04DC6L, - 0x2939BBDBL, 0xA9BA4650L, 0xAC9526E8L, 0xBE5EE304L, - 0xA1FAD5F0L, 0x6A2D519AL, 0x63EF8CE2L, 0x9A86EE22L, - 0xC089C2B8L, 0x43242EF6L, 0xA51E03AAL, 0x9CF2D0A4L, - 0x83C061BAL, 0x9BE96A4DL, 0x8FE51550L, 0xBA645BD6L, - 0x2826A2F9L, 0xA73A3AE1L, 0x4BA99586L, 0xEF5562E9L, - 0xC72FEFD3L, 0xF752F7DAL, 0x3F046F69L, 0x77FA0A59L, - 0x80E4A915L, 0x87B08601L, 0x9B09E6ADL, 0x3B3EE593L, - 0xE990FD5AL, 0x9E34D797L, 0x2CF0B7D9L, 0x022B8B51L, - 0x96D5AC3AL, 0x017DA67DL, 0xD1CF3ED6L, 0x7C7D2D28L, - 0x1F9F25CFL, 0xADF2B89BL, 0x5AD6B472L, 0x5A88F54CL, - 0xE029AC71L, 0xE019A5E6L, 0x47B0ACFDL, 0xED93FA9BL, - 0xE8D3C48DL, 0x283B57CCL, 0xF8D56629L, 0x79132E28L, - 0x785F0191L, 0xED756055L, 0xF7960E44L, 0xE3D35E8CL, - 0x15056DD4L, 0x88F46DBAL, 0x03A16125L, 0x0564F0BDL, - 0xC3EB9E15L, 0x3C9057A2L, 0x97271AECL, 0xA93A072AL, - 0x1B3F6D9BL, 0x1E6321F5L, 0xF59C66FBL, 0x26DCF319L, - 0x7533D928L, 0xB155FDF5L, 0x03563482L, 0x8ABA3CBBL, - 0x28517711L, 0xC20AD9F8L, 0xABCC5167L, 0xCCAD925FL, - 0x4DE81751L, 0x3830DC8EL, 0x379D5862L, 0x9320F991L, - 0xEA7A90C2L, 0xFB3E7BCEL, 0x5121CE64L, 0x774FBE32L, - 0xA8B6E37EL, 0xC3293D46L, 0x48DE5369L, 0x6413E680L, - 0xA2AE0810L, 0xDD6DB224L, 0x69852DFDL, 0x09072166L, - 0xB39A460AL, 0x6445C0DDL, 0x586CDECFL, 0x1C20C8AEL, - 0x5BBEF7DDL, 0x1B588D40L, 0xCCD2017FL, 0x6BB4E3BBL, - 0xDDA26A7EL, 0x3A59FF45L, 0x3E350A44L, 0xBCB4CDD5L, - 0x72EACEA8L, 0xFA6484BBL, 0x8D6612AEL, 0xBF3C6F47L, - 0xD29BE463L, 0x542F5D9EL, 0xAEC2771BL, 0xF64E6370L, - 0x740E0D8DL, 0xE75B1357L, 0xF8721671L, 0xAF537D5DL, - 0x4040CB08L, 0x4EB4E2CCL, 0x34D2466AL, 0x0115AF84L, - 0xE1B00428L, 0x95983A1DL, 0x06B89FB4L, 0xCE6EA048L, - 0x6F3F3B82L, 0x3520AB82L, 0x011A1D4BL, 0x277227F8L, - 0x611560B1L, 0xE7933FDCL, 0xBB3A792BL, 0x344525BDL, - 0xA08839E1L, 0x51CE794BL, 0x2F32C9B7L, 0xA01FBAC9L, - 0xE01CC87EL, 0xBCC7D1F6L, 0xCF0111C3L, 0xA1E8AAC7L, - 0x1A908749L, 0xD44FBD9AL, 0xD0DADECBL, 0xD50ADA38L, - 0x0339C32AL, 0xC6913667L, 0x8DF9317CL, 0xE0B12B4FL, - 0xF79E59B7L, 0x43F5BB3AL, 0xF2D519FFL, 0x27D9459CL, - 0xBF97222CL, 0x15E6FC2AL, 0x0F91FC71L, 0x9B941525L, - 0xFAE59361L, 0xCEB69CEBL, 0xC2A86459L, 0x12BAA8D1L, - 0xB6C1075EL, 0xE3056A0CL, 0x10D25065L, 0xCB03A442L, - 0xE0EC6E0EL, 0x1698DB3BL, 0x4C98A0BEL, 0x3278E964L, - 0x9F1F9532L, 0xE0D392DFL, 0xD3A0342BL, 0x8971F21EL, - 0x1B0A7441L, 0x4BA3348CL, 0xC5BE7120L, 0xC37632D8L, - 0xDF359F8DL, 0x9B992F2EL, 0xE60B6F47L, 0x0FE3F11DL, - 0xE54CDA54L, 0x1EDAD891L, 0xCE6279CFL, 0xCD3E7E6FL, - 0x1618B166L, 0xFD2C1D05L, 0x848FD2C5L, 0xF6FB2299L, - 0xF523F357L, 0xA6327623L, 0x93A83531L, 0x56CCCD02L, - 0xACF08162L, 0x5A75EBB5L, 0x6E163697L, 0x88D273CCL, - 0xDE966292L, 0x81B949D0L, 0x4C50901BL, 0x71C65614L, - 0xE6C6C7BDL, 0x327A140AL, 0x45E1D006L, 0xC3F27B9AL, - 0xC9AA53FDL, 0x62A80F00L, 0xBB25BFE2L, 0x35BDD2F6L, - 0x71126905L, 0xB2040222L, 0xB6CBCF7CL, 0xCD769C2BL, - 0x53113EC0L, 0x1640E3D3L, 0x38ABBD60L, 0x2547ADF0L, - 0xBA38209CL, 0xF746CE76L, 0x77AFA1C5L, 0x20756060L, - 0x85CBFE4EL, 0x8AE88DD8L, 0x7AAAF9B0L, 0x4CF9AA7EL, - 0x1948C25CL, 0x02FB8A8CL, 0x01C36AE4L, 0xD6EBE1F9L, - 0x90D4F869L, 0xA65CDEA0L, 0x3F09252DL, 0xC208E69FL, - 0xB74E6132L, 0xCE77E25BL, 0x578FDFE3L, 0x3AC372E6L } -}; - -#endif /* !MBEDTLS_BLOWFISH_ALT */ -#endif /* MBEDTLS_BLOWFISH_C */ diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 7f2338725..5776d5e45 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -36,10 +36,6 @@ #include "mbedtls/aes.h" #endif -#if defined(MBEDTLS_ARC4_C) -#include "mbedtls/arc4.h" -#endif - #if defined(MBEDTLS_CAMELLIA_C) #include "mbedtls/camellia.h" #endif @@ -52,10 +48,6 @@ #include "mbedtls/des.h" #endif -#if defined(MBEDTLS_BLOWFISH_C) -#include "mbedtls/blowfish.h" -#endif - #if defined(MBEDTLS_CHACHA20_C) #include "mbedtls/chacha20.h" #endif @@ -1674,225 +1666,6 @@ static const mbedtls_cipher_info_t des_ede3_cbc_info = { #endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_DES_C */ -#if defined(MBEDTLS_BLOWFISH_C) - -static int blowfish_crypt_ecb_wrap( void *ctx, mbedtls_operation_t operation, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_blowfish_crypt_ecb( (mbedtls_blowfish_context *) ctx, operation, input, - output ); -} - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -static int blowfish_crypt_cbc_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, unsigned char *iv, const unsigned char *input, - unsigned char *output ) -{ - return mbedtls_blowfish_crypt_cbc( (mbedtls_blowfish_context *) ctx, operation, length, iv, - input, output ); -} -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -static int blowfish_crypt_cfb64_wrap( void *ctx, mbedtls_operation_t operation, - size_t length, size_t *iv_off, unsigned char *iv, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_blowfish_crypt_cfb64( (mbedtls_blowfish_context *) ctx, operation, length, - iv_off, iv, input, output ); -} -#endif /* MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -static int blowfish_crypt_ctr_wrap( void *ctx, size_t length, size_t *nc_off, - unsigned char *nonce_counter, unsigned char *stream_block, - const unsigned char *input, unsigned char *output ) -{ - return mbedtls_blowfish_crypt_ctr( (mbedtls_blowfish_context *) ctx, length, nc_off, - nonce_counter, stream_block, input, output ); -} -#endif /* MBEDTLS_CIPHER_MODE_CTR */ - -static int blowfish_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - return mbedtls_blowfish_setkey( (mbedtls_blowfish_context *) ctx, key, key_bitlen ); -} - -static void * blowfish_ctx_alloc( void ) -{ - mbedtls_blowfish_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_blowfish_context ) ); - - if( ctx == NULL ) - return( NULL ); - - mbedtls_blowfish_init( ctx ); - - return( ctx ); -} - -static void blowfish_ctx_free( void *ctx ) -{ - mbedtls_blowfish_free( (mbedtls_blowfish_context *) ctx ); - mbedtls_free( ctx ); -} - -static const mbedtls_cipher_base_t blowfish_info = { - MBEDTLS_CIPHER_ID_BLOWFISH, - blowfish_crypt_ecb_wrap, -#if defined(MBEDTLS_CIPHER_MODE_CBC) - blowfish_crypt_cbc_wrap, -#endif -#if defined(MBEDTLS_CIPHER_MODE_CFB) - blowfish_crypt_cfb64_wrap, -#endif -#if defined(MBEDTLS_CIPHER_MODE_OFB) - NULL, -#endif -#if defined(MBEDTLS_CIPHER_MODE_CTR) - blowfish_crypt_ctr_wrap, -#endif -#if defined(MBEDTLS_CIPHER_MODE_XTS) - NULL, -#endif -#if defined(MBEDTLS_CIPHER_MODE_STREAM) - NULL, -#endif - blowfish_setkey_wrap, - blowfish_setkey_wrap, - blowfish_ctx_alloc, - blowfish_ctx_free -}; - -static const mbedtls_cipher_info_t blowfish_ecb_info = { - MBEDTLS_CIPHER_BLOWFISH_ECB, - MBEDTLS_MODE_ECB, - 128, - "BLOWFISH-ECB", - 0, - MBEDTLS_CIPHER_VARIABLE_KEY_LEN, - 8, - &blowfish_info -}; - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -static const mbedtls_cipher_info_t blowfish_cbc_info = { - MBEDTLS_CIPHER_BLOWFISH_CBC, - MBEDTLS_MODE_CBC, - 128, - "BLOWFISH-CBC", - 8, - MBEDTLS_CIPHER_VARIABLE_KEY_LEN, - 8, - &blowfish_info -}; -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -static const mbedtls_cipher_info_t blowfish_cfb64_info = { - MBEDTLS_CIPHER_BLOWFISH_CFB64, - MBEDTLS_MODE_CFB, - 128, - "BLOWFISH-CFB64", - 8, - MBEDTLS_CIPHER_VARIABLE_KEY_LEN, - 8, - &blowfish_info -}; -#endif /* MBEDTLS_CIPHER_MODE_CFB */ - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -static const mbedtls_cipher_info_t blowfish_ctr_info = { - MBEDTLS_CIPHER_BLOWFISH_CTR, - MBEDTLS_MODE_CTR, - 128, - "BLOWFISH-CTR", - 8, - MBEDTLS_CIPHER_VARIABLE_KEY_LEN, - 8, - &blowfish_info -}; -#endif /* MBEDTLS_CIPHER_MODE_CTR */ -#endif /* MBEDTLS_BLOWFISH_C */ - -#if defined(MBEDTLS_ARC4_C) -static int arc4_crypt_stream_wrap( void *ctx, size_t length, - const unsigned char *input, - unsigned char *output ) -{ - return( mbedtls_arc4_crypt( (mbedtls_arc4_context *) ctx, length, input, output ) ); -} - -static int arc4_setkey_wrap( void *ctx, const unsigned char *key, - unsigned int key_bitlen ) -{ - /* we get key_bitlen in bits, arc4 expects it in bytes */ - if( key_bitlen % 8 != 0 ) - return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); - - mbedtls_arc4_setup( (mbedtls_arc4_context *) ctx, key, key_bitlen / 8 ); - return( 0 ); -} - -static void * arc4_ctx_alloc( void ) -{ - mbedtls_arc4_context *ctx; - ctx = mbedtls_calloc( 1, sizeof( mbedtls_arc4_context ) ); - - if( ctx == NULL ) - return( NULL ); - - mbedtls_arc4_init( ctx ); - - return( ctx ); -} - -static void arc4_ctx_free( void *ctx ) -{ - mbedtls_arc4_free( (mbedtls_arc4_context *) ctx ); - mbedtls_free( ctx ); -} - -static const mbedtls_cipher_base_t arc4_base_info = { - MBEDTLS_CIPHER_ID_ARC4, - NULL, -#if defined(MBEDTLS_CIPHER_MODE_CBC) - NULL, -#endif -#if defined(MBEDTLS_CIPHER_MODE_CFB) - NULL, -#endif -#if defined(MBEDTLS_CIPHER_MODE_OFB) - NULL, -#endif -#if defined(MBEDTLS_CIPHER_MODE_CTR) - NULL, -#endif -#if defined(MBEDTLS_CIPHER_MODE_XTS) - NULL, -#endif -#if defined(MBEDTLS_CIPHER_MODE_STREAM) - arc4_crypt_stream_wrap, -#endif - arc4_setkey_wrap, - arc4_setkey_wrap, - arc4_ctx_alloc, - arc4_ctx_free -}; - -static const mbedtls_cipher_info_t arc4_128_info = { - MBEDTLS_CIPHER_ARC4_128, - MBEDTLS_MODE_STREAM, - 128, - "ARC4-128", - 0, - 0, - 1, - &arc4_base_info -}; -#endif /* MBEDTLS_ARC4_C */ - #if defined(MBEDTLS_CHACHA20_C) static int chacha20_setkey_wrap( void *ctx, const unsigned char *key, @@ -2285,23 +2058,6 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = #endif #endif /* MBEDTLS_AES_C */ -#if defined(MBEDTLS_ARC4_C) - { MBEDTLS_CIPHER_ARC4_128, &arc4_128_info }, -#endif - -#if defined(MBEDTLS_BLOWFISH_C) - { MBEDTLS_CIPHER_BLOWFISH_ECB, &blowfish_ecb_info }, -#if defined(MBEDTLS_CIPHER_MODE_CBC) - { MBEDTLS_CIPHER_BLOWFISH_CBC, &blowfish_cbc_info }, -#endif -#if defined(MBEDTLS_CIPHER_MODE_CFB) - { MBEDTLS_CIPHER_BLOWFISH_CFB64, &blowfish_cfb64_info }, -#endif -#if defined(MBEDTLS_CIPHER_MODE_CTR) - { MBEDTLS_CIPHER_BLOWFISH_CTR, &blowfish_ctr_info }, -#endif -#endif /* MBEDTLS_BLOWFISH_C */ - #if defined(MBEDTLS_CAMELLIA_C) { MBEDTLS_CIPHER_CAMELLIA_128_ECB, &camellia_128_ecb_info }, { MBEDTLS_CIPHER_CAMELLIA_192_ECB, &camellia_192_ecb_info }, diff --git a/library/md.c b/library/md.c index 53afbef53..a22878965 100644 --- a/library/md.c +++ b/library/md.c @@ -30,8 +30,6 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -#include "mbedtls/md2.h" -#include "mbedtls/md4.h" #include "mbedtls/md5.h" #include "mbedtls/ripemd160.h" #include "mbedtls/sha1.h" @@ -52,24 +50,6 @@ #include #endif -#if defined(MBEDTLS_MD2_C) -const mbedtls_md_info_t mbedtls_md2_info = { - "MD2", - MBEDTLS_MD_MD2, - 16, - 16, -}; -#endif - -#if defined(MBEDTLS_MD4_C) -const mbedtls_md_info_t mbedtls_md4_info = { - "MD4", - MBEDTLS_MD_MD4, - 16, - 64, -}; -#endif - #if defined(MBEDTLS_MD5_C) const mbedtls_md_info_t mbedtls_md5_info = { "MD5", @@ -165,14 +145,6 @@ static const int supported_digests[] = { MBEDTLS_MD_MD5, #endif -#if defined(MBEDTLS_MD4_C) - MBEDTLS_MD_MD4, -#endif - -#if defined(MBEDTLS_MD2_C) - MBEDTLS_MD_MD2, -#endif - MBEDTLS_MD_NONE }; @@ -187,14 +159,6 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name ) return( NULL ); /* Get the appropriate digest information */ -#if defined(MBEDTLS_MD2_C) - if( !strcmp( "MD2", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_MD2 ); -#endif -#if defined(MBEDTLS_MD4_C) - if( !strcmp( "MD4", md_name ) ) - return mbedtls_md_info_from_type( MBEDTLS_MD_MD4 ); -#endif #if defined(MBEDTLS_MD5_C) if( !strcmp( "MD5", md_name ) ) return mbedtls_md_info_from_type( MBEDTLS_MD_MD5 ); @@ -230,14 +194,6 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type ) { switch( md_type ) { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - return( &mbedtls_md2_info ); -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - return( &mbedtls_md4_info ); -#endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: return( &mbedtls_md5_info ); @@ -285,16 +241,6 @@ void mbedtls_md_free( mbedtls_md_context_t *ctx ) { switch( ctx->md_info->type ) { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - mbedtls_md2_free( ctx->md_ctx ); - break; -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - mbedtls_md4_free( ctx->md_ctx ); - break; -#endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: mbedtls_md5_free( ctx->md_ctx ); @@ -359,16 +305,6 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst, switch( src->md_info->type ) { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - mbedtls_md2_clone( dst->md_ctx, src->md_ctx ); - break; -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - mbedtls_md4_clone( dst->md_ctx, src->md_ctx ); - break; -#endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: mbedtls_md5_clone( dst->md_ctx, src->md_ctx ); @@ -431,16 +367,6 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf switch( md_info->type ) { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - ALLOC( md2 ); - break; -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - ALLOC( md4 ); - break; -#endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: ALLOC( md5 ); @@ -501,14 +427,6 @@ int mbedtls_md_starts( mbedtls_md_context_t *ctx ) switch( ctx->md_info->type ) { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - return( mbedtls_md2_starts( ctx->md_ctx ) ); -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - return( mbedtls_md4_starts( ctx->md_ctx ) ); -#endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: return( mbedtls_md5_starts( ctx->md_ctx ) ); @@ -549,14 +467,6 @@ int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, si switch( ctx->md_info->type ) { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - return( mbedtls_md2_update( ctx->md_ctx, input, ilen ) ); -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - return( mbedtls_md4_update( ctx->md_ctx, input, ilen ) ); -#endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: return( mbedtls_md5_update( ctx->md_ctx, input, ilen ) ); @@ -597,14 +507,6 @@ int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output ) switch( ctx->md_info->type ) { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - return( mbedtls_md2_finish( ctx->md_ctx, output ) ); -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - return( mbedtls_md4_finish( ctx->md_ctx, output ) ); -#endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: return( mbedtls_md5_finish( ctx->md_ctx, output ) ); @@ -646,14 +548,6 @@ int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, si switch( md_info->type ) { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - return( mbedtls_md2( input, ilen, output ) ); -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - return( mbedtls_md4( input, ilen, output ) ); -#endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: return( mbedtls_md5( input, ilen, output ) ); @@ -858,14 +752,6 @@ int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data ) switch( ctx->md_info->type ) { -#if defined(MBEDTLS_MD2_C) - case MBEDTLS_MD_MD2: - return( mbedtls_internal_md2_process( ctx->md_ctx ) ); -#endif -#if defined(MBEDTLS_MD4_C) - case MBEDTLS_MD_MD4: - return( mbedtls_internal_md4_process( ctx->md_ctx, data ) ); -#endif #if defined(MBEDTLS_MD5_C) case MBEDTLS_MD_MD5: return( mbedtls_internal_md5_process( ctx->md_ctx, data ) ); diff --git a/library/md2.c b/library/md2.c deleted file mode 100644 index e02c2f023..000000000 --- a/library/md2.c +++ /dev/null @@ -1,321 +0,0 @@ -/* - * RFC 1115/1319 compliant MD2 implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The MD2 algorithm was designed by Ron Rivest in 1989. - * - * http://www.ietf.org/rfc/rfc1115.txt - * http://www.ietf.org/rfc/rfc1319.txt - */ - -#include "common.h" - -#if defined(MBEDTLS_MD2_C) - -#include "mbedtls/md2.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/error.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#if !defined(MBEDTLS_MD2_ALT) - -static const unsigned char PI_SUBST[256] = -{ - 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, - 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3, - 0xC0, 0xC7, 0x73, 0x8C, 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, - 0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16, - 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, 0xBE, 0x4E, - 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E, - 0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, - 0x07, 0x3F, 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, - 0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E, - 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, 0xFF, 0x19, 0x30, 0xB3, - 0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, - 0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, - 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D, - 0x70, 0x59, 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65, - 0xE6, 0x2D, 0xA8, 0x02, 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, - 0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F, - 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, 0xC3, 0x5C, - 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E, - 0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, - 0x4D, 0x52, 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, - 0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88, - 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, 0xE9, 0xCB, 0xD5, 0xFE, - 0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, - 0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, - 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99, - 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14 -}; - -void mbedtls_md2_init( mbedtls_md2_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_md2_context ) ); -} - -void mbedtls_md2_free( mbedtls_md2_context *ctx ) -{ - if( ctx == NULL ) - return; - - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md2_context ) ); -} - -void mbedtls_md2_clone( mbedtls_md2_context *dst, - const mbedtls_md2_context *src ) -{ - *dst = *src; -} - -/* - * MD2 context setup - */ -int mbedtls_md2_starts( mbedtls_md2_context *ctx ) -{ - memset( ctx->cksum, 0, 16 ); - memset( ctx->state, 0, 46 ); - memset( ctx->buffer, 0, 16 ); - ctx->left = 0; - - return( 0 ); -} - -#if !defined(MBEDTLS_MD2_PROCESS_ALT) -int mbedtls_internal_md2_process( mbedtls_md2_context *ctx ) -{ - int i, j; - unsigned char t = 0; - - for( i = 0; i < 16; i++ ) - { - ctx->state[i + 16] = ctx->buffer[i]; - ctx->state[i + 32] = - (unsigned char)( ctx->buffer[i] ^ ctx->state[i]); - } - - for( i = 0; i < 18; i++ ) - { - for( j = 0; j < 48; j++ ) - { - ctx->state[j] = (unsigned char) - ( ctx->state[j] ^ PI_SUBST[t] ); - t = ctx->state[j]; - } - - t = (unsigned char)( t + i ); - } - - t = ctx->cksum[15]; - - for( i = 0; i < 16; i++ ) - { - ctx->cksum[i] = (unsigned char) - ( ctx->cksum[i] ^ PI_SUBST[ctx->buffer[i] ^ t] ); - t = ctx->cksum[i]; - } - - /* Zeroise variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &t, sizeof( t ) ); - - return( 0 ); -} - -#endif /* !MBEDTLS_MD2_PROCESS_ALT */ - -/* - * MD2 process buffer - */ -int mbedtls_md2_update( mbedtls_md2_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t fill; - - while( ilen > 0 ) - { - if( ilen > 16 - ctx->left ) - fill = 16 - ctx->left; - else - fill = ilen; - - memcpy( ctx->buffer + ctx->left, input, fill ); - - ctx->left += fill; - input += fill; - ilen -= fill; - - if( ctx->left == 16 ) - { - ctx->left = 0; - if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) - return( ret ); - } - } - - return( 0 ); -} - -/* - * MD2 final digest - */ -int mbedtls_md2_finish( mbedtls_md2_context *ctx, - unsigned char output[16] ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - unsigned char x; - - x = (unsigned char)( 16 - ctx->left ); - - for( i = ctx->left; i < 16; i++ ) - ctx->buffer[i] = x; - - if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) - return( ret ); - - memcpy( ctx->buffer, ctx->cksum, 16 ); - if( ( ret = mbedtls_internal_md2_process( ctx ) ) != 0 ) - return( ret ); - - memcpy( output, ctx->state, 16 ); - - return( 0 ); -} - -#endif /* !MBEDTLS_MD2_ALT */ - -/* - * output = MD2( input buffer ) - */ -int mbedtls_md2( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md2_context ctx; - - mbedtls_md2_init( &ctx ); - - if( ( ret = mbedtls_md2_starts( &ctx ) ) != 0 ) - goto exit; - - if( ( ret = mbedtls_md2_update( &ctx, input, ilen ) ) != 0 ) - goto exit; - - if( ( ret = mbedtls_md2_finish( &ctx, output ) ) != 0 ) - goto exit; - -exit: - mbedtls_md2_free( &ctx ); - - return( ret ); -} - -#if defined(MBEDTLS_SELF_TEST) - -/* - * RFC 1319 test vectors - */ -static const unsigned char md2_test_str[7][81] = -{ - { "" }, - { "a" }, - { "abc" }, - { "message digest" }, - { "abcdefghijklmnopqrstuvwxyz" }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } -}; - -static const size_t md2_test_strlen[7] = -{ - 0, 1, 3, 14, 26, 62, 80 -}; - -static const unsigned char md2_test_sum[7][16] = -{ - { 0x83, 0x50, 0xE5, 0xA3, 0xE2, 0x4C, 0x15, 0x3D, - 0xF2, 0x27, 0x5C, 0x9F, 0x80, 0x69, 0x27, 0x73 }, - { 0x32, 0xEC, 0x01, 0xEC, 0x4A, 0x6D, 0xAC, 0x72, - 0xC0, 0xAB, 0x96, 0xFB, 0x34, 0xC0, 0xB5, 0xD1 }, - { 0xDA, 0x85, 0x3B, 0x0D, 0x3F, 0x88, 0xD9, 0x9B, - 0x30, 0x28, 0x3A, 0x69, 0xE6, 0xDE, 0xD6, 0xBB }, - { 0xAB, 0x4F, 0x49, 0x6B, 0xFB, 0x2A, 0x53, 0x0B, - 0x21, 0x9F, 0xF3, 0x30, 0x31, 0xFE, 0x06, 0xB0 }, - { 0x4E, 0x8D, 0xDF, 0xF3, 0x65, 0x02, 0x92, 0xAB, - 0x5A, 0x41, 0x08, 0xC3, 0xAA, 0x47, 0x94, 0x0B }, - { 0xDA, 0x33, 0xDE, 0xF2, 0xA4, 0x2D, 0xF1, 0x39, - 0x75, 0x35, 0x28, 0x46, 0xC3, 0x03, 0x38, 0xCD }, - { 0xD5, 0x97, 0x6F, 0x79, 0xD8, 0x3D, 0x3A, 0x0D, - 0xC9, 0x80, 0x6C, 0x3C, 0x66, 0xF3, 0xEF, 0xD8 } -}; - -/* - * Checkup routine - */ -int mbedtls_md2_self_test( int verbose ) -{ - int i, ret = 0; - unsigned char md2sum[16]; - - for( i = 0; i < 7; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " MD2 test #%d: ", i + 1 ); - - ret = mbedtls_md2( md2_test_str[i], md2_test_strlen[i], md2sum ); - if( ret != 0 ) - goto fail; - - if( memcmp( md2sum, md2_test_sum[i], 16 ) != 0 ) - { - ret = 1; - goto fail; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - - return( 0 ); - -fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( ret ); -} - -#endif /* MBEDTLS_SELF_TEST */ - -#endif /* MBEDTLS_MD2_C */ diff --git a/library/md4.c b/library/md4.c deleted file mode 100644 index f5f330253..000000000 --- a/library/md4.c +++ /dev/null @@ -1,444 +0,0 @@ -/* - * RFC 1186/1320 compliant MD4 implementation - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * The MD4 algorithm was designed by Ron Rivest in 1990. - * - * http://www.ietf.org/rfc/rfc1186.txt - * http://www.ietf.org/rfc/rfc1320.txt - */ - -#include "common.h" - -#if defined(MBEDTLS_MD4_C) - -#include "mbedtls/md4.h" -#include "mbedtls/platform_util.h" -#include "mbedtls/error.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#if !defined(MBEDTLS_MD4_ALT) - -/* - * 32-bit integer manipulation macros (little endian) - */ -#ifndef GET_UINT32_LE -#define GET_UINT32_LE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] ) \ - | ( (uint32_t) (b)[(i) + 1] << 8 ) \ - | ( (uint32_t) (b)[(i) + 2] << 16 ) \ - | ( (uint32_t) (b)[(i) + 3] << 24 ); \ -} -#endif - -#ifndef PUT_UINT32_LE -#define PUT_UINT32_LE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \ - (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \ - (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \ - (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \ -} -#endif - -void mbedtls_md4_init( mbedtls_md4_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_md4_context ) ); -} - -void mbedtls_md4_free( mbedtls_md4_context *ctx ) -{ - if( ctx == NULL ) - return; - - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_md4_context ) ); -} - -void mbedtls_md4_clone( mbedtls_md4_context *dst, - const mbedtls_md4_context *src ) -{ - *dst = *src; -} - -/* - * MD4 context setup - */ -int mbedtls_md4_starts( mbedtls_md4_context *ctx ) -{ - ctx->total[0] = 0; - ctx->total[1] = 0; - - ctx->state[0] = 0x67452301; - ctx->state[1] = 0xEFCDAB89; - ctx->state[2] = 0x98BADCFE; - ctx->state[3] = 0x10325476; - - return( 0 ); -} - -#if !defined(MBEDTLS_MD4_PROCESS_ALT) -int mbedtls_internal_md4_process( mbedtls_md4_context *ctx, - const unsigned char data[64] ) -{ - struct - { - uint32_t X[16], A, B, C, D; - } local; - - GET_UINT32_LE( local.X[ 0], data, 0 ); - GET_UINT32_LE( local.X[ 1], data, 4 ); - GET_UINT32_LE( local.X[ 2], data, 8 ); - GET_UINT32_LE( local.X[ 3], data, 12 ); - GET_UINT32_LE( local.X[ 4], data, 16 ); - GET_UINT32_LE( local.X[ 5], data, 20 ); - GET_UINT32_LE( local.X[ 6], data, 24 ); - GET_UINT32_LE( local.X[ 7], data, 28 ); - GET_UINT32_LE( local.X[ 8], data, 32 ); - GET_UINT32_LE( local.X[ 9], data, 36 ); - GET_UINT32_LE( local.X[10], data, 40 ); - GET_UINT32_LE( local.X[11], data, 44 ); - GET_UINT32_LE( local.X[12], data, 48 ); - GET_UINT32_LE( local.X[13], data, 52 ); - GET_UINT32_LE( local.X[14], data, 56 ); - GET_UINT32_LE( local.X[15], data, 60 ); - -#define S(x,n) (((x) << (n)) | (((x) & 0xFFFFFFFF) >> (32 - (n)))) - - local.A = ctx->state[0]; - local.B = ctx->state[1]; - local.C = ctx->state[2]; - local.D = ctx->state[3]; - -#define F(x, y, z) (((x) & (y)) | ((~(x)) & (z))) -#define P(a,b,c,d,x,s) \ - do \ - { \ - (a) += F((b),(c),(d)) + (x); \ - (a) = S((a),(s)); \ - } while( 0 ) - - - P( local.A, local.B, local.C, local.D, local.X[ 0], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 1], 7 ); - P( local.C, local.D, local.A, local.B, local.X[ 2], 11 ); - P( local.B, local.C, local.D, local.A, local.X[ 3], 19 ); - P( local.A, local.B, local.C, local.D, local.X[ 4], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 5], 7 ); - P( local.C, local.D, local.A, local.B, local.X[ 6], 11 ); - P( local.B, local.C, local.D, local.A, local.X[ 7], 19 ); - P( local.A, local.B, local.C, local.D, local.X[ 8], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 9], 7 ); - P( local.C, local.D, local.A, local.B, local.X[10], 11 ); - P( local.B, local.C, local.D, local.A, local.X[11], 19 ); - P( local.A, local.B, local.C, local.D, local.X[12], 3 ); - P( local.D, local.A, local.B, local.C, local.X[13], 7 ); - P( local.C, local.D, local.A, local.B, local.X[14], 11 ); - P( local.B, local.C, local.D, local.A, local.X[15], 19 ); - -#undef P -#undef F - -#define F(x,y,z) (((x) & (y)) | ((x) & (z)) | ((y) & (z))) -#define P(a,b,c,d,x,s) \ - do \ - { \ - (a) += F((b),(c),(d)) + (x) + 0x5A827999; \ - (a) = S((a),(s)); \ - } while( 0 ) - - P( local.A, local.B, local.C, local.D, local.X[ 0], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 4], 5 ); - P( local.C, local.D, local.A, local.B, local.X[ 8], 9 ); - P( local.B, local.C, local.D, local.A, local.X[12], 13 ); - P( local.A, local.B, local.C, local.D, local.X[ 1], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 5], 5 ); - P( local.C, local.D, local.A, local.B, local.X[ 9], 9 ); - P( local.B, local.C, local.D, local.A, local.X[13], 13 ); - P( local.A, local.B, local.C, local.D, local.X[ 2], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 6], 5 ); - P( local.C, local.D, local.A, local.B, local.X[10], 9 ); - P( local.B, local.C, local.D, local.A, local.X[14], 13 ); - P( local.A, local.B, local.C, local.D, local.X[ 3], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 7], 5 ); - P( local.C, local.D, local.A, local.B, local.X[11], 9 ); - P( local.B, local.C, local.D, local.A, local.X[15], 13 ); - -#undef P -#undef F - -#define F(x,y,z) ((x) ^ (y) ^ (z)) -#define P(a,b,c,d,x,s) \ - do \ - { \ - (a) += F((b),(c),(d)) + (x) + 0x6ED9EBA1; \ - (a) = S((a),(s)); \ - } while( 0 ) - - P( local.A, local.B, local.C, local.D, local.X[ 0], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 8], 9 ); - P( local.C, local.D, local.A, local.B, local.X[ 4], 11 ); - P( local.B, local.C, local.D, local.A, local.X[12], 15 ); - P( local.A, local.B, local.C, local.D, local.X[ 2], 3 ); - P( local.D, local.A, local.B, local.C, local.X[10], 9 ); - P( local.C, local.D, local.A, local.B, local.X[ 6], 11 ); - P( local.B, local.C, local.D, local.A, local.X[14], 15 ); - P( local.A, local.B, local.C, local.D, local.X[ 1], 3 ); - P( local.D, local.A, local.B, local.C, local.X[ 9], 9 ); - P( local.C, local.D, local.A, local.B, local.X[ 5], 11 ); - P( local.B, local.C, local.D, local.A, local.X[13], 15 ); - P( local.A, local.B, local.C, local.D, local.X[ 3], 3 ); - P( local.D, local.A, local.B, local.C, local.X[11], 9 ); - P( local.C, local.D, local.A, local.B, local.X[ 7], 11 ); - P( local.B, local.C, local.D, local.A, local.X[15], 15 ); - -#undef F -#undef P - - ctx->state[0] += local.A; - ctx->state[1] += local.B; - ctx->state[2] += local.C; - ctx->state[3] += local.D; - - /* Zeroise variables to clear sensitive data from memory. */ - mbedtls_platform_zeroize( &local, sizeof( local ) ); - - return( 0 ); -} - -#endif /* !MBEDTLS_MD4_PROCESS_ALT */ - -/* - * MD4 process buffer - */ -int mbedtls_md4_update( mbedtls_md4_context *ctx, - const unsigned char *input, - size_t ilen ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t fill; - uint32_t left; - - if( ilen == 0 ) - return( 0 ); - - left = ctx->total[0] & 0x3F; - fill = 64 - left; - - ctx->total[0] += (uint32_t) ilen; - ctx->total[0] &= 0xFFFFFFFF; - - if( ctx->total[0] < (uint32_t) ilen ) - ctx->total[1]++; - - if( left && ilen >= fill ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, fill ); - - if( ( ret = mbedtls_internal_md4_process( ctx, ctx->buffer ) ) != 0 ) - return( ret ); - - input += fill; - ilen -= fill; - left = 0; - } - - while( ilen >= 64 ) - { - if( ( ret = mbedtls_internal_md4_process( ctx, input ) ) != 0 ) - return( ret ); - - input += 64; - ilen -= 64; - } - - if( ilen > 0 ) - { - memcpy( (void *) (ctx->buffer + left), - (void *) input, ilen ); - } - - return( 0 ); -} - -static const unsigned char md4_padding[64] = -{ - 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 -}; - -/* - * MD4 final digest - */ -int mbedtls_md4_finish( mbedtls_md4_context *ctx, - unsigned char output[16] ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - uint32_t last, padn; - uint32_t high, low; - unsigned char msglen[8]; - - high = ( ctx->total[0] >> 29 ) - | ( ctx->total[1] << 3 ); - low = ( ctx->total[0] << 3 ); - - PUT_UINT32_LE( low, msglen, 0 ); - PUT_UINT32_LE( high, msglen, 4 ); - - last = ctx->total[0] & 0x3F; - padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); - - ret = mbedtls_md4_update( ctx, (unsigned char *)md4_padding, padn ); - if( ret != 0 ) - return( ret ); - - if( ( ret = mbedtls_md4_update( ctx, msglen, 8 ) ) != 0 ) - return( ret ); - - - PUT_UINT32_LE( ctx->state[0], output, 0 ); - PUT_UINT32_LE( ctx->state[1], output, 4 ); - PUT_UINT32_LE( ctx->state[2], output, 8 ); - PUT_UINT32_LE( ctx->state[3], output, 12 ); - - return( 0 ); -} - -#endif /* !MBEDTLS_MD4_ALT */ - -/* - * output = MD4( input buffer ) - */ -int mbedtls_md4( const unsigned char *input, - size_t ilen, - unsigned char output[16] ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md4_context ctx; - - mbedtls_md4_init( &ctx ); - - if( ( ret = mbedtls_md4_starts( &ctx ) ) != 0 ) - goto exit; - - if( ( ret = mbedtls_md4_update( &ctx, input, ilen ) ) != 0 ) - goto exit; - - if( ( ret = mbedtls_md4_finish( &ctx, output ) ) != 0 ) - goto exit; - -exit: - mbedtls_md4_free( &ctx ); - - return( ret ); -} - -#if defined(MBEDTLS_SELF_TEST) - -/* - * RFC 1320 test vectors - */ -static const unsigned char md4_test_str[7][81] = -{ - { "" }, - { "a" }, - { "abc" }, - { "message digest" }, - { "abcdefghijklmnopqrstuvwxyz" }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" }, - { "12345678901234567890123456789012345678901234567890123456789012345678901234567890" } -}; - -static const size_t md4_test_strlen[7] = -{ - 0, 1, 3, 14, 26, 62, 80 -}; - -static const unsigned char md4_test_sum[7][16] = -{ - { 0x31, 0xD6, 0xCF, 0xE0, 0xD1, 0x6A, 0xE9, 0x31, - 0xB7, 0x3C, 0x59, 0xD7, 0xE0, 0xC0, 0x89, 0xC0 }, - { 0xBD, 0xE5, 0x2C, 0xB3, 0x1D, 0xE3, 0x3E, 0x46, - 0x24, 0x5E, 0x05, 0xFB, 0xDB, 0xD6, 0xFB, 0x24 }, - { 0xA4, 0x48, 0x01, 0x7A, 0xAF, 0x21, 0xD8, 0x52, - 0x5F, 0xC1, 0x0A, 0xE8, 0x7A, 0xA6, 0x72, 0x9D }, - { 0xD9, 0x13, 0x0A, 0x81, 0x64, 0x54, 0x9F, 0xE8, - 0x18, 0x87, 0x48, 0x06, 0xE1, 0xC7, 0x01, 0x4B }, - { 0xD7, 0x9E, 0x1C, 0x30, 0x8A, 0xA5, 0xBB, 0xCD, - 0xEE, 0xA8, 0xED, 0x63, 0xDF, 0x41, 0x2D, 0xA9 }, - { 0x04, 0x3F, 0x85, 0x82, 0xF2, 0x41, 0xDB, 0x35, - 0x1C, 0xE6, 0x27, 0xE1, 0x53, 0xE7, 0xF0, 0xE4 }, - { 0xE3, 0x3B, 0x4D, 0xDC, 0x9C, 0x38, 0xF2, 0x19, - 0x9C, 0x3E, 0x7B, 0x16, 0x4F, 0xCC, 0x05, 0x36 } -}; - -/* - * Checkup routine - */ -int mbedtls_md4_self_test( int verbose ) -{ - int i, ret = 0; - unsigned char md4sum[16]; - - for( i = 0; i < 7; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " MD4 test #%d: ", i + 1 ); - - ret = mbedtls_md4( md4_test_str[i], md4_test_strlen[i], md4sum ); - if( ret != 0 ) - goto fail; - - if( memcmp( md4sum, md4_test_sum[i], 16 ) != 0 ) - { - ret = 1; - goto fail; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - - return( 0 ); - -fail: - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( ret ); -} - -#endif /* MBEDTLS_SELF_TEST */ - -#endif /* MBEDTLS_MD4_C */ diff --git a/library/md_wrap.h b/library/md_wrap.h index 51655f940..cfd418a9b 100644 --- a/library/md_wrap.h +++ b/library/md_wrap.h @@ -57,12 +57,6 @@ struct mbedtls_md_info_t unsigned char block_size; }; -#if defined(MBEDTLS_MD2_C) -extern const mbedtls_md_info_t mbedtls_md2_info; -#endif -#if defined(MBEDTLS_MD4_C) -extern const mbedtls_md_info_t mbedtls_md4_info; -#endif #if defined(MBEDTLS_MD5_C) extern const mbedtls_md_info_t mbedtls_md5_info; #endif diff --git a/library/oid.c b/library/oid.c index c4a4df9a1..f70ceea56 100644 --- a/library/oid.c +++ b/library/oid.c @@ -340,18 +340,6 @@ typedef struct { static const oid_sig_alg_t oid_sig_alg[] = { #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_MD2_C) - { - OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD2, "md2WithRSAEncryption", "RSA with MD2" ), - MBEDTLS_MD_MD2, MBEDTLS_PK_RSA, - }, -#endif /* MBEDTLS_MD2_C */ -#if defined(MBEDTLS_MD4_C) - { - OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD4, "md4WithRSAEncryption", "RSA with MD4" ), - MBEDTLS_MD_MD4, MBEDTLS_PK_RSA, - }, -#endif /* MBEDTLS_MD4_C */ #if defined(MBEDTLS_MD5_C) { OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5" ), @@ -609,18 +597,6 @@ typedef struct { static const oid_md_alg_t oid_md_alg[] = { -#if defined(MBEDTLS_MD2_C) - { - OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD2, "id-md2", "MD2" ), - MBEDTLS_MD_MD2, - }, -#endif /* MBEDTLS_MD2_C */ -#if defined(MBEDTLS_MD4_C) - { - OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD4, "id-md4", "MD4" ), - MBEDTLS_MD_MD4, - }, -#endif /* MBEDTLS_MD4_C */ #if defined(MBEDTLS_MD5_C) { OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5" ), diff --git a/library/pkcs12.c b/library/pkcs12.c index 9823d963c..04b1a6dab 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -35,10 +35,6 @@ #include -#if defined(MBEDTLS_ARC4_C) -#include "mbedtls/arc4.h" -#endif - #if defined(MBEDTLS_DES_C) #include "mbedtls/des.h" #endif @@ -125,47 +121,6 @@ static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_ty #undef PKCS12_MAX_PWDLEN -int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, - const unsigned char *pwd, size_t pwdlen, - const unsigned char *data, size_t len, - unsigned char *output ) -{ -#if !defined(MBEDTLS_ARC4_C) - ((void) pbe_params); - ((void) mode); - ((void) pwd); - ((void) pwdlen); - ((void) data); - ((void) len); - ((void) output); - return( MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE ); -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - unsigned char key[16]; - mbedtls_arc4_context ctx; - ((void) mode); - - mbedtls_arc4_init( &ctx ); - - if( ( ret = pkcs12_pbe_derive_key_iv( pbe_params, MBEDTLS_MD_SHA1, - pwd, pwdlen, - key, 16, NULL, 0 ) ) != 0 ) - { - return( ret ); - } - - mbedtls_arc4_setup( &ctx, key, 16 ); - if( ( ret = mbedtls_arc4_crypt( &ctx, len, data, output ) ) != 0 ) - goto exit; - -exit: - mbedtls_platform_zeroize( key, sizeof( key ) ); - mbedtls_arc4_free( &ctx ); - - return( ret ); -#endif /* MBEDTLS_ARC4_C */ -} - int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, const unsigned char *pwd, size_t pwdlen, diff --git a/library/pkparse.c b/library/pkparse.c index 3222ca20f..52b9ecc9c 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1163,24 +1163,6 @@ static int pk_parse_key_pkcs8_encrypted_der( decrypted = 1; } - else if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) == 0 ) - { - if( ( ret = mbedtls_pkcs12_pbe_sha1_rc4_128( &pbe_params, - MBEDTLS_PKCS12_PBE_DECRYPT, - pwd, pwdlen, - p, len, buf ) ) != 0 ) - { - return( ret ); - } - - // Best guess for password mismatch when using RC4. If first tag is - // not MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE - // - if( *buf != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERR_PK_PASSWORD_MISMATCH ); - - decrypted = 1; - } else #endif /* MBEDTLS_PKCS12_C */ #if defined(MBEDTLS_PKCS5_C) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 7921eb231..8416aa76e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -58,11 +58,9 @@ #endif #include "mbedtls/aes.h" -#include "mbedtls/arc4.h" #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "mbedtls/bignum.h" -#include "mbedtls/blowfish.h" #include "mbedtls/camellia.h" #include "mbedtls/chacha20.h" #include "mbedtls/chachapoly.h" @@ -75,8 +73,6 @@ #include "mbedtls/entropy.h" #include "mbedtls/error.h" #include "mbedtls/gcm.h" -#include "mbedtls/md2.h" -#include "mbedtls/md4.h" #include "mbedtls/md5.h" #include "mbedtls/md.h" #include "md_wrap.h" @@ -89,7 +85,6 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#include "mbedtls/xtea.h" #define ARRAY_LENGTH( array ) ( sizeof( array ) / sizeof( *( array ) ) ) @@ -150,12 +145,6 @@ psa_status_t mbedtls_to_psa_error( int ret ) case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL: return( PSA_ERROR_BUFFER_TOO_SMALL ); -#if defined(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA) - case MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA: -#endif - case MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH: - return( PSA_ERROR_NOT_SUPPORTED ); - #if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA: #endif @@ -302,9 +291,6 @@ psa_status_t mbedtls_to_psa_error( int ret ) case MBEDTLS_ERR_RSA_RNG_FAILED: return( PSA_ERROR_INSUFFICIENT_ENTROPY ); - case MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH: - return( PSA_ERROR_INVALID_ARGUMENT ); - case MBEDTLS_ERR_ECP_BAD_INPUT_DATA: case MBEDTLS_ERR_ECP_INVALID_KEY: return( PSA_ERROR_INVALID_ARGUMENT ); @@ -478,12 +464,6 @@ static psa_status_t validate_unstructured_key_bit_size( psa_key_type_t type, return( PSA_ERROR_INVALID_ARGUMENT ); break; #endif -#if defined(PSA_WANT_KEY_TYPE_ARC4) - case PSA_KEY_TYPE_ARC4: - if( bits < 8 || bits > 2048 ) - return( PSA_ERROR_INVALID_ARGUMENT ); - break; -#endif #if defined(PSA_WANT_KEY_TYPE_CHACHA20) case PSA_KEY_TYPE_CHACHA20: if( bits != 256 ) diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c index 4992a6e8e..a65e88492 100644 --- a/library/psa_crypto_cipher.c +++ b/library/psa_crypto_cipher.c @@ -131,9 +131,6 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( case PSA_KEY_TYPE_CAMELLIA: cipher_id_tmp = MBEDTLS_CIPHER_ID_CAMELLIA; break; - case PSA_KEY_TYPE_ARC4: - cipher_id_tmp = MBEDTLS_CIPHER_ID_ARC4; - break; case PSA_KEY_TYPE_CHACHA20: cipher_id_tmp = MBEDTLS_CIPHER_ID_CHACHA20; break; diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c index 6471f82a8..92dcbba96 100644 --- a/library/psa_crypto_hash.c +++ b/library/psa_crypto_hash.c @@ -31,14 +31,6 @@ /* Use builtin defines specific to this compilation unit, since the test driver * relies on the software driver. */ -#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD2) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD2) ) ) -#define BUILTIN_ALG_MD2 1 -#endif -#if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD4) || \ - ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD4) ) ) -#define BUILTIN_ALG_MD4 1 -#endif #if( defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \ ( defined(PSA_CRYPTO_DRIVER_TEST) && defined(MBEDTLS_PSA_ACCEL_ALG_MD5) ) ) #define BUILTIN_ALG_MD5 1 @@ -76,14 +68,6 @@ const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg ) { switch( alg ) { -#if defined(MBEDTLS_MD2_C) - case PSA_ALG_MD2: - return( &mbedtls_md2_info ); -#endif -#if defined(MBEDTLS_MD4_C) - case PSA_ALG_MD4: - return( &mbedtls_md4_info ); -#endif #if defined(MBEDTLS_MD5_C) case PSA_ALG_MD5: return( &mbedtls_md5_info ); @@ -134,16 +118,6 @@ static psa_status_t hash_abort( * in use. It's ok to call abort on such an object, and there's * nothing to do. */ break; -#if defined(BUILTIN_ALG_MD2) - case PSA_ALG_MD2: - mbedtls_md2_free( &operation->ctx.md2 ); - break; -#endif -#if defined(BUILTIN_ALG_MD4) - case PSA_ALG_MD4: - mbedtls_md4_free( &operation->ctx.md4 ); - break; -#endif #if defined(BUILTIN_ALG_MD5) case PSA_ALG_MD5: mbedtls_md5_free( &operation->ctx.md5 ); @@ -200,18 +174,6 @@ static psa_status_t hash_setup( switch( alg ) { -#if defined(BUILTIN_ALG_MD2) - case PSA_ALG_MD2: - mbedtls_md2_init( &operation->ctx.md2 ); - ret = mbedtls_md2_starts( &operation->ctx.md2 ); - break; -#endif -#if defined(BUILTIN_ALG_MD4) - case PSA_ALG_MD4: - mbedtls_md4_init( &operation->ctx.md4 ); - ret = mbedtls_md4_starts( &operation->ctx.md4 ); - break; -#endif #if defined(BUILTIN_ALG_MD5) case PSA_ALG_MD5: mbedtls_md5_init( &operation->ctx.md5 ); @@ -274,18 +236,6 @@ static psa_status_t hash_clone( { case 0: return( PSA_ERROR_BAD_STATE ); -#if defined(BUILTIN_ALG_MD2) - case PSA_ALG_MD2: - mbedtls_md2_clone( &target_operation->ctx.md2, - &source_operation->ctx.md2 ); - break; -#endif -#if defined(BUILTIN_ALG_MD4) - case PSA_ALG_MD4: - mbedtls_md4_clone( &target_operation->ctx.md4, - &source_operation->ctx.md4 ); - break; -#endif #if defined(BUILTIN_ALG_MD5) case PSA_ALG_MD5: mbedtls_md5_clone( &target_operation->ctx.md5, @@ -347,18 +297,6 @@ static psa_status_t hash_update( switch( operation->alg ) { -#if defined(BUILTIN_ALG_MD2) - case PSA_ALG_MD2: - ret = mbedtls_md2_update( &operation->ctx.md2, - input, input_length ); - break; -#endif -#if defined(BUILTIN_ALG_MD4) - case PSA_ALG_MD4: - ret = mbedtls_md4_update( &operation->ctx.md4, - input, input_length ); - break; -#endif #if defined(BUILTIN_ALG_MD5) case PSA_ALG_MD5: ret = mbedtls_md5_update( &operation->ctx.md5, @@ -437,16 +375,6 @@ static psa_status_t hash_finish( switch( operation->alg ) { -#if defined(BUILTIN_ALG_MD2) - case PSA_ALG_MD2: - ret = mbedtls_md2_finish( &operation->ctx.md2, hash ); - break; -#endif -#if defined(BUILTIN_ALG_MD4) - case PSA_ALG_MD4: - ret = mbedtls_md4_finish( &operation->ctx.md4, hash ); - break; -#endif #if defined(BUILTIN_ALG_MD5) case PSA_ALG_MD5: ret = mbedtls_md5_finish( &operation->ctx.md5, hash ); @@ -587,14 +515,6 @@ static int is_hash_accelerated( psa_algorithm_t alg ) { switch( alg ) { -#if defined(MBEDTLS_PSA_ACCEL_ALG_MD2) - case PSA_ALG_MD2: - return( 1 ); -#endif -#if defined(MBEDTLS_PSA_ACCEL_ALG_MD4) - case PSA_ALG_MD4: - return( 1 ); -#endif #if defined(MBEDTLS_PSA_ACCEL_ALG_MD5) case PSA_ALG_MD5: return( 1 ); diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 20c56a021..adcc191e8 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -46,10 +46,6 @@ static size_t psa_get_hash_block_size( psa_algorithm_t alg ) { switch( alg ) { - case PSA_ALG_MD2: - return( 16 ); - case PSA_ALG_MD4: - return( 64 ); case PSA_ALG_MD5: return( 64 ); case PSA_ALG_RIPEMD160: diff --git a/library/xtea.c b/library/xtea.c deleted file mode 100644 index 4b8c9c077..000000000 --- a/library/xtea.c +++ /dev/null @@ -1,271 +0,0 @@ -/* - * An 32-bit implementation of the XTEA algorithm - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "common.h" - -#if defined(MBEDTLS_XTEA_C) - -#include "mbedtls/xtea.h" -#include "mbedtls/platform_util.h" - -#include - -#if defined(MBEDTLS_SELF_TEST) -#if defined(MBEDTLS_PLATFORM_C) -#include "mbedtls/platform.h" -#else -#include -#define mbedtls_printf printf -#endif /* MBEDTLS_PLATFORM_C */ -#endif /* MBEDTLS_SELF_TEST */ - -#if !defined(MBEDTLS_XTEA_ALT) - -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} -#endif - -void mbedtls_xtea_init( mbedtls_xtea_context *ctx ) -{ - memset( ctx, 0, sizeof( mbedtls_xtea_context ) ); -} - -void mbedtls_xtea_free( mbedtls_xtea_context *ctx ) -{ - if( ctx == NULL ) - return; - - mbedtls_platform_zeroize( ctx, sizeof( mbedtls_xtea_context ) ); -} - -/* - * XTEA key schedule - */ -void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] ) -{ - int i; - - memset( ctx, 0, sizeof(mbedtls_xtea_context) ); - - for( i = 0; i < 4; i++ ) - { - GET_UINT32_BE( ctx->k[i], key, i << 2 ); - } -} - -/* - * XTEA encrypt function - */ -int mbedtls_xtea_crypt_ecb( mbedtls_xtea_context *ctx, int mode, - const unsigned char input[8], unsigned char output[8]) -{ - uint32_t *k, v0, v1, i; - - k = ctx->k; - - GET_UINT32_BE( v0, input, 0 ); - GET_UINT32_BE( v1, input, 4 ); - - if( mode == MBEDTLS_XTEA_ENCRYPT ) - { - uint32_t sum = 0, delta = 0x9E3779B9; - - for( i = 0; i < 32; i++ ) - { - v0 += (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]); - sum += delta; - v1 += (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]); - } - } - else /* MBEDTLS_XTEA_DECRYPT */ - { - uint32_t delta = 0x9E3779B9, sum = delta * 32; - - for( i = 0; i < 32; i++ ) - { - v1 -= (((v0 << 4) ^ (v0 >> 5)) + v0) ^ (sum + k[(sum>>11) & 3]); - sum -= delta; - v0 -= (((v1 << 4) ^ (v1 >> 5)) + v1) ^ (sum + k[sum & 3]); - } - } - - PUT_UINT32_BE( v0, output, 0 ); - PUT_UINT32_BE( v1, output, 4 ); - - return( 0 ); -} - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -/* - * XTEA-CBC buffer encryption/decryption - */ -int mbedtls_xtea_crypt_cbc( mbedtls_xtea_context *ctx, int mode, size_t length, - unsigned char iv[8], const unsigned char *input, - unsigned char *output) -{ - int i; - unsigned char temp[8]; - - if( length % 8 ) - return( MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH ); - - if( mode == MBEDTLS_XTEA_DECRYPT ) - { - while( length > 0 ) - { - memcpy( temp, input, 8 ); - mbedtls_xtea_crypt_ecb( ctx, mode, input, output ); - - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( output[i] ^ iv[i] ); - - memcpy( iv, temp, 8 ); - - input += 8; - output += 8; - length -= 8; - } - } - else - { - while( length > 0 ) - { - for( i = 0; i < 8; i++ ) - output[i] = (unsigned char)( input[i] ^ iv[i] ); - - mbedtls_xtea_crypt_ecb( ctx, mode, output, output ); - memcpy( iv, output, 8 ); - - input += 8; - output += 8; - length -= 8; - } - } - - return( 0 ); -} -#endif /* MBEDTLS_CIPHER_MODE_CBC */ -#endif /* !MBEDTLS_XTEA_ALT */ - -#if defined(MBEDTLS_SELF_TEST) - -/* - * XTEA tests vectors (non-official) - */ - -static const unsigned char xtea_test_key[6][16] = -{ - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f }, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00 } -}; - -static const unsigned char xtea_test_pt[6][8] = -{ - { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 }, - { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, - { 0x5a, 0x5b, 0x6e, 0x27, 0x89, 0x48, 0xd7, 0x7f }, - { 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48 }, - { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, - { 0x70, 0xe1, 0x22, 0x5d, 0x6e, 0x4e, 0x76, 0x55 } -}; - -static const unsigned char xtea_test_ct[6][8] = -{ - { 0x49, 0x7d, 0xf3, 0xd0, 0x72, 0x61, 0x2c, 0xb5 }, - { 0xe7, 0x8f, 0x2d, 0x13, 0x74, 0x43, 0x41, 0xd8 }, - { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 }, - { 0xa0, 0x39, 0x05, 0x89, 0xf8, 0xb8, 0xef, 0xa5 }, - { 0xed, 0x23, 0x37, 0x5a, 0x82, 0x1a, 0x8c, 0x2d }, - { 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41 } -}; - -/* - * Checkup routine - */ -int mbedtls_xtea_self_test( int verbose ) -{ - int i, ret = 0; - unsigned char buf[8]; - mbedtls_xtea_context ctx; - - mbedtls_xtea_init( &ctx ); - for( i = 0; i < 6; i++ ) - { - if( verbose != 0 ) - mbedtls_printf( " XTEA test #%d: ", i + 1 ); - - memcpy( buf, xtea_test_pt[i], 8 ); - - mbedtls_xtea_setup( &ctx, xtea_test_key[i] ); - mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, buf, buf ); - - if( memcmp( buf, xtea_test_ct[i], 8 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } - - if( verbose != 0 ) - mbedtls_printf( "passed\n" ); - } - - if( verbose != 0 ) - mbedtls_printf( "\n" ); - -exit: - mbedtls_xtea_free( &ctx ); - - return( ret ); -} - -#endif /* MBEDTLS_SELF_TEST */ - -#endif /* MBEDTLS_XTEA_C */ diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index b36099115..1c506b729 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -700,12 +700,6 @@ void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len, case MBEDTLS_MD_NONE: printf( "none\n" ); break; - case MBEDTLS_MD_MD2: - printf( "MD2\n" ); - break; - case MBEDTLS_MD_MD4: - printf( "MD4\n" ); - break; case MBEDTLS_MD_MD5: printf( "MD5\n" ); break; diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 1c5caa6fc..3eceec002 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -47,18 +47,15 @@ int main( void ) #include "mbedtls/timing.h" -#include "mbedtls/md4.h" #include "mbedtls/md5.h" #include "mbedtls/ripemd160.h" #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#include "mbedtls/arc4.h" #include "mbedtls/des.h" #include "mbedtls/aes.h" #include "mbedtls/aria.h" -#include "mbedtls/blowfish.h" #include "mbedtls/camellia.h" #include "mbedtls/chacha20.h" #include "mbedtls/gcm.h" @@ -98,8 +95,8 @@ int main( void ) #define TITLE_LEN 25 #define OPTIONS \ - "md4, md5, ripemd160, sha1, sha256, sha512,\n" \ - "arc4, des3, des, camellia, blowfish, chacha20,\n" \ + "md5, ripemd160, sha1, sha256, sha512,\n" \ + "des3, des, camellia, chacha20,\n" \ "aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly,\n" \ "aes_cmac, des3_cmac, poly1305\n" \ "ctr_drbg, hmac_drbg\n" \ @@ -289,11 +286,11 @@ static int set_ecp_curve( const char *string, mbedtls_ecp_curve_info *curve ) unsigned char buf[BUFSIZE]; typedef struct { - char md4, md5, ripemd160, sha1, sha256, sha512, - arc4, des3, des, + char md5, ripemd160, sha1, sha256, sha512, + des3, des, aes_cbc, aes_gcm, aes_ccm, aes_xts, chachapoly, aes_cmac, des3_cmac, - aria, camellia, blowfish, chacha20, + aria, camellia, chacha20, poly1305, ctr_drbg, hmac_drbg, rsa, dhm, ecdsa, ecdh; @@ -331,9 +328,7 @@ int main( int argc, char *argv[] ) for( i = 1; i < argc; i++ ) { - if( strcmp( argv[i], "md4" ) == 0 ) - todo.md4 = 1; - else if( strcmp( argv[i], "md5" ) == 0 ) + if( strcmp( argv[i], "md5" ) == 0 ) todo.md5 = 1; else if( strcmp( argv[i], "ripemd160" ) == 0 ) todo.ripemd160 = 1; @@ -343,8 +338,6 @@ int main( int argc, char *argv[] ) todo.sha256 = 1; else if( strcmp( argv[i], "sha512" ) == 0 ) todo.sha512 = 1; - else if( strcmp( argv[i], "arc4" ) == 0 ) - todo.arc4 = 1; else if( strcmp( argv[i], "des3" ) == 0 ) todo.des3 = 1; else if( strcmp( argv[i], "des" ) == 0 ) @@ -367,8 +360,6 @@ int main( int argc, char *argv[] ) todo.aria = 1; else if( strcmp( argv[i], "camellia" ) == 0 ) todo.camellia = 1; - else if( strcmp( argv[i], "blowfish" ) == 0 ) - todo.blowfish = 1; else if( strcmp( argv[i], "chacha20" ) == 0 ) todo.chacha20 = 1; else if( strcmp( argv[i], "poly1305" ) == 0 ) @@ -405,11 +396,6 @@ int main( int argc, char *argv[] ) memset( buf, 0xAA, sizeof( buf ) ); memset( tmp, 0xBB, sizeof( tmp ) ); -#if defined(MBEDTLS_MD4_C) - if( todo.md4 ) - TIME_AND_TSC( "MD4", mbedtls_md4( buf, BUFSIZE, tmp ) ); -#endif - #if defined(MBEDTLS_MD5_C) if( todo.md5 ) TIME_AND_TSC( "MD5", mbedtls_md5( buf, BUFSIZE, tmp ) ); @@ -435,17 +421,6 @@ int main( int argc, char *argv[] ) TIME_AND_TSC( "SHA-512", mbedtls_sha512( buf, BUFSIZE, tmp, 0 ) ); #endif -#if defined(MBEDTLS_ARC4_C) - if( todo.arc4 ) - { - mbedtls_arc4_context arc4; - mbedtls_arc4_init( &arc4 ); - mbedtls_arc4_setup( &arc4, tmp, 32 ); - TIME_AND_TSC( "ARC4", mbedtls_arc4_crypt( &arc4, BUFSIZE, buf, buf ) ); - mbedtls_arc4_free( &arc4 ); - } -#endif - #if defined(MBEDTLS_DES_C) #if defined(MBEDTLS_CIPHER_MODE_CBC) if( todo.des3 ) @@ -688,30 +663,6 @@ int main( int argc, char *argv[] ) } #endif -#if defined(MBEDTLS_BLOWFISH_C) && defined(MBEDTLS_CIPHER_MODE_CBC) - if( todo.blowfish ) - { - int keysize; - mbedtls_blowfish_context blowfish; - mbedtls_blowfish_init( &blowfish ); - - for( keysize = 128; keysize <= 256; keysize += 64 ) - { - mbedtls_snprintf( title, sizeof( title ), "BLOWFISH-CBC-%d", keysize ); - - memset( buf, 0, sizeof( buf ) ); - memset( tmp, 0, sizeof( tmp ) ); - mbedtls_blowfish_setkey( &blowfish, tmp, keysize ); - - TIME_AND_TSC( title, - mbedtls_blowfish_crypt_cbc( &blowfish, MBEDTLS_BLOWFISH_ENCRYPT, BUFSIZE, - tmp, buf, buf ) ); - } - - mbedtls_blowfish_free( &blowfish ); - } -#endif - #if defined(MBEDTLS_CTR_DRBG_C) if( todo.ctr_drbg ) { diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp index ea345a311..61a7e896c 100644 --- a/programs/test/cpp_dummy_build.cpp +++ b/programs/test/cpp_dummy_build.cpp @@ -25,13 +25,11 @@ #endif #include "mbedtls/aes.h" -#include "mbedtls/arc4.h" #include "mbedtls/aria.h" #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "mbedtls/base64.h" #include "mbedtls/bignum.h" -#include "mbedtls/blowfish.h" #include "mbedtls/camellia.h" #include "mbedtls/ccm.h" #include "mbedtls/chacha20.h" @@ -54,8 +52,6 @@ #include "mbedtls/hkdf.h" #include "mbedtls/hmac_drbg.h" #include "mbedtls/md.h" -#include "mbedtls/md2.h" -#include "mbedtls/md4.h" #include "mbedtls/md5.h" #include "mbedtls/net_sockets.h" #include "mbedtls/nist_kw.h" @@ -85,7 +81,6 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" -#include "mbedtls/xtea.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" diff --git a/programs/test/selftest.c b/programs/test/selftest.c index a3e306ce9..8829d54ec 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -32,14 +32,11 @@ #include "mbedtls/gcm.h" #include "mbedtls/ccm.h" #include "mbedtls/cmac.h" -#include "mbedtls/md2.h" -#include "mbedtls/md4.h" #include "mbedtls/md5.h" #include "mbedtls/ripemd160.h" #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" -#include "mbedtls/arc4.h" #include "mbedtls/des.h" #include "mbedtls/aes.h" #include "mbedtls/camellia.h" @@ -51,7 +48,6 @@ #include "mbedtls/bignum.h" #include "mbedtls/rsa.h" #include "mbedtls/x509.h" -#include "mbedtls/xtea.h" #include "mbedtls/pkcs5.h" #include "mbedtls/ecp.h" #include "mbedtls/ecjpake.h" @@ -256,12 +252,6 @@ typedef struct const selftest_t selftests[] = { {"calloc", calloc_self_test}, -#if defined(MBEDTLS_MD2_C) - {"md2", mbedtls_md2_self_test}, -#endif -#if defined(MBEDTLS_MD4_C) - {"md4", mbedtls_md4_self_test}, -#endif #if defined(MBEDTLS_MD5_C) {"md5", mbedtls_md5_self_test}, #endif @@ -277,9 +267,6 @@ const selftest_t selftests[] = #if defined(MBEDTLS_SHA512_C) {"sha512", mbedtls_sha512_self_test}, #endif -#if defined(MBEDTLS_ARC4_C) - {"arc4", mbedtls_arc4_self_test}, -#endif #if defined(MBEDTLS_DES_C) {"des", mbedtls_des_self_test}, #endif @@ -316,9 +303,6 @@ const selftest_t selftests[] = #if defined(MBEDTLS_RSA_C) {"rsa", mbedtls_rsa_self_test}, #endif -#if defined(MBEDTLS_XTEA_C) - {"xtea", mbedtls_xtea_self_test}, -#endif #if defined(MBEDTLS_CAMELLIA_C) {"camellia", mbedtls_camellia_self_test}, #endif diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index e8241a320..18d2e8cbc 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -100,7 +100,7 @@ int main( void ) " Add NsCertType even if it is empty\n" \ " md=%%s default: SHA256\n" \ " possible values:\n" \ - " MD2, MD4, MD5, RIPEMD160, SHA1,\n" \ + " MD5, RIPEMD160, SHA1,\n" \ " SHA224, SHA256, SHA384, SHA512\n" \ "\n" diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index ff7cf9807..c22f5a4b2 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -119,7 +119,7 @@ int main( void ) " max_pathlen=%%d default: -1 (none)\n" \ " md=%%s default: SHA256\n" \ " Supported values (if enabled):\n" \ - " MD2, MD4, MD5, RIPEMD160, SHA1,\n" \ + " MD5, RIPEMD160, SHA1,\n" \ " SHA224, SHA256, SHA384, SHA512\n" \ " version=%%d default: 3\n" \ " Possible values: 1, 2, 3\n"\ diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt index 6199c6283..c707e4ca3 100644 --- a/scripts/data_files/query_config.fmt +++ b/scripts/data_files/query_config.fmt @@ -37,13 +37,11 @@ * default value when that configuration is not set in the config.h. */ #include "mbedtls/aes.h" -#include "mbedtls/arc4.h" #include "mbedtls/aria.h" #include "mbedtls/asn1.h" #include "mbedtls/asn1write.h" #include "mbedtls/base64.h" #include "mbedtls/bignum.h" -#include "mbedtls/blowfish.h" #include "mbedtls/camellia.h" #include "mbedtls/ccm.h" #include "mbedtls/chacha20.h" @@ -64,8 +62,6 @@ #include "mbedtls/hkdf.h" #include "mbedtls/hmac_drbg.h" #include "mbedtls/md.h" -#include "mbedtls/md2.h" -#include "mbedtls/md4.h" #include "mbedtls/md5.h" #include "mbedtls/memory_buffer_alloc.h" #include "mbedtls/net_sockets.h" @@ -95,7 +91,6 @@ #include "mbedtls/x509_crl.h" #include "mbedtls/x509_crt.h" #include "mbedtls/x509_csr.h" -#include "mbedtls/xtea.h" #include diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 606714f99..7822384ce 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -44,11 +44,11 @@ if( @ARGV ) { my $error_format_file = $data_dir.'/error.fmt'; -my @low_level_modules = qw( AES ARC4 ARIA ASN1 BASE64 BIGNUM BLOWFISH +my @low_level_modules = qw( AES ARIA ASN1 BASE64 BIGNUM CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES - ENTROPY ERROR GCM HKDF HMAC_DRBG MD2 MD4 MD5 + ENTROPY ERROR GCM HKDF HMAC_DRBG MD5 NET OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160 - SHA1 SHA256 SHA512 THREADING XTEA ); + SHA1 SHA256 SHA512 THREADING ); my @high_level_modules = qw( CIPHER DHM ECP MD PEM PK PKCS12 PKCS5 RSA SSL X509 ); diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py index 94a97e7e9..4b4e2df51 100644 --- a/scripts/mbedtls_dev/crypto_knowledge.py +++ b/scripts/mbedtls_dev/crypto_knowledge.py @@ -82,7 +82,6 @@ class KeyType: } KEY_TYPE_SIZES = { 'PSA_KEY_TYPE_AES': (128, 192, 256), # exhaustive - 'PSA_KEY_TYPE_ARC4': (8, 128, 2048), # extremes + sensible 'PSA_KEY_TYPE_ARIA': (128, 192, 256), # exhaustive 'PSA_KEY_TYPE_CAMELLIA': (128, 192, 256), # exhaustive 'PSA_KEY_TYPE_CHACHA20': (256,), # exhaustive diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 7898004c1..fbd746e52 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -75,19 +75,15 @@ add_test_suite(aes aes.ecb) add_test_suite(aes aes.ofb) add_test_suite(aes aes.rest) add_test_suite(aes aes.xts) -add_test_suite(arc4) add_test_suite(aria) add_test_suite(asn1parse) add_test_suite(asn1write) add_test_suite(base64) -add_test_suite(blowfish) add_test_suite(camellia) add_test_suite(ccm) add_test_suite(chacha20) add_test_suite(chachapoly) add_test_suite(cipher cipher.aes) -add_test_suite(cipher cipher.arc4) -add_test_suite(cipher cipher.blowfish) add_test_suite(cipher cipher.camellia) add_test_suite(cipher cipher.ccm) add_test_suite(cipher cipher.chacha20) @@ -162,7 +158,6 @@ add_test_suite(timing) add_test_suite(version) add_test_suite(x509parse) add_test_suite(x509write) -add_test_suite(xtea) # Make scripts and data files needed for testing available in an # out-of-source build. diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index f3cba5acb..16685d26d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -416,16 +416,6 @@ rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der -rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem - $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der -rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem - $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem -keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der - -keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128 - ### 2048-bit rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES @@ -443,16 +433,6 @@ rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der -rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem - $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der -rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem - $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem -keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der - -keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128 - ### 4096-bit rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES @@ -470,16 +450,6 @@ rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der -rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem - $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der -rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem - $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem -keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der - -keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128 - ### ### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1) ### @@ -1103,26 +1073,10 @@ server2-sha256.crt: server2.req.sha256 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@ all_final += server2-sha256.crt -# MD2, MD4, MD5 test certificates +# MD5 test certificate cert_md_test_key = $(cli_crt_key_file_rsa) -cert_md2.csr: $(cert_md_test_key) - $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD2" md=MD2 -all_intermediate += cert_md2.csr - -cert_md2.crt: cert_md2.csr - $(MBEDTLS_CERT_WRITE) request_file=$< serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD2 version=3 output_file=$@ -all_final += cert_md2.crt - -cert_md4.csr: $(cert_md_test_key) - $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD4" md=MD4 -all_intermediate += cert_md4.csr - -cert_md4.crt: cert_md4.csr - $(MBEDTLS_CERT_WRITE) request_file=$< serial=5 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD4 version=3 output_file=$@ -all_final += cert_md4.crt - cert_md5.csr: $(cert_md_test_key) $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5 all_intermediate += cert_md5.csr diff --git a/tests/data_files/cert_md2.crt b/tests/data_files/cert_md2.crt deleted file mode 100644 index 94b89afce..000000000 --- a/tests/data_files/cert_md2.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDPzCCAiegAwIBAgIBCTANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G -A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQyMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f -M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu -1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw -MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v -4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/ -/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB -o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf -BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQIFAAOC -AQEAXLWqy34iaZ2YV+5eE1QMV/9m9nQI2X/yumRH1MT1R3oYde/YDV7+HSOM6qLs -qSgH1DSyXv1YnJww2OyTtAVhPalICLjVjUQCyeUCiFpAIO6Xz1VE6v4GMFLqhlV1 -Nox9dDtR5Go2zwPaH64Ze9GxuDZfW+VnPRNgYOrqqCBnuhnp2uPRfOewus2AAo50 -dx1XTooCEqElQlB9EIPWbvPdJZjRjruCUtDbz+oxG4J4Ml4KCYm+/MyXNPqxV9+H -5A9oQltuHMWasMWSfXeimQI5PPpdjndmJOhfT4RGmvTw/uNC/Xuy1kPxXQKoocz6 -93U8RQvyJxdIPtQuARNMRZ7G+Q== ------END CERTIFICATE----- diff --git a/tests/data_files/cert_md2.csr b/tests/data_files/cert_md2.csr deleted file mode 100644 index a8c39bdb3..000000000 --- a/tests/data_files/cert_md2.csr +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow -GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1EMjCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV -+CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N -stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR -iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75 -Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag -aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBAgUA -A4IBAQBPUqodRcH2ZUa8A3fQX/nxrIwWiLmQ9BaOI6G7vzEWVE1sxmkrHP+pXgi9 -1eFceN9xUBKEd+LmUPmHpObZ4nwRSprFj3DeIXpn9aSBr+jGY8RaaC9cMkaSq5Mb -q65THEJ1xemIfZvbhjvNi/ycXXu/v1Gpj62dpIFGbm+o4AXQF2ocYGEM+X1u2eVn -mnuuvPAHTllGjB0daTSYoQtMy3luPUEj0Yct3iVR1pUeTrHchOs9p5ACDZcf6D3x -sm9atH2ZIaXo1c9SqHzdk/uLt/CwxQrn1WU1inwOkzjim2Yq9vWgpQypfGZdScXV -oHOmuGG901WMMemzZXjoLi+8ZpVL ------END CERTIFICATE REQUEST----- diff --git a/tests/data_files/cert_md4.crt b/tests/data_files/cert_md4.crt deleted file mode 100644 index 7d0f7cb1b..000000000 --- a/tests/data_files/cert_md4.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDPzCCAiegAwIBAgIBBTANBgkqhkiG9w0BAQMFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G -A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQ0MIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f -M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu -1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw -MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v -4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/ -/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB -o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf -BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQMFAAOC -AQEArXIW7Dy1hBXMKY8/TAfACqkFZzbGDJdD5ohQknENk6FzUHVw9SVibhi5J+nh -/mhUhoczFg78T8ZopDcsPHKQTuy0LNcLWhZDD4S4CJCibmsf+8BWmPcSp1tsS9Zj -etO5qNuUarL74W+rRa3qQcCXcglYTubv/PcCV+LGVqZ4XDlO5EBFJJREAREzG+iK -Epm2y0mi1WTwjy7m7rxYHs5i5ybDHDDwU55H5wh50Vs4/vDx2kZab2K9gx6V2ggY -CCYmRWKQHdI4XZBkpYFbbREZxMY4Y5c2PUMlr8GUq6s6eu9/GvmnIx/+EySSfxgv -9GpN+gnyx03hjYNGO7iX8nPnXA== ------END CERTIFICATE----- diff --git a/tests/data_files/cert_md4.csr b/tests/data_files/cert_md4.csr deleted file mode 100644 index d8a3dbf20..000000000 --- a/tests/data_files/cert_md4.csr +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow -GAYDVQQDDBFQb2xhclNTTCBDZXJ0IE1ENDCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAMh0xMy5+bV56UXZFGCwfbuT8msenzOtDY+KPFZl5dxE2cxmhQfV -+CewSjXQY54Kbhu32vB+q+4MEJOGSRg086gq0lf1LtQvdymEYU2CUI+nlUhw9W5N -stUTw9Ia7eZD6kIU63TqwO0f1FdOqfOo7dLgwTBxMDIw1dP2CNBWT0aO8l/5PWeR -iDAuQrLfffvlDHf/7DHAeI+/wn/KrWwh1o3Zi2qOb+Cb+BBWzLOOExXmNARmx+75 -Ng5qlfYJmgZn9GVx+MqksSXg/jyLNQRnuuBPdoX8f/w2a7XpzS0DYk6zPQDPr3ag -aVaDatKo1OdQcea1NgV3BW17yOTE/UzVIV8CAwEAAaAAMA0GCSqGSIb3DQEBAwUA -A4IBAQAztRb+vAecvhelhszzCctzmhGs4TGmr9h4zddZoQ8dTdy1OCsnmU+yz3oh -oiQjy7UPLt8DS2ZKhGhvwPvtwFh5icMWQVnv2kE4Evz8xJT12VRw+U6L5rfKmf/L -mVNxsuk17MDyBcMlwuNk+CHrYVdrXhSWUH3UCQQUH1iqqBMKmNiPa1UGU0budZ9X -HZjn9uqyyOGy8l3hffqjDxsDjZyBDf5aqKIdnvukdrUiacPdUYVF0fwK8d1/1PA9 -dA4JjTvz+tTK6mL9Ic9Pv+64v1vwMU4Qu8IJHk5x3I0e7KuK2A/lK6az2Vb6FAh6 -MkGpWB68T8FRBoVrWLOh+a9yNwyp ------END CERTIFICATE REQUEST----- diff --git a/tests/data_files/crl_md2.pem b/tests/data_files/crl_md2.pem deleted file mode 100644 index e27379564..000000000 --- a/tests/data_files/crl_md2.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN X509 CRL----- -MIIBqzCBlDANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTA5MDcxOTE5NTYz -N1oXDTA5MDkxNzE5NTYzN1owKDASAgEBFw0wOTAyMDkyMTEyMzZaMBICAQMXDTA5 -MDIwOTIxMTIzNlowDQYJKoZIhvcNAQECBQADggEBAF8F5y82zgtxcwQ4aFvrkanT -ygyd5+RW/Y//vpck44V+CYx1d1r+QkauaXel9qUKBPsg2dUwQ+jwV/m+Sp2MHaX5 -NfW7XUb7Ji4yhwgh9/9vFPqqnKBf9esLJuJoQ4mLhcGB5J1yCcavLrynvB4PJEnG -graTbbyizelXBmk3ApvNYxczJZxt7EzpVbrFaev7myGmOffdDkIMc2WDpDkyLTlU -kITjB7fMJhD/dgNskKZ4fgkKKKPCMJrJPO67Wzwqx/6vsrZcACB9X+143WZr4GVO -Fw2SaMnqfVLlUEndoOpbLCU4ugcc82kQQF3TsovXJYW7XqoWl2u/ENCwShl9rl4= ------END X509 CRL----- diff --git a/tests/data_files/crl_md4.pem b/tests/data_files/crl_md4.pem deleted file mode 100644 index 1f77dab78..000000000 --- a/tests/data_files/crl_md4.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN X509 CRL----- -MIIBqzCBlDANBgkqhkiG9w0BAQMFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI -UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw -N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx -MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEDBQADggEBAIJtYXy3uwIpmSGfi9muS8xv -36FT6g3s1V/xicdPa54juJgBI6sxHKzQtbSNIbqadEWwUtvQ8k1EMRo9UGObhRV8 -i+UWm5qi0GFV7nMi4E2p2Ji/sFKtgdxkzhCfn+p3MoGgx/nC7YtwpnNdF+kuCV1M -JTPqfm+taZkYADOafP/hRaPx3TI+HNE3ux4Cb7hNpWdfWzt48ZPMuhCMzItLd/UK -xxjJam9XAGUTKi7+eWtma9XzmYOIElQv2KFPVMcx5nvg039rrWK6tObGL67kCfTH -v+nIx7rAOW6UNU8aj1kfJHYjEKMBH1I9wjMSHUpkxBLQOKlPNRksiEVsIhmEVss= ------END X509 CRL----- diff --git a/tests/data_files/server1.req.md4 b/tests/data_files/server1.req.md4 deleted file mode 100644 index 15585499c..000000000 --- a/tests/data_files/server1.req.md4 +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow -GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ -ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ -HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF -W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs -FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ -DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBAwUA -A4IBAQAu8SbWDi5udXrs/lljV+jdHky2BFuVFNxZgj5QvLslffdx2/Tj4MVCsqkY -tAcy5g/urW1WwHcnJ20PRgt60m3BSUJffdKF/kgRyTN1oBFpApHGAJEHPahR/3Mz -hMBk4D/r6lga60iUhIfky8o8KU+ovHXROHzGfYaVySatpyJW6tkJOz/1ZKLI4s4K -HGLFxKBd6bvyuMSCpV31J7ZHPQfSH38VEEaTLJ2QOltWDX5k4DlL/F3I5K4VFWOm -DMndMXkb7LhL9jcaJJRzEmbX3aMdt2aXhQt2LDFMnMCeSHI014URnQd6IzRQYZPp -qGZf2UmuJdLeIMzSNX2rZ+SVDX9o ------END CERTIFICATE REQUEST----- diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index 57eae5891..aa0aeb5af 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -32,11 +32,7 @@ * * This is used in some smoke tests. */ -#if defined(PSA_WANT_ALG_MD2) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD2 -#elif defined(PSA_WANT_ALG_MD4) -#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD4 -#elif defined(PSA_WANT_ALG_MD5) +#if defined(PSA_WANT_ALG_MD5) #define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5 /* MBEDTLS_RIPEMD160_C omitted. This is necessary for the sake of * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160 @@ -111,9 +107,6 @@ #if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG) #define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG #define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER -#elif defined(MBEDTLS_RC4_C) -#define KNOWN_SUPPORTED_CIPHER_ALG PSA_ALG_RC4 -#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE PSA_KEY_TYPE_RC4 #else #undef KNOWN_SUPPORTED_CIPHER_ALG #undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 142309957..88f8b352c 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1099,7 +1099,7 @@ component_test_everest () { msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min # Exclude some symmetric ciphers that are redundant here to gain time. - if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4' + if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES' } component_test_everest_curve25519_only () { @@ -1187,8 +1187,8 @@ component_test_full_cmake_clang () { msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' - msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min - if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' + msg "test: compat.sh DES, 3DES & NULL (full config)" # ~ 2 min + if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES' msg "test: compat.sh ARIA + ChachaPoly" if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' @@ -1418,8 +1418,8 @@ component_test_no_use_psa_crypto_full_cmake_asan() { msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)" if_build_succeeded tests/compat.sh - msg "test: compat.sh RC4, DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" - if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' + msg "test: compat.sh DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)" + if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES' msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)" if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' @@ -1466,8 +1466,6 @@ component_test_psa_crypto_config_basic() { loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD2" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD4" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160" @@ -1596,46 +1594,6 @@ component_build_psa_accel_alg_hkdf() { make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" } -# This should be renamed to test and updated once the accelerator MD2 code is in place and ready to test. -component_build_psa_accel_alg_md2() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD2 without other hashes - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD2 - other hashes" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD2 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" -} - -# This should be renamed to test and updated once the accelerator MD4 code is in place and ready to test. -component_build_psa_accel_alg_md4() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD4 without other hashes - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD4 - other hashes" - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_256 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_384 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_512 - # Need to define the correct symbol and include the test driver header path in order to build with the test driver - make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD4 -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS" -} - # This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. component_build_psa_accel_alg_md5() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes @@ -1644,8 +1602,6 @@ component_build_psa_accel_alg_md5() { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 @@ -1664,8 +1620,6 @@ component_build_psa_accel_alg_ripemd160() { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 @@ -1684,8 +1638,6 @@ component_build_psa_accel_alg_sha1() { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_224 @@ -1704,8 +1656,6 @@ component_build_psa_accel_alg_sha224() { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 @@ -1723,8 +1673,6 @@ component_build_psa_accel_alg_sha256() { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 @@ -1743,8 +1691,6 @@ component_build_psa_accel_alg_sha384() { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 @@ -1762,8 +1708,6 @@ component_build_psa_accel_alg_sha512() { scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD2 - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD4 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160 scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_SHA_1 @@ -2053,7 +1997,6 @@ component_test_ssl_alloc_buffer_and_mfl () { component_test_when_no_ciphersuites_have_mac () { msg "build: when no ciphersuites have MAC" scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER - scripts/config.py unset MBEDTLS_ARC4_C scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC scripts/config.py unset MBEDTLS_CMAC_C make @@ -2200,8 +2143,6 @@ component_test_psa_crypto_drivers () { loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_CFB" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_ECDSA" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD2" - loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD4" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_MD5" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_OFB" loc_cflags="${loc_cflags} -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160" @@ -2318,7 +2259,7 @@ component_test_m32_everest () { msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min # Exclude some symmetric ciphers that are redundant here to gain time. - if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4' + if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA\|DES' } support_test_m32_everest () { support_test_m32_o0 "$@" diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 93b7e1dd5..8fcde6fdb 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -118,10 +118,10 @@ echo '################ compat.sh ################' sh compat.sh -m 'tls1_2 dtls1_2' echo - echo '#### compat.sh: legacy (null, DES, RC4)' + echo '#### compat.sh: legacy (null, DES)' OPENSSL_CMD="$OPENSSL_LEGACY" \ GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ - sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' + sh compat.sh -e '^$' -f 'NULL\|DES' echo echo '#### compat.sh: next (ARIA, ChaCha)' diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl index 07784816f..c5f152167 100755 --- a/tests/scripts/depends-hashes.pl +++ b/tests/scripts/depends-hashes.pl @@ -54,8 +54,6 @@ my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` ); # should be tested together. Certain options depend on eachother and # separating them would generate invalid configurations. my @hash_configs = ( - ['unset MBEDTLS_MD2_C'], - ['unset MBEDTLS_MD4_C'], ['unset MBEDTLS_MD5_C'], ['unset MBEDTLS_SHA512_C', 'unset MBEDTLS_SHA384_C '], ['unset MBEDTLS_SHA384_C'], diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py index 8690f225b..2705f064a 100755 --- a/tests/scripts/set_psa_test_dependencies.py +++ b/tests/scripts/set_psa_test_dependencies.py @@ -61,9 +61,7 @@ CLASSIC_DEPENDENCIES = frozenset([ # Only modules that provide cryptographic mechanisms are listed here. # Platform, data formatting, X.509 or TLS modules are omitted. 'MBEDTLS_AES_C', - 'MBEDTLS_ARC4_C', 'MBEDTLS_BIGNUM_C', - #cipher#'MBEDTLS_BLOWFISH_C', 'MBEDTLS_CAMELLIA_C', 'MBEDTLS_ARIA_C', 'MBEDTLS_CCM_C', @@ -82,8 +80,6 @@ CLASSIC_DEPENDENCIES = frozenset([ 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_NIST_KW_C', - 'MBEDTLS_MD2_C', - 'MBEDTLS_MD4_C', 'MBEDTLS_MD5_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', @@ -93,7 +89,6 @@ CLASSIC_DEPENDENCIES = frozenset([ 'MBEDTLS_SHA1_C', 'MBEDTLS_SHA256_C', 'MBEDTLS_SHA512_C', - 'MBEDTLS_XTEA_C', ]) def is_classic_dependency(dep): diff --git a/tests/suites/test_suite_arc4.data b/tests/suites/test_suite_arc4.data deleted file mode 100644 index cf32c85dd..000000000 --- a/tests/suites/test_suite_arc4.data +++ /dev/null @@ -1,27 +0,0 @@ -Test vector ARC4 [Cryptlib] -mbedtls_arc4_crypt:"0000000000000000":"0123456789abcdef":"7494c2e7104b0879" - -Test vector ARC4 [COMMERCE] -mbedtls_arc4_crypt:"dcee4cf92c":"618a63d2fb":"f13829c9de" - -Test vector ARC4 [SSH ARCFOUR] -mbedtls_arc4_crypt:"527569736c696e6e756e206c61756c75206b6f727669737373616e692c2074e4686be470e46964656e2070e4e46c6ce42074e47973696b75752e204b6573e479f66e206f6e206f6e6e69206f6d616e616e692c206b61736b6973617675756e206c61616b736f7420766572686f75752e20456e206d6120696c6f697473652c20737572652068756f6b61612c206d75747461206d657473e46e2074756d6d757573206d756c6c652074756f6b61612e205075756e746f2070696c76656e2c206d692068756b6b75752c207369696e746f20766172616e207475756c6973656e2c206d69206e756b6b75752e2054756f6b7375742076616e616d6f6e206a61207661726a6f74207665656e2c206e69697374e420737964e46d656e69206c61756c756e207465656e2e202d2045696e6f204c65696e6f":"29041972fb42ba5fc7127712f13829c9":"358186999001e6b5daf05eceeb7eee21e0689c1f00eea81f7dd2caaee1d2763e68af0ead33d66c268bc946c484fbe94c5f5e0b86a59279e4f824e7a640bd223210b0a61160b7bce986ea65688003596b630a6b90f8e0caf6912a98eb872176e83c202caa64166d2cce57ff1bca57b213f0ed1aa72fb8ea52b0be01cd1e412867720b326eb389d011bd70d8af035fb0d8589dbce3c666f5ea8d4c7954c50c3f340b0467f81b425961c11843074df620f208404b394cf9d37ff54b5f1ad8f6ea7da3c561dfa7281f964463d2cc35a4d1b03490dec51b0711fbd6f55f79234d5b7c766622a66de92be996461d5e4dc878ef9bca030521e8351e4baed2fd04f9467368c4ad6ac186d08245b263a2666d1f6c5420f1599dfd9f438921c2f5a463938ce0982265eef70179bc553f339eb1a4c1af5f6a547f" - -Test Vector ARC4 [RFC6229 40-bit] -mbedtls_arc4_crypt:"0000000000000000000000000000000000000000000000000000000000000000":"0102030405":"b2396305f03dc027ccc3524a0a1118a86982944f18fc82d589c403a47a0d0919" - -Test Vector ARC4 [RFC6229 56-bit] -mbedtls_arc4_crypt:"0000000000000000000000000000000000000000000000000000000000000000":"01020304050607":"293f02d47f37c9b633f2af5285feb46be620f1390d19bd84e2e0fd752031afc1" - -Test Vector ARC4 [RFC6229 64-bit] -mbedtls_arc4_crypt:"0000000000000000000000000000000000000000000000000000000000000000":"0102030405060708":"97ab8a1bf0afb96132f2f67258da15a88263efdb45c4a18684ef87e6b19e5b09" - -Test Vector ARC4 [RFC6229 128-bit] -mbedtls_arc4_crypt:"0000000000000000000000000000000000000000000000000000000000000000":"0102030405060708090a0b0c0d0e0f10":"9ac7cc9a609d1ef7b2932899cde41b975248c4959014126a6e8a84f11d1a9e1c" - -TMP -mbedtls_arc4_crypt:"1400002433c96cfa5c53a65184fcba83d9793f42522f94e49bf25edcb7a23c9eaae5ca84f6ee6da8":"5e58b1ad80":"e9a3d07ea1a3eac9fd73dcb14c409f2d434a72b6aa077e0924bcffc236f55d2d372b289707571531" - -ARC4 Selftest -depends_on:MBEDTLS_SELF_TEST -arc4_selftest: diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function deleted file mode 100644 index c1e238665..000000000 --- a/tests/suites/test_suite_arc4.function +++ /dev/null @@ -1,37 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/arc4.h" -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_ARC4_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, data_t * dst ) -{ - unsigned char dst_str[1000]; - mbedtls_arc4_context ctx; - - memset(dst_str, 0x00, 1000); - mbedtls_arc4_init( &ctx ); - - - mbedtls_arc4_setup(&ctx, key_str->x, key_str->len); - TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, - src_str->x, dst_str ) == 0 ); - - TEST_ASSERT( mbedtls_test_hexcmp( dst_str, dst->x, - src_str->len, dst->len ) == 0 ); - -exit: - mbedtls_arc4_free( &ctx ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ -void arc4_selftest( ) -{ - TEST_ASSERT( mbedtls_arc4_self_test( 1 ) == 0 ); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_blowfish.data b/tests/suites/test_suite_blowfish.data deleted file mode 100644 index 0ebb64234..000000000 --- a/tests/suites/test_suite_blowfish.data +++ /dev/null @@ -1,311 +0,0 @@ -BLOWFISH - Invalid parameters -blowfish_invalid_param: - -BLOWFISH-ECB Encrypt SSLeay reference #1 -blowfish_encrypt_ecb:"0000000000000000":"0000000000000000":"4ef997456198dd78":0 - -BLOWFISH-ECB Encrypt SSLeay reference #2 -blowfish_encrypt_ecb:"ffffffffffffffff":"ffffffffffffffff":"51866fd5b85ecb8a":0 - -BLOWFISH-ECB Encrypt SSLeay reference #3 -blowfish_encrypt_ecb:"3000000000000000":"1000000000000001":"7d856f9a613063f2":0 - -BLOWFISH-ECB Encrypt SSLeay reference #4 -blowfish_encrypt_ecb:"1111111111111111":"1111111111111111":"2466dd878b963c9d":0 - -BLOWFISH-ECB Encrypt SSLeay reference #5 -blowfish_encrypt_ecb:"0123456789abcdef":"1111111111111111":"61f9c3802281b096":0 - -BLOWFISH-ECB Encrypt SSLeay reference #6 -blowfish_encrypt_ecb:"1111111111111111":"0123456789abcdef":"7d0cc630afda1ec7":0 - -BLOWFISH-ECB Encrypt SSLeay reference #7 -blowfish_encrypt_ecb:"0000000000000000":"0000000000000000":"4ef997456198dd78":0 - -BLOWFISH-ECB Encrypt SSLeay reference #8 -blowfish_encrypt_ecb:"fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0 - -BLOWFISH-ECB Encrypt SSLeay reference #9 -blowfish_encrypt_ecb:"7ca110454a1a6e57":"01a1d6d039776742":"59c68245eb05282b":0 - -BLOWFISH-ECB Encrypt SSLeay reference #10 -blowfish_encrypt_ecb:"0131d9619dc1376e":"5cd54ca83def57da":"b1b8cc0b250f09a0":0 - -BLOWFISH-ECB Encrypt SSLeay reference #11 -blowfish_encrypt_ecb:"07a1133e4a0b2686":"0248d43806f67172":"1730e5778bea1da4":0 - -BLOWFISH-ECB Encrypt SSLeay reference #12 -blowfish_encrypt_ecb:"3849674c2602319e":"51454b582ddf440a":"a25e7856cf2651eb":0 - -BLOWFISH-ECB Encrypt SSLeay reference #13 -blowfish_encrypt_ecb:"04b915ba43feb5b6":"42fd443059577fa2":"353882b109ce8f1a":0 - -BLOWFISH-ECB Encrypt SSLeay reference #14 -blowfish_encrypt_ecb:"0113b970fd34f2ce":"059b5e0851cf143a":"48f4d0884c379918":0 - -BLOWFISH-ECB Encrypt SSLeay reference #15 -blowfish_encrypt_ecb:"0170f175468fb5e6":"0756d8e0774761d2":"432193b78951fc98":0 - -BLOWFISH-ECB Encrypt SSLeay reference #16 -blowfish_encrypt_ecb:"43297fad38e373fe":"762514b829bf486a":"13f04154d69d1ae5":0 - -BLOWFISH-ECB Encrypt SSLeay reference #17 -blowfish_encrypt_ecb:"07a7137045da2a16":"3bdd119049372802":"2eedda93ffd39c79":0 - -BLOWFISH-ECB Encrypt SSLeay reference #18 -blowfish_encrypt_ecb:"04689104c2fd3b2f":"26955f6835af609a":"d887e0393c2da6e3":0 - -BLOWFISH-ECB Encrypt SSLeay reference #19 -blowfish_encrypt_ecb:"37d06bb516cb7546":"164d5e404f275232":"5f99d04f5b163969":0 - -BLOWFISH-ECB Encrypt SSLeay reference #20 -blowfish_encrypt_ecb:"1f08260d1ac2465e":"6b056e18759f5cca":"4a057a3b24d3977b":0 - -BLOWFISH-ECB Encrypt SSLeay reference #21 -blowfish_encrypt_ecb:"584023641aba6176":"004bd6ef09176062":"452031c1e4fada8e":0 - -BLOWFISH-ECB Encrypt SSLeay reference #22 -blowfish_encrypt_ecb:"025816164629b007":"480d39006ee762f2":"7555ae39f59b87bd":0 - -BLOWFISH-ECB Encrypt SSLeay reference #23 -blowfish_encrypt_ecb:"49793ebc79b3258f":"437540c8698f3cfa":"53c55f9cb49fc019":0 - -BLOWFISH-ECB Encrypt SSLeay reference #24 -blowfish_encrypt_ecb:"4fb05e1515ab73a7":"072d43a077075292":"7a8e7bfa937e89a3":0 - -BLOWFISH-ECB Encrypt SSLeay reference #25 -blowfish_encrypt_ecb:"49e95d6d4ca229bf":"02fe55778117f12a":"cf9c5d7a4986adb5":0 - -BLOWFISH-ECB Encrypt SSLeay reference #26 -blowfish_encrypt_ecb:"018310dc409b26d6":"1d9d5c5018f728c2":"d1abb290658bc778":0 - -BLOWFISH-ECB Encrypt SSLeay reference #27 -blowfish_encrypt_ecb:"1c587f1c13924fef":"305532286d6f295a":"55cb3774d13ef201":0 - -BLOWFISH-ECB Encrypt SSLeay reference #28 -blowfish_encrypt_ecb:"0101010101010101":"0123456789abcdef":"fa34ec4847b268b2":0 - -BLOWFISH-ECB Encrypt SSLeay reference #29 -blowfish_encrypt_ecb:"1f1f1f1f0e0e0e0e":"0123456789abcdef":"a790795108ea3cae":0 - -BLOWFISH-ECB Encrypt SSLeay reference #30 -blowfish_encrypt_ecb:"e0fee0fef1fef1fe":"0123456789abcdef":"c39e072d9fac631d":0 - -BLOWFISH-ECB Encrypt SSLeay reference #31 -blowfish_encrypt_ecb:"0000000000000000":"ffffffffffffffff":"014933e0cdaff6e4":0 - -BLOWFISH-ECB Encrypt SSLeay reference #32 -blowfish_encrypt_ecb:"ffffffffffffffff":"0000000000000000":"f21e9a77b71c49bc":0 - -BLOWFISH-ECB Encrypt SSLeay reference #33 -blowfish_encrypt_ecb:"0123456789abcdef":"0000000000000000":"245946885754369a":0 - -BLOWFISH-ECB Encrypt SSLeay reference #34 -blowfish_encrypt_ecb:"fedcba9876543210":"ffffffffffffffff":"6b5c5a9c5d9e0a5a":0 - -BLOWFISH-ECB Decrypt SSLeay reference #1 -blowfish_decrypt_ecb:"0000000000000000":"4ef997456198dd78":"0000000000000000":0 - -BLOWFISH-ECB Decrypt SSLeay reference #2 -blowfish_decrypt_ecb:"ffffffffffffffff":"51866fd5b85ecb8a":"ffffffffffffffff":0 - -BLOWFISH-ECB Decrypt SSLeay reference #3 -blowfish_decrypt_ecb:"3000000000000000":"7d856f9a613063f2":"1000000000000001":0 - -BLOWFISH-ECB Decrypt SSLeay reference #4 -blowfish_decrypt_ecb:"1111111111111111":"2466dd878b963c9d":"1111111111111111":0 - -BLOWFISH-ECB Decrypt SSLeay reference #5 -blowfish_decrypt_ecb:"0123456789abcdef":"61f9c3802281b096":"1111111111111111":0 - -BLOWFISH-ECB Decrypt SSLeay reference #6 -blowfish_decrypt_ecb:"1111111111111111":"7d0cc630afda1ec7":"0123456789abcdef":0 - -BLOWFISH-ECB Decrypt SSLeay reference #7 -blowfish_decrypt_ecb:"0000000000000000":"4ef997456198dd78":"0000000000000000":0 - -BLOWFISH-ECB Decrypt SSLeay reference #8 -blowfish_decrypt_ecb:"fedcba9876543210":"0aceab0fc6a0a28d":"0123456789abcdef":0 - -BLOWFISH-ECB Decrypt SSLeay reference #9 -blowfish_decrypt_ecb:"7ca110454a1a6e57":"59c68245eb05282b":"01a1d6d039776742":0 - -BLOWFISH-ECB Decrypt SSLeay reference #10 -blowfish_decrypt_ecb:"0131d9619dc1376e":"b1b8cc0b250f09a0":"5cd54ca83def57da":0 - -BLOWFISH-ECB Decrypt SSLeay reference #11 -blowfish_decrypt_ecb:"07a1133e4a0b2686":"1730e5778bea1da4":"0248d43806f67172":0 - -BLOWFISH-ECB Decrypt SSLeay reference #12 -blowfish_decrypt_ecb:"3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0 - -BLOWFISH-ECB Decrypt SSLeay reference #13 -blowfish_decrypt_ecb:"04b915ba43feb5b6":"353882b109ce8f1a":"42fd443059577fa2":0 - -BLOWFISH-ECB Decrypt SSLeay reference #14 -blowfish_decrypt_ecb:"0113b970fd34f2ce":"48f4d0884c379918":"059b5e0851cf143a":0 - -BLOWFISH-ECB Decrypt SSLeay reference #15 -blowfish_decrypt_ecb:"0170f175468fb5e6":"432193b78951fc98":"0756d8e0774761d2":0 - -BLOWFISH-ECB Decrypt SSLeay reference #16 -blowfish_decrypt_ecb:"43297fad38e373fe":"13f04154d69d1ae5":"762514b829bf486a":0 - -BLOWFISH-ECB Decrypt SSLeay reference #17 -blowfish_decrypt_ecb:"07a7137045da2a16":"2eedda93ffd39c79":"3bdd119049372802":0 - -BLOWFISH-ECB Decrypt SSLeay reference #18 -blowfish_decrypt_ecb:"04689104c2fd3b2f":"d887e0393c2da6e3":"26955f6835af609a":0 - -BLOWFISH-ECB Decrypt SSLeay reference #19 -blowfish_decrypt_ecb:"37d06bb516cb7546":"5f99d04f5b163969":"164d5e404f275232":0 - -BLOWFISH-ECB Decrypt SSLeay reference #20 -blowfish_decrypt_ecb:"1f08260d1ac2465e":"4a057a3b24d3977b":"6b056e18759f5cca":0 - -BLOWFISH-ECB Decrypt SSLeay reference #21 -blowfish_decrypt_ecb:"584023641aba6176":"452031c1e4fada8e":"004bd6ef09176062":0 - -BLOWFISH-ECB Decrypt SSLeay reference #22 -blowfish_decrypt_ecb:"025816164629b007":"7555ae39f59b87bd":"480d39006ee762f2":0 - -BLOWFISH-ECB Decrypt SSLeay reference #23 -blowfish_decrypt_ecb:"49793ebc79b3258f":"53c55f9cb49fc019":"437540c8698f3cfa":0 - -BLOWFISH-ECB Decrypt SSLeay reference #24 -blowfish_decrypt_ecb:"4fb05e1515ab73a7":"7a8e7bfa937e89a3":"072d43a077075292":0 - -BLOWFISH-ECB Decrypt SSLeay reference #25 -blowfish_decrypt_ecb:"49e95d6d4ca229bf":"cf9c5d7a4986adb5":"02fe55778117f12a":0 - -BLOWFISH-ECB Decrypt SSLeay reference #26 -blowfish_decrypt_ecb:"018310dc409b26d6":"d1abb290658bc778":"1d9d5c5018f728c2":0 - -BLOWFISH-ECB Decrypt SSLeay reference #27 -blowfish_decrypt_ecb:"1c587f1c13924fef":"55cb3774d13ef201":"305532286d6f295a":0 - -BLOWFISH-ECB Decrypt SSLeay reference #28 -blowfish_decrypt_ecb:"0101010101010101":"fa34ec4847b268b2":"0123456789abcdef":0 - -BLOWFISH-ECB Decrypt SSLeay reference #29 -blowfish_decrypt_ecb:"1f1f1f1f0e0e0e0e":"a790795108ea3cae":"0123456789abcdef":0 - -BLOWFISH-ECB Decrypt SSLeay reference #30 -blowfish_decrypt_ecb:"e0fee0fef1fef1fe":"c39e072d9fac631d":"0123456789abcdef":0 - -BLOWFISH-ECB Decrypt SSLeay reference #31 -blowfish_decrypt_ecb:"0000000000000000":"014933e0cdaff6e4":"ffffffffffffffff":0 - -BLOWFISH-ECB Decrypt SSLeay reference #32 -blowfish_decrypt_ecb:"ffffffffffffffff":"f21e9a77b71c49bc":"0000000000000000":0 - -BLOWFISH-ECB Decrypt SSLeay reference #33 -blowfish_decrypt_ecb:"0123456789abcdef":"245946885754369a":"0000000000000000":0 - -BLOWFISH-ECB Decrypt SSLeay reference #34 -blowfish_decrypt_ecb:"fedcba9876543210":"6b5c5a9c5d9e0a5a":"ffffffffffffffff":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #1 -blowfish_encrypt_ecb:"f0":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA - -BLOWFISH-SETKEY Setkey SSLeay reference #2 -blowfish_encrypt_ecb:"f0e1":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA - -BLOWFISH-SETKEY Setkey SSLeay reference #3 -blowfish_encrypt_ecb:"f0e1d2":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA - -BLOWFISH-SETKEY Setkey SSLeay reference #4 -blowfish_encrypt_ecb:"f0e1d2c3":"fedcba9876543210":"be1e639408640f05":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #5 -blowfish_encrypt_ecb:"f0e1d2c3b4":"fedcba9876543210":"b39e44481bdb1e6e":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #6 -blowfish_encrypt_ecb:"f0e1d2c3b4a5":"fedcba9876543210":"9457aa83b1928c0d":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #7 -blowfish_encrypt_ecb:"f0e1d2c3b4a596":"fedcba9876543210":"8bb77032f960629d":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #8 -blowfish_encrypt_ecb:"f0e1d2c3b4a59687":"fedcba9876543210":"e87a244e2cc85e82":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #9 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778":"fedcba9876543210":"15750e7a4f4ec577":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #10 -blowfish_encrypt_ecb:"f0e1d2c3b4a596877869":"fedcba9876543210":"122ba70b3ab64ae0":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #11 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a":"fedcba9876543210":"3a833c9affc537f6":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #12 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b":"fedcba9876543210":"9409da87a90f6bf2":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #13 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c":"fedcba9876543210":"884f80625060b8b4":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #14 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d":"fedcba9876543210":"1f85031c19e11968":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #15 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e":"fedcba9876543210":"79d9373a714ca34f":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #16 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f":"fedcba9876543210":"93142887ee3be15c":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #17 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00":"fedcba9876543210":"03429e838ce2d14b":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #18 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f0011":"fedcba9876543210":"a4299e27469ff67b":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #19 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f001122":"fedcba9876543210":"afd5aed1c1bc96a8":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #20 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233":"fedcba9876543210":"10851c0e3858da9f":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #21 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f0011223344":"fedcba9876543210":"e6f51ed79b9db21f":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #22 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f001122334455":"fedcba9876543210":"64a6e14afd36b46f":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #23 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566":"fedcba9876543210":"80c7d7d45a5479ad":0 - -BLOWFISH-SETKEY Setkey SSLeay reference #24 -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f0011223344556677":"fedcba9876543210":"05044b62fa52d080":0 - -BLOWFISH-SETKEY Setkey 440 bits -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0f":"fedcba9876543210":"9a2ab8f1b00c73d2":0 - -BLOWFISH-SETKEY Setkey 448 bits -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fff":"fedcba9876543210":"2fb3ab7f0ee91b69":0 - -BLOWFISH-SETKEY Setkey 456 bits -blowfish_encrypt_ecb:"f0e1d2c3b4a5968778695a4b3c2d1e0f00112233445566778899aabbccddeeff0123456789abcdef0102030405060708090a0b0c0d0e0fffff":"fedcba9876543210":"":MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA - -BLOWFISH-CBC Encrypt [#1] -blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000000000":"6b77b4d63006dee605b156e27403979358deb9e7154616d959f1652bd5ff92cc":0 - -BLOWFISH-CBC Decrypt [#1] -blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC":"37363534333231204e6f77206973207468652074696d6520666f722000000000":0 - -BLOWFISH-CBC Encrypt [#2] -blowfish_encrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F7220000000":"":MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH - -BLOWFISH-CBC Decrypt [#2] -blowfish_decrypt_cbc:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"6B77B4D63006DEE605B156E27403979358DEB9E7154616D959F1652BD5FF92CC00":"":MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH - -BLOWFISH-CFB Encrypt -blowfish_encrypt_cfb64:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000":"e73214a2822139caf26ecf6d2eb9e76e3da3de04d1517200519d57a6c3" - -BLOWFISH-CFB Decrypt -blowfish_decrypt_cfb64:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"E73214A2822139CAF26ECF6D2EB9E76E3DA3DE04D1517200519D57A6C3":"37363534333231204e6f77206973207468652074696d6520666f722000" - -BLOWFISH-CTR Encrypt -blowfish_encrypt_ctr:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"37363534333231204E6F77206973207468652074696D6520666F722000":"e73214a2822139ca60254740dd8c5b8acf5e9569c4affeb944b8fc020e" - -BLOWFISH-CTR Decrypt -blowfish_encrypt_ctr:"0123456789ABCDEFF0E1D2C3B4A59687":"FEDCBA9876543210":"e73214a2822139ca60254740dd8c5b8acf5e9569c4affeb944b8fc020e":"37363534333231204e6f77206973207468652074696d6520666f722000" diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function deleted file mode 100644 index 1fa59ee6e..000000000 --- a/tests/suites/test_suite_blowfish.function +++ /dev/null @@ -1,216 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/blowfish.h" -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_BLOWFISH_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE depends_on:NOT_DEFINED */ -void blowfish_invalid_param( ) -{ - mbedtls_blowfish_context ctx; - unsigned char buf[16] = { 0 }; - size_t invalid_mode = 42; - size_t off; - ((void) off); - - TEST_EQUAL( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_ecb( &ctx, - invalid_mode, - buf, buf ) ); - -#if defined(MBEDTLS_CIPHER_MODE_CBC) - TEST_EQUAL( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_cbc( &ctx, - invalid_mode, - sizeof( buf ), - buf, buf, buf ) ); -#endif /* MBEDTLS_CIPHER_MODE_CBC */ - -#if defined(MBEDTLS_CIPHER_MODE_CFB) - TEST_EQUAL( MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA, - mbedtls_blowfish_crypt_cfb64( &ctx, - invalid_mode, - sizeof( buf ), - &off, buf, - buf, buf ) ); -#endif /* MBEDTLS_CIPHER_MODE_CFB */ - -exit: - return; -} -/* END_CASE */ - -/* BEGIN_CASE */ -void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str, - data_t * dst, int setkey_result ) -{ - unsigned char output[100]; - mbedtls_blowfish_context ctx; - - memset(output, 0x00, 100); - mbedtls_blowfish_init( &ctx ); - - - TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); - if( setkey_result == 0 ) - { - TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 ); - - TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); - } - -exit: - mbedtls_blowfish_free( &ctx ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str, - data_t * dst, int setkey_result ) -{ - unsigned char output[100]; - mbedtls_blowfish_context ctx; - - memset(output, 0x00, 100); - mbedtls_blowfish_init( &ctx ); - - - TEST_ASSERT( mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); - if( setkey_result == 0 ) - { - TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 ); - - TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); - } - -exit: - mbedtls_blowfish_free( &ctx ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ -void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * dst, - int cbc_result ) -{ - unsigned char output[100]; - mbedtls_blowfish_context ctx; - - memset(output, 0x00, 100); - mbedtls_blowfish_init( &ctx ); - - - mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); - - TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len , iv_str->x, src_str->x, output ) == cbc_result ); - if( cbc_result == 0 ) - { - - TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, - src_str->len, dst->len ) == 0 ); - } - -exit: - mbedtls_blowfish_free( &ctx ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ -void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * dst, - int cbc_result ) -{ - unsigned char output[100]; - mbedtls_blowfish_context ctx; - - memset(output, 0x00, 100); - mbedtls_blowfish_init( &ctx ); - - - mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); - TEST_ASSERT( mbedtls_blowfish_crypt_cbc( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len , iv_str->x, src_str->x, output ) == cbc_result ); - if( cbc_result == 0) - { - - TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, - dst->len ) == 0 ); - } - -exit: - mbedtls_blowfish_free( &ctx ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ -void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * dst ) -{ - unsigned char output[100]; - mbedtls_blowfish_context ctx; - size_t iv_offset = 0; - - memset(output, 0x00, 100); - mbedtls_blowfish_init( &ctx ); - - - mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); - TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - - TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, - dst->len ) == 0 ); - -exit: - mbedtls_blowfish_free( &ctx ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ -void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * dst ) -{ - unsigned char output[100]; - mbedtls_blowfish_context ctx; - size_t iv_offset = 0; - - memset(output, 0x00, 100); - mbedtls_blowfish_init( &ctx ); - - - mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); - TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - - TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, - dst->len ) == 0 ); - -exit: - mbedtls_blowfish_free( &ctx ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ -void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * dst ) -{ - unsigned char stream_str[100]; - unsigned char output[100]; - mbedtls_blowfish_context ctx; - size_t iv_offset = 0; - - memset(stream_str, 0x00, 100); - memset(output, 0x00, 100); - mbedtls_blowfish_init( &ctx ); - - - mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); - TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 ); - - TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, src_str->len, - dst->len ) == 0 ); - -exit: - mbedtls_blowfish_free( &ctx ); -} -/* END_CASE */ diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index 459683bd2..cdb1898a0 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -13,10 +13,6 @@ CCM init #3 AES-224: bad key size depends_on:MBEDTLS_AES_C mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:224:MBEDTLS_ERR_CCM_BAD_INPUT -CCM init #4 BLOWFISH-128: bad block size -depends_on:MBEDTLS_BLOWFISH_C -mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_BLOWFISH:128:MBEDTLS_ERR_CCM_BAD_INPUT - CCM lengths #1 all OK ccm_lengths:5:10:5:8:0 diff --git a/tests/suites/test_suite_cipher.arc4.data b/tests/suites/test_suite_cipher.arc4.data deleted file mode 100644 index 7a473739a..000000000 --- a/tests/suites/test_suite_cipher.arc4.data +++ /dev/null @@ -1,107 +0,0 @@ -ARC4 Decrypt empty buffer -depends_on:MBEDTLS_ARC4_C -dec_empty_buf:MBEDTLS_CIPHER_ARC4_128:0:0 - -ARC4 Encrypt and decrypt 0 bytes -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:0:-1 - -ARC4 Encrypt and decrypt 1 byte -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:1:-1 - -ARC4 Encrypt and decrypt 2 bytes -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:2:-1 - -ARC4 Encrypt and decrypt 7 bytes -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:7:-1 - -ARC4 Encrypt and decrypt 8 bytes -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:8:-1 - -ARC4 Encrypt and decrypt 9 bytes -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:9:-1 - -ARC4 Encrypt and decrypt 15 bytes -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:15:-1 - -ARC4 Encrypt and decrypt 16 bytes -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:16:-1 - -ARC4 Encrypt and decrypt 17 bytes -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:17:-1 - -ARC4 Encrypt and decrypt 31 bytes -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:31:-1 - -ARC4 Encrypt and decrypt 32 bytes [#1] -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:32:-1 - -ARC4 Encrypt and decrypt 32 bytes [#2] -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:33:-1 - -ARC4 Encrypt and decrypt 47 bytes -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:47:-1 - -ARC4 Encrypt and decrypt 48 bytes -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:48:-1 - -ARC4 Encrypt and decrypt 49 bytes -depends_on:MBEDTLS_ARC4_C -enc_dec_buf:MBEDTLS_CIPHER_ARC4_128:"ARC4-128":128:49:-1 - -ARC4 Encrypt and decrypt 0 bytes in multiple parts -depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:0:-1:0:0:0:0 - -ARC4 Encrypt and decrypt 1 bytes in multiple parts 1 -depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:0:-1:1:0:1:0 - -ARC4 Encrypt and decrypt 1 bytes in multiple parts 2 -depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:1:-1:0:1:0:1 - -ARC4 Encrypt and decrypt 16 bytes in multiple parts 1 -depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:0:-1:16:0:16:0 - -ARC4 Encrypt and decrypt 16 bytes in multiple parts 2 -depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:0:16:-1:0:16:0:16 - -ARC4 Encrypt and decrypt 16 bytes in multiple parts 3 -depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:1:15:-1:1:15:1:15 - -ARC4 Encrypt and decrypt 16 bytes in multiple parts 4 -depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:1:-1:15:1:15:1 - -ARC4 Encrypt and decrypt 22 bytes in multiple parts 1 [#1] -depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:15:7:-1:15:7:15:7 - -ARC4 Encrypt and decrypt 22 bytes in multiple parts 1 [#2] -depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:6:-1:16:6:16:6 - -ARC4 Encrypt and decrypt 22 bytes in multiple parts 1 [#3] -depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:17:6:-1:17:6:17:6 - -ARC4 Encrypt and decrypt 32 bytes in multiple parts 1 -depends_on:MBEDTLS_ARC4_C -enc_dec_buf_multipart:MBEDTLS_CIPHER_ARC4_128:128:16:16:-1:16:16:16:16 diff --git a/tests/suites/test_suite_cipher.blowfish.data b/tests/suites/test_suite_cipher.blowfish.data deleted file mode 100644 index a05a4e7b3..000000000 --- a/tests/suites/test_suite_cipher.blowfish.data +++ /dev/null @@ -1,607 +0,0 @@ -BLOWFISH CBC Decrypt empty buffer -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -dec_empty_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:0:0 - -BLOWFISH Encrypt and decrypt 0 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:-1 - -BLOWFISH Encrypt and decrypt 1 byte [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:-1 - -BLOWFISH Encrypt and decrypt 2 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:-1 - -BLOWFISH Encrypt and decrypt 7 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:-1 - -BLOWFISH Encrypt and decrypt 8 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:-1 - -BLOWFISH Encrypt and decrypt 9 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:-1 - -BLOWFISH Encrypt and decrypt 15 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:-1 - -BLOWFISH Encrypt and decrypt 16 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:-1 - -BLOWFISH Encrypt and decrypt 17 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:-1 - -BLOWFISH Encrypt and decrypt 31 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:-1 - -BLOWFISH Encrypt and decrypt 32 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:-1 - -BLOWFISH Encrypt and decrypt 32 bytes [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:-1 - -BLOWFISH Encrypt and decrypt 47 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:-1 - -BLOWFISH Encrypt and decrypt 48 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:-1 - -BLOWFISH Encrypt and decrypt 49 bytes [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:-1 - -BLOWFISH Encrypt and decrypt 0 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 1 byte with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 2 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 7 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 8 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 9 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 15 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 16 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 17 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 31 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 32 bytes with one and zeros padding [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 32 bytes with one and zeros padding [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 47 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 48 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 49 bytes with one and zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:MBEDTLS_PADDING_ONE_AND_ZEROS - -BLOWFISH Encrypt and decrypt 0 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 1 byte with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 2 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 7 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 8 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 9 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 15 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 16 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 17 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 31 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 32 bytes with zeros and len padding [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 32 bytes with zeros and len padding [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 47 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 48 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 49 bytes with zeros and len padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:MBEDTLS_PADDING_ZEROS_AND_LEN - -BLOWFISH Encrypt and decrypt 0 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 1 byte with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:1:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 2 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:2:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 7 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:7:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 8 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 9 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:9:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 15 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:15:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 16 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 17 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:17:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 31 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:31:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 32 bytes with zeros padding [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 32 bytes with zeros padding [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:33:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 47 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:47:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 48 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 49 bytes with zeros padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:49:MBEDTLS_PADDING_ZEROS - -BLOWFISH Encrypt and decrypt 0 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:0:MBEDTLS_PADDING_NONE - -BLOWFISH Encrypt and decrypt 8 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:8:MBEDTLS_PADDING_NONE - -BLOWFISH Encrypt and decrypt 16 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:16:MBEDTLS_PADDING_NONE - -BLOWFISH Encrypt and decrypt 32 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:32:MBEDTLS_PADDING_NONE - -BLOWFISH Encrypt and decrypt 48 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":128:48:MBEDTLS_PADDING_NONE - -BLOWFISH Try encrypting 1 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:1:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED - -BLOWFISH Try encrypting 2 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:2:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED - -BLOWFISH Try encrypting 7 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:7:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED - -BLOWFISH Try encrypting 9 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:9:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED - -BLOWFISH Try encrypting 15 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:15:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED - -BLOWFISH Try encrypting 17 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:17:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED - -BLOWFISH Try encrypting 31 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:31:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED - -BLOWFISH Try encrypting 33 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:33:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED - -BLOWFISH Try encrypting 47 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:47:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED - -BLOWFISH Try encrypting 49 bytes with no padding -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_fail:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_NONE:128:49:MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED - -BLOWFISH Encrypt and decrypt 0 bytes in multiple parts [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:0:-1:0:0:0:0 - -BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:0:-1:0:0:0:0 - -BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2 [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:1:-1:0:0:0:0 - -BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1 [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:0:-1:16:0:8:8 - -BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:0:16:-1:0:16:0:16 - -BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:1:15:-1:0:16:0:16 - -BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:1:-1:8:8:8:8 - -BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:15:7:-1:8:8:8:8 - -BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:6:-1:16:0:8:8 - -BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:17:6:-1:16:0:16:0 - -BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1 [#1] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CBC:128:16:16:-1:16:16:8:24 - -BLOWFISH Encrypt and decrypt 0 bytes [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:0:-1 - -BLOWFISH Encrypt and decrypt 1 byte [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:1:-1 - -BLOWFISH Encrypt and decrypt 2 bytes [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:2:-1 - -BLOWFISH Encrypt and decrypt 7 bytes [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:7:-1 - -BLOWFISH Encrypt and decrypt 8 bytes [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:8:-1 - -BLOWFISH Encrypt and decrypt 9 bytes [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:9:-1 - -BLOWFISH Encrypt and decrypt 15 bytes [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:15:-1 - -BLOWFISH Encrypt and decrypt 16 bytes [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:16:-1 - -BLOWFISH Encrypt and decrypt 17 bytes [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:17:-1 - -BLOWFISH Encrypt and decrypt 31 bytes [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:31:-1 - -BLOWFISH Encrypt and decrypt 32 bytes [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:32:-1 - -BLOWFISH Encrypt and decrypt 32 bytes [#4] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:33:-1 - -BLOWFISH Encrypt and decrypt 47 bytes [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:47:-1 - -BLOWFISH Encrypt and decrypt 48 bytes [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:48:-1 - -BLOWFISH Encrypt and decrypt 49 bytes [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":128:49:-1 - -BLOWFISH Encrypt and decrypt 0 bytes in multiple parts [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:0:-1:0:0:0:0 - -BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:0:-1:1:0:1:0 - -BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2 [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:1:-1:0:1:0:1 - -BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1 [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:0:-1:16:0:16:0 - -BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:0:16:-1:0:16:0:16 - -BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:1:15:-1:1:15:1:15 - -BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:1:-1:15:1:15:1 - -BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#4] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:15:7:-1:15:7:15:7 - -BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#5] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:6:-1:16:6:16:6 - -BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#6] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:17:6:-1:17:6:17:6 - -BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1 [#2] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CFB64:128:16:16:-1:16:16:16:16 - -BLOWFISH Encrypt and decrypt 0 bytes [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:0:-1 - -BLOWFISH Encrypt and decrypt 1 byte [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:1:-1 - -BLOWFISH Encrypt and decrypt 2 bytes [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:2:-1 - -BLOWFISH Encrypt and decrypt 7 bytes [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:7:-1 - -BLOWFISH Encrypt and decrypt 8 bytes [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:8:-1 - -BLOWFISH Encrypt and decrypt 9 bytes [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:9:-1 - -BLOWFISH Encrypt and decrypt 15 bytes [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:15:-1 - -BLOWFISH Encrypt and decrypt 16 bytes [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:16:-1 - -BLOWFISH Encrypt and decrypt 17 bytes [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:17:-1 - -BLOWFISH Encrypt and decrypt 31 bytes [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:31:-1 - -BLOWFISH Encrypt and decrypt 32 bytes [#5] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:32:-1 - -BLOWFISH Encrypt and decrypt 32 bytes [#6] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:33:-1 - -BLOWFISH Encrypt and decrypt 47 bytes [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:47:-1 - -BLOWFISH Encrypt and decrypt 48 bytes [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:48:-1 - -BLOWFISH Encrypt and decrypt 49 bytes [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":128:49:-1 - -BLOWFISH Encrypt and decrypt 0 bytes in multiple parts [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:0:-1:0:0:0:0 - -BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 1 [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:0:-1:1:0:1:0 - -BLOWFISH Encrypt and decrypt 1 bytes in multiple parts 2 [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:1:-1:0:1:0:1 - -BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 1 [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:0:-1:16:0:16:0 - -BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 2 [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:0:16:-1:0:16:0:16 - -BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 3 [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:1:15:-1:1:15:1:15 - -BLOWFISH Encrypt and decrypt 16 bytes in multiple parts 4 [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:1:-1:15:1:15:1 - -BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#7] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:15:7:-1:15:7:15:7 - -BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#8] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:6:-1:16:6:16:6 - -BLOWFISH Encrypt and decrypt 22 bytes in multiple parts 1 [#9] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:17:6:-1:17:6:17:6 - -BLOWFISH Encrypt and decrypt 32 bytes in multiple parts 1 [#3] -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf_multipart:MBEDTLS_CIPHER_BLOWFISH_CTR:128:16:16:-1:16:16:16:16 - -BLOWFISH CBC Encrypt and decrypt 7 bytes, 192-bits key -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CBC:"BLOWFISH-CBC":192:7:-1 - -BLOWFISH CTR Encrypt and decrypt 7 bytes, 192-bits key -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CTR:"BLOWFISH-CTR":192:7:-1 - -BLOWFISH CFB64 Encrypt and decrypt 7 bytes, 192-bits key -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -enc_dec_buf:MBEDTLS_CIPHER_BLOWFISH_CFB64:"BLOWFISH-CFB64":192:7:-1 - -BLOWFISH ECB Encrypt test vector (SSLeay) #1 -depends_on:MBEDTLS_BLOWFISH_C -test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_ENCRYPT:"00000000000000000000000000000000":"0000000000000000":"4ef997456198dd78":0 - -BLOWFISH ECB Encrypt test vector (SSLeay) #2 -depends_on:MBEDTLS_BLOWFISH_C -test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_ENCRYPT:"ffffffffffffffffffffffffffffffff":"ffffffffffffffff":"51866fd5b85ecb8a":0 - -BLOWFISH ECB Encrypt test vector (SSLeay) #3 -depends_on:MBEDTLS_BLOWFISH_C -test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_ENCRYPT:"fedcba9876543210fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0 - -BLOWFISH ECB Encrypt test vector (SSLeay) #3, 64-bit key -depends_on:MBEDTLS_BLOWFISH_C -test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_ENCRYPT:"fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0 - -BLOWFISH ECB Encrypt test vector (SSLeay) #3, 192-bit key -depends_on:MBEDTLS_BLOWFISH_C -test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_ENCRYPT:"fedcba9876543210fedcba9876543210fedcba9876543210":"0123456789abcdef":"0aceab0fc6a0a28d":0 - -BLOWFISH ECB Decrypt test vector (SSLeay) #1 -depends_on:MBEDTLS_BLOWFISH_C -test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_DECRYPT:"00000000000000000000000000000000":"4ef997456198dd78":"0000000000000000":0 - -BLOWFISH ECB Decrypt test vector (SSLeay) #2 -depends_on:MBEDTLS_BLOWFISH_C -test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_DECRYPT:"ffffffffffffffffffffffffffffffff":"51866fd5b85ecb8a":"ffffffffffffffff":0 - -BLOWFISH ECB Decrypt test vector (SSLeay) #3 -depends_on:MBEDTLS_BLOWFISH_C -test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_DECRYPT:"3849674c2602319e3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0 - -BLOWFISH ECB Decrypt test vector (SSLeay) #3, 64-bit key -depends_on:MBEDTLS_BLOWFISH_C -test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_DECRYPT:"3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0 - -BLOWFISH ECB Decrypt test vector (SSLeay) #3, 192-bit key -depends_on:MBEDTLS_BLOWFISH_C -test_vec_ecb:MBEDTLS_CIPHER_BLOWFISH_ECB:MBEDTLS_DECRYPT:"3849674c2602319e3849674c2602319e3849674c2602319e":"a25e7856cf2651eb":"51454b582ddf440a":0 diff --git a/tests/suites/test_suite_cipher.padding.data b/tests/suites/test_suite_cipher.padding.data index dc4c9d70b..0370fb3d2 100644 --- a/tests/suites/test_suite_cipher.padding.data +++ b/tests/suites/test_suite_cipher.padding.data @@ -29,18 +29,6 @@ Set padding with DES-CBC depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 set_padding:MBEDTLS_CIPHER_DES_CBC:MBEDTLS_PADDING_PKCS7:0 -Set padding with BLOWFISH-CBC -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -set_padding:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_PADDING_PKCS7:0 - -Set padding with BLOWFISH-CFB -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CFB -set_padding:MBEDTLS_CIPHER_BLOWFISH_CFB64:MBEDTLS_PADDING_PKCS7:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA - -Set padding with BLOWFISH-CTR -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CTR -set_padding:MBEDTLS_CIPHER_BLOWFISH_CTR:MBEDTLS_PADDING_PKCS7:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA - Set padding with NULL depends_on:MBEDTLS_CIPHER_NULL_CIPHER set_padding:MBEDTLS_CIPHER_NULL:MBEDTLS_PADDING_PKCS7:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA @@ -57,10 +45,6 @@ Set non-existent padding with DES-CBC depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC set_padding:MBEDTLS_CIPHER_DES_CBC:-1:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -Set non-existent padding with BLOWFISH-CBC -depends_on:MBEDTLS_BLOWFISH_C:MBEDTLS_CIPHER_MODE_CBC -set_padding:MBEDTLS_CIPHER_BLOWFISH_CBC:-1:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE - Check PKCS padding #1 (correct) depends_on:MBEDTLS_CIPHER_PADDING_PKCS7 check_padding:MBEDTLS_PADDING_PKCS7:"DABBAD0004040404":0:4 diff --git a/tests/suites/test_suite_hkdf.data b/tests/suites/test_suite_hkdf.data index 15837365f..92cea9cfb 100644 --- a/tests/suites/test_suite_hkdf.data +++ b/tests/suites/test_suite_hkdf.data @@ -15,84 +15,84 @@ test_hkdf_expand_ret:32:32:8192:MBEDTLS_ERR_HKDF_BAD_INPUT_DATA HKDF RFC5869 Test Vector #1 depends_on:MBEDTLS_SHA256_C -test_hkdf:6:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865" +test_hkdf:4:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865" HKDF RFC5869 Test Vector #2 depends_on:MBEDTLS_SHA256_C -test_hkdf:6:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87" +test_hkdf:4:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87" HKDF RFC5869 Test Vector #3 depends_on:MBEDTLS_SHA256_C -test_hkdf:6:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8" +test_hkdf:4:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8" HKDF RFC5869 Test Vector #4 depends_on:MBEDTLS_SHA1_C -test_hkdf:4:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896" +test_hkdf:2:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896" HKDF RFC5869 Test Vector #5 depends_on:MBEDTLS_SHA1_C -test_hkdf:4:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4" +test_hkdf:2:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4" HKDF RFC5869 Test Vector #6 depends_on:MBEDTLS_SHA1_C -test_hkdf:4:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918" +test_hkdf:2:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918" HKDF RFC5869 Test Vector #7 depends_on:MBEDTLS_SHA1_C -test_hkdf:4:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48" +test_hkdf:2:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48" HKDF RFC5869 Test Vector #1 Extract depends_on:MBEDTLS_SHA256_C -test_hkdf_extract:6:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5" +test_hkdf_extract:4:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5" HKDF RFC5869 Test Vector #2 Extract depends_on:MBEDTLS_SHA256_C -test_hkdf_extract:6:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244" +test_hkdf_extract:4:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244" HKDF RFC5869 Test Vector #3 Extract depends_on:MBEDTLS_SHA256_C -test_hkdf_extract:6:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04" +test_hkdf_extract:4:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04" HKDF RFC5869 Test Vector #4 Extract depends_on:MBEDTLS_SHA1_C -test_hkdf_extract:4:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243" +test_hkdf_extract:2:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243" HKDF RFC5869 Test Vector #5 Extract depends_on:MBEDTLS_SHA1_C -test_hkdf_extract:4:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"8adae09a2a307059478d309b26c4115a224cfaf6" +test_hkdf_extract:2:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"8adae09a2a307059478d309b26c4115a224cfaf6" HKDF RFC5869 Test Vector #6 Extract depends_on:MBEDTLS_SHA1_C -test_hkdf_extract:4:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01" +test_hkdf_extract:2:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01" HKDF RFC5869 Test Vector #7 Extract depends_on:MBEDTLS_SHA1_C -test_hkdf_extract:4:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"2adccada18779e7c2077ad2eb19d3f3e731385dd" +test_hkdf_extract:2:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"2adccada18779e7c2077ad2eb19d3f3e731385dd" HKDF RFC5869 Test Vector #1 Expand depends_on:MBEDTLS_SHA256_C -test_hkdf_expand:6:"f0f1f2f3f4f5f6f7f8f9":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865" +test_hkdf_expand:4:"f0f1f2f3f4f5f6f7f8f9":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865" HKDF RFC5869 Test Vector #2 Expand depends_on:MBEDTLS_SHA256_C -test_hkdf_expand:6:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87" +test_hkdf_expand:4:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87" HKDF RFC5869 Test Vector #3 Expand depends_on:MBEDTLS_SHA256_C -test_hkdf_expand:6:"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8" +test_hkdf_expand:4:"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8" HKDF RFC5869 Test Vector #4 Expand depends_on:MBEDTLS_SHA1_C -test_hkdf_expand:4:"f0f1f2f3f4f5f6f7f8f9":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896" +test_hkdf_expand:2:"f0f1f2f3f4f5f6f7f8f9":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896" HKDF RFC5869 Test Vector #5 Expand depends_on:MBEDTLS_SHA1_C -test_hkdf_expand:4:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"8adae09a2a307059478d309b26c4115a224cfaf6":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4" +test_hkdf_expand:2:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"8adae09a2a307059478d309b26c4115a224cfaf6":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4" HKDF RFC5869 Test Vector #6 Expand depends_on:MBEDTLS_SHA1_C -test_hkdf_expand:4:"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918" +test_hkdf_expand:2:"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918" HKDF RFC5869 Test Vector #7 Expand depends_on:MBEDTLS_SHA1_C -test_hkdf_expand:4:"":"2adccada18779e7c2077ad2eb19d3f3e731385dd":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48" +test_hkdf_expand:2:"":"2adccada18779e7c2077ad2eb19d3f3e731385dd":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48" diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index dbe6aa82b..a74106835 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -5,14 +5,6 @@ mbedtls_md_process: MD NULL/uninitialised arguments md_null_args: -Information on MD2 -depends_on:MBEDTLS_MD2_C -md_info:MBEDTLS_MD_MD2:"MD2":16 - -Information on MD4 -depends_on:MBEDTLS_MD4_C -md_info:MBEDTLS_MD_MD4:"MD4":16 - Information on MD5 depends_on:MBEDTLS_MD5_C md_info:MBEDTLS_MD_MD5:"MD5":16 @@ -41,62 +33,6 @@ Information on SHA512 depends_on:MBEDTLS_SHA512_C md_info:MBEDTLS_MD_SHA512:"SHA512":64 -generic mbedtls_md2 Test vector RFC1319 #1 -depends_on:MBEDTLS_MD2_C -md_text:"MD2":"":"8350e5a3e24c153df2275c9f80692773" - -generic mbedtls_md2 Test vector RFC1319 #2 -depends_on:MBEDTLS_MD2_C -md_text:"MD2":"a":"32ec01ec4a6dac72c0ab96fb34c0b5d1" - -generic mbedtls_md2 Test vector RFC1319 #3 -depends_on:MBEDTLS_MD2_C -md_text:"MD2":"abc":"da853b0d3f88d99b30283a69e6ded6bb" - -generic mbedtls_md2 Test vector RFC1319 #4 -depends_on:MBEDTLS_MD2_C -md_text:"MD2":"message digest":"ab4f496bfb2a530b219ff33031fe06b0" - -generic mbedtls_md2 Test vector RFC1319 #5 -depends_on:MBEDTLS_MD2_C -md_text:"MD2":"abcdefghijklmnopqrstuvwxyz":"4e8ddff3650292ab5a4108c3aa47940b" - -generic mbedtls_md2 Test vector RFC1319 #6 -depends_on:MBEDTLS_MD2_C -md_text:"MD2":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"da33def2a42df13975352846c30338cd" - -generic mbedtls_md2 Test vector RFC1319 #7 -depends_on:MBEDTLS_MD2_C -md_text:"MD2":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"d5976f79d83d3a0dc9806c3c66f3efd8" - -generic mbedtls_md4 Test vector RFC1320 #1 -depends_on:MBEDTLS_MD4_C -md_text:"MD4":"":"31d6cfe0d16ae931b73c59d7e0c089c0" - -generic mbedtls_md4 Test vector RFC1320 #2 -depends_on:MBEDTLS_MD4_C -md_text:"MD4":"a":"bde52cb31de33e46245e05fbdbd6fb24" - -generic mbedtls_md4 Test vector RFC1320 #3 -depends_on:MBEDTLS_MD4_C -md_text:"MD4":"abc":"a448017aaf21d8525fc10ae87aa6729d" - -generic mbedtls_md4 Test vector RFC1320 #4 -depends_on:MBEDTLS_MD4_C -md_text:"MD4":"message digest":"d9130a8164549fe818874806e1c7014b" - -generic mbedtls_md4 Test vector RFC1320 #5 -depends_on:MBEDTLS_MD4_C -md_text:"MD4":"abcdefghijklmnopqrstuvwxyz":"d79e1c308aa5bbcdeea8ed63df412da9" - -generic mbedtls_md4 Test vector RFC1320 #6 -depends_on:MBEDTLS_MD4_C -md_text:"MD4":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"043f8582f241db351ce627e153e7f0e4" - -generic mbedtls_md4 Test vector RFC1320 #7 -depends_on:MBEDTLS_MD4_C -md_text:"MD4":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"e33b4ddc9c38f2199c3e7b164fcc0536" - generic mbedtls_md5 Test vector RFC1321 #1 depends_on:MBEDTLS_MD5_C md_text:"MD5":"":"d41d8cd98f00b204e9800998ecf8427e" @@ -157,30 +93,6 @@ generic mbedtls_ripemd160 Test vector from paper #8 depends_on:MBEDTLS_RIPEMD160_C md_text:"RIPEMD160":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb" -generic HMAC-MD2 Hash File OpenSSL test #1 -depends_on:MBEDTLS_MD2_C -mbedtls_md_hmac:"MD2":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"d5732582f494f5ddf35efd166c85af9c" - -generic HMAC-MD2 Hash File OpenSSL test #2 -depends_on:MBEDTLS_MD2_C -mbedtls_md_hmac:"MD2":16:"61616161616161616161616161616161":"270fcf11f27c27448457d7049a7edb084a3e554e0b2acf5806982213f0ad516402e4c869c4ff2171e18e3489baa3125d2c3056ebb616296f9b6aa97ef68eeabcdc0b6dde47775004096a241efcf0a90d19b34e898cc7340cdc940f8bdd46e23e352f34bca131d4d67a7c2ddb8d0d68b67f06152a128168e1c341c37e0a66c5018999b7059bcc300beed2c19dd1152d2fe062853293b8f3c8b5":"54ab68503f7d1b5c7741340dff2722a9" - -generic HMAC-MD2 Hash File OpenSSL test #3 -depends_on:MBEDTLS_MD2_C -mbedtls_md_hmac:"MD2":16:"61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"d850e5f554558cf0fe79a0612e1d0365" - -generic HMAC-MD4 Hash File OpenSSL test #1 -depends_on:MBEDTLS_MD4_C -mbedtls_md_hmac:"MD4":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"eabd0fbefb82fb0063a25a6d7b8bdc0f" - -generic HMAC-MD4 Hash File OpenSSL test #2 -depends_on:MBEDTLS_MD4_C -mbedtls_md_hmac:"MD4":16:"61616161616161616161616161616161":"270fcf11f27c27448457d7049a7edb084a3e554e0b2acf5806982213f0ad516402e4c869c4ff2171e18e3489baa3125d2c3056ebb616296f9b6aa97ef68eeabcdc0b6dde47775004096a241efcf0a90d19b34e898cc7340cdc940f8bdd46e23e352f34bca131d4d67a7c2ddb8d0d68b67f06152a128168e1c341c37e0a66c5018999b7059bcc300beed2c19dd1152d2fe062853293b8f3c8b5":"cec3c5e421a7b783aa89cacf78daf6dc" - -generic HMAC-MD4 Hash File OpenSSL test #3 -depends_on:MBEDTLS_MD4_C -mbedtls_md_hmac:"MD4":16:"61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"ad5f0a04116109b397b57f9cc9b6df4b" - generic HMAC-MD5 Hash File OpenSSL test #1 depends_on:MBEDTLS_MD5_C mbedtls_md_hmac:"MD5":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"42552882f00bd4633ea81135a184b284" @@ -193,14 +105,6 @@ generic HMAC-MD5 Hash File OpenSSL test #3 depends_on:MBEDTLS_MD5_C mbedtls_md_hmac:"MD5":16:"61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"e97f623936f98a7f741c4bd0612fecc2" -HMAC-MD2 Bouncy Castle test #1 -depends_on:MBEDTLS_MD2_C -mbedtls_md_hmac:"MD2":16:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"4869205468657265":"dc1923ef5f161d35bef839ca8c807808" - -HMAC-MD4 Bouncy Castle test #1 -depends_on:MBEDTLS_MD4_C -mbedtls_md_hmac:"MD4":16:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"4869205468657265":"5570ce964ba8c11756cdc3970278ff5a" - HMAC-MD5 Bouncy Castle test #1 depends_on:MBEDTLS_MD5_C mbedtls_md_hmac:"MD5":16:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"4869205468657265":"5ccec34ea9656392457fa1ac27f08fbc" @@ -261,62 +165,6 @@ generic HMAC-RIPEMD160 Test vector RFC 2286 #7 depends_on:MBEDTLS_RIPEMD160_C mbedtls_md_hmac:"RIPEMD160":20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"69ea60798d71616cce5fd0871e23754cd75d5a0a" -generic multi step mbedtls_md2 Test vector RFC1319 #1 -depends_on:MBEDTLS_MD_C:MBEDTLS_MD2_C -md_text_multi:"MD2":"":"8350e5a3e24c153df2275c9f80692773" - -generic multi step mbedtls_md2 Test vector RFC1319 #2 -depends_on:MBEDTLS_MD2_C -md_text_multi:"MD2":"a":"32ec01ec4a6dac72c0ab96fb34c0b5d1" - -generic multi step mbedtls_md2 Test vector RFC1319 #3 -depends_on:MBEDTLS_MD2_C -md_text_multi:"MD2":"abc":"da853b0d3f88d99b30283a69e6ded6bb" - -generic multi step mbedtls_md2 Test vector RFC1319 #4 -depends_on:MBEDTLS_MD2_C -md_text_multi:"MD2":"message digest":"ab4f496bfb2a530b219ff33031fe06b0" - -generic multi step mbedtls_md2 Test vector RFC1319 #5 -depends_on:MBEDTLS_MD2_C -md_text_multi:"MD2":"abcdefghijklmnopqrstuvwxyz":"4e8ddff3650292ab5a4108c3aa47940b" - -generic multi step mbedtls_md2 Test vector RFC1319 #6 -depends_on:MBEDTLS_MD2_C -md_text_multi:"MD2":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"da33def2a42df13975352846c30338cd" - -generic multi step mbedtls_md2 Test vector RFC1319 #7 -depends_on:MBEDTLS_MD2_C -md_text_multi:"MD2":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"d5976f79d83d3a0dc9806c3c66f3efd8" - -generic multi step mbedtls_md4 Test vector RFC1320 #1 -depends_on:MBEDTLS_MD4_C -md_text_multi:"MD4":"":"31d6cfe0d16ae931b73c59d7e0c089c0" - -generic multi step mbedtls_md4 Test vector RFC1320 #2 -depends_on:MBEDTLS_MD4_C -md_text_multi:"MD4":"a":"bde52cb31de33e46245e05fbdbd6fb24" - -generic multi step mbedtls_md4 Test vector RFC1320 #3 -depends_on:MBEDTLS_MD4_C -md_text_multi:"MD4":"abc":"a448017aaf21d8525fc10ae87aa6729d" - -generic multi step mbedtls_md4 Test vector RFC1320 #4 -depends_on:MBEDTLS_MD4_C -md_text_multi:"MD4":"message digest":"d9130a8164549fe818874806e1c7014b" - -generic multi step mbedtls_md4 Test vector RFC1320 #5 -depends_on:MBEDTLS_MD4_C -md_text_multi:"MD4":"abcdefghijklmnopqrstuvwxyz":"d79e1c308aa5bbcdeea8ed63df412da9" - -generic multi step mbedtls_md4 Test vector RFC1320 #6 -depends_on:MBEDTLS_MD4_C -md_text_multi:"MD4":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"043f8582f241db351ce627e153e7f0e4" - -generic multi step mbedtls_md4 Test vector RFC1320 #7 -depends_on:MBEDTLS_MD4_C -md_text_multi:"MD4":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"e33b4ddc9c38f2199c3e7b164fcc0536" - generic multi step mbedtls_md5 Test vector RFC1321 #1 depends_on:MBEDTLS_MD5_C md_text_multi:"MD5":"":"d41d8cd98f00b204e9800998ecf8427e" @@ -377,30 +225,6 @@ generic multi step mbedtls_ripemd160 Test vector from paper #8 depends_on:MBEDTLS_RIPEMD160_C md_text_multi:"RIPEMD160":"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb" -generic multi step HMAC-MD2 Hash File OpenSSL test #1 -depends_on:MBEDTLS_MD2_C -md_hmac_multi:"MD2":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"d5732582f494f5ddf35efd166c85af9c" - -generic multi step HMAC-MD2 Hash File OpenSSL test #2 -depends_on:MBEDTLS_MD2_C -md_hmac_multi:"MD2":16:"61616161616161616161616161616161":"270fcf11f27c27448457d7049a7edb084a3e554e0b2acf5806982213f0ad516402e4c869c4ff2171e18e3489baa3125d2c3056ebb616296f9b6aa97ef68eeabcdc0b6dde47775004096a241efcf0a90d19b34e898cc7340cdc940f8bdd46e23e352f34bca131d4d67a7c2ddb8d0d68b67f06152a128168e1c341c37e0a66c5018999b7059bcc300beed2c19dd1152d2fe062853293b8f3c8b5":"54ab68503f7d1b5c7741340dff2722a9" - -generic multi step HMAC-MD2 Hash File OpenSSL test #3 -depends_on:MBEDTLS_MD2_C -md_hmac_multi:"MD2":16:"61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"d850e5f554558cf0fe79a0612e1d0365" - -generic multi step HMAC-MD4 Hash File OpenSSL test #1 -depends_on:MBEDTLS_MD4_C -md_hmac_multi:"MD4":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"eabd0fbefb82fb0063a25a6d7b8bdc0f" - -generic multi step HMAC-MD4 Hash File OpenSSL test #2 -depends_on:MBEDTLS_MD4_C -md_hmac_multi:"MD4":16:"61616161616161616161616161616161":"270fcf11f27c27448457d7049a7edb084a3e554e0b2acf5806982213f0ad516402e4c869c4ff2171e18e3489baa3125d2c3056ebb616296f9b6aa97ef68eeabcdc0b6dde47775004096a241efcf0a90d19b34e898cc7340cdc940f8bdd46e23e352f34bca131d4d67a7c2ddb8d0d68b67f06152a128168e1c341c37e0a66c5018999b7059bcc300beed2c19dd1152d2fe062853293b8f3c8b5":"cec3c5e421a7b783aa89cacf78daf6dc" - -generic multi step HMAC-MD4 Hash File OpenSSL test #3 -depends_on:MBEDTLS_MD4_C -md_hmac_multi:"MD4":16:"61616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"ad5f0a04116109b397b57f9cc9b6df4b" - generic multi step HMAC-MD5 Hash File OpenSSL test #1 depends_on:MBEDTLS_MD5_C md_hmac_multi:"MD5":16:"61616161616161616161616161616161":"b91ce5ac77d33c234e61002ed6":"42552882f00bd4633ea81135a184b284" @@ -469,38 +293,6 @@ generic multi step HMAC-RIPEMD160 Test vector RFC 2286 #7 depends_on:MBEDTLS_RIPEMD160_C md_hmac_multi:"RIPEMD160":20:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b657920616e64204c6172676572205468616e204f6e6520426c6f636b2d53697a652044617461":"69ea60798d71616cce5fd0871e23754cd75d5a0a" -generic MD2 Hash file #1 -depends_on:MBEDTLS_MD2_C -mbedtls_md_file:"MD2":"data_files/hash_file_1":"b593c098712d2e21628c8986695451a8" - -generic MD2 Hash file #2 -depends_on:MBEDTLS_MD2_C -mbedtls_md_file:"MD2":"data_files/hash_file_2":"3c027b7409909a4c4b26bbab69ad9f4f" - -generic MD2 Hash file #3 -depends_on:MBEDTLS_MD2_C -mbedtls_md_file:"MD2":"data_files/hash_file_3":"6bb43eb285e81f414083a94cdbe2989d" - -generic MD2 Hash file #4 -depends_on:MBEDTLS_MD2_C -mbedtls_md_file:"MD2":"data_files/hash_file_4":"8350e5a3e24c153df2275c9f80692773" - -generic MD4 Hash file #1 -depends_on:MBEDTLS_MD4_C -mbedtls_md_file:"MD4":"data_files/hash_file_1":"8d19772c176bd27153b9486715e2c0b9" - -generic MD4 Hash file #2 -depends_on:MBEDTLS_MD4_C -mbedtls_md_file:"MD4":"data_files/hash_file_2":"f2ac53b8542882a5a0007c6f84b4d9fd" - -generic MD4 Hash file #3 -depends_on:MBEDTLS_MD4_C -mbedtls_md_file:"MD4":"data_files/hash_file_3":"195c15158e2d07881d9a654095ce4a42" - -generic MD4 Hash file #4 -depends_on:MBEDTLS_MD4_C -mbedtls_md_file:"MD4":"data_files/hash_file_4":"31d6cfe0d16ae931b73c59d7e0c089c0" - generic MD5 Hash file #1 depends_on:MBEDTLS_MD5_C mbedtls_md_file:"MD5":"data_files/hash_file_1":"52bcdc983c9ed64fc148a759b3c7a415" diff --git a/tests/suites/test_suite_mdx.data b/tests/suites/test_suite_mdx.data index 3d063a477..ff3f73f4d 100644 --- a/tests/suites/test_suite_mdx.data +++ b/tests/suites/test_suite_mdx.data @@ -1,46 +1,4 @@ -# Test MD2, MD4, MD5 and RIPEMD160 -mbedtls_md2 Test vector RFC1319 #1 -md2_text:"":"8350e5a3e24c153df2275c9f80692773" - -mbedtls_md2 Test vector RFC1319 #2 -md2_text:"a":"32ec01ec4a6dac72c0ab96fb34c0b5d1" - -mbedtls_md2 Test vector RFC1319 #3 -md2_text:"abc":"da853b0d3f88d99b30283a69e6ded6bb" - -mbedtls_md2 Test vector RFC1319 #4 -md2_text:"message digest":"ab4f496bfb2a530b219ff33031fe06b0" - -mbedtls_md2 Test vector RFC1319 #5 -md2_text:"abcdefghijklmnopqrstuvwxyz":"4e8ddff3650292ab5a4108c3aa47940b" - -mbedtls_md2 Test vector RFC1319 #6 -md2_text:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"da33def2a42df13975352846c30338cd" - -mbedtls_md2 Test vector RFC1319 #7 -md2_text:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"d5976f79d83d3a0dc9806c3c66f3efd8" - -mbedtls_md4 Test vector RFC1320 #1 -md4_text:"":"31d6cfe0d16ae931b73c59d7e0c089c0" - -mbedtls_md4 Test vector RFC1320 #2 -md4_text:"a":"bde52cb31de33e46245e05fbdbd6fb24" - -mbedtls_md4 Test vector RFC1320 #3 -md4_text:"abc":"a448017aaf21d8525fc10ae87aa6729d" - -mbedtls_md4 Test vector RFC1320 #4 -md4_text:"message digest":"d9130a8164549fe818874806e1c7014b" - -mbedtls_md4 Test vector RFC1320 #5 -md4_text:"abcdefghijklmnopqrstuvwxyz":"d79e1c308aa5bbcdeea8ed63df412da9" - -mbedtls_md4 Test vector RFC1320 #6 -md4_text:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789":"043f8582f241db351ce627e153e7f0e4" - -mbedtls_md4 Test vector RFC1320 #7 -md4_text:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"e33b4ddc9c38f2199c3e7b164fcc0536" - +# Test MD5 and RIPEMD160 mbedtls_md5 Test vector RFC1321 #1 md5_text:"":"d41d8cd98f00b204e9800998ecf8427e" @@ -86,12 +44,6 @@ ripemd160_text:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789": mbedtls_ripemd160 Test vector from paper #8 ripemd160_text:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb" -MD2 Selftest -md2_selftest: - -MD4 Selftest -md4_selftest: - MD5 Selftest md5_selftest: diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index 1ee722988..73f91231c 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -1,50 +1,8 @@ /* BEGIN_HEADER */ -#include "mbedtls/md2.h" -#include "mbedtls/md4.h" #include "mbedtls/md5.h" #include "mbedtls/ripemd160.h" /* END_HEADER */ -/* BEGIN_CASE depends_on:MBEDTLS_MD2_C */ -void md2_text( char * text_src_string, data_t * hash ) -{ - int ret; - unsigned char src_str[100]; - unsigned char output[16]; - - memset( src_str, 0x00, sizeof src_str ); - memset( output, 0x00, sizeof output ); - - strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - - ret = mbedtls_md2( src_str, strlen( (char *) src_str ), output ); - TEST_ASSERT( ret == 0 ) ; - - TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, - sizeof output, hash->len ) == 0 ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_MD4_C */ -void md4_text( char * text_src_string, data_t * hash ) -{ - int ret; - unsigned char src_str[100]; - unsigned char output[16]; - - memset( src_str, 0x00, sizeof src_str ); - memset( output, 0x00, sizeof output ); - - strncpy( (char *) src_str, text_src_string, sizeof(src_str) - 1 ); - - ret = mbedtls_md4( src_str, strlen( (char *) src_str ), output ); - TEST_ASSERT( ret == 0 ); - - TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, - sizeof output, hash->len ) == 0 ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_MD5_C */ void md5_text( char * text_src_string, data_t * hash ) { @@ -85,20 +43,6 @@ void ripemd160_text( char * text_src_string, data_t * hash ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_MD2_C:MBEDTLS_SELF_TEST */ -void md2_selftest( ) -{ - TEST_ASSERT( mbedtls_md2_self_test( 1 ) == 0 ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_MD4_C:MBEDTLS_SELF_TEST */ -void md4_selftest( ) -{ - TEST_ASSERT( mbedtls_md4_self_test( 1 ) == 0 ); -} -/* END_CASE */ - /* BEGIN_CASE depends_on:MBEDTLS_MD5_C:MBEDTLS_SELF_TEST */ void md5_selftest( ) { diff --git a/tests/suites/test_suite_nist_kw.data b/tests/suites/test_suite_nist_kw.data index d0178b612..2d7b672d0 100644 --- a/tests/suites/test_suite_nist_kw.data +++ b/tests/suites/test_suite_nist_kw.data @@ -20,10 +20,6 @@ NIST KW init #4 AES-224: bad key size depends_on:MBEDTLS_AES_C mbedtls_nist_kw_setkey:MBEDTLS_CIPHER_ID_AES:224:1:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -NIST KW init #5 BLOWFISH-128: bad cipher -depends_on:MBEDTLS_BLOWFISH_C -mbedtls_nist_kw_setkey:MBEDTLS_CIPHER_ID_BLOWFISH:128:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA - NIST KW lengths #1 KW plaintext OK (2 to 2^54 - 1 semiblocks) nist_kw_plaintext_lengths:16:24:MBEDTLS_KW_MODE_KW:0 diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 1f73aace8..53746282b 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -170,54 +170,6 @@ Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_2des.der":"PolarSSLTest":0 -Parse RSA Key #32 (PKCS#8 encrypted SHA1-RC4-128) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem":"PolarSSLTest":0 - -Parse RSA Key #32.1 (PKCS#8 encrypted SHA1-RC4-128, wrong PW) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH - -Parse RSA Key #32.2 (PKCS#8 encrypted SHA1-RC4-128, no PW) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED - -Parse RSA Key #33 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem":"PolarSSLTest":0 - -Parse RSA Key #33.1 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, wrong PW) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH - -Parse RSA Key #33.2 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, no PW) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED - -Parse RSA Key #34 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem":"PolarSSLTest":0 - -Parse RSA Key #34.1 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, wrong PW) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH - -Parse RSA Key #34.2 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, no PW) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED - -Parse RSA Key #35 (PKCS#8 encrypted SHA1-RC4-128 DER) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der":"PolarSSLTest":0 - -Parse RSA Key #36 (PKCS#8 encrypted SHA1-RC4-128 DER, 2048-bit) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der":"PolarSSLTest":0 - -Parse RSA Key #37 (PKCS#8 encrypted SHA1-RC4-128 DER, 4096-bit) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der":"PolarSSLTest":0 - Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"PolarSSLTest":0 @@ -1032,39 +984,31 @@ Parse EC Key #5c (PKCS8 PEM, with parameters) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0 -Parse EC Key #6 (PKCS8 encrypted DER) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED -pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.der":"polar":0 - -Parse EC Key #7 (PKCS8 encrypted PEM) -depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED -pk_parse_keyfile_ec:"data_files/ec_prv.pk8.pw.pem":"polar":0 - -Parse EC Key #8 (SEC1 PEM, secp224r1) +Parse EC Key #6 (SEC1 PEM, secp224r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0 -Parse EC Key #9 (SEC1 PEM, secp256r1) +Parse EC Key #7 (SEC1 PEM, secp256r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0 -Parse EC Key #10 (SEC1 PEM, secp384r1) +Parse EC Key #8 (SEC1 PEM, secp384r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0 -Parse EC Key #11 (SEC1 PEM, secp521r1) +Parse EC Key #9 (SEC1 PEM, secp521r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0 -Parse EC Key #12 (SEC1 PEM, bp256r1) +Parse EC Key #10 (SEC1 PEM, bp256r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0 -Parse EC Key #13 (SEC1 PEM, bp384r1) +Parse EC Key #11 (SEC1 PEM, bp384r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0 -Parse EC Key #14 (SEC1 PEM, bp512r1) +Parse EC Key #12 (SEC1 PEM, bp512r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0 diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 4d9c7b69b..2b92a06c1 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1000,14 +1000,6 @@ PSA hash setup: good, SHA-512 depends_on:PSA_WANT_ALG_SHA_512 hash_setup:PSA_ALG_SHA_512:PSA_SUCCESS -PSA hash setup: good, MD2 -depends_on:PSA_WANT_ALG_MD2 -hash_setup:PSA_ALG_MD2:PSA_SUCCESS - -PSA hash setup: good, MD4 -depends_on:PSA_WANT_ALG_MD4 -hash_setup:PSA_ALG_MD4:PSA_SUCCESS - PSA hash setup: good, MD5 depends_on:PSA_WANT_ALG_MD5 hash_setup:PSA_ALG_MD5:PSA_SUCCESS @@ -1109,14 +1101,6 @@ PSA hash compute: good, SHA-512 depends_on:PSA_WANT_ALG_SHA_512 hash_compute_compare:PSA_ALG_SHA_512:"de4c90":"33ce98281045a5c4c9df0363d8196f1d7dfcd5ee46ac89776fd8a4344c12f123a66788af5bd41ceff1941aa5637654b4064c88c14e00465ab79a2fc6c97e1014" -PSA hash compute: good, MD2 -depends_on:PSA_WANT_ALG_MD2 -hash_compute_compare:PSA_ALG_MD2:"616263":"da853b0d3f88d99b30283a69e6ded6bb" - -PSA hash compute: good, MD4 -depends_on:PSA_WANT_ALG_MD4 -hash_compute_compare:PSA_ALG_MD4:"616263":"a448017aaf21d8525fc10ae87aa6729d" - PSA hash compute: good, MD5 depends_on:PSA_WANT_ALG_MD5 hash_compute_compare:PSA_ALG_MD5:"616263":"900150983cd24fb0d6963f7d28e17f72" @@ -1146,10 +1130,6 @@ PSA MAC setup: bad algorithm (HMAC without specified hash) # Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(0):PSA_ERROR_NOT_SUPPORTED -PSA MAC setup: bad algorithm (unsupported HMAC hash algorithm) -depends_on:!PSA_WANT_ALG_MD2 -mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_MD2):PSA_ERROR_NOT_SUPPORTED - PSA MAC setup: bad algorithm (not a MAC algorithm) depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CBC_NO_PADDING:PSA_ERROR_INVALID_ARGUMENT @@ -1410,11 +1390,6 @@ depends_on:MBEDTLS_CIPHER_MODE_CTR # Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here cipher_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED -PSA cipher setup: incompatible key ARC4 for CTR -depends_on:MBEDTLS_ARC4_C:MBEDTLS_CIPHER_MODE_CTR -# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here -cipher_setup:PSA_KEY_TYPE_ARC4:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED - PSA cipher: bad order function calls cipher_bad_order: diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data index 67158d0ec..9f5133988 100644 --- a/tests/suites/test_suite_psa_crypto_hash.data +++ b/tests/suites/test_suite_psa_crypto_hash.data @@ -158,62 +158,6 @@ PSA hash finish: SHA-512 Test Vector NIST CAVS #8 depends_on:PSA_WANT_ALG_SHA_512 hash_finish:PSA_ALG_SHA_512:"990d1ae71a62d7bda9bfdaa1762a68d296eee72a4cd946f287a898fbabc002ea941fd8d4d991030b4d27a637cce501a834bb95eab1b7889a3e784c7968e67cbf552006b206b68f76d9191327524fcc251aeb56af483d10b4e0c6c5e599ee8c0fe4faeca8293844a8547c6a9a90d093f2526873a19ad4a5e776794c68c742fb834793d2dfcb7fea46c63af4b70fd11cb6e41834e72ee40edb067b292a794990c288d5007e73f349fb383af6a756b8301ad6e5e0aa8cd614399bb3a452376b1575afa6bdaeaafc286cb064bb91edef97c632b6c1113d107fa93a0905098a105043c2f05397f702514439a08a9e5ddc196100721d45c8fc17d2ed659376f8a00bd5cb9a0860e26d8a29d8d6aaf52de97e9346033d6db501a35dbbaf97c20b830cd2d18c2532f3a59cc497ee64c0e57d8d060e5069b28d86edf1adcf59144b221ce3ddaef134b3124fbc7dd000240eff0f5f5f41e83cd7f5bb37c9ae21953fe302b0f6e8b68fa91c6ab99265c64b2fd9cd4942be04321bb5d6d71932376c6f2f88e02422ba6a5e2cb765df93fd5dd0728c6abdaf03bce22e0678a544e2c3636f741b6f4447ee58a8fc656b43ef817932176adbfc2e04b2c812c273cd6cbfa4098f0be036a34221fa02643f5ee2e0b38135f2a18ecd2f16ebc45f8eb31b8ab967a1567ee016904188910861ca1fa205c7adaa194b286893ffe2f4fbe0384c2aef72a4522aeafd3ebc71f9db71eeeef86c48394a1c86d5b36c352cc33a0a2c800bc99e62fd65b3a2fd69e0b53996ec13d8ce483ce9319efd9a85acefabdb5342226febb83fd1daf4b24265f50c61c6de74077ef89b6fecf9f29a1f871af1e9f89b2d345cda7499bd45c42fa5d195a1e1a6ba84851889e730da3b2b916e96152ae0c92154b49719841db7e7cc707ba8a5d7b101eb4ac7b629bb327817910fff61580b59aab78182d1a2e33473d05b00b170b29e331870826cfe45af206aa7d0246bbd8566ca7cfb2d3c10bfa1db7dd48dd786036469ce7282093d78b5e1a5b0fc81a54c8ed4ceac1e5305305e78284ac276f5d7862727aff246e17addde50c670028d572cbfc0be2e4f8b2eb28fa68ad7b4c6c2a239c460441bfb5ea049f23b08563b4e47729a59e5986a61a6093dbd54f8c36ebe87edae01f251cb060ad1364ce677d7e8d5a4a4ca966a7241cc360bc2acb280e5f9e9c1b032ad6a180a35e0c5180b9d16d026c865b252098cc1d99ba7375ca31c7702c0d943d5e3dd2f6861fa55bd46d94b67ed3e52eccd8dd06d968e01897d6de97ed3058d91dd":"8e4bc6f8b8c60fe4d68c61d9b159c8693c3151c46749af58da228442d927f23359bd6ccd6c2ec8fa3f00a86cecbfa728e1ad60b821ed22fcd309ba91a4138bc9" -PSA hash finish: MD2 Test vector RFC1319 #1 -depends_on:PSA_WANT_ALG_MD2 -hash_finish:PSA_ALG_MD2:"":"8350e5a3e24c153df2275c9f80692773" - -PSA hash finish: MD2 Test vector RFC1319 #2 -depends_on:PSA_WANT_ALG_MD2 -hash_finish:PSA_ALG_MD2:"61":"32ec01ec4a6dac72c0ab96fb34c0b5d1" - -PSA hash finish: MD2 Test vector RFC1319 #3 -depends_on:PSA_WANT_ALG_MD2 -hash_finish:PSA_ALG_MD2:"616263":"da853b0d3f88d99b30283a69e6ded6bb" - -PSA hash finish: MD2 Test vector RFC1319 #4 -depends_on:PSA_WANT_ALG_MD2 -hash_finish:PSA_ALG_MD2:"6d65737361676520646967657374":"ab4f496bfb2a530b219ff33031fe06b0" - -PSA hash finish: MD2 Test vector RFC1319 #5 -depends_on:PSA_WANT_ALG_MD2 -hash_finish:PSA_ALG_MD2:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"4e8ddff3650292ab5a4108c3aa47940b" - -PSA hash finish: MD2 Test vector RFC1319 #6 -depends_on:PSA_WANT_ALG_MD2 -hash_finish:PSA_ALG_MD2:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"da33def2a42df13975352846c30338cd" - -PSA hash finish: MD2 Test vector RFC1319 #7 -depends_on:PSA_WANT_ALG_MD2 -hash_finish:PSA_ALG_MD2:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"d5976f79d83d3a0dc9806c3c66f3efd8" - -PSA hash finish: MD4 Test vector RFC1320 #1 -depends_on:PSA_WANT_ALG_MD4 -hash_finish:PSA_ALG_MD4:"":"31d6cfe0d16ae931b73c59d7e0c089c0" - -PSA hash finish: MD4 Test vector RFC1320 #2 -depends_on:PSA_WANT_ALG_MD4 -hash_finish:PSA_ALG_MD4:"61":"bde52cb31de33e46245e05fbdbd6fb24" - -PSA hash finish: MD4 Test vector RFC1320 #3 -depends_on:PSA_WANT_ALG_MD4 -hash_finish:PSA_ALG_MD4:"616263":"a448017aaf21d8525fc10ae87aa6729d" - -PSA hash finish: MD4 Test vector RFC1320 #4 -depends_on:PSA_WANT_ALG_MD4 -hash_finish:PSA_ALG_MD4:"6d65737361676520646967657374":"d9130a8164549fe818874806e1c7014b" - -PSA hash finish: MD4 Test vector RFC1320 #5 -depends_on:PSA_WANT_ALG_MD4 -hash_finish:PSA_ALG_MD4:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"d79e1c308aa5bbcdeea8ed63df412da9" - -PSA hash finish: MD4 Test vector RFC1320 #6 -depends_on:PSA_WANT_ALG_MD4 -hash_finish:PSA_ALG_MD4:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"043f8582f241db351ce627e153e7f0e4" - -PSA hash finish: MD4 Test vector RFC1320 #7 -depends_on:PSA_WANT_ALG_MD4 -hash_finish:PSA_ALG_MD4:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"e33b4ddc9c38f2199c3e7b164fcc0536" - PSA hash finish: MD5 Test vector RFC1321 #1 depends_on:PSA_WANT_ALG_MD5 hash_finish:PSA_ALG_MD5:"":"d41d8cd98f00b204e9800998ecf8427e" @@ -294,14 +238,6 @@ PSA hash verify: SHA-512 depends_on:PSA_WANT_ALG_SHA_512 hash_verify:PSA_ALG_SHA_512:"bd":"296e2267d74c278daaaa940d17b0cfb74a5083f8e069726d8c841cbe596e0431cb7741a5b50f71666cfd54bacb7b00aea891499cf4ef6a03c8a83fe37c3f7baf" -PSA hash verify: MD2 -depends_on:PSA_WANT_ALG_MD2 -hash_verify:PSA_ALG_MD2:"bd":"8c9c17665d25b35fc413c41805c679cf" - -PSA hash verify: MD4 -depends_on:PSA_WANT_ALG_MD4 -hash_verify:PSA_ALG_MD4:"bd":"18c33f97297efe5f8a732258289fda25" - PSA hash verify: MD5 depends_on:PSA_WANT_ALG_MD5 hash_verify:PSA_ALG_MD5:"bd":"abae57cb562ecf295b4a37a76efe61fb" @@ -470,62 +406,6 @@ PSA hash multi part: SHA-512 Test Vector NIST CAVS #8 depends_on:PSA_WANT_ALG_SHA_512 hash_multi_part:PSA_ALG_SHA_512:"990d1ae71a62d7bda9bfdaa1762a68d296eee72a4cd946f287a898fbabc002ea941fd8d4d991030b4d27a637cce501a834bb95eab1b7889a3e784c7968e67cbf552006b206b68f76d9191327524fcc251aeb56af483d10b4e0c6c5e599ee8c0fe4faeca8293844a8547c6a9a90d093f2526873a19ad4a5e776794c68c742fb834793d2dfcb7fea46c63af4b70fd11cb6e41834e72ee40edb067b292a794990c288d5007e73f349fb383af6a756b8301ad6e5e0aa8cd614399bb3a452376b1575afa6bdaeaafc286cb064bb91edef97c632b6c1113d107fa93a0905098a105043c2f05397f702514439a08a9e5ddc196100721d45c8fc17d2ed659376f8a00bd5cb9a0860e26d8a29d8d6aaf52de97e9346033d6db501a35dbbaf97c20b830cd2d18c2532f3a59cc497ee64c0e57d8d060e5069b28d86edf1adcf59144b221ce3ddaef134b3124fbc7dd000240eff0f5f5f41e83cd7f5bb37c9ae21953fe302b0f6e8b68fa91c6ab99265c64b2fd9cd4942be04321bb5d6d71932376c6f2f88e02422ba6a5e2cb765df93fd5dd0728c6abdaf03bce22e0678a544e2c3636f741b6f4447ee58a8fc656b43ef817932176adbfc2e04b2c812c273cd6cbfa4098f0be036a34221fa02643f5ee2e0b38135f2a18ecd2f16ebc45f8eb31b8ab967a1567ee016904188910861ca1fa205c7adaa194b286893ffe2f4fbe0384c2aef72a4522aeafd3ebc71f9db71eeeef86c48394a1c86d5b36c352cc33a0a2c800bc99e62fd65b3a2fd69e0b53996ec13d8ce483ce9319efd9a85acefabdb5342226febb83fd1daf4b24265f50c61c6de74077ef89b6fecf9f29a1f871af1e9f89b2d345cda7499bd45c42fa5d195a1e1a6ba84851889e730da3b2b916e96152ae0c92154b49719841db7e7cc707ba8a5d7b101eb4ac7b629bb327817910fff61580b59aab78182d1a2e33473d05b00b170b29e331870826cfe45af206aa7d0246bbd8566ca7cfb2d3c10bfa1db7dd48dd786036469ce7282093d78b5e1a5b0fc81a54c8ed4ceac1e5305305e78284ac276f5d7862727aff246e17addde50c670028d572cbfc0be2e4f8b2eb28fa68ad7b4c6c2a239c460441bfb5ea049f23b08563b4e47729a59e5986a61a6093dbd54f8c36ebe87edae01f251cb060ad1364ce677d7e8d5a4a4ca966a7241cc360bc2acb280e5f9e9c1b032ad6a180a35e0c5180b9d16d026c865b252098cc1d99ba7375ca31c7702c0d943d5e3dd2f6861fa55bd46d94b67ed3e52eccd8dd06d968e01897d6de97ed3058d91dd":"8e4bc6f8b8c60fe4d68c61d9b159c8693c3151c46749af58da228442d927f23359bd6ccd6c2ec8fa3f00a86cecbfa728e1ad60b821ed22fcd309ba91a4138bc9" -PSA hash multi part: MD2 Test vector RFC1319 #1 -depends_on:PSA_WANT_ALG_MD2 -hash_multi_part:PSA_ALG_MD2:"":"8350e5a3e24c153df2275c9f80692773" - -PSA hash multi part: MD2 Test vector RFC1319 #2 -depends_on:PSA_WANT_ALG_MD2 -hash_multi_part:PSA_ALG_MD2:"61":"32ec01ec4a6dac72c0ab96fb34c0b5d1" - -PSA hash multi part: MD2 Test vector RFC1319 #3 -depends_on:PSA_WANT_ALG_MD2 -hash_multi_part:PSA_ALG_MD2:"616263":"da853b0d3f88d99b30283a69e6ded6bb" - -PSA hash multi part: MD2 Test vector RFC1319 #4 -depends_on:PSA_WANT_ALG_MD2 -hash_multi_part:PSA_ALG_MD2:"6d65737361676520646967657374":"ab4f496bfb2a530b219ff33031fe06b0" - -PSA hash multi part: MD2 Test vector RFC1319 #5 -depends_on:PSA_WANT_ALG_MD2 -hash_multi_part:PSA_ALG_MD2:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"4e8ddff3650292ab5a4108c3aa47940b" - -PSA hash multi part: MD2 Test vector RFC1319 #6 -depends_on:PSA_WANT_ALG_MD2 -hash_multi_part:PSA_ALG_MD2:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"da33def2a42df13975352846c30338cd" - -PSA hash multi part: MD2 Test vector RFC1319 #7 -depends_on:PSA_WANT_ALG_MD2 -hash_multi_part:PSA_ALG_MD2:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"d5976f79d83d3a0dc9806c3c66f3efd8" - -PSA hash multi part: MD4 Test vector RFC1320 #1 -depends_on:PSA_WANT_ALG_MD4 -hash_multi_part:PSA_ALG_MD4:"":"31d6cfe0d16ae931b73c59d7e0c089c0" - -PSA hash multi part: MD4 Test vector RFC1320 #2 -depends_on:PSA_WANT_ALG_MD4 -hash_multi_part:PSA_ALG_MD4:"61":"bde52cb31de33e46245e05fbdbd6fb24" - -PSA hash multi part: MD4 Test vector RFC1320 #3 -depends_on:PSA_WANT_ALG_MD4 -hash_multi_part:PSA_ALG_MD4:"616263":"a448017aaf21d8525fc10ae87aa6729d" - -PSA hash multi part: MD4 Test vector RFC1320 #4 -depends_on:PSA_WANT_ALG_MD4 -hash_multi_part:PSA_ALG_MD4:"6d65737361676520646967657374":"d9130a8164549fe818874806e1c7014b" - -PSA hash multi part: MD4 Test vector RFC1320 #5 -depends_on:PSA_WANT_ALG_MD4 -hash_multi_part:PSA_ALG_MD4:"6162636465666768696a6b6c6d6e6f707172737475767778797a":"d79e1c308aa5bbcdeea8ed63df412da9" - -PSA hash multi part: MD4 Test vector RFC1320 #6 -depends_on:PSA_WANT_ALG_MD4 -hash_multi_part:PSA_ALG_MD4:"4142434445464748494a4b4c4d4e4f505152535455565758595a6162636465666768696a6b6c6d6e6f707172737475767778797a30313233343536373839":"043f8582f241db351ce627e153e7f0e4" - -PSA hash multi part: MD4 Test vector RFC1320 #7 -depends_on:PSA_WANT_ALG_MD4 -hash_multi_part:PSA_ALG_MD4:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"e33b4ddc9c38f2199c3e7b164fcc0536" - PSA hash multi part: MD5 Test vector RFC1321 #1 depends_on:PSA_WANT_ALG_MD5 hash_multi_part:PSA_ALG_MD5:"":"d41d8cd98f00b204e9800998ecf8427e" diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 22056b0a8..9bf91b586 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -1,11 +1,3 @@ -Hash: MD2 -depends_on:PSA_WANT_ALG_MD2 -hash_algorithm:PSA_ALG_MD2:16 - -Hash: MD4 -depends_on:PSA_WANT_ALG_MD4 -hash_algorithm:PSA_ALG_MD4:16 - Hash: MD5 depends_on:PSA_WANT_ALG_MD5 hash_algorithm:PSA_ALG_MD5:16 @@ -34,14 +26,6 @@ Hash: SHA-2 SHA-512 depends_on:PSA_WANT_ALG_SHA_512 hash_algorithm:PSA_ALG_SHA_512:64 -MAC: HMAC-MD2 -depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD2 -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD2 ):16:64 - -MAC: HMAC-MD4 -depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD4 -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD4 ):16:64 - MAC: HMAC-MD5 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5 hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD5 ):16:64 @@ -319,10 +303,6 @@ Block cipher key type: Camellia depends_on:PSA_WANT_KEY_TYPE_CAMELLIA block_cipher_key_type:PSA_KEY_TYPE_CAMELLIA:16 -Stream cipher key type: ARC4 -depends_on:PSA_WANT_KEY_TYPE_ARC4 -stream_cipher_key_type:PSA_KEY_TYPE_ARC4 - Stream cipher key type: ChaCha20 depends_on:PSA_WANT_KEY_TYPE_CHACHA20 stream_cipher_key_type:PSA_KEY_TYPE_CHACHA20 diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index cc5a04779..98dad0b06 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -220,55 +220,39 @@ RSA PKCS1 Sign #4 Verify depends_on:MBEDTLS_SHA384_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"40dcc96822e5612eb33f1dca247a35109ba3845c7a3d556a60e656624bf1c103d94686ca7379e9e329ccd1b19b52bfd48b608df9f59a96a82d3feb0101096dbcb80e46da543b4c982ac6bb1717f24f9fe3f76b7154492b47525be1ddcaf4631d33481531be8f3e685837b40bdf4a02827d79f6a32374147174680f51c8e0d8eed9d5c445a563a7bce9ef4236e7cfdc12b2223ef457c3e8ccc6dd65cc23e977a1f03f5ef584feb9af00efc71a701f9d413b0290af17692cb821a1e863d5778e174b1130659f30583f434f09cb1212471a41dd65c102de64a194b6ae3e43cd75928049db78042c58e980aff3ea2774e42845bcf217410a118cf5deeaa64224dbc8":0 -RSA PKCS1 Sign #5 (MD2, 2048 bits RSA) -depends_on:MBEDTLS_MD2_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_MD2:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"6cbb0e4019d64dd5cd2d48fa43446e5cba1a7edbb79d91b199be75c7d3e7ae0820c44d3a120cd2910f73cbb315e15963a60ea7da3452015d9d6beb5ac998fddbd1fa3e5908abc9151f3ffb70365aaee6fb0cd440d3f5591868fc136fae38ac7bcdb3bde3c6a0362dd8b814f7edadd4a51b2edf2227a40d1e34c29f608add7746731425858eb93661c633b7a90942fca3cd594ab4ec170052d44105643518020782e76235def34d014135bad8daed590200482325c3416c3d66417e80d9f9c6322a54683638247b577445ecd0be2765ce96c4ee45213204026dfba24d5ee89e1ea75538ba39f7149a5ac0fc12d7c53cbc12481d4a8e2d410ec633d800ad4b4304":0 - -RSA PKCS1 Sign #5 Verify -depends_on:MBEDTLS_MD2_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_MD2:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"6cbb0e4019d64dd5cd2d48fa43446e5cba1a7edbb79d91b199be75c7d3e7ae0820c44d3a120cd2910f73cbb315e15963a60ea7da3452015d9d6beb5ac998fddbd1fa3e5908abc9151f3ffb70365aaee6fb0cd440d3f5591868fc136fae38ac7bcdb3bde3c6a0362dd8b814f7edadd4a51b2edf2227a40d1e34c29f608add7746731425858eb93661c633b7a90942fca3cd594ab4ec170052d44105643518020782e76235def34d014135bad8daed590200482325c3416c3d66417e80d9f9c6322a54683638247b577445ecd0be2765ce96c4ee45213204026dfba24d5ee89e1ea75538ba39f7149a5ac0fc12d7c53cbc12481d4a8e2d410ec633d800ad4b4304":0 - -RSA PKCS1 Sign #6 (MD4, 2048 bits RSA) -depends_on:MBEDTLS_MD4_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_MD4:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0e60dc4dfaf0f636a3a4414eae2d7bce7c3ce505a46e38f3f654d8769b31b7891ba18f89672fce204bbac6e3764355e65447c087994731cd44f086710e79e8c3ebc6e2cb61edc5d3e05848ab733d95efe2d0252a691e810c17fa57fd2dd296374c9ba17fea704685677f45d668a386c8ca433fbbb56d3bbfb43a489ed9518b1c9ab13ce497a1cec91467453bfe533145a31a095c2de541255141768ccc6fdff3fc790b5050f1122c93c3044a9346947e1b23e8125bf7edbf38c64a4286dfc1b829e983db3117959a2559a8ef97687ab673e231be213d88edc632637b58cdb2d69c51fbf6bf894cff319216718b1e696f75cd4366f53dc2e28b2a00017984207":0 - -RSA PKCS1 Sign #6 Verify -depends_on:MBEDTLS_MD4_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_MD4:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"b0e60dc4dfaf0f636a3a4414eae2d7bce7c3ce505a46e38f3f654d8769b31b7891ba18f89672fce204bbac6e3764355e65447c087994731cd44f086710e79e8c3ebc6e2cb61edc5d3e05848ab733d95efe2d0252a691e810c17fa57fd2dd296374c9ba17fea704685677f45d668a386c8ca433fbbb56d3bbfb43a489ed9518b1c9ab13ce497a1cec91467453bfe533145a31a095c2de541255141768ccc6fdff3fc790b5050f1122c93c3044a9346947e1b23e8125bf7edbf38c64a4286dfc1b829e983db3117959a2559a8ef97687ab673e231be213d88edc632637b58cdb2d69c51fbf6bf894cff319216718b1e696f75cd4366f53dc2e28b2a00017984207":0 - -RSA PKCS1 Sign #7 (MD5, 2048 bits RSA) +RSA PKCS1 Sign #5 (MD5, 2048 bits RSA) depends_on:MBEDTLS_MD5_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_MD5:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":0 -RSA PKCS1 Sign #7 Verify +RSA PKCS1 Sign #5 Verify depends_on:MBEDTLS_MD5_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_MD5:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":0 -RSA PKCS1 Sign #8 (RAW, 2048 bits RSA) +RSA PKCS1 Sign #6 (RAW, 2048 bits RSA) depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_sign_raw:"1234567890deadbeef":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8" -RSA PKCS1 Sign #8 Verify +RSA PKCS1 Sign #6 Verify depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_verify_raw:"1234567890deadbeef":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":0 -RSA PKCS1 Sign #8 Verify (Wrong raw hash) +RSA PKCS1 Sign #6 Verify (Wrong raw hash) depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_verify_raw:"1234567890deadcafe":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_VERIFY_FAILED -RSA PKCS1 Sign #9 (Invalid Digest type) +RSA PKCS1 Sign #7 (Invalid Digest type) depends_on:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:255:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSA PKCS1 Sign #9 Verify (Invalid Digest type) +RSA PKCS1 Sign #7 Verify (Invalid Digest type) depends_on:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:255:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSA PKCS1 Sign #10 (RIPEMD160, 2048 bits RSA) +RSA PKCS1 Sign #8 (RIPEMD160, 2048 bits RSA) depends_on:MBEDTLS_RIPEMD160_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_sign:"616263":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_RIPEMD160:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"aa2d9f88334d61bed74317ba549b1463600a9219801240cca5c11b9cdda29373172a28151313fb2cf73bb68af167e4ec645b6f065028802afbcfbc10e6c2c824e3c4d50c7181193b93734832170f0c5d3dd9ba5808f0e2a5c16b3d0df90defefef8e8fde5906962d42a2f0d62d7f81977f367f436f10c8b1183ccf6676953f7219445938f725d0cb62efbabf092de531642863b381e2694f2bf544ff6a4fefa7b37cdbf6292dbedcacf6e57d6f206ce5df0fd2771f9f64818f59a0ab7a5f003b368dc3eb51ab9409a0ec4e43f45281ee9a560664de88965ab207e256303d9dcb8233ed6ad0a5ad7f81e2f8c7a196dc81e2c8b6dde8a77fb6cfd1e5477ece9df8":0 -RSA PKCS1 Verify #10 (RIPEMD160, 2048 bits RSA) +RSA PKCS1 Verify #8 (RIPEMD160, 2048 bits RSA) depends_on:MBEDTLS_RIPEMD160_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"616263":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_RIPEMD160:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"aa2d9f88334d61bed74317ba549b1463600a9219801240cca5c11b9cdda29373172a28151313fb2cf73bb68af167e4ec645b6f065028802afbcfbc10e6c2c824e3c4d50c7181193b93734832170f0c5d3dd9ba5808f0e2a5c16b3d0df90defefef8e8fde5906962d42a2f0d62d7f81977f367f436f10c8b1183ccf6676953f7219445938f725d0cb62efbabf092de531642863b381e2694f2bf544ff6a4fefa7b37cdbf6292dbedcacf6e57d6f206ce5df0fd2771f9f64818f59a0ab7a5f003b368dc3eb51ab9409a0ec4e43f45281ee9a560664de88965ab207e256303d9dcb8233ed6ad0a5ad7f81e2f8c7a196dc81e2c8b6dde8a77fb6cfd1e5477ece9df8":0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 14b4afc3a..eb96e30eb 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1,8 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/rsa.h" #include "rsa_alt_helpers.h" -#include "mbedtls/md2.h" -#include "mbedtls/md4.h" #include "mbedtls/md5.h" #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index a497076c1..b0a573dcf 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3550,326 +3550,6 @@ Record crypt, CAMELLIA-256-CBC, 1.0, MD5, short tag, EtM depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 -Record crypt, BLOWFISH-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.1, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, BLOWFISH-CBC, 1.0, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - Record crypt, AES-128-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 @@ -7278,326 +6958,6 @@ Record crypt, little space, CAMELLIA-256-CBC, 1.0, MD5, short tag, EtM depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC ssl_crypt_record_small:MBEDTLS_CIPHER_CAMELLIA_256_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-384, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-256, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, SHA-1, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+4 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:4 - -Record crypt, little space, BLOWFISH-CBC, 1.2, MD5, short tag, EtM, CID 4+0 -depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_3:4:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.1, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_2:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-384, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA384_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA384:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-256, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA256_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA256:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, SHA-1, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_SHA1_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_SHA1:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, MD5 -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:0:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:0:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - -Record crypt, little space, BLOWFISH-CBC, 1.0, MD5, short tag, EtM -depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_BLOWFISH_C:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_MD5_C:MBEDTLS_SSL_ENCRYPT_THEN_MAC -ssl_crypt_record_small:MBEDTLS_CIPHER_BLOWFISH_CBC:MBEDTLS_MD_MD5:1:1:MBEDTLS_SSL_MINOR_VERSION_1:0:0 - Record crypt, little space, AES-128-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index dc81afbc6..7c6a9d39a 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -22,14 +22,6 @@ X509 CRT information #3 (DER) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/test-ca.crt.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" -X509 CRT information MD2 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - -X509 CRT information MD4 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD4_C -x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" - X509 CRT information MD5 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD5_C x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" @@ -202,14 +194,6 @@ X509 CRL information #1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" -X509 CRL Information MD2 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n" - -X509 CRL Information MD4 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n" - X509 CRL Information MD5 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" @@ -286,10 +270,6 @@ X509 CRL Unsupported non-critical extension (issuingDistributionPoint) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0 -X509 CSR Information RSA with MD4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO -mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" - X509 CSR Information RSA with MD5 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" @@ -527,387 +507,371 @@ X509 CRT verification #10 (Not trusted Cert, Expired CRL) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #12 (Valid Cert MD2 Digest, MD2 forbidden) -depends_on:MBEDTLS_MD2_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL" - -X509 CRT verification #12 (Valid Cert MD4 Digest, MD4 forbidden) -depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL" - -X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 forbidden) +X509 CRT verification #11 (Valid Cert MD5 Digest, MD5 forbidden) depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL" -X509 CRT verification #12 (Valid Cert MD2 Digest, MD2 allowed) -depends_on:MBEDTLS_MD2_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL" - -X509 CRT verification #12 (Valid Cert MD4 Digest, MD4 allowed) -depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL" - -X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 allowed) +X509 CRT verification #11 (Valid Cert MD5 Digest, MD5 allowed) depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL" -X509 CRT verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile) +X509 CRT verification #12 (Valid Cert SHA1 Digest explicitly allowed in profile) depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #14 (Valid Cert SHA1 Digest forbidden in default profile) +X509 CRT verification #12 (Valid Cert SHA1 Digest forbidden in default profile) depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL" -X509 CRT verification #15 (Valid Cert SHA224 Digest) +X509 CRT verification #13 (Valid Cert SHA224 Digest) depends_on:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #16 (Valid Cert SHA256 Digest) +X509 CRT verification #14 (Valid Cert SHA256 Digest) depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #17 (Valid Cert SHA384 Digest) +X509 CRT verification #15 (Valid Cert SHA384 Digest) depends_on:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #18 (Valid Cert SHA512 Digest) +X509 CRT verification #16 (Valid Cert SHA512 Digest) depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #19 (Valid Cert, denying callback) +X509 CRT verification #17 (Valid Cert, denying callback) depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"compat":"verify_none" -X509 CRT verification #19 (Not trusted Cert, allowing callback) +X509 CRT verification #18 (Not trusted Cert, allowing callback) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"compat":"verify_all" -X509 CRT verification #21 (domain matching wildcard certificate, case insensitive) +X509 CRT verification #19 (domain matching wildcard certificate, case insensitive) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.ExAmPlE.com":0:0:"compat":"NULL" -X509 CRT verification #22 (domain not matching wildcard certificate) +X509 CRT verification #20 (domain not matching wildcard certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #23 (domain not matching wildcard certificate) +X509 CRT verification #21 (domain not matching wildcard certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #24 (domain matching CN of multi certificate) +X509 CRT verification #22 (domain matching CN of multi certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #25 (domain matching multi certificate) +X509 CRT verification #23 (domain matching multi certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.net":0:0:"compat":"NULL" -X509 CRT verification #26 (domain not matching multi certificate) +X509 CRT verification #24 (domain not matching multi certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #27.1 (domain not matching multi certificate: suffix) +X509 CRT verification #25.1 (domain not matching multi certificate: suffix) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"xample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #27.2 (domain not matching multi certificate: head junk) +X509 CRT verification #25.2 (domain not matching multi certificate: head junk) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"bexample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #28 (domain not matching wildcard in multi certificate) +X509 CRT verification #26 (domain not matching wildcard in multi certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.org":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #29 (domain matching wildcard in multi certificate) +X509 CRT verification #27 (domain matching wildcard in multi certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.org":0:0:"compat":"NULL" -X509 CRT verification #30 (domain matching multi certificate without CN) +X509 CRT verification #28 (domain matching multi certificate without CN) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.shotokan-braunschweig.de":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #31 (domain not matching multi certificate without CN) +X509 CRT verification #29 (domain not matching multi certificate without CN) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #32 (Valid, EC cert, RSA CA) +X509 CRT verification #30 (Valid, EC cert, RSA CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #33 (Valid, RSA cert, EC CA) +X509 CRT verification #31 (Valid, RSA cert, EC CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #34 (Valid, EC cert, EC CA) +X509 CRT verification #32 (Valid, EC cert, EC CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #35 (Revoked, EC CA) +X509 CRT verification #33 (Revoked, EC CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" -X509 CRT verification #36 (Valid, EC CA, SHA1 Digest) +X509 CRT verification #34 (Valid, EC CA, SHA1 Digest) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #37 (Valid, EC CA, SHA224 Digest) +X509 CRT verification #35 (Valid, EC CA, SHA224 Digest) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA224_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #38 (Valid, EC CA, SHA384 Digest) +X509 CRT verification #36 (Valid, EC CA, SHA384 Digest) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA384_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #39 (Valid, EC CA, SHA512 Digest) +X509 CRT verification #37 (Valid, EC CA, SHA512 Digest) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #40 (Valid, depth 0, RSA, CA) +X509 CRT verification #38 (Valid, depth 0, RSA, CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #41 (Valid, depth 0, EC, CA) +X509 CRT verification #39 (Valid, depth 0, EC, CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #42 (Depth 0, not CA, RSA) +X509 CRT verification #40 (Depth 0, not CA, RSA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #43 (Depth 0, not CA, EC) +X509 CRT verification #41 (Depth 0, not CA, EC) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #44 (Corrupted signature, EC) +X509 CRT verification #42 (Corrupted signature, EC) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #45 (Corrupted signature, RSA) +X509 CRT verification #43 (Corrupted signature, RSA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #45b (Corrupted signature, intermediate CA) +X509 CRT verification #43b (Corrupted signature, intermediate CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #46 (Valid, depth 2, EC-RSA-EC) +X509 CRT verification #44 (Valid, depth 2, EC-RSA-EC) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC) +X509 CRT verification #45 (Untrusted, depth 2, EC-RSA-EC) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #48 (Missing intermediate CA, EC-RSA-EC) +X509 CRT verification #46 (Missing intermediate CA, EC-RSA-EC) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #49 (Valid, depth 2, RSA-EC-RSA) +X509 CRT verification #47 (Valid, depth 2, RSA-EC-RSA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #50 (Valid, multiple CAs) +X509 CRT verification #48 (Valid, multiple CAs) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #51 (Valid, multiple CAs, reverse order) +X509 CRT verification #49 (Valid, multiple CAs, reverse order) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #52 (CA keyUsage valid) +X509 CRT verification #50 (CA keyUsage valid) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #53 (CA keyUsage missing cRLSign) +X509 CRT verification #51 (CA keyUsage missing cRLSign) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #54 (CA keyUsage missing cRLSign, no CRL) +X509 CRT verification #52 (CA keyUsage missing cRLSign, no CRL) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #55 (CA keyUsage missing keyCertSign) +X509 CRT verification #53 (CA keyUsage missing keyCertSign) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #56 (CA keyUsage plain wrong) +X509 CRT verification #54 (CA keyUsage plain wrong) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-1) +X509 CRT verification #55 (Valid, RSASSA-PSS, SHA-1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #58 (Valid, RSASSA-PSS, SHA-224) +X509 CRT verification #56 (Valid, RSASSA-PSS, SHA-224) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA224_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #59 (Valid, RSASSA-PSS, SHA-256) +X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-256) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #60 (Valid, RSASSA-PSS, SHA-384) +X509 CRT verification #58 (Valid, RSASSA-PSS, SHA-384) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA384_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #61 (Valid, RSASSA-PSS, SHA-512) +X509 CRT verification #59 (Valid, RSASSA-PSS, SHA-512) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #62 (Revoked, RSASSA-PSS, SHA-1) +X509 CRT verification #60 (Revoked, RSASSA-PSS, SHA-1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" -X509 CRT verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign) +X509 CRT verification #61 (Revoked, RSASSA-PSS, SHA-1, CRL badsign) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #64 (Valid, RSASSA-PSS, SHA-1, not top) +X509 CRT verification #62 (Valid, RSASSA-PSS, SHA-1, not top) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #65 (RSASSA-PSS, SHA1, bad cert signature) +X509 CRT verification #63 (RSASSA-PSS, SHA1, bad cert signature) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #66 (RSASSA-PSS, SHA1, no RSA CA) +X509 CRT verification #64 (RSASSA-PSS, SHA1, no RSA CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #67 (Valid, RSASSA-PSS, all defaults) +X509 CRT verification #65 (Valid, RSASSA-PSS, all defaults) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C x509_verify:"data_files/server9-defaults.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #68 (RSASSA-PSS, wrong salt_len) +X509 CRT verification #66 (RSASSA-PSS, wrong salt_len) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #69 (RSASSA-PSS, wrong mgf_hash) +X509 CRT verification #67 (RSASSA-PSS, wrong mgf_hash) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #70 (v1 trusted CA) +X509 CRT verification #68 (v1 trusted CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server1-v1.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #71 (v1 trusted CA, other) +X509 CRT verification #69 (v1 trusted CA, other) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server2-v1.crt":"data_files/server1-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #72 (v1 chain) +X509 CRT verification #70 (v1 chain) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #73 (selfsigned trusted without CA bit) +X509 CRT verification #71 (selfsigned trusted without CA bit) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #74 (signed by selfsigned trusted without CA bit) +X509 CRT verification #72 (signed by selfsigned trusted without CA bit) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #75 (encoding mismatch) +X509 CRT verification #73 (encoding mismatch) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #76 (multiple CRLs, not revoked) +X509 CRT verification #74 (multiple CRLs, not revoked) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #77 (multiple CRLs, revoked) +X509 CRT verification #75 (multiple CRLs, revoked) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" -X509 CRT verification #78 (multiple CRLs, revoked by second) +X509 CRT verification #76 (multiple CRLs, revoked by second) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" -X509 CRT verification #79 (multiple CRLs, revoked by future) +X509 CRT verification #77 (multiple CRLs, revoked by future) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" -X509 CRT verification #80 (multiple CRLs, first future, revoked by second) +X509 CRT verification #78 (multiple CRLs, first future, revoked by second) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" -X509 CRT verification #81 (multiple CRLs, none relevant) +X509 CRT verification #79 (multiple CRLs, none relevant) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #82 (Not yet valid CA and valid CA) +X509 CRT verification #80 (Not yet valid CA and valid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #83 (valid CA and Not yet valid CA) +X509 CRT verification #81 (valid CA and Not yet valid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #84 (valid CA and Not yet valid CA) +X509 CRT verification #82 (valid CA and Not yet valid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #85 (Not yet valid CA and valid CA) +X509 CRT verification #83 (Not yet valid CA and valid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #86 (Not yet valid CA and invalid CA) +X509 CRT verification #84 (Not yet valid CA and invalid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" -X509 CRT verification #87 (Expired CA and invalid CA) +X509 CRT verification #85 (Expired CA and invalid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" -X509 CRT verification #88 (Spurious cert in the chain) +X509 CRT verification #86 (Spurious cert in the chain) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server7_spurious_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #89 (Spurious cert later in the chain) +X509 CRT verification #87 (Spurious cert later in the chain) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #90 (EE with same name as trusted root) +X509 CRT verification #88 (EE with same name as trusted root) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL" -X509 CRT verification #91 (same CA with good then bad key) +X509 CRT verification #89 (same CA with good then bad key) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C x509_verify:"data_files/server1.crt":"data_files/test-ca-good-alt.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #91 (same CA with bad then good key) +X509 CRT verification #89 (same CA with bad then good key) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #92 (bad name, allowing callback) +X509 CRT verification #90 (bad name, allowing callback) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all" -X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA) +X509 CRT verification #91 (Suite B invalid, EC cert, RSA CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" -X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA) +X509 CRT verification #92 (Suite B invalid, RSA cert, EC CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL" -X509 CRT verification #95 (Suite B Valid, EC cert, EC CA) +X509 CRT verification #93 (Suite B Valid, EC cert, EC CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" -X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest) +X509 CRT verification #94 (next profile Invalid Cert SHA224 Digest) depends_on:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" -X509 CRT verification #97 (next profile Valid Cert SHA256 Digest) +X509 CRT verification #95 (next profile Valid Cert SHA256 Digest) depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" -X509 CRT verification #98 (Revoked Cert, revocation date in the future, _with_ MBEDTLS_HAVE_TIME_DATE) +X509 CRT verification #96 (Revoked Cert, revocation date in the future, _with_ MBEDTLS_HAVE_TIME_DATE) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" -X509 CRT verification #99 (Revoked Cert, revocation date in the future, _without_ MBEDTLS_HAVE_TIME_DATE) +X509 CRT verification #97 (Revoked Cert, revocation date in the future, _without_ MBEDTLS_HAVE_TIME_DATE) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 9e2ae013a..efc2fc931 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -18,10 +18,6 @@ Certificate Request check Server1 SHA512 depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0 -Certificate Request check Server1 MD4 -depends_on:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0:0:0 - Certificate Request check Server1 MD5 depends_on:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0 diff --git a/tests/suites/test_suite_xtea.data b/tests/suites/test_suite_xtea.data deleted file mode 100644 index d9d06d713..000000000 --- a/tests/suites/test_suite_xtea.data +++ /dev/null @@ -1,76 +0,0 @@ -XTEA Encrypt_ecb #1 -xtea_encrypt_ecb:"000102030405060708090a0b0c0d0e0f":"4142434445464748":"497df3d072612cb5" - -XTEA Encrypt_ecb #2 -xtea_encrypt_ecb:"000102030405060708090a0b0c0d0e0f":"4141414141414141":"e78f2d13744341d8" - -XTEA Encrypt_ecb #3 -xtea_encrypt_ecb:"000102030405060708090a0b0c0d0e0f":"5a5b6e278948d77f":"4141414141414141" - -XTEA Encrypt_ecb #4 -xtea_encrypt_ecb:"00000000000000000000000000000000":"4142434445464748":"a0390589f8b8efa5" - -XTEA Encrypt_ecb #5 -xtea_encrypt_ecb:"00000000000000000000000000000000":"4141414141414141":"ed23375a821a8c2d" - -XTEA Encrypt_ecb #6 -xtea_encrypt_ecb:"00000000000000000000000000000000":"70e1225d6e4e7655":"4141414141414141" - -XTEA Decrypt_ecb #1 -xtea_decrypt_ecb:"000102030405060708090a0b0c0d0e0f":"497df3d072612cb5":"4142434445464748" - -XTEA Decrypt_ecb #2 -xtea_decrypt_ecb:"000102030405060708090a0b0c0d0e0f":"e78f2d13744341d8":"4141414141414141" - -XTEA Decrypt_ecb #3 -xtea_decrypt_ecb:"000102030405060708090a0b0c0d0e0f":"4141414141414141":"5a5b6e278948d77f" - -XTEA Decrypt_ecb #4 -xtea_decrypt_ecb:"00000000000000000000000000000000":"a0390589f8b8efa5":"4142434445464748" - -XTEA Decrypt_ecb #5 -xtea_decrypt_ecb:"00000000000000000000000000000000":"ed23375a821a8c2d":"4141414141414141" - -XTEA Decrypt_ecb #6 -xtea_decrypt_ecb:"00000000000000000000000000000000":"4141414141414141":"70e1225d6e4e7655" - -XTEA Encrypt CBC #1 -xtea_encrypt_cbc:"000102030405060708090a0b0c0d0e0f":"6162636465666768":"4142434445464748":"6b982bec15a7b558" - -XTEA Encrypt CBC #2 -xtea_encrypt_cbc:"000102030405060708090a0b0c0d0e0f":"4142434445464748":"41414141414141414141414141414141":"2c6aeb799561c8e973b0927f072e3801" - -XTEA Encrypt CBC #3 -xtea_encrypt_cbc:"000102030405060708090a0b0c0d0e0f":"0000000000000000":"5a5b6e278948d77f70e1225d6e4e7655e78f2d13744341d8":"41414141414141415fee100fe2c030025d8a557f2677cb33" - -XTEA Encrypt CBC #4 -xtea_encrypt_cbc:"00000000000000000000000000000000":"6162636465666768":"4142434445464748":"5b0c065a3803900d" - -XTEA Encrypt CBC #5 -xtea_encrypt_cbc:"00000000000000000000000000000000":"4142434445464748":"41414141414141414141414141414141":"bdae508aa320aa5caa7cd79dbc9c38aa" - -XTEA Encrypt CBC #6 -xtea_encrypt_cbc:"00000000000000000000000000000000":"0000000000000000":"5a5b6e278948d77f70e1225d6e4e7655e78f2d13744341d8":"61f5082a2c996f632da3ea16ff8e06558b69f069d8637b31" - -XTEA Decrypt CBC #1 -xtea_decrypt_cbc:"000102030405060708090a0b0c0d0e0f":"6162636465666768":"4142434445464748":"359def46515c71b2" - -XTEA Decrypt CBC #2 -xtea_decrypt_cbc:"000102030405060708090a0b0c0d0e0f":"4142434445464748":"41414141414141414141414141414141":"1b192d63cc0e90371b1a2f66c809963e" - -XTEA Decrypt CBC #3 -xtea_decrypt_cbc:"000102030405060708090a0b0c0d0e0f":"0000000000000000":"5a5b6e278948d77f70e1225d6e4e7655e78f2d13744341d8":"2e76e5cc03543cdc40ca03358a5764c331a0631c2f0f3714" - -XTEA Decrypt CBC #4 -xtea_decrypt_cbc:"00000000000000000000000000000000":"6162636465666768":"4142434445464748":"81476a15138174dc" - -XTEA Decrypt CBC #5 -xtea_decrypt_cbc:"00000000000000000000000000000000":"4142434445464748":"41414141414141414141414141414141":"31a361192b08311d31a0631c2f0f3714" - -XTEA Decrypt CBC #6 -xtea_decrypt_cbc:"00000000000000000000000000000000":"0000000000000000":"5a5b6e278948d77f70e1225d6e4e7655e78f2d13744341d8":"c1e2dbbf67ee786e29e051bea18c6abc66f1de5c2daefc2a" - -XTEA Selftest -depends_on:MBEDTLS_SELF_TEST -xtea_selftest: - diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function deleted file mode 100644 index 1d5b29b8a..000000000 --- a/tests/suites/test_suite_xtea.function +++ /dev/null @@ -1,86 +0,0 @@ -/* BEGIN_HEADER */ -#include "mbedtls/xtea.h" -/* END_HEADER */ - -/* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_XTEA_C - * END_DEPENDENCIES - */ - -/* BEGIN_CASE */ -void xtea_encrypt_ecb( data_t * key_str, data_t * src_str, - data_t * dst ) -{ - unsigned char output[100]; - mbedtls_xtea_context ctx; - - memset(output, 0x00, 100); - - - mbedtls_xtea_setup( &ctx, key_str->x ); - TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 ); - - TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, data_t * dst ) -{ - unsigned char output[100]; - mbedtls_xtea_context ctx; - - memset(output, 0x00, 100); - - - mbedtls_xtea_setup( &ctx, key_str->x ); - TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 ); - - TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ -void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * dst ) -{ - unsigned char output[100]; - mbedtls_xtea_context ctx; - - memset(output, 0x00, 100); - - - mbedtls_xtea_setup( &ctx, key_str->x ); - TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x, - src_str->x, output ) == 0 ); - - TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, - src_str->len, dst->len ) == 0 ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ -void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str, - data_t * src_str, data_t * dst ) -{ - unsigned char output[100]; - mbedtls_xtea_context ctx; - - memset(output, 0x00, 100); - - - mbedtls_xtea_setup( &ctx, key_str->x ); - TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x, - src_str->x, output ) == 0 ); - - TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, - src_str->len, dst->len ) == 0 ); -} -/* END_CASE */ - -/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ -void xtea_selftest( ) -{ - TEST_ASSERT( mbedtls_xtea_self_test( 1 ) == 0 ); -} -/* END_CASE */ From 7ff652ae53dadbf65fe173f457476895b5a078ff Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Tue, 1 Jun 2021 12:22:48 +0200 Subject: [PATCH 204/236] Addition of ChangeLog and migration guide entry files. Signed-off-by: TRodziewicz --- ChangeLog.d/issue4084.txt | 27 +++++++++++++++++++ .../remove_MD2_MD4_RC4_Blowfish_XTEA.md | 8 ++++++ 2 files changed, 35 insertions(+) create mode 100644 ChangeLog.d/issue4084.txt create mode 100644 docs/3.0-migration-guide.d/remove_MD2_MD4_RC4_Blowfish_XTEA.md diff --git a/ChangeLog.d/issue4084.txt b/ChangeLog.d/issue4084.txt new file mode 100644 index 000000000..c6a72f996 --- /dev/null +++ b/ChangeLog.d/issue4084.txt @@ -0,0 +1,27 @@ +Removals + * Remove MD2, MD4, RC4, Blowfish and XTEA cryptographic primitives and + ciphersuites. Remove the following library files: arc4.c/h, blowfish.c/h, + md2.c/h, md4.c/h, xtea.c/h and belonging csr/crt/pem files. Remove the + following defines: MBEDTLS_RC4_C, MBEDTLS_ARC4_C, MBEDTLS_ARC4_ALT, + PSA_WANT_KEY_TYPE_ARC4, PSA_WANT_ALG_STREAM_CIPHER, + MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4, MBEDTLS_CIPHER_ID_ARC4, + MBEDTLS_CIPHER_ARC4_128, MBEDTLS_BLOWFISH_C, MBEDTLS_BLOWFISH_ALT, + MBEDTLS_CIPHER_ID_BLOWFISH, MBEDTLS_CIPHER_BLOWFISH_ECB, + MBEDTLS_CIPHER_BLOWFISH_CBC, MBEDTLS_CIPHER_BLOWFISH_CFB64, + MBEDTLS_CIPHER_BLOWFISH_CTR, MBEDTLS_MD2_C, MBEDTLS_MD2_ALT, + MBEDTLS_MD2_PROCESS_ALT, PSA_ALG_MD2, PSA_WANT_ALG_MD2, + MBEDTLS_PSA_ACCEL_ALG_MD2, MBEDTLS_OID_PKCS1_MD2, + MBEDTLS_OID_DIGEST_ALG_MD2, MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC, + MBEDTLS_MD_MD2, MBEDTLS_MD4_C, MBEDTLS_MD4_ALT, MBEDTLS_MD4_PROCESS_ALT, + PSA_ALG_MD4, PSA_WANT_ALG_MD4, MBEDTLS_PSA_ACCEL_ALG_MD4, + MBEDTLS_OID_PKCS1_MD4, MBEDTLS_OID_DIGEST_ALG_MD4, + MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC, MBEDTLS_MD_MD4, MBEDTLS_XTEA_C, + MBEDTLS_XTEA_ALT. Remove the following functions: + mbedtls_arc4_self_test(), mbedtls_md2_free(), mbedtls_md2_clone(), + mbedtls_md2_starts_ret(), mbedtls_md2_update_ret(), + mbedtls_md2_finish_ret(), mbedtls_md2_ret(), mbedtls_md2_self_test(), + mbedtls_internal_md2_process(), mbedtls_md4_free(), mbedtls_md4_clone(), + mbedtls_md4_starts_ret(), mbedtls_md4_update_ret(), + mbedtls_md4_finish_ret(), mbedtls_md4_ret(), mbedtls_md4_self_test(), + mbedtls_internal_md4_process(), mbedtls_xtea_self_test(). + Remove the related tests and test suites and error codes. Fixes #4084. diff --git a/docs/3.0-migration-guide.d/remove_MD2_MD4_RC4_Blowfish_XTEA.md b/docs/3.0-migration-guide.d/remove_MD2_MD4_RC4_Blowfish_XTEA.md new file mode 100644 index 000000000..d7e116cb4 --- /dev/null +++ b/docs/3.0-migration-guide.d/remove_MD2_MD4_RC4_Blowfish_XTEA.md @@ -0,0 +1,8 @@ +Remove MD2, MD4, RC4, Blowfish and XTEA ciphersuites +-- + +This change affects users of the MD2, MD4, RC4, Blowfish and XTEA ciphersuites. + +They are already niche or obsolete and most of them are weak or broken. For +those reasons possible users should consider switching to modern and safe +alternatives to be found in literature. From 8f91c721d3b6e826e433ff4f47168a60abfa5947 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 9 Jun 2021 14:25:51 +0200 Subject: [PATCH 205/236] Code review follow-up corrections Signed-off-by: TRodziewicz --- ChangeLog.d/issue4084.txt | 29 ++----------- .../remove_MD2_MD4_RC4_Blowfish_XTEA.md | 4 +- tests/suites/test_suite_hkdf.data | 42 +++++++++---------- 3 files changed, 26 insertions(+), 49 deletions(-) diff --git a/ChangeLog.d/issue4084.txt b/ChangeLog.d/issue4084.txt index c6a72f996..75273c1bd 100644 --- a/ChangeLog.d/issue4084.txt +++ b/ChangeLog.d/issue4084.txt @@ -1,27 +1,4 @@ Removals - * Remove MD2, MD4, RC4, Blowfish and XTEA cryptographic primitives and - ciphersuites. Remove the following library files: arc4.c/h, blowfish.c/h, - md2.c/h, md4.c/h, xtea.c/h and belonging csr/crt/pem files. Remove the - following defines: MBEDTLS_RC4_C, MBEDTLS_ARC4_C, MBEDTLS_ARC4_ALT, - PSA_WANT_KEY_TYPE_ARC4, PSA_WANT_ALG_STREAM_CIPHER, - MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4, MBEDTLS_CIPHER_ID_ARC4, - MBEDTLS_CIPHER_ARC4_128, MBEDTLS_BLOWFISH_C, MBEDTLS_BLOWFISH_ALT, - MBEDTLS_CIPHER_ID_BLOWFISH, MBEDTLS_CIPHER_BLOWFISH_ECB, - MBEDTLS_CIPHER_BLOWFISH_CBC, MBEDTLS_CIPHER_BLOWFISH_CFB64, - MBEDTLS_CIPHER_BLOWFISH_CTR, MBEDTLS_MD2_C, MBEDTLS_MD2_ALT, - MBEDTLS_MD2_PROCESS_ALT, PSA_ALG_MD2, PSA_WANT_ALG_MD2, - MBEDTLS_PSA_ACCEL_ALG_MD2, MBEDTLS_OID_PKCS1_MD2, - MBEDTLS_OID_DIGEST_ALG_MD2, MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC, - MBEDTLS_MD_MD2, MBEDTLS_MD4_C, MBEDTLS_MD4_ALT, MBEDTLS_MD4_PROCESS_ALT, - PSA_ALG_MD4, PSA_WANT_ALG_MD4, MBEDTLS_PSA_ACCEL_ALG_MD4, - MBEDTLS_OID_PKCS1_MD4, MBEDTLS_OID_DIGEST_ALG_MD4, - MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC, MBEDTLS_MD_MD4, MBEDTLS_XTEA_C, - MBEDTLS_XTEA_ALT. Remove the following functions: - mbedtls_arc4_self_test(), mbedtls_md2_free(), mbedtls_md2_clone(), - mbedtls_md2_starts_ret(), mbedtls_md2_update_ret(), - mbedtls_md2_finish_ret(), mbedtls_md2_ret(), mbedtls_md2_self_test(), - mbedtls_internal_md2_process(), mbedtls_md4_free(), mbedtls_md4_clone(), - mbedtls_md4_starts_ret(), mbedtls_md4_update_ret(), - mbedtls_md4_finish_ret(), mbedtls_md4_ret(), mbedtls_md4_self_test(), - mbedtls_internal_md4_process(), mbedtls_xtea_self_test(). - Remove the related tests and test suites and error codes. Fixes #4084. + * Remove all support for MD2, MD4, RC4, Blowfish and XTEA. This removes the + corresponding modules and all their APIs and related configuration + options. Fixes #4084. diff --git a/docs/3.0-migration-guide.d/remove_MD2_MD4_RC4_Blowfish_XTEA.md b/docs/3.0-migration-guide.d/remove_MD2_MD4_RC4_Blowfish_XTEA.md index d7e116cb4..d199f2f13 100644 --- a/docs/3.0-migration-guide.d/remove_MD2_MD4_RC4_Blowfish_XTEA.md +++ b/docs/3.0-migration-guide.d/remove_MD2_MD4_RC4_Blowfish_XTEA.md @@ -1,7 +1,7 @@ -Remove MD2, MD4, RC4, Blowfish and XTEA ciphersuites +Remove MD2, MD4, RC4, Blowfish and XTEA algorithms -- -This change affects users of the MD2, MD4, RC4, Blowfish and XTEA ciphersuites. +This change affects users of the MD2, MD4, RC4, Blowfish and XTEA algorithms. They are already niche or obsolete and most of them are weak or broken. For those reasons possible users should consider switching to modern and safe diff --git a/tests/suites/test_suite_hkdf.data b/tests/suites/test_suite_hkdf.data index 92cea9cfb..d2f7ab328 100644 --- a/tests/suites/test_suite_hkdf.data +++ b/tests/suites/test_suite_hkdf.data @@ -15,84 +15,84 @@ test_hkdf_expand_ret:32:32:8192:MBEDTLS_ERR_HKDF_BAD_INPUT_DATA HKDF RFC5869 Test Vector #1 depends_on:MBEDTLS_SHA256_C -test_hkdf:4:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865" +test_hkdf:MBEDTLS_MD_SHA256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865" HKDF RFC5869 Test Vector #2 depends_on:MBEDTLS_SHA256_C -test_hkdf:4:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87" +test_hkdf:MBEDTLS_MD_SHA256:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87" HKDF RFC5869 Test Vector #3 depends_on:MBEDTLS_SHA256_C -test_hkdf:4:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8" +test_hkdf:MBEDTLS_MD_SHA256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8" HKDF RFC5869 Test Vector #4 depends_on:MBEDTLS_SHA1_C -test_hkdf:2:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896" +test_hkdf:MBEDTLS_MD_SHA1:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896" HKDF RFC5869 Test Vector #5 depends_on:MBEDTLS_SHA1_C -test_hkdf:2:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4" +test_hkdf:MBEDTLS_MD_SHA1:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4" HKDF RFC5869 Test Vector #6 depends_on:MBEDTLS_SHA1_C -test_hkdf:2:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918" +test_hkdf:MBEDTLS_MD_SHA1:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918" HKDF RFC5869 Test Vector #7 depends_on:MBEDTLS_SHA1_C -test_hkdf:2:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48" +test_hkdf:MBEDTLS_MD_SHA1:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48" HKDF RFC5869 Test Vector #1 Extract depends_on:MBEDTLS_SHA256_C -test_hkdf_extract:4:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5" +test_hkdf_extract:MBEDTLS_MD_SHA256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5" HKDF RFC5869 Test Vector #2 Extract depends_on:MBEDTLS_SHA256_C -test_hkdf_extract:4:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244" +test_hkdf_extract:MBEDTLS_MD_SHA256:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244" HKDF RFC5869 Test Vector #3 Extract depends_on:MBEDTLS_SHA256_C -test_hkdf_extract:4:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04" +test_hkdf_extract:MBEDTLS_MD_SHA256:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04" HKDF RFC5869 Test Vector #4 Extract depends_on:MBEDTLS_SHA1_C -test_hkdf_extract:2:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243" +test_hkdf_extract:MBEDTLS_MD_SHA1:"0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243" HKDF RFC5869 Test Vector #5 Extract depends_on:MBEDTLS_SHA1_C -test_hkdf_extract:2:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"8adae09a2a307059478d309b26c4115a224cfaf6" +test_hkdf_extract:MBEDTLS_MD_SHA1:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f":"606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf":"8adae09a2a307059478d309b26c4115a224cfaf6" HKDF RFC5869 Test Vector #6 Extract depends_on:MBEDTLS_SHA1_C -test_hkdf_extract:2:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01" +test_hkdf_extract:MBEDTLS_MD_SHA1:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01" HKDF RFC5869 Test Vector #7 Extract depends_on:MBEDTLS_SHA1_C -test_hkdf_extract:2:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"2adccada18779e7c2077ad2eb19d3f3e731385dd" +test_hkdf_extract:MBEDTLS_MD_SHA1:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":"":"2adccada18779e7c2077ad2eb19d3f3e731385dd" HKDF RFC5869 Test Vector #1 Expand depends_on:MBEDTLS_SHA256_C -test_hkdf_expand:4:"f0f1f2f3f4f5f6f7f8f9":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865" +test_hkdf_expand:MBEDTLS_MD_SHA256:"f0f1f2f3f4f5f6f7f8f9":"077709362c2e32df0ddc3f0dc47bba6390b6c73bb50f9c3122ec844ad7c2b3e5":"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865" HKDF RFC5869 Test Vector #2 Expand depends_on:MBEDTLS_SHA256_C -test_hkdf_expand:4:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87" +test_hkdf_expand:MBEDTLS_MD_SHA256:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"06a6b88c5853361a06104c9ceb35b45cef760014904671014a193f40c15fc244":"b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87" HKDF RFC5869 Test Vector #3 Expand depends_on:MBEDTLS_SHA256_C -test_hkdf_expand:4:"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8" +test_hkdf_expand:MBEDTLS_MD_SHA256:"":"19ef24a32c717b167f33a91d6f648bdf96596776afdb6377ac434c1c293ccb04":"8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8" HKDF RFC5869 Test Vector #4 Expand depends_on:MBEDTLS_SHA1_C -test_hkdf_expand:2:"f0f1f2f3f4f5f6f7f8f9":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896" +test_hkdf_expand:MBEDTLS_MD_SHA1:"f0f1f2f3f4f5f6f7f8f9":"9b6c18c432a7bf8f0e71c8eb88f4b30baa2ba243":"085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896" HKDF RFC5869 Test Vector #5 Expand depends_on:MBEDTLS_SHA1_C -test_hkdf_expand:2:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"8adae09a2a307059478d309b26c4115a224cfaf6":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4" +test_hkdf_expand:MBEDTLS_MD_SHA1:"b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"8adae09a2a307059478d309b26c4115a224cfaf6":"0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4" HKDF RFC5869 Test Vector #6 Expand depends_on:MBEDTLS_SHA1_C -test_hkdf_expand:2:"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918" +test_hkdf_expand:MBEDTLS_MD_SHA1:"":"da8c8a73c7fa77288ec6f5e7c297786aa0d32d01":"0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918" HKDF RFC5869 Test Vector #7 Expand depends_on:MBEDTLS_SHA1_C -test_hkdf_expand:2:"":"2adccada18779e7c2077ad2eb19d3f3e731385dd":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48" +test_hkdf_expand:MBEDTLS_MD_SHA1:"":"2adccada18779e7c2077ad2eb19d3f3e731385dd":"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48" From 15a7b737082df748de0aff2d2a3efdd7c8dd1e0c Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Wed, 16 Jun 2021 11:22:53 +0200 Subject: [PATCH 206/236] Documentation rewording Signed-off-by: TRodziewicz --- ChangeLog.d/issue4083.txt | 7 +++---- ...art_of_timing_module_out_of_the_library.md | 7 ++----- include/mbedtls/config.h | 3 +-- include/mbedtls/timing.h | 20 +------------------ library/timing.c | 19 ++++++++++++++++++ 5 files changed, 26 insertions(+), 30 deletions(-) diff --git a/ChangeLog.d/issue4083.txt b/ChangeLog.d/issue4083.txt index f3f7e31b0..845733702 100644 --- a/ChangeLog.d/issue4083.txt +++ b/ChangeLog.d/issue4083.txt @@ -1,5 +1,4 @@ -Changes - * Remove the following functions: mbedtls_timing_self_test() and - mbedtls_hardclock_poll(). Move the following functions to the benchmark.c - file and make them static: mbedtls_timing_hardclock() and +Removals + * Remove the following functions: mbedtls_timing_self_test(), + mbedtls_hardclock_poll(), mbedtls_timing_hardclock() and mbedtls_set_alarm(). Fixes #4083. diff --git a/docs/3.0-migration-guide.d/move_part_of_timing_module_out_of_the_library.md b/docs/3.0-migration-guide.d/move_part_of_timing_module_out_of_the_library.md index f0b539c8f..fa61e274b 100644 --- a/docs/3.0-migration-guide.d/move_part_of_timing_module_out_of_the_library.md +++ b/docs/3.0-migration-guide.d/move_part_of_timing_module_out_of_the_library.md @@ -5,8 +5,5 @@ The change affects users who use any of the following functions: `mbedtls_timing_self_test()`, `mbedtls_hardclock_poll()`, `mbedtls_timing_hardclock()` and `mbedtls_set_alarm()`. -This change is the first step of a plan of removal of the `timing.c` from the -library. The plan is to move all the timing functions to the `platform.c` file. - -For users who still need removed functions the migration path is to re-implement -them as a platform support code. +If you were relying on these functions, you'll now need to change to using your +platform's corresponding functions directly. diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 74b82221d..4a98c5dda 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1013,8 +1013,7 @@ /** * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES * - * Do not add default entropy sources. These are the platform specific - * poll function. + * Do not add default entropy sources in mbedtls_entropy_init(). * * This is useful to have more control over the added entropy sources in an * application. diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 9ea5c2966..5289889f9 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -63,25 +63,7 @@ typedef struct mbedtls_timing_delay_context extern volatile int mbedtls_timing_alarmed; -/** - * \brief Return the elapsed time in milliseconds - * - * \warning May change without notice - * - * \param val points to a timer structure - * \param reset If 0, query the elapsed time. Otherwise (re)start the timer. - * - * \return Elapsed time since the previous reset in ms. When - * restarting, this is always 0. - * - * \note To initialize a timer, call this function with reset=1. - * - * Determining the elapsed time and resetting the timer is not - * atomic on all platforms, so after the sequence - * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 = - * get_timer(0) }` the value time1+time2 is only approximately - * the delay since the first reset. - */ +/* Internal use */ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ); /** diff --git a/library/timing.c b/library/timing.c index d87d8b6ca..e6dfc72d1 100644 --- a/library/timing.c +++ b/library/timing.c @@ -83,6 +83,25 @@ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int #else /* _WIN32 && !EFIX64 && !EFI32 */ +/** + * \brief Return the elapsed time in milliseconds + * + * \warning May change without notice + * + * \param val points to a timer structure + * \param reset If 0, query the elapsed time. Otherwise (re)start the timer. + * + * \return Elapsed time since the previous reset in ms. When + * restarting, this is always 0. + * + * \note To initialize a timer, call this function with reset=1. + * + * Determining the elapsed time and resetting the timer is not + * atomic on all platforms, so after the sequence + * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 = + * get_timer(0) }` the value time1+time2 is only approximately + * the delay since the first reset. + */ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) { struct _hr_time *t = (struct _hr_time *) val; From ab4ecfcc2c01cbf178dd0d4b3cf21e1b7573761f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 17 Jun 2021 05:12:16 +0100 Subject: [PATCH 207/236] Improve wording of documentation of new session resumption API Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 6fa380d49..1e8976ed1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2386,8 +2386,8 @@ void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf, * to reject any attempt for resumption and fall back to * a full handshake. * - * \note The mechanism of session resumption is opaque to this - * call: For TLS 1.2, both session ID-based resumption and + * \note This function can handle a variety of mechanisms for session + * resumption: For TLS 1.2, both session ID-based resumption and * ticket-based resumption will be considered. For TLS 1.3, * once implemented, sessions equate to tickets, and loading * one or more sessions via this call will lead to their @@ -3718,8 +3718,8 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss * This must have been initialized with mbedtls_ssl_init_session() * but otherwise be unused. * - * \note The mechanism of session resumption is opaque to this - * call: For TLS 1.2, both session ID-based resumption and + * \note This function can handle a variety of mechanism for session + * resumption: For TLS 1.2, both session ID-based resumption and * ticket-based resumption will be considered. For TLS 1.3, * once implemented, sessions equate to tickets, and calling * this function multiple times will export the available From ad5390fc4f2f7274b0311f5398b9bd4cdd89d49b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 208/236] Clarify that RNG parameters are mandatory in SSL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit No change here, these were already mandatory, it just wasn't explicit in the documentation. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ssl.h | 2 +- include/mbedtls/ssl_ticket.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index b2f5c67a2..8c442871b 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1535,7 +1535,7 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf, * \brief Set the random number generator callback * * \param conf SSL configuration - * \param f_rng RNG function + * \param f_rng RNG function (mandatory) * \param p_rng RNG parameter */ void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h index 871eec379..1047dbb0d 100644 --- a/include/mbedtls/ssl_ticket.h +++ b/include/mbedtls/ssl_ticket.h @@ -90,7 +90,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ); * \brief Prepare context to be actually used * * \param ctx Context to be set up - * \param f_rng RNG callback function + * \param f_rng RNG callback function (mandatory) * \param p_rng RNG callback context * \param cipher AEAD cipher to use for ticket protection. * Recommended value: MBEDTLS_CIPHER_AES_256_GCM. From c305b72ed1d54955b81a5a8ad402cc5c05cdacdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 209/236] Make RNG parameters mandatory in X.509 functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Not adding a check in the code here, as this will be checked by the lower-level modules. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/x509_crt.h | 14 ++++---------- include/mbedtls/x509_csr.h | 14 ++++---------- 2 files changed, 8 insertions(+), 20 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index d383168d2..5c5509c79 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -1108,16 +1108,13 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ); * \param ctx certificate to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function (for signature, see note) + * \param f_rng RNG function. This must not be \c NULL. * \param p_rng RNG parameter * * \return length of data written if successful, or a specific * error code * - * \note f_rng may be NULL if RSA is used for signature and the - * signature is made offline (otherwise f_rng is desirable - * for countermeasures against timing attacks). - * ECDSA signatures always require a non-NULL f_rng. + * \note \p f_rng is used for the signature operation. */ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), @@ -1130,15 +1127,12 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, * \param ctx certificate to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function (for signature, see note) + * \param f_rng RNG function. This must not be \c NULL. * \param p_rng RNG parameter * * \return 0 if successful, or a specific error code * - * \note f_rng may be NULL if RSA is used for signature and the - * signature is made offline (otherwise f_rng is desirable - * for countermeasures against timing attacks). - * ECDSA signatures always require a non-NULL f_rng. + * \note \p f_rng is used for the signature operation. */ int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 0a069df93..a0f1278e2 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -264,16 +264,13 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ); * \param ctx CSR to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function (for signature, see note) + * \param f_rng RNG function. This must not be \c NULL. * \param p_rng RNG parameter * * \return length of data written if successful, or a specific * error code * - * \note f_rng may be NULL if RSA is used for signature and the - * signature is made offline (otherwise f_rng is desirable - * for countermeasures against timing attacks). - * ECDSA signatures always require a non-NULL f_rng. + * \note \p f_rng is used for the signature operation. */ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), @@ -287,15 +284,12 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s * \param ctx CSR to write away * \param buf buffer to write to * \param size size of the buffer - * \param f_rng RNG function (for signature, see note) + * \param f_rng RNG function. This must not be \c NULL. * \param p_rng RNG parameter * * \return 0 if successful, or a specific error code * - * \note f_rng may be NULL if RSA is used for signature and the - * signature is made offline (otherwise f_rng is desirable - * for countermeasures against timing attacks). - * ECDSA signatures always require a non-NULL f_rng. + * \note \p f_rng is used for the signature operation. */ int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int (*f_rng)(void *, unsigned char *, size_t), From 34d3756457c4787e9194b408968950c4e18e9041 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 210/236] Make RNG parameters mandatory in PK functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Again, no check here, will be checked by lower-level modules. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/pk.h | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 85bf7c906..36af5d98d 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -498,7 +498,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, * given the key type. * \param sig_len On successful return, * the number of bytes written to \p sig. - * \param f_rng RNG function + * \param f_rng RNG function, must not be \c NULL. * \param p_rng RNG parameter * * \return 0 on success, or a specific error code. @@ -538,7 +538,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg, * given the key type. * \param sig_len On successful return, * the number of bytes written to \p sig. - * \param f_rng RNG function + * \param f_rng RNG function, must not be \c NULL. * \param p_rng RNG parameter * \param rs_ctx Restart context (NULL to disable restart) * @@ -563,7 +563,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx, * \param output Decrypted output * \param olen Decrypted message length * \param osize Size of the output buffer - * \param f_rng RNG function + * \param f_rng RNG function, must not be \c NULL. * \param p_rng RNG parameter * * \note For RSA keys, the default padding type is PKCS#1 v1.5. @@ -584,9 +584,11 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx, * \param output Encrypted output * \param olen Encrypted output length * \param osize Size of the output buffer - * \param f_rng RNG function + * \param f_rng RNG function, must not be \c NULL. * \param p_rng RNG parameter * + * \note \p f_rng is used for padding generation. + * * \note For RSA keys, the default padding type is PKCS#1 v1.5. * * \return 0 on success, or a specific error code. From f0359040604503f63f01fcb3ccdc3f147eae82bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 211/236] Check for mandatory RNG parameters in RSA private MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (This commit is best reviewed using `git show -b` as indentation levels have changed.) The documentation already states that the RNG parameter is mandatory, since PRs #4488 and #4515. There are several families of functions to consider here: - private-key operations (sign, decrypt) all call mbedtls_rsa_private() where this commit adds a non-NULL check; - encrypt operations need an RNG for masking/padding and already had a non-NULL check since #4515 (conditional on \p mode before that) - verify operations no longer take an RNG parameter since #4515 So, after this commit, all RSA functions that accept an RNG will reach a non-NULL check before the RNG is used. Signed-off-by: Manuel Pégourié-Gonnard --- library/rsa.c | 121 +++++++++++++++++++++++--------------------------- 1 file changed, 56 insertions(+), 65 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index f7274eab1..d4e63b65c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -929,8 +929,11 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, RSA_VALIDATE_RET( input != NULL ); RSA_VALIDATE_RET( output != NULL ); - if( rsa_check_context( ctx, 1 /* private key checks */, - f_rng != NULL /* blinding y/n */ ) != 0 ) + if( f_rng == NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + if( rsa_check_context( ctx, 1 /* private key checks */, + 1 /* blinding on */ ) != 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } @@ -947,15 +950,12 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R ); - if( f_rng != NULL ) - { #if defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_init( &D_blind ); + mbedtls_mpi_init( &D_blind ); #else - mbedtls_mpi_init( &DP_blind ); - mbedtls_mpi_init( &DQ_blind ); + mbedtls_mpi_init( &DP_blind ); + mbedtls_mpi_init( &DQ_blind ); #endif - } #if !defined(MBEDTLS_RSA_NO_CRT) mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ ); @@ -975,57 +975,54 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) ); - if( f_rng != NULL ) - { - /* - * Blinding - * T = T * Vi mod N - */ - MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); + /* + * Blinding + * T = T * Vi mod N + */ + MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); - /* - * Exponent blinding - */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); + /* + * Exponent blinding + */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); #if defined(MBEDTLS_RSA_NO_CRT) - /* - * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D - */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, - f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &P1, &Q1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &D_blind, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) ); + /* + * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D + */ + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, + f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &P1, &Q1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &D_blind, &R ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) ); - D = &D_blind; + D = &D_blind; #else - /* - * DP_blind = ( P - 1 ) * R + DP - */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, - f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind, - &ctx->DP ) ); + /* + * DP_blind = ( P - 1 ) * R + DP + */ + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, + f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind, + &ctx->DP ) ); - DP = &DP_blind; + DP = &DP_blind; - /* - * DQ_blind = ( Q - 1 ) * R + DQ - */ - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, - f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DQ_blind, &Q1, &R ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DQ_blind, &DQ_blind, - &ctx->DQ ) ); + /* + * DQ_blind = ( Q - 1 ) * R + DQ + */ + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING, + f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DQ_blind, &Q1, &R ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DQ_blind, &DQ_blind, + &ctx->DQ ) ); - DQ = &DQ_blind; + DQ = &DQ_blind; #endif /* MBEDTLS_RSA_NO_CRT */ - } #if defined(MBEDTLS_RSA_NO_CRT) MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) ); @@ -1054,15 +1051,12 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) ); #endif /* MBEDTLS_RSA_NO_CRT */ - if( f_rng != NULL ) - { - /* - * Unblind - * T = T * Vf mod N - */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); - } + /* + * Unblind + * T = T * Vf mod N + */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); /* Verify the result to prevent glitching attacks. */ MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, @@ -1086,15 +1080,12 @@ cleanup: mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &R ); - if( f_rng != NULL ) - { #if defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_free( &D_blind ); + mbedtls_mpi_free( &D_blind ); #else - mbedtls_mpi_free( &DP_blind ); - mbedtls_mpi_free( &DQ_blind ); + mbedtls_mpi_free( &DP_blind ); + mbedtls_mpi_free( &DQ_blind ); #endif - } mbedtls_mpi_free( &T ); From 1a87722bb69540bbb621a42f54c5cb4302b01bd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 212/236] Make RNG parameters mandatory in DHM functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/dhm.h | 8 ++++---- library/dhm.c | 21 ++++++++------------- tests/suites/test_suite_dhm.function | 10 ++++++++-- 3 files changed, 20 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h index e8c8a82f5..850813e37 100644 --- a/include/mbedtls/dhm.h +++ b/include/mbedtls/dhm.h @@ -279,10 +279,10 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, * \param output_size The size of the destination buffer. This must be at * least the size of \c ctx->len (the size of \c P). * \param olen On exit, holds the actual number of Bytes written. - * \param f_rng The RNG function, for blinding purposes. This may - * b \c NULL if blinding isn't needed. - * \param p_rng The RNG context. This may be \c NULL if \p f_rng - * doesn't need a context argument. + * \param f_rng The RNG function. Must not be \c NULL. Used for + * blinding. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng doesn't need a context parameter. * * \return \c 0 on success. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. diff --git a/library/dhm.c b/library/dhm.c index e88f3a2c7..29ce75598 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -444,6 +444,9 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, DHM_VALIDATE_RET( output != NULL ); DHM_VALIDATE_RET( olen != NULL ); + if( f_rng == NULL ) + return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); + if( output_size < mbedtls_dhm_get_len( ctx ) ) return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); @@ -453,25 +456,17 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx, mbedtls_mpi_init( &GYb ); /* Blind peer's value */ - if( f_rng != NULL ) - { - MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) ); - } - else - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &GYb, &ctx->GY ) ); + MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) ); /* Do modular exponentiation */ MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->K, &GYb, &ctx->X, &ctx->P, &ctx->RP ) ); /* Unblind secret value */ - if( f_rng != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) ); - } + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) ); /* Output the secret without any leading zero byte. This is mandatory * for TLS per RFC 5246 §8.1.2. */ diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index 62e634a7f..5286bc7b8 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -150,7 +150,10 @@ void dhm_do_dhm( int radix_P, char *input_P, int x_size, &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), + &sec_cli_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); TEST_ASSERT( sec_srv_len != 0 ); @@ -206,7 +209,10 @@ void dhm_do_dhm( int radix_P, char *input_P, int x_size, &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), + &sec_cli_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); TEST_ASSERT( sec_srv_len != 0 ); From 7861ecf8384e6d3eb75568b113cb5de2c56fb06d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 213/236] Make RNG parameters mandatory in ECDH functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Again, no check in the code - will be checked by ECP Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ecdh.h | 8 ++------ tests/suites/test_suite_ecdh.function | 24 ++++++++++++++++++------ 2 files changed, 20 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h index 2a0980b39..587035aad 100644 --- a/include/mbedtls/ecdh.h +++ b/include/mbedtls/ecdh.h @@ -222,10 +222,7 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp * This must be initialized. * \param d Our secret exponent (private key). * This must be initialized. - * \param f_rng The RNG function. This may be \c NULL if randomization - * of intermediate results during the ECP computations is - * not needed (discouraged). See the documentation of - * mbedtls_ecp_mul() for more. + * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG context to be passed to \p f_rng. This may be * \c NULL if \p f_rng is \c NULL or doesn't need a * context argument. @@ -428,8 +425,7 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx, * \param buf The buffer to write the generated shared key to. This * must be a writable buffer of size \p blen Bytes. * \param blen The length of the destination buffer \p buf in Bytes. - * \param f_rng The RNG function, for blinding purposes. This may - * b \c NULL if blinding isn't needed. + * \param f_rng The RNG function to use. This must not be \c NULL. * \param p_rng The RNG context. This may be \c NULL if \p f_rng * doesn't need a context argument. * diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 6e8459dcb..94030d89d 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -85,7 +85,8 @@ void ecdh_primitive_random( int id ) &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, - NULL, NULL ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &zB ) == 0 ); @@ -106,11 +107,13 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, mbedtls_ecp_point qA, qB; mbedtls_mpi dA, dB, zA, zB, check; mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB ); mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB ); mbedtls_mpi_init( &check ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); @@ -169,9 +172,13 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.Y, &check ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, z_str ) == 0 ); - TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &check ) == 0 ); - TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zB, &check ) == 0 ); exit: @@ -215,7 +222,8 @@ void ecdh_exchange( int id ) &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000, - NULL, NULL ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( len == res_len ); TEST_ASSERT( memcmp( buf, res_buf, len ) == 0 ); @@ -235,12 +243,14 @@ void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z, const unsigned char *vbuf; size_t len; mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; + mbedtls_test_rnd_pseudo_info rnd_info; int cnt_restart; mbedtls_ecp_group grp; mbedtls_ecp_group_init( &grp ); mbedtls_ecdh_init( &srv ); mbedtls_ecdh_init( &cli ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand; rnd_info_A.fallback_p_rng = NULL; @@ -315,7 +325,8 @@ void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z, cnt_restart = 0; do { ret = mbedtls_ecdh_calc_secret( &srv, &len, buf, sizeof( buf ), - NULL, NULL ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); @@ -332,7 +343,8 @@ void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z, cnt_restart = 0; do { ret = mbedtls_ecdh_calc_secret( &cli, &len, buf, sizeof( buf ), - NULL, NULL ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); From aa3ed6f9872e3def71a557a940ab6f81364f274b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 214/236] Make RNG parameters mandatory in ECP functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix trivial faulty calls in ECP test suite and ECP/ECJPAKE self-tests (by adding a dummy RNG). Several tests suites are not passing yet, as a couple of library function do call ecp_mul() with a NULL RNG. The complexity of the fixes range from "simple refactoring" to "requires API changes", so these will be addressed in separate commits. This makes the option MBEDTLS_ECP_NO_INTERNAL_RNG, as well as the whole "internal RNG" code, obsolete. This will be addressed in a future commit, after getting the test suites to pass again. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ecp.h | 23 +++++++-------------- library/ecjpake.c | 26 +++++++++++++++++++++-- library/ecp.c | 31 +++++++++++++++++++++++++--- tests/suites/test_suite_ecp.function | 23 ++++++++++++++------- 4 files changed, 76 insertions(+), 27 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 49e85d941..f203a7b25 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -911,15 +911,8 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, * \note To prevent timing attacks, this function * executes the exact same sequence of base-field * operations for any valid \p m. It avoids any if-branch or - * array index depending on the value of \p m. - * - * \note If \p f_rng is not NULL, it is used to randomize - * intermediate results to prevent potential timing attacks - * targeting these results. We recommend always providing - * a non-NULL \p f_rng. The overhead is negligible. - * Note: unless #MBEDTLS_ECP_NO_INTERNAL_RNG is defined, when - * \p f_rng is NULL, an internal RNG (seeded from the value - * of \p m) will be used instead. + * array index depending on the value of \p m. If also uses + * \p f_rng to randomize some intermediate results. * * \param grp The ECP group to use. * This must be initialized and have group parameters @@ -928,9 +921,9 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, * This must be initialized. * \param m The integer by which to multiply. This must be initialized. * \param P The point to multiply. This must be initialized. - * \param f_rng The RNG function. This may be \c NULL if randomization - * of intermediate results isn't desired (discouraged). - * \param p_rng The RNG context to be passed to \p p_rng. + * \param f_rng The RNG function. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be \c + * NULL if \p f_rng doesn't need a context. * * \return \c 0 on success. * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private @@ -959,9 +952,9 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * This must be initialized. * \param m The integer by which to multiply. This must be initialized. * \param P The point to multiply. This must be initialized. - * \param f_rng The RNG function. This may be \c NULL if randomization - * of intermediate results isn't desired (discouraged). - * \param p_rng The RNG context to be passed to \p p_rng. + * \param f_rng The RNG function. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be \c + * NULL if \p f_rng doesn't need a context. * \param rs_ctx The restart context (NULL disables restart). * * \return \c 0 on success. diff --git a/library/ecjpake.c b/library/ecjpake.c index de43ddb70..d22931142 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -962,6 +962,28 @@ static const unsigned char ecjpake_test_pms[] = { 0xb4, 0x38, 0xf7, 0x19, 0xd3, 0xc4, 0xf3, 0x51 }; +/* + * PRNG for test - !!!INSECURE NEVER USE IN PRODUCTION!!! + * + * This is the linear congruential generator from numerical recipes, + * except we only use the low byte as the output. See + * https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use + */ +static int self_test_rng( void *ctx, unsigned char *out, size_t len ) +{ + static uint32_t state = 42; + + (void) ctx; + + for( size_t i = 0; i < len; i++ ) + { + state = state * 1664525u + 1013904223u; + out[i] = (unsigned char) state; + } + + return( 0 ); +} + /* Load my private keys and generate the corresponding public keys */ static int ecjpake_test_load( mbedtls_ecjpake_context *ctx, const unsigned char *xm1, size_t len1, @@ -972,9 +994,9 @@ static int ecjpake_test_load( mbedtls_ecjpake_context *ctx, MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1, - &ctx->grp.G, NULL, NULL ) ); + &ctx->grp.G, self_test_rng, NULL ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2, - &ctx->grp.G, NULL, NULL ) ); + &ctx->grp.G, self_test_rng, NULL ) ); cleanup: return( ret ); diff --git a/library/ecp.c b/library/ecp.c index 044bbe1d1..873b4c839 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2684,6 +2684,9 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, ECP_VALIDATE_RET( m != NULL ); ECP_VALIDATE_RET( P != NULL ); + if( f_rng == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + #if defined(MBEDTLS_ECP_RESTARTABLE) /* reset ops count for this call if top-level */ if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) @@ -3315,6 +3318,28 @@ cleanup: #if defined(MBEDTLS_SELF_TEST) +/* + * PRNG for test - !!!INSECURE NEVER USE IN PRODUCTION!!! + * + * This is the linear congruential generator from numerical recipes, + * except we only use the low byte as the output. See + * https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use + */ +static int self_test_rng( void *ctx, unsigned char *out, size_t len ) +{ + static uint32_t state = 42; + + (void) ctx; + + for( size_t i = 0; i < len; i++ ) + { + state = state * 1664525u + 1013904223u; + out[i] = (unsigned char) state; + } + + return( 0 ); +} + /* Adjust the exponent to be a valid private point for the specified curve. * This is sometimes necessary because we use a single set of exponents * for all curves but the validity of values depends on the curve. */ @@ -3370,7 +3395,7 @@ static int self_test_point( int verbose, MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[0] ) ); MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, self_test_rng, NULL ) ); for( i = 1; i < n_exponents; i++ ) { @@ -3383,7 +3408,7 @@ static int self_test_point( int verbose, MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[i] ) ); MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, self_test_rng, NULL ) ); if( add_count != add_c_prev || dbl_count != dbl_c_prev || @@ -3461,7 +3486,7 @@ int mbedtls_ecp_self_test( int verbose ) mbedtls_printf( " ECP SW test #1 (constant op_count, base point G): " ); /* Do a dummy multiplication first to trigger precomputation */ MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &m, 2 ) ); - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, self_test_rng, NULL ) ); ret = self_test_point( verbose, &grp, &R, &m, &grp.G, sw_exponents, diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index f2b637614..e820067a7 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -124,12 +124,14 @@ void ecp_test_vect_restart( int id, mbedtls_mpi dA, xA, yA, dB, xZ, yZ; int cnt_restarts; int ret; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_restart_init( &ctx ); mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R ); mbedtls_ecp_point_init( &P ); mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA ); mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); @@ -147,7 +149,8 @@ void ecp_test_vect_restart( int id, cnt_restarts = 0; do { ECP_PT_RESET( &R ); - ret = mbedtls_ecp_mul_restartable( &grp, &R, &dA, &grp.G, NULL, NULL, &ctx ); + ret = mbedtls_ecp_mul_restartable( &grp, &R, &dA, &grp.G, + &mbedtls_test_rnd_pseudo_rand, &rnd_info, &ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts ); TEST_ASSERT( ret == 0 ); @@ -162,7 +165,8 @@ void ecp_test_vect_restart( int id, cnt_restarts = 0; do { ECP_PT_RESET( &R ); - ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx ); + ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, + &mbedtls_test_rnd_pseudo_rand, &rnd_info, &ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts ); TEST_ASSERT( ret == 0 ); @@ -176,7 +180,8 @@ void ecp_test_vect_restart( int id, * This test only makes sense when we actually restart */ if( min_restarts > 0 ) { - ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx ); + ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, + &mbedtls_test_rnd_pseudo_rand, &rnd_info, &ctx ); TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); } @@ -294,12 +299,14 @@ void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str, TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); - TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &R, + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); - TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G, + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xB ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yB ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); @@ -351,11 +358,13 @@ void ecp_test_vec_x( int id, char * dA_hex, char * xA_hex, char * dB_hex, TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 ); - TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G, + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xB ) == 0 ); - TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &R, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &R, + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 ); From 75525aec527bc9d3bba2cd3214c3c8fc2d9961af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 215/236] Fix mbedtls_ecp_muladd() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It was indirectly calling ecp_mul() without an RNG. That's actually the rare case where this should be allowed, as ecp_muladd() is typically used on non-secret data (to verify signatures or ZKPs) and documented as not being constant-time. Refactor a bit in order to keep the ability to call ecp_mul() without a RNG, but not exposed publicly (except though muladd). Signed-off-by: Manuel Pégourié-Gonnard --- library/ecp.c | 35 +++++++++++++++++++++++++---------- 1 file changed, 25 insertions(+), 10 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 873b4c839..bd560b574 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2669,8 +2669,11 @@ cleanup: /* * Restartable multiplication R = m * P + * + * This internal function can be called without an RNG in case where we know + * the inputs are not sensitive. */ -int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, +static int ecp_mul_restartable_internal( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, const mbedtls_mpi *m, const mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_ecp_restart_ctx *rs_ctx ) @@ -2679,13 +2682,6 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if defined(MBEDTLS_ECP_INTERNAL_ALT) char is_grp_capable = 0; #endif - ECP_VALIDATE_RET( grp != NULL ); - ECP_VALIDATE_RET( R != NULL ); - ECP_VALIDATE_RET( m != NULL ); - ECP_VALIDATE_RET( P != NULL ); - - if( f_rng == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); #if defined(MBEDTLS_ECP_RESTARTABLE) /* reset ops count for this call if top-level */ @@ -2738,6 +2734,25 @@ cleanup: return( ret ); } +/* + * Restartable multiplication R = m * P + */ +int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, + const mbedtls_mpi *m, const mbedtls_ecp_point *P, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_ecp_restart_ctx *rs_ctx ) +{ + ECP_VALIDATE_RET( grp != NULL ); + ECP_VALIDATE_RET( R != NULL ); + ECP_VALIDATE_RET( m != NULL ); + ECP_VALIDATE_RET( P != NULL ); + + if( f_rng == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + return( ecp_mul_restartable_internal( grp, R, m, P, f_rng, p_rng, rs_ctx ) ); +} + /* * Multiplication R = m * P */ @@ -2831,8 +2846,8 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp, } else { - MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, R, m, P, - NULL, NULL, rs_ctx ) ); + MBEDTLS_MPI_CHK( ecp_mul_restartable_internal( grp, R, m, P, + NULL, NULL, rs_ctx ) ); } cleanup: From f8c24bf507089b5e90721cb59be399d359459411 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 216/236] Fix signature of check_pub_priv MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ecp.h | 8 ++++++-- library/ecp.c | 6 ++++-- tests/suites/test_suite_ecp.function | 5 ++++- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index f203a7b25..75ad8087d 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -1258,14 +1258,18 @@ int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key, * part is ignored. * \param prv The keypair structure holding the full keypair. * This must be initialized. + * \param f_rng The RNG function. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be \c + * NULL if \p f_rng doesn't need a context. * * \return \c 0 on success, meaning that the keys are valid and match. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match. * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX * error code on calculation failure. */ -int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, - const mbedtls_ecp_keypair *prv ); +int mbedtls_ecp_check_pub_priv( + const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); #if defined(MBEDTLS_SELF_TEST) diff --git a/library/ecp.c b/library/ecp.c index bd560b574..1a78a8f32 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -3290,7 +3290,9 @@ cleanup: /* * Check a public-private key pair */ -int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ) +int mbedtls_ecp_check_pub_priv( + const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_point Q; @@ -3314,7 +3316,7 @@ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ec mbedtls_ecp_group_copy( &grp, &prv->grp ); /* Also checks d is valid */ - MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, f_rng, p_rng ) ); if( mbedtls_mpi_cmp_mpi( &Q.X, &prv->Q.X ) || mbedtls_mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) || diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index e820067a7..d795fe214 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -776,9 +776,11 @@ void mbedtls_ecp_check_pub_priv( int id_pub, char * Qx_pub, char * Qy_pub, int ret ) { mbedtls_ecp_keypair pub, prv; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_keypair_init( &pub ); mbedtls_ecp_keypair_init( &prv ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); if( id_pub != MBEDTLS_ECP_DP_NONE ) TEST_ASSERT( mbedtls_ecp_group_load( &pub.grp, id_pub ) == 0 ); @@ -789,7 +791,8 @@ void mbedtls_ecp_check_pub_priv( int id_pub, char * Qx_pub, char * Qy_pub, TEST_ASSERT( mbedtls_ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &prv.d, 16, d ) == 0 ); - TEST_ASSERT( mbedtls_ecp_check_pub_priv( &pub, &prv ) == ret ); + TEST_ASSERT( mbedtls_ecp_check_pub_priv( &pub, &prv, + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); exit: mbedtls_ecp_keypair_free( &pub ); From 39be1410fdad87998cc345a6b808410ded100dd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 217/236] Add RNG parameter to check_pair functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - mbedtls_ecp_check_pub_priv() because it calls ecp_mul() - mbedtls_pk_check_pair() because it calls the former Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/pk.h | 7 ++++++- library/pk.c | 10 ++++++++-- library/pk_wrap.c | 19 ++++++++++++++----- library/pk_wrap.h | 4 +++- programs/x509/cert_write.c | 3 ++- tests/suites/test_suite_pk.function | 11 ++++++++--- 6 files changed, 41 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 36af5d98d..5c7b2f646 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -603,6 +603,8 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, * * \param pub Context holding a public key. * \param prv Context holding a private (and public) key. + * \param f_rng RNG function, must not be \c NULL. + * \param p_rng RNG parameter * * \return \c 0 on success (keys were checked and match each other). * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not @@ -610,7 +612,10 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid. * \return Another non-zero value if the keys do not match. */ -int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ); +int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, + const mbedtls_pk_context *prv, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); /** * \brief Export debug information diff --git a/library/pk.c b/library/pk.c index 06021e26c..275d34bb1 100644 --- a/library/pk.c +++ b/library/pk.c @@ -500,7 +500,10 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx, /* * Check public-private key pair */ -int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ) +int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, + const mbedtls_pk_context *prv, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { PK_VALIDATE_RET( pub != NULL ); PK_VALIDATE_RET( prv != NULL ); @@ -511,6 +514,9 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); } + if( f_rng == NULL ) + return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + if( prv->pk_info->check_pair_func == NULL ) return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); @@ -525,7 +531,7 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); } - return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) ); + return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx, f_rng, p_rng ) ); } /* diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 7c317c52d..864e495b3 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -154,8 +154,12 @@ static int rsa_encrypt_wrap( void *ctx, ilen, input, output ) ); } -static int rsa_check_pair_wrap( const void *pub, const void *prv ) +static int rsa_check_pair_wrap( const void *pub, const void *prv, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { + (void) f_rng; + (void) p_rng; return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub, (const mbedtls_rsa_context *) prv ) ); } @@ -388,10 +392,13 @@ cleanup: #endif /* MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_ECDSA_C */ -static int eckey_check_pair( const void *pub, const void *prv ) +static int eckey_check_pair( const void *pub, const void *prv, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub, - (const mbedtls_ecp_keypair *) prv ) ); + (const mbedtls_ecp_keypair *) prv, + f_rng, p_rng ) ); } static void *eckey_alloc_wrap( void ) @@ -799,7 +806,9 @@ static int rsa_alt_decrypt_wrap( void *ctx, } #if defined(MBEDTLS_RSA_C) -static int rsa_alt_check_pair( const void *pub, const void *prv ) +static int rsa_alt_check_pair( const void *pub, const void *prv, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; unsigned char hash[32]; @@ -813,7 +822,7 @@ static int rsa_alt_check_pair( const void *pub, const void *prv ) if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE, hash, sizeof( hash ), - sig, &sig_len, NULL, NULL ) ) != 0 ) + sig, &sig_len, f_rng, p_rng ) ) != 0 ) { return( ret ); } diff --git a/library/pk_wrap.h b/library/pk_wrap.h index f7f938a88..b2db63739 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -85,7 +85,9 @@ struct mbedtls_pk_info_t void *p_rng ); /** Check public-private key pair */ - int (*check_pair_func)( const void *pub, const void *prv ); + int (*check_pair_func)( const void *pub, const void *prv, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); /** Allocate a new context */ void * (*ctx_alloc_func)( void ); diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index ff7cf9807..041f459cf 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -606,7 +606,8 @@ int main( int argc, char *argv[] ) // if( strlen( opt.issuer_crt ) ) { - if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key ) != 0 ) + if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key, + mbedtls_ctr_drbg_random, &ctr_drbg ) != 0 ) { mbedtls_printf( " failed\n ! issuer_key does not match " "issuer certificate\n\n" ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 573c9d430..b46cf05cf 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -177,7 +177,8 @@ void pk_psa_utils( ) /* unsupported functions: check_pair, debug */ TEST_ASSERT( mbedtls_pk_setup( &pk2, mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); - TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2 ) + TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2, + mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_TYPE_MISMATCH ); TEST_ASSERT( mbedtls_pk_debug( &pk, &dbg ) == MBEDTLS_ERR_PK_TYPE_MISMATCH ); @@ -350,7 +351,9 @@ void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret ) TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL ) == 0 ); - TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv ) == ret ); + TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv, + mbedtls_test_rnd_std_rand, NULL ) + == ret ); #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA ) @@ -358,7 +361,9 @@ void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret ) TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ), mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_key_len_func ) == 0 ); - TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt ) == ret ); + TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt, + mbedtls_test_rnd_std_rand, NULL ) + == ret ); } #endif From 84dea01f36240592c162cd3724dc89abb25b3080 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 218/236] Add RNG params to private key parsing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is necessary for the case where the public part of an EC keypair needs to be computed from the private part - either because it was not included (it's an optional component) or because it was compressed (a format we can't parse). This changes the API of two public functions: mbedtls_pk_parse_key() and mbedtls_pk_parse_keyfile(). Tests and programs have been adapted. Some programs use a non-secure RNG (from the test library) just to get things to compile and run; in a future commit this should be improved in order to demonstrate best practice. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/pk.h | 12 +++-- library/pkparse.c | 52 ++++++++++++---------- library/psa_crypto_rsa.c | 3 +- programs/fuzz/fuzz_dtlsserver.c | 4 +- programs/fuzz/fuzz_privkey.c | 4 +- programs/fuzz/fuzz_server.c | 3 +- programs/pkey/key_app.c | 5 ++- programs/pkey/key_app_writer.c | 6 ++- programs/pkey/pk_decrypt.c | 3 +- programs/pkey/pk_sign.c | 3 +- programs/pkey/rsa_sign_pss.c | 3 +- programs/ssl/dtls_server.c | 40 +++++++++-------- programs/ssl/ssl_client2.c | 4 +- programs/ssl/ssl_fork_server.c | 3 +- programs/ssl/ssl_mail_client.c | 9 +++- programs/ssl/ssl_pthread_server.c | 37 +++++++-------- programs/ssl/ssl_server.c | 39 ++++++++-------- programs/ssl/ssl_server2.c | 14 +++--- programs/x509/cert_req.c | 3 +- programs/x509/cert_write.c | 4 +- tests/suites/test_suite_pk.function | 11 +++-- tests/suites/test_suite_pkparse.function | 9 ++-- tests/suites/test_suite_pkwrite.function | 3 +- tests/suites/test_suite_ssl.function | 12 +++-- tests/suites/test_suite_x509write.function | 10 +++-- 25 files changed, 175 insertions(+), 121 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 5c7b2f646..dec511112 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -667,6 +667,8 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); * The empty password is not supported. * \param pwdlen Size of the password in bytes. * Ignored if \p pwd is \c NULL. + * \param f_rng RNG function, must not be \c NULL. Used for blinding. + * \param p_rng RNG parameter * * \note On entry, ctx must be empty, either freshly initialised * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a @@ -677,8 +679,9 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx ); * \return 0 if successful, or a specific PK or PEM error code */ int mbedtls_pk_parse_key( mbedtls_pk_context *ctx, - const unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ); + const unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** \ingroup pk_module */ /** @@ -718,6 +721,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, * Pass a null-terminated string if expecting an encrypted * key; a non-encrypted key will also be accepted. * The empty password is not supported. + * \param f_rng RNG function, must not be \c NULL. Used for blinding. + * \param p_rng RNG parameter * * \note On entry, ctx must be empty, either freshly initialised * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a @@ -728,7 +733,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, * \return 0 if successful, or a specific PK or PEM error code */ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, - const char *path, const char *password ); + const char *path, const char *password, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); /** \ingroup pk_module */ /** diff --git a/library/pkparse.c b/library/pkparse.c index 3222ca20f..5438ee4a0 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -123,7 +123,8 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n ) * Load and parse a private key */ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, - const char *path, const char *pwd ) + const char *path, const char *pwd, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; @@ -136,10 +137,10 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, return( ret ); if( pwd == NULL ) - ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 ); + ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0, f_rng, p_rng ); else ret = mbedtls_pk_parse_key( ctx, buf, n, - (const unsigned char *) pwd, strlen( pwd ) ); + (const unsigned char *) pwd, strlen( pwd ), f_rng, p_rng ); mbedtls_platform_zeroize( buf, n ); mbedtls_free( buf ); @@ -859,8 +860,8 @@ cleanup: * Parse a SEC1 encoded private EC key */ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, - const unsigned char *key, - size_t keylen ) + const unsigned char *key, size_t keylen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int version, pubkey_done; @@ -967,7 +968,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, if( ! pubkey_done && ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G, - NULL, NULL ) ) != 0 ) + f_rng, p_rng ) ) != 0 ) { mbedtls_ecp_keypair_free( eck ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); @@ -997,9 +998,9 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, * */ static int pk_parse_key_pkcs8_unencrypted_der( - mbedtls_pk_context *pk, - const unsigned char* key, - size_t keylen ) + mbedtls_pk_context *pk, + const unsigned char* key, size_t keylen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret, version; size_t len; @@ -1071,7 +1072,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) { if( ( ret = pk_use_ecparams( ¶ms, &mbedtls_pk_ec( *pk )->grp ) ) != 0 || - ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 ) + ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len, f_rng, p_rng ) ) != 0 ) { mbedtls_pk_free( pk ); return( ret ); @@ -1094,9 +1095,10 @@ static int pk_parse_key_pkcs8_unencrypted_der( */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) static int pk_parse_key_pkcs8_encrypted_der( - mbedtls_pk_context *pk, - unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ) + mbedtls_pk_context *pk, + unsigned char *key, size_t keylen, + const unsigned char *pwd, size_t pwdlen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret, decrypted = 0; size_t len; @@ -1206,7 +1208,7 @@ static int pk_parse_key_pkcs8_encrypted_der( if( decrypted == 0 ) return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); - return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); + return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len, f_rng, p_rng ) ); } #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ @@ -1215,7 +1217,8 @@ static int pk_parse_key_pkcs8_encrypted_der( */ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, const unsigned char *key, size_t keylen, - const unsigned char *pwd, size_t pwdlen ) + const unsigned char *pwd, size_t pwdlen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const mbedtls_pk_info_t *pk_info; @@ -1278,7 +1281,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), - pem.buf, pem.buflen ) ) != 0 ) + pem.buf, pem.buflen, + f_rng, p_rng ) ) != 0 ) { mbedtls_pk_free( pk ); } @@ -1305,7 +1309,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ret == 0 ) { if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, - pem.buf, pem.buflen ) ) != 0 ) + pem.buf, pem.buflen, f_rng, p_rng ) ) != 0 ) { mbedtls_pk_free( pk ); } @@ -1327,9 +1331,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, key, NULL, 0, &len ); if( ret == 0 ) { - if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, - pem.buf, pem.buflen, - pwd, pwdlen ) ) != 0 ) + if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, pem.buf, pem.buflen, + pwd, pwdlen, f_rng, p_rng ) ) != 0 ) { mbedtls_pk_free( pk ); } @@ -1362,7 +1365,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, memcpy( key_copy, key, keylen ); ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, - pwd, pwdlen ); + pwd, pwdlen, f_rng, p_rng ); mbedtls_platform_zeroize( key_copy, keylen ); mbedtls_free( key_copy ); @@ -1380,8 +1383,11 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, } #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ - if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 ) + if( ( ret = pk_parse_key_pkcs8_unencrypted_der( + pk, key, keylen, f_rng, p_rng ) ) == 0 ) + { return( 0 ); + } mbedtls_pk_free( pk ); mbedtls_pk_init( pk ); @@ -1403,7 +1409,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); if( mbedtls_pk_setup( pk, pk_info ) == 0 && pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), - key, keylen ) == 0 ) + key, keylen, f_rng, p_rng ) == 0 ) { return( 0 ); } diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index f2e9a1c05..ef2adc134 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -108,7 +108,8 @@ psa_status_t mbedtls_psa_rsa_load_representation( /* Parse the data. */ if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) status = mbedtls_to_psa_error( - mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0 ) ); + mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0, + mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) ); else status = mbedtls_to_psa_error( mbedtls_pk_parse_public_key( &ctx, data, data_length ) ); diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 34ff63ede..a64eef979 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -6,6 +6,7 @@ #include "common.h" #include "mbedtls/ssl.h" #include "test/certs.h" +#include "test/random.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" @@ -55,7 +56,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_test_cas_pem_len ) != 0) return 1; if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0 ) != 0) + mbedtls_test_srv_key_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL ) != 0) return 1; #endif dummy_init(); diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index f76afd1c5..a06187562 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -3,6 +3,7 @@ #include #include #include "mbedtls/pk.h" +#include "test/random.h" //4 Kb should be enough for every bug ;-) #define MAX_LEN 0x1000 @@ -19,7 +20,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { } mbedtls_pk_init( &pk ); - ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0 ); + ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0, + mbedtls_test_rnd_std_rand, NULL ); if (ret == 0) { #if defined(MBEDTLS_RSA_C) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 5480e3e87..d4480c5c8 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -66,7 +66,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_test_cas_pem_len ) != 0) return 1; if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0 ) != 0) + mbedtls_test_srv_key_len, NULL, 0, + mbedtls_ctr_drbg_random, &ctr_drbg ) != 0) return 1; #endif diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 7bd93c72b..0e30be4b2 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -40,6 +40,8 @@ #include "mbedtls/rsa.h" #include "mbedtls/pk.h" +#include "test/random.h" + #include #endif @@ -181,7 +183,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Loading the private key ..." ); fflush( stdout ); - ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password ); + ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password, + mbedtls_test_rnd_std_rand, NULL ); if( ret != 0 ) { diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 4b65262d0..c7f974118 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -39,6 +39,8 @@ #include "mbedtls/pk.h" #include "mbedtls/error.h" +#include "test/random.h" + #include #include #endif @@ -292,8 +294,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Loading the private key ..." ); fflush( stdout ); - ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL ); - + ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL, + mbedtls_test_rnd_std_rand, NULL ); if( ret != 0 ) { mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c index 810d6fb3e..e01f5d558 100644 --- a/programs/pkey/pk_decrypt.c +++ b/programs/pkey/pk_decrypt.c @@ -106,7 +106,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); fflush( stdout ); - if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) + if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "", + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret ); goto exit; diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c index 451e3de9b..422fa257e 100644 --- a/programs/pkey/pk_sign.c +++ b/programs/pkey/pk_sign.c @@ -101,7 +101,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); fflush( stdout ); - if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) + if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "", + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] ); goto exit; diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c index 26056dd9b..bbbe0a9bd 100644 --- a/programs/pkey/rsa_sign_pss.c +++ b/programs/pkey/rsa_sign_pss.c @@ -102,7 +102,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); fflush( stdout ); - if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) + if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "", + mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] ); mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret ); diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index de47aab25..857671ff4 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -79,7 +79,9 @@ int main( void ) #include "mbedtls/error.h" #include "mbedtls/debug.h" #include "mbedtls/timing.h" + #include "test/certs.h" +#include "test/random.h" #if defined(MBEDTLS_SSL_CACHE_C) #include "mbedtls/ssl_cache.h" @@ -138,7 +140,23 @@ int main( void ) #endif /* - * 1. Load the certificates and private RSA key + * 1. Seed the RNG + */ + printf( " . Seeding the random number generator..." ); + fflush( stdout ); + + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + goto exit; + } + + printf( " ok\n" ); + + /* + * 2. Load the certificates and private RSA key */ printf( "\n . Loading the server cert. and key..." ); fflush( stdout ); @@ -165,7 +183,7 @@ int main( void ) } ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0 ); + mbedtls_test_srv_key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret ); @@ -175,7 +193,7 @@ int main( void ) printf( " ok\n" ); /* - * 2. Setup the "listening" UDP socket + * 3. Setup the "listening" UDP socket */ printf( " . Bind on udp/*/4433 ..." ); fflush( stdout ); @@ -188,22 +206,6 @@ int main( void ) printf( " ok\n" ); - /* - * 3. Seed the RNG - */ - printf( " . Seeding the random number generator..." ); - fflush( stdout ); - - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) - { - printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); - goto exit; - } - - printf( " ok\n" ); - /* * 4. Setup stuff */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 98a304868..6501c4927 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -1548,12 +1548,12 @@ int main( int argc, char *argv[] ) else #if defined(MBEDTLS_FS_IO) if( strlen( opt.key_file ) ) - ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd ); + ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd, rng_get, &rng ); else #endif ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key, - mbedtls_test_cli_key_len, NULL, 0 ); + mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 573210870..74190103e 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -166,7 +166,8 @@ int main( void ) } ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0 ); + mbedtls_test_srv_key_len, NULL, 0, + mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { mbedtls_printf( " failed! mbedtls_pk_parse_key returned %d\n\n", ret ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 09bbc3d69..f223977a8 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -556,12 +556,17 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_FS_IO) if( strlen( opt.key_file ) ) - ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ); + { + ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "", + mbedtls_ctr_drbg_random, &ctr_drbg ); + } else #endif #if defined(MBEDTLS_PEM_PARSE_C) + { ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key, - mbedtls_test_cli_key_len, NULL, 0 ); + mbedtls_test_cli_key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg ); + } #else { mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined."); diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 93eab4620..a083e4b64 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -360,7 +360,23 @@ int main( void ) mbedtls_entropy_init( &entropy ); /* - * 1. Load the certificates and private RSA key + * 1a. Seed the random number generator + */ + mbedtls_printf( " . Seeding the random number generator..." ); + + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n", + ( unsigned int ) -ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* + * 1b. Load the certificates and private RSA key */ mbedtls_printf( "\n . Loading the server cert. and key..." ); fflush( stdout ); @@ -388,7 +404,8 @@ int main( void ) mbedtls_pk_init( &pkey ); ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0 ); + mbedtls_test_srv_key_len, NULL, 0, + mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret ); @@ -397,22 +414,6 @@ int main( void ) mbedtls_printf( " ok\n" ); - /* - * 1b. Seed the random number generator - */ - mbedtls_printf( " . Seeding the random number generator..." ); - - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) - { - mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n", - ( unsigned int ) -ret ); - goto exit; - } - - mbedtls_printf( " ok\n" ); - /* * 1c. Prepare SSL configuration */ diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index 42196ffc0..aaccb58ec 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -125,7 +125,23 @@ int main( void ) #endif /* - * 1. Load the certificates and private RSA key + * 1. Seed the RNG + */ + mbedtls_printf( " . Seeding the random number generator..." ); + fflush( stdout ); + + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + + /* + * 2. Load the certificates and private RSA key */ mbedtls_printf( "\n . Loading the server cert. and key..." ); fflush( stdout ); @@ -152,7 +168,8 @@ int main( void ) } ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0 ); + mbedtls_test_srv_key_len, NULL, 0, + mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret ); @@ -162,7 +179,7 @@ int main( void ) mbedtls_printf( " ok\n" ); /* - * 2. Setup the listening TCP socket + * 3. Setup the listening TCP socket */ mbedtls_printf( " . Bind on https://localhost:4433/ ..." ); fflush( stdout ); @@ -175,22 +192,6 @@ int main( void ) mbedtls_printf( " ok\n" ); - /* - * 3. Seed the RNG - */ - mbedtls_printf( " . Seeding the random number generator..." ); - fflush( stdout ); - - if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, - strlen( pers ) ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret ); - goto exit; - } - - mbedtls_printf( " ok\n" ); - /* * 4. Setup stuff */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index de4eb6d87..37f4348ed 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -20,6 +20,7 @@ #define MBEDTLS_ALLOW_PRIVATE_ACCESS #include "ssl_test_lib.h" +#include "test/random.h" #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) int main( void ) @@ -727,7 +728,8 @@ sni_entry *sni_parse( char *sni_string ) mbedtls_pk_init( new->key ); if( mbedtls_x509_crt_parse_file( new->cert, crt_file ) != 0 || - mbedtls_pk_parse_keyfile( new->key, key_file, "" ) != 0 ) + mbedtls_pk_parse_keyfile( new->key, key_file, "", + mbedtls_test_rnd_std_rand, NULL ) != 0 ) goto error; if( strcmp( ca_file, "-" ) != 0 ) @@ -2257,7 +2259,7 @@ int main( int argc, char *argv[] ) { key_cert_init++; if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, - opt.key_pwd ) ) != 0 ) + opt.key_pwd, rng_get, &rng ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret ); goto exit; @@ -2283,7 +2285,7 @@ int main( int argc, char *argv[] ) { key_cert_init2++; if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, - opt.key_pwd2 ) ) != 0 ) + opt.key_pwd2, rng_get, &rng ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", (unsigned int) -ret ); @@ -2314,7 +2316,8 @@ int main( int argc, char *argv[] ) } if( ( ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key_rsa, - mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 ) + mbedtls_test_srv_key_rsa_len, NULL, 0, + rng_get, &rng ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", (unsigned int) -ret ); @@ -2333,7 +2336,8 @@ int main( int argc, char *argv[] ) } if( ( ret = mbedtls_pk_parse_key( &pkey2, (const unsigned char *) mbedtls_test_srv_key_ec, - mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 ) + mbedtls_test_srv_key_ec_len, NULL, 0, + rng_get, &rng ) ) != 0 ) { mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", (unsigned int) -ret ); diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c index e8241a320..09414583e 100644 --- a/programs/x509/cert_req.c +++ b/programs/x509/cert_req.c @@ -346,7 +346,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Loading the private key ..." ); fflush( stdout ); - ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password ); + ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password, + mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 041f459cf..4b8fba968 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -577,7 +577,7 @@ int main( int argc, char *argv[] ) fflush( stdout ); ret = mbedtls_pk_parse_keyfile( &loaded_subject_key, opt.subject_key, - opt.subject_pwd ); + opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); @@ -593,7 +593,7 @@ int main( int argc, char *argv[] ) fflush( stdout ); ret = mbedtls_pk_parse_keyfile( &loaded_issuer_key, opt.issuer_key, - opt.issuer_pwd ); + opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index b46cf05cf..5ccb072e7 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -279,7 +279,8 @@ void valid_parameters( ) MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #if defined(MBEDTLS_PK_PARSE_C) - TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1 ) == + TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1, + mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) == @@ -296,8 +297,8 @@ void valid_parameters_pkwrite( data_t *key_data ) /* For the write tests to be effective, we need a valid key pair. */ mbedtls_pk_init( &pk ); TEST_ASSERT( mbedtls_pk_parse_key( &pk, - key_data->x, key_data->len, - NULL, 0 ) == 0 ); + key_data->x, key_data->len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); @@ -349,7 +350,9 @@ void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret ) mbedtls_pk_init( &alt ); TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 ); - TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL ) == 0 ); + TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL, + mbedtls_test_rnd_std_rand, NULL ) + == 0 ); TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv, mbedtls_test_rnd_std_rand, NULL ) diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function index 4650d3311..4c7f3d2ca 100644 --- a/tests/suites/test_suite_pkparse.function +++ b/tests/suites/test_suite_pkparse.function @@ -21,7 +21,8 @@ void pk_parse_keyfile_rsa( char * key_file, char * password, int result ) if( strcmp( pwd, "NULL" ) == 0 ) pwd = NULL; - res = mbedtls_pk_parse_keyfile( &ctx, key_file, pwd ); + res = mbedtls_pk_parse_keyfile( &ctx, key_file, pwd, + mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( res == result ); @@ -96,7 +97,8 @@ void pk_parse_keyfile_ec( char * key_file, char * password, int result ) mbedtls_pk_init( &ctx ); - res = mbedtls_pk_parse_keyfile( &ctx, key_file, password ); + res = mbedtls_pk_parse_keyfile( &ctx, key_file, password, + mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( res == result ); @@ -120,7 +122,8 @@ void pk_parse_key( data_t * buf, int result ) mbedtls_pk_init( &pk ); - TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0 ) == result ); + TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL ) == result ); exit: mbedtls_pk_free( &pk ); diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 2bad4ed13..d1e029abb 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -63,7 +63,8 @@ void pk_write_key_check( char * key_file ) memset( check_buf, 0, sizeof( check_buf ) ); mbedtls_pk_init( &key ); - TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); + TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL, + mbedtls_test_rnd_std_rand, NULL ) == 0 ); ret = mbedtls_pk_write_key_pem( &key, buf, sizeof( buf )); TEST_ASSERT( ret == 0 ); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c555d74a2..d4aad60f8 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -800,7 +800,8 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg ) ret = mbedtls_pk_parse_key( &( cert->pkey ), (const unsigned char*) mbedtls_test_srv_key_rsa_der, - mbedtls_test_srv_key_rsa_der_len, NULL, 0 ); + mbedtls_test_srv_key_rsa_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( ret == 0 ); } else @@ -812,7 +813,8 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg ) ret = mbedtls_pk_parse_key( &( cert->pkey ), (const unsigned char*) mbedtls_test_srv_key_ec_der, - mbedtls_test_srv_key_ec_der_len, NULL, 0 ); + mbedtls_test_srv_key_ec_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( ret == 0 ); } } @@ -827,7 +829,8 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg ) ret = mbedtls_pk_parse_key( &( cert->pkey ), (const unsigned char *) mbedtls_test_cli_key_rsa_der, - mbedtls_test_cli_key_rsa_der_len, NULL, 0 ); + mbedtls_test_cli_key_rsa_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( ret == 0 ); } else @@ -839,7 +842,8 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg ) ret = mbedtls_pk_parse_key( &( cert->pkey ), (const unsigned char *) mbedtls_test_cli_key_ec_der, - mbedtls_test_cli_key_ec_der_len, NULL, 0 ); + mbedtls_test_cli_key_ec_der_len, NULL, 0, + mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( ret == 0 ); } } diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 44f846fd3..c9b7cf9c5 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -94,7 +94,8 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_pk_init( &key ); - TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); + TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL, + mbedtls_test_rnd_std_rand, NULL ) == 0 ); mbedtls_x509write_csr_init( &req ); mbedtls_x509write_csr_set_md_alg( &req, md_type ); @@ -163,7 +164,8 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE ); mbedtls_pk_init( &key ); - TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); + TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL, + mbedtls_test_rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 ); mbedtls_x509write_csr_init( &req ); @@ -225,10 +227,10 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, mbedtls_x509write_crt_init( &crt ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file, - subject_pwd ) == 0 ); + subject_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file, - issuer_pwd ) == 0 ); + issuer_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 ); #if defined(MBEDTLS_RSA_C) /* For RSA PK contexts, create a copy as an alternative RSA context. */ From d51aaad4c9172ca8fccad83b58e1f4030bc864c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 219/236] Remove config option MBEDTLS_ECP_NO_INTERNAL_RNG MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It was used to remove the code used when mbedtls_ecp_mul() received a NULL RNG parameter. This code is no longer relevant (as the RNG may no longer be NULL) and will be unconditionally removed in the next commit. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 8 ------- include/mbedtls/config.h | 22 ------------------- scripts/config.py | 1 - tests/scripts/all.sh | 39 ---------------------------------- 4 files changed, 70 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 90dee6c1a..85f7efde2 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -150,14 +150,6 @@ #error "MBEDTLS_ECP_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_ECP_C) && !( \ - defined(MBEDTLS_ECP_ALT) || \ - defined(MBEDTLS_CTR_DRBG_C) || \ - defined(MBEDTLS_HMAC_DRBG_C) || \ - defined(MBEDTLS_ECP_NO_INTERNAL_RNG)) -#error "MBEDTLS_ECP_C requires a DRBG module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used" -#endif - #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) #error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites" #endif diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 16f8f8b35..10370f37b 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -651,28 +651,6 @@ */ #define MBEDTLS_ECP_NIST_OPTIM -/** - * \def MBEDTLS_ECP_NO_INTERNAL_RNG - * - * When this option is disabled, mbedtls_ecp_mul() will make use of an - * internal RNG when called with a NULL \c f_rng argument, in order to protect - * against some side-channel attacks. - * - * This protection introduces a dependency of the ECP module on one of the - * DRBG modules. For very constrained implementations that don't require this - * protection (for example, because you're only doing signature verification, - * so not manipulating any secret, or because local/physical side-channel - * attacks are outside your threat model), it might be desirable to get rid of - * that dependency. - * - * \warning Enabling this option makes some uses of ECP vulnerable to some - * side-channel attacks. Only enable it if you know that's not a problem for - * your use case. - * - * Uncomment this macro to disable some counter-measures in ECP. - */ -//#define MBEDTLS_ECP_NO_INTERNAL_RNG - /** * \def MBEDTLS_ECP_RESTARTABLE * diff --git a/scripts/config.py b/scripts/config.py index e27f32270..cbce1eb47 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -181,7 +181,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS 'MBEDTLS_ECP_NO_FALLBACK', # removes internal ECP implementation - 'MBEDTLS_ECP_NO_INTERNAL_RNG', # removes a feature 'MBEDTLS_ECP_RESTARTABLE', # incompatible with USE_PSA_CRYPTO 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_HAVE_SSE2', # hardware dependency diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 142309957..2f3573f57 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1000,7 +1000,6 @@ component_test_psa_external_rng_no_drbg_classic () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG - scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG, # the SSL test programs don't have an RNG and can't work. Explicitly # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG. @@ -1023,7 +1022,6 @@ component_test_psa_external_rng_no_drbg_use_psa () { scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG - scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" @@ -1048,43 +1046,6 @@ component_test_psa_external_rng_use_psa_crypto () { if_build_succeeded tests/ssl-opt.sh -f 'Default\|opaque' } -component_test_ecp_no_internal_rng () { - msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules" - scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG - scripts/config.py unset MBEDTLS_CTR_DRBG_C - scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG - scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto - - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: ECP_NO_INTERNAL_RNG, no DRBG module" - make test - - # no SSL tests as they all depend on having a DRBG -} - -component_test_ecp_restartable_no_internal_rng () { - msg "build: Default plus ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG" - scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG - scripts/config.py set MBEDTLS_ECP_RESTARTABLE - scripts/config.py unset MBEDTLS_CTR_DRBG_C - scripts/config.py unset MBEDTLS_HMAC_DRBG_C - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG - scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires CTR_DRBG - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto - - CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . - make - - msg "test: ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG module" - make test - - # no SSL tests as they all depend on having a DRBG -} - component_test_everest () { msg "build: Everest ECDH context (ASan build)" # ~ 6 min scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED From 7962bfaa798b09598516a81efe32a5eea2ac520b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 220/236] Remove "internal RNG" code from ECP MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is no longer needed, as the RNG param is now mandatory. Signed-off-by: Manuel Pégourié-Gonnard --- library/ecp.c | 224 -------------------------------------------------- 1 file changed, 224 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 1a78a8f32..b7a385475 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -101,16 +101,6 @@ #include "ecp_internal_alt.h" -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) -#if defined(MBEDTLS_HMAC_DRBG_C) -#include "mbedtls/hmac_drbg.h" -#elif defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/ctr_drbg.h" -#else -#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid." -#endif -#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ - #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline @@ -124,144 +114,6 @@ static unsigned long add_count, dbl_count, mul_count; #endif -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) -/* - * Currently ecp_mul() takes a RNG function as an argument, used for - * side-channel protection, but it can be NULL. The initial reasoning was - * that people will pass non-NULL RNG when they care about side-channels, but - * unfortunately we have some APIs that call ecp_mul() with a NULL RNG, with - * no opportunity for the user to do anything about it. - * - * The obvious strategies for addressing that include: - * - change those APIs so that they take RNG arguments; - * - require a global RNG to be available to all crypto modules. - * - * Unfortunately those would break compatibility. So what we do instead is - * have our own internal DRBG instance, seeded from the secret scalar. - * - * The following is a light-weight abstraction layer for doing that with - * HMAC_DRBG (first choice) or CTR_DRBG. - */ - -#if defined(MBEDTLS_HMAC_DRBG_C) - -/* DRBG context type */ -typedef mbedtls_hmac_drbg_context ecp_drbg_context; - -/* DRBG context init */ -static inline void ecp_drbg_init( ecp_drbg_context *ctx ) -{ - mbedtls_hmac_drbg_init( ctx ); -} - -/* DRBG context free */ -static inline void ecp_drbg_free( ecp_drbg_context *ctx ) -{ - mbedtls_hmac_drbg_free( ctx ); -} - -/* DRBG function */ -static inline int ecp_drbg_random( void *p_rng, - unsigned char *output, size_t output_len ) -{ - return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) ); -} - -/* DRBG context seeding */ -static int ecp_drbg_seed( ecp_drbg_context *ctx, - const mbedtls_mpi *secret, size_t secret_len ) -{ - int ret; - unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES]; - /* The list starts with strong hashes */ - const mbedtls_md_type_t md_type = mbedtls_md_list()[0]; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type ); - - if( secret_len > MBEDTLS_ECP_MAX_BYTES ) - { - ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, - secret_bytes, secret_len ) ); - - ret = mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_bytes, secret_len ); - -cleanup: - mbedtls_platform_zeroize( secret_bytes, secret_len ); - - return( ret ); -} - -#elif defined(MBEDTLS_CTR_DRBG_C) - -/* DRBG context type */ -typedef mbedtls_ctr_drbg_context ecp_drbg_context; - -/* DRBG context init */ -static inline void ecp_drbg_init( ecp_drbg_context *ctx ) -{ - mbedtls_ctr_drbg_init( ctx ); -} - -/* DRBG context free */ -static inline void ecp_drbg_free( ecp_drbg_context *ctx ) -{ - mbedtls_ctr_drbg_free( ctx ); -} - -/* DRBG function */ -static inline int ecp_drbg_random( void *p_rng, - unsigned char *output, size_t output_len ) -{ - return( mbedtls_ctr_drbg_random( p_rng, output, output_len ) ); -} - -/* - * Since CTR_DRBG doesn't have a seed_buf() function the way HMAC_DRBG does, - * we need to pass an entropy function when seeding. So we use a dummy - * function for that, and pass the actual entropy as customisation string. - * (During seeding of CTR_DRBG the entropy input and customisation string are - * concatenated before being used to update the secret state.) - */ -static int ecp_ctr_drbg_null_entropy(void *ctx, unsigned char *out, size_t len) -{ - (void) ctx; - memset( out, 0, len ); - return( 0 ); -} - -/* DRBG context seeding */ -static int ecp_drbg_seed( ecp_drbg_context *ctx, - const mbedtls_mpi *secret, size_t secret_len ) -{ - int ret; - unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES]; - - if( secret_len > MBEDTLS_ECP_MAX_BYTES ) - { - ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, - secret_bytes, secret_len ) ); - - ret = mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL, - secret_bytes, secret_len ); - -cleanup: - mbedtls_platform_zeroize( secret_bytes, secret_len ); - - return( ret ); -} - -#else -#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid." -#endif /* DRBG modules */ -#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ - #if defined(MBEDTLS_ECP_RESTARTABLE) /* * Maximum number of "basic operations" to be done in a row. @@ -309,10 +161,6 @@ struct mbedtls_ecp_restart_mul ecp_rsm_comb_core, /* ecp_mul_comb_core() */ ecp_rsm_final_norm, /* do the final normalization */ } state; -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_context drbg_ctx; - unsigned char drbg_seeded; -#endif }; /* @@ -325,10 +173,6 @@ static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx ) ctx->T = NULL; ctx->T_size = 0; ctx->state = ecp_rsm_init; -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_init( &ctx->drbg_ctx ); - ctx->drbg_seeded = 0; -#endif } /* @@ -350,10 +194,6 @@ static void ecp_restart_rsm_free( mbedtls_ecp_restart_mul_ctx *ctx ) mbedtls_free( ctx->T ); } -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_free( &ctx->drbg_ctx ); -#endif - ecp_restart_rsm_init( ctx ); } @@ -2068,9 +1908,7 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R i = d; MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) ); -#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng != 0 ) -#endif MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); } @@ -2204,9 +2042,7 @@ final_norm: * * Avoid the leak by randomizing coordinates before we normalize them. */ -#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng != 0 ) -#endif MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); @@ -2286,42 +2122,9 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, size_t d; unsigned char T_size = 0, T_ok = 0; mbedtls_ecp_point *T = NULL; -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_context drbg_ctx; - - ecp_drbg_init( &drbg_ctx ); -#endif ECP_RS_ENTER( rsm ); -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng == NULL ) - { - /* Adjust pointers */ - f_rng = &ecp_drbg_random; -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - p_rng = &rs_ctx->rsm->drbg_ctx; - else -#endif - p_rng = &drbg_ctx; - - /* Initialize internal DRBG if necessary */ -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx == NULL || rs_ctx->rsm == NULL || - rs_ctx->rsm->drbg_seeded == 0 ) -#endif - { - const size_t m_len = ( grp->nbits + 7 ) / 8; - MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m, m_len ) ); - } -#if defined(MBEDTLS_ECP_RESTARTABLE) - if( rs_ctx != NULL && rs_ctx->rsm != NULL ) - rs_ctx->rsm->drbg_seeded = 1; -#endif - } -#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ - /* Is P the base point ? */ #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && @@ -2393,10 +2196,6 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, cleanup: -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_free( &drbg_ctx ); -#endif - /* does T belong to the group? */ if( T == grp->T ) T = NULL; @@ -2583,23 +2382,8 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, unsigned char b; mbedtls_ecp_point RP; mbedtls_mpi PX; -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_context drbg_ctx; - - ecp_drbg_init( &drbg_ctx ); -#endif mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX ); -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng == NULL ) - { - const size_t m_len = ( grp->nbits + 7 ) / 8; - MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m, m_len ) ); - f_rng = &ecp_drbg_random; - p_rng = &drbg_ctx; - } -#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ - /* Save PX and read from P before writing to R, in case P == R */ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) ); @@ -2613,9 +2397,7 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MOD_ADD( RP.X ); /* Randomize coordinates of the starting point */ -#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng != NULL ) -#endif MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); /* Loop invariant: R = result so far, RP = R + P */ @@ -2648,18 +2430,12 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * * Avoid the leak by randomizing coordinates before we normalize them. */ -#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng != NULL ) -#endif MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); cleanup: -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_free( &drbg_ctx ); -#endif - mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX ); return( ret ); From 02b5705aa37613d83c97aa2f84b8d66b10b60d3d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 221/236] Simplify internal code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We know that Montgomery multiplication will never be called without an RNG, so make that clear from the beginning of the function. Signed-off-by: Manuel Pégourié-Gonnard --- library/ecp.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index b7a385475..8f6e9886b 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2384,6 +2384,9 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, mbedtls_mpi PX; mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX ); + if( f_rng == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + /* Save PX and read from P before writing to R, in case P == R */ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) ); @@ -2397,8 +2400,7 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MOD_ADD( RP.X ); /* Randomize coordinates of the starting point */ - if( f_rng != NULL ) - MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); + MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); /* Loop invariant: R = result so far, RP = R + P */ i = mbedtls_mpi_bitlen( m ); /* one past the (zero-based) most significant bit */ @@ -2430,9 +2432,7 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * * Avoid the leak by randomizing coordinates before we normalize them. */ - if( f_rng != NULL ) - MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) ); - + MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); cleanup: From e6e51aab55fd002ddc89f5b1b2579f768c6eb606 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:29:26 +0200 Subject: [PATCH 222/236] Add ChangeLog and migration guide entries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Merge part of the RSA entries into this one, as I think it's easier for users to have all similar changes in one place regardless of whether they were introduce in the same PR or not. Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/mandatory-rng-param.txt | 12 +++++++ ChangeLog.d/remove-rsa-mode-parameter.txt | 1 - .../mandatory-rng-param.md | 36 +++++++++++++++++++ .../remove-rsa-mode-parameter.md | 8 ----- 4 files changed, 48 insertions(+), 9 deletions(-) create mode 100644 ChangeLog.d/mandatory-rng-param.txt create mode 100644 docs/3.0-migration-guide.d/mandatory-rng-param.md diff --git a/ChangeLog.d/mandatory-rng-param.txt b/ChangeLog.d/mandatory-rng-param.txt new file mode 100644 index 000000000..4e04248fa --- /dev/null +++ b/ChangeLog.d/mandatory-rng-param.txt @@ -0,0 +1,12 @@ +API changes + * For all functions that take an RNG parameter, this parameter is now + mandatory (that is, NULL is not an acceptable value). Functions which + previously accepted NULL and now reject it are: the X.509 CRT and CSR + writing functions; the PK sign and decrypt function; the RSA encrypt, + decrypt, sign and private functions; the function in DHM and ECDH that + compute the share secret; the scalar multiplication functions in ECP. + * The following functions now require an RNG parameter: + mbedtls_ecp_check_pub_priv(), mbedtls_pk_check_pair(), + mbedtls_pk_parse_key(), mbedtls_pk_parse_keyfile(). + * The configuration option MBEDTLS_ECP_NO_INTERNAL_RNG has been removed as + it no longer had any effect. diff --git a/ChangeLog.d/remove-rsa-mode-parameter.txt b/ChangeLog.d/remove-rsa-mode-parameter.txt index 854dda34b..2590d3a94 100644 --- a/ChangeLog.d/remove-rsa-mode-parameter.txt +++ b/ChangeLog.d/remove-rsa-mode-parameter.txt @@ -6,4 +6,3 @@ API changes decryption functions now always use the private key and verification and encryption use the public key. Verification functions also no longer have RNG parameters. - * The RNG is now mandatory for all private-key RSA operations. diff --git a/docs/3.0-migration-guide.d/mandatory-rng-param.md b/docs/3.0-migration-guide.d/mandatory-rng-param.md new file mode 100644 index 000000000..3cbc35695 --- /dev/null +++ b/docs/3.0-migration-guide.d/mandatory-rng-param.md @@ -0,0 +1,36 @@ +The RNG parameter is now mandatory for all functions that accept one +-------------------------------------------------------------------- + +This change affects all users who called a function accepting a `f_rng` +parameter with `NULL` as the value of this argument; this is no longer +supported. + +The changed functions are: the X.509 CRT and CSR writing functions; the PK +sign and decrypt function; the RSA encrypt, decrypt, sign and private +functions; the functions in DHM and ECDH that compute the share secret; the +scalar multiplication functions in ECP. + +You now need to pass a properly seeded, cryptographically secure RNG to all +functions that accept a `f_rng` parameter. It is of course still possible to +pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a +context. + +Some functions gained an RNG parameter +-------------------------------------- + +This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`, +`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and +`mbedtls_pk_parse_keyfile()`. + +You now need to pass a properly seeded, cryptographically secure RNG when +calling these functions. It is used for blinding, a counter-measure against +side-channel attacks. + +The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed +------------------------------------------------------------------ + +This doesn't affect users of the default configuration; it only affects people +who were explicitly setting this option. + +This was a trade-off between code size and counter-measures; it is no longer +relevant as the counter-measure is now always on at no cost in code size. diff --git a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md index e400650dd..d21d5ed85 100644 --- a/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md +++ b/docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md @@ -19,11 +19,3 @@ RSA verification functions also no longer take random generator arguments (this was only needed when using a private key). This affects all applications using the RSA verify functions. -RNG is now mandatory in all RSA private key operations ------------------------------------------------------- - -The random generator is now mandatory for blinding in all RSA private-key -operations (`mbedtls_rsa_private`, `mbedtls_rsa_xxx_sign`, -`mbedtls_rsa_xxx_decrypt`) as well as for encryption -(`mbedtls_rsa_xxx_encrypt`). This means that passing a null `f_rng` is no longer -supported. From 36a8963b3b1c073eb9420d75ec45dc59fcfcd809 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 15 Jun 2021 11:43:33 +0200 Subject: [PATCH 223/236] Fix cmake build of programs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- programs/aes/CMakeLists.txt | 1 + programs/hash/CMakeLists.txt | 1 + programs/pkey/CMakeLists.txt | 2 ++ programs/random/CMakeLists.txt | 1 + programs/util/CMakeLists.txt | 1 + programs/x509/CMakeLists.txt | 1 + 6 files changed, 7 insertions(+) diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt index 62a54c768..85bcd5fca 100644 --- a/programs/aes/CMakeLists.txt +++ b/programs/aes/CMakeLists.txt @@ -5,6 +5,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${mbedcrypto_target}) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() install(TARGETS ${executables} diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt index b2f2a1f5c..729474c03 100644 --- a/programs/hash/CMakeLists.txt +++ b/programs/hash/CMakeLists.txt @@ -6,6 +6,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${mbedcrypto_target}) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() install(TARGETS ${executables} diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index 9c6fe7d49..3ad56436e 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -6,6 +6,7 @@ set(executables_mbedtls foreach(exe IN LISTS executables_mbedtls) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${mbedtls_target}) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() set(executables_mbedcrypto @@ -32,6 +33,7 @@ set(executables_mbedcrypto foreach(exe IN LISTS executables_mbedcrypto) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${mbedcrypto_target}) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto} diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt index f32dc31ee..e5edf7b58 100644 --- a/programs/random/CMakeLists.txt +++ b/programs/random/CMakeLists.txt @@ -6,6 +6,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${mbedcrypto_target}) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() install(TARGETS ${executables} diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt index 2a11212ec..7fc58cbcf 100644 --- a/programs/util/CMakeLists.txt +++ b/programs/util/CMakeLists.txt @@ -10,6 +10,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${libs}) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() install(TARGETS ${executables} diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt index cf57ca431..a04fa8bcf 100644 --- a/programs/x509/CMakeLists.txt +++ b/programs/x509/CMakeLists.txt @@ -13,6 +13,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${libs}) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() target_link_libraries(cert_app ${mbedtls_target}) From 7f93da1265c9798d81aed3d766bef6acbfe2f0fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 16 Jun 2021 10:20:30 +0200 Subject: [PATCH 224/236] Use the dedicated dummy_random in fuzzing programs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also make sure to initialize the DRBG before using it in fuzz_server (dummy_random uses ctr_drbg internally). Signed-off-by: Manuel Pégourié-Gonnard --- programs/fuzz/fuzz_dtlsserver.c | 3 +-- programs/fuzz/fuzz_privkey.c | 4 ++-- programs/fuzz/fuzz_server.c | 16 ++++++++-------- 3 files changed, 11 insertions(+), 12 deletions(-) diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index a64eef979..9a6e894a8 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -6,7 +6,6 @@ #include "common.h" #include "mbedtls/ssl.h" #include "test/certs.h" -#include "test/random.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" @@ -57,7 +56,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { return 1; if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, mbedtls_test_srv_key_len, NULL, 0, - mbedtls_test_rnd_std_rand, NULL ) != 0) + dummy_random, NULL ) != 0) return 1; #endif dummy_init(); diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index a06187562..b9a160e1e 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -3,7 +3,7 @@ #include #include #include "mbedtls/pk.h" -#include "test/random.h" +#include "common.h" //4 Kb should be enough for every bug ;-) #define MAX_LEN 0x1000 @@ -21,7 +21,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_pk_init( &pk ); ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0, - mbedtls_test_rnd_std_rand, NULL ); + dummy_random, NULL ); if (ret == 0) { #if defined(MBEDTLS_RSA_C) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index d4480c5c8..c35b42523 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -56,6 +56,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { options = Data[Size - 1]; if (initialized == 0) { + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + + if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, + (const unsigned char *) pers, strlen( pers ) ) != 0 ) + return 1; + #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) mbedtls_x509_crt_init( &srvcert ); mbedtls_pk_init( &pkey ); @@ -67,7 +74,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { return 1; if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, mbedtls_test_srv_key_len, NULL, 0, - mbedtls_ctr_drbg_random, &ctr_drbg ) != 0) + dummy_random, &ctr_drbg ) != 0) return 1; #endif @@ -81,17 +88,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { } mbedtls_ssl_init( &ssl ); mbedtls_ssl_config_init( &conf ); - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); #if defined(MBEDTLS_SSL_SESSION_TICKETS) mbedtls_ssl_ticket_init( &ticket_ctx ); #endif - if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen( pers ) ) != 0 ) - goto exit; - - if( mbedtls_ssl_config_defaults( &conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, From 1503a9adab19434dbf9daf23bfeb19468ba14411 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 16 Jun 2021 10:35:56 +0200 Subject: [PATCH 225/236] Use a proper DRBG in programs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- programs/pkey/key_app.c | 36 +++++++++++++++++++++++++------- programs/pkey/key_app_writer.c | 38 ++++++++++++++++++++++++++++------ programs/ssl/dtls_server.c | 1 - programs/ssl/ssl_server2.c | 8 +++---- 4 files changed, 64 insertions(+), 19 deletions(-) diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index 0e30be4b2..2145e072a 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -35,12 +35,13 @@ #endif /* MBEDTLS_PLATFORM_C */ #if defined(MBEDTLS_BIGNUM_C) && \ - defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) + defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \ + defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/error.h" #include "mbedtls/rsa.h" #include "mbedtls/pk.h" - -#include "test/random.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" #include #endif @@ -65,11 +66,13 @@ "\n" #if !defined(MBEDTLS_BIGNUM_C) || \ - !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) + !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C) int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or " - "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n"); + "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n"); mbedtls_exit( 0 ); } #else @@ -94,12 +97,19 @@ int main( int argc, char *argv[] ) int i; char *p, *q; + const char *pers = "pkey/key_app"; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_pk_context pk; mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; /* * Set to sane values */ + mbedtls_entropy_init( &entropy ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_pk_init( &pk ); memset( buf, 0, sizeof(buf) ); @@ -183,8 +193,16 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Loading the private key ..." ); fflush( stdout ); + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret ); + goto cleanup; + } + ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password, - mbedtls_test_rnd_std_rand, NULL ); + mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { @@ -302,6 +320,9 @@ cleanup: } #endif + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + mbedtls_pk_free( &pk ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); @@ -314,4 +335,5 @@ cleanup: mbedtls_exit( exit_code ); } -#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ +#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO && + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index c7f974118..89c67ed9e 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -34,12 +34,15 @@ #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #endif /* MBEDTLS_PLATFORM_C */ -#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) +#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \ + defined(MBEDTLS_FS_IO) && \ + defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C) #include "mbedtls/error.h" #include "mbedtls/pk.h" #include "mbedtls/error.h" -#include "test/random.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" #include #include @@ -90,10 +93,14 @@ #if !defined(MBEDTLS_PK_PARSE_C) || \ !defined(MBEDTLS_PK_WRITE_C) || \ - !defined(MBEDTLS_FS_IO) + !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_ENTROPY_C) || \ + !defined(MBEDTLS_CTR_DRBG_C) int main( void ) { - mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" ); + mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or " + "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or " + "MBEDTLS_FS_IO not defined.\n" ); mbedtls_exit( 0 ); } #else @@ -203,12 +210,19 @@ int main( int argc, char *argv[] ) int i; char *p, *q; + const char *pers = "pkey/key_app"; + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_pk_context key; mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; /* * Set to sane values */ + mbedtls_entropy_init( &entropy ); + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_pk_init( &key ); memset( buf, 0, sizeof( buf ) ); @@ -294,8 +308,16 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Loading the private key ..." ); fflush( stdout ); + if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, + strlen( pers ) ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret ); + goto exit; + } + ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL, - mbedtls_test_rnd_std_rand, NULL ); + mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); @@ -431,6 +453,9 @@ exit: mbedtls_pk_free( &key ); + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); @@ -438,4 +463,5 @@ exit: mbedtls_exit( exit_code ); } -#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */ +#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO && + MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 857671ff4..d2cc4509d 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -81,7 +81,6 @@ int main( void ) #include "mbedtls/timing.h" #include "test/certs.h" -#include "test/random.h" #if defined(MBEDTLS_SSL_CACHE_C) #include "mbedtls/ssl_cache.h" diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 37f4348ed..68cc0275d 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -20,7 +20,6 @@ #define MBEDTLS_ALLOW_PRIVATE_ACCESS #include "ssl_test_lib.h" -#include "test/random.h" #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE) int main( void ) @@ -689,7 +688,7 @@ void sni_free( sni_entry *head ) * * Modifies the input string! This is not production quality! */ -sni_entry *sni_parse( char *sni_string ) +sni_entry *sni_parse( char *sni_string, rng_context_t *p_rng ) { sni_entry *cur = NULL, *new = NULL; char *p = sni_string; @@ -728,8 +727,7 @@ sni_entry *sni_parse( char *sni_string ) mbedtls_pk_init( new->key ); if( mbedtls_x509_crt_parse_file( new->cert, crt_file ) != 0 || - mbedtls_pk_parse_keyfile( new->key, key_file, "", - mbedtls_test_rnd_std_rand, NULL ) != 0 ) + mbedtls_pk_parse_keyfile( new->key, key_file, "", rng_get, p_rng ) != 0 ) goto error; if( strcmp( ca_file, "-" ) != 0 ) @@ -2373,7 +2371,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting up SNI information..." ); fflush( stdout ); - if( ( sni_info = sni_parse( opt.sni ) ) == NULL ) + if( ( sni_info = sni_parse( opt.sni, &rng ) ) == NULL ) { mbedtls_printf( " failed\n" ); goto exit; From 8707259318618bb6d1b972b470cb21b3b730a8f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 16 Jun 2021 11:02:38 +0200 Subject: [PATCH 226/236] Improve ChangeLog and migration guide entries MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/mandatory-rng-param.txt | 14 ++++++++------ docs/3.0-migration-guide.d/mandatory-rng-param.md | 12 ++++++++---- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/ChangeLog.d/mandatory-rng-param.txt b/ChangeLog.d/mandatory-rng-param.txt index 4e04248fa..39ee33533 100644 --- a/ChangeLog.d/mandatory-rng-param.txt +++ b/ChangeLog.d/mandatory-rng-param.txt @@ -1,12 +1,14 @@ API changes - * For all functions that take an RNG parameter, this parameter is now - mandatory (that is, NULL is not an acceptable value). Functions which - previously accepted NULL and now reject it are: the X.509 CRT and CSR - writing functions; the PK sign and decrypt function; the RSA encrypt, - decrypt, sign and private functions; the function in DHM and ECDH that - compute the share secret; the scalar multiplication functions in ECP. + * For all functions that take a random number generator (RNG) as a + parameter, this parameter is now mandatory (that is, NULL is not an + acceptable value). Functions which previously accepted NULL and now + reject it are: the X.509 CRT and CSR writing functions; the PK and RSA + sign and decrypt function; mbedtls_rsa_private(); the functions + in DHM and ECDH that compute the shared secret; the scalar multiplication + functions in ECP. * The following functions now require an RNG parameter: mbedtls_ecp_check_pub_priv(), mbedtls_pk_check_pair(), mbedtls_pk_parse_key(), mbedtls_pk_parse_keyfile(). +Removals * The configuration option MBEDTLS_ECP_NO_INTERNAL_RNG has been removed as it no longer had any effect. diff --git a/docs/3.0-migration-guide.d/mandatory-rng-param.md b/docs/3.0-migration-guide.d/mandatory-rng-param.md index 3cbc35695..f6aba08b1 100644 --- a/docs/3.0-migration-guide.d/mandatory-rng-param.md +++ b/docs/3.0-migration-guide.d/mandatory-rng-param.md @@ -5,16 +5,20 @@ This change affects all users who called a function accepting a `f_rng` parameter with `NULL` as the value of this argument; this is no longer supported. -The changed functions are: the X.509 CRT and CSR writing functions; the PK -sign and decrypt function; the RSA encrypt, decrypt, sign and private -functions; the functions in DHM and ECDH that compute the share secret; the -scalar multiplication functions in ECP. +The changed functions are: the X.509 CRT and CSR writing functions; the PK and +RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM +and ECDH that compute the shared secret; the scalar multiplication functions in +ECP. You now need to pass a properly seeded, cryptographically secure RNG to all functions that accept a `f_rng` parameter. It is of course still possible to pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a context. +Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT` +configuration options) may have their own internal and are free to ignore the +`f_rng` argument but must allow users to pass one anyway. + Some functions gained an RNG parameter -------------------------------------- From 6f19ce317bd68c4656b802529f7df0ef56546d27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 16 Jun 2021 12:08:34 +0200 Subject: [PATCH 227/236] Fix async support in ssl_server2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- programs/ssl/ssl_server2.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 68cc0275d..51125bdb6 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -525,6 +525,8 @@ int main( void ) (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \ } +/* This is global so it can be easily accessed by callback functions */ +rng_context_t rng; /* * global options @@ -688,7 +690,7 @@ void sni_free( sni_entry *head ) * * Modifies the input string! This is not production quality! */ -sni_entry *sni_parse( char *sni_string, rng_context_t *p_rng ) +sni_entry *sni_parse( char *sni_string ) { sni_entry *cur = NULL, *new = NULL; char *p = sni_string; @@ -727,7 +729,7 @@ sni_entry *sni_parse( char *sni_string, rng_context_t *p_rng ) mbedtls_pk_init( new->key ); if( mbedtls_x509_crt_parse_file( new->cert, crt_file ) != 0 || - mbedtls_pk_parse_keyfile( new->key, key_file, "", rng_get, p_rng ) != 0 ) + mbedtls_pk_parse_keyfile( new->key, key_file, "", rng_get, &rng ) != 0 ) goto error; if( strcmp( ca_file, "-" ) != 0 ) @@ -1045,7 +1047,8 @@ static int ssl_async_start( mbedtls_ssl_context *ssl, for( slot = 0; slot < config_data->slots_used; slot++ ) { if( mbedtls_pk_check_pair( &cert->pk, - config_data->slots[slot].pk ) == 0 ) + config_data->slots[slot].pk, + rng_get, &rng ) == 0 ) break; } if( slot == config_data->slots_used ) @@ -1271,7 +1274,6 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_X509_CRT_PARSE_C) mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; #endif - rng_context_t rng; mbedtls_ssl_context ssl; mbedtls_ssl_config conf; #if defined(MBEDTLS_TIMING_C) @@ -2371,7 +2373,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting up SNI information..." ); fflush( stdout ); - if( ( sni_info = sni_parse( opt.sni, &rng ) ) == NULL ) + if( ( sni_info = sni_parse( opt.sni ) ) == NULL ) { mbedtls_printf( " failed\n" ); goto exit; From 6ff9ef56a507a02cb338f8de70acca3f53de913b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 16 Jun 2021 12:37:10 +0200 Subject: [PATCH 228/236] Fix cmake build of fuzz_privkey MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- programs/fuzz/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 4f35d7663..c7fcd356b 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -8,7 +8,6 @@ if(FUZZINGENGINE_LIB) endif() set(executables_no_common_c - fuzz_privkey fuzz_pubkey fuzz_x509crl fuzz_x509crt @@ -16,6 +15,7 @@ set(executables_no_common_c ) set(executables_with_common_c + fuzz_privkey fuzz_client fuzz_dtlsclient fuzz_dtlsserver From 609ab6478be8bf6ebd62add5ebf93cef7113ab0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 16 Jun 2021 14:29:11 +0200 Subject: [PATCH 229/236] Fix warning in some configurations MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/pkparse.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/pkparse.c b/library/pkparse.c index 5438ee4a0..25fc1fecd 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1010,6 +1010,11 @@ static int pk_parse_key_pkcs8_unencrypted_der( mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; const mbedtls_pk_info_t *pk_info; +#if !defined(MBEDTLS_ECP_C) + (void) f_rng; + (void) p_rng; +#endif + /* * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208) * From 75628d51b3c4bc834f92a276eec35fcb65121b39 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 18 Jun 2021 12:56:27 +0200 Subject: [PATCH 230/236] Code review fixes Reverting some deleted tests and changing the deprecated algo Deleting deprecated headers from /alt-dummy dir Corrections to the comments Removal of deleted functions from compat-2.x.h Corrections to tests/data_files/Makefile Signed-off-by: TRodziewicz --- doxygen/input/doc_hashing.h | 2 +- include/mbedtls/compat-2.x.h | 8 -- include/mbedtls/config.h | 2 + library/ssl_ciphersuites.c | 2 +- tests/data_files/Makefile | 10 +- tests/include/alt-dummy/arc4_alt.h | 30 ---- tests/include/alt-dummy/blowfish_alt.h | 29 ---- tests/include/alt-dummy/md2_alt.h | 30 ---- tests/include/alt-dummy/md4_alt.h | 30 ---- tests/include/alt-dummy/xtea_alt.h | 29 ---- tests/suites/test_suite_ccm.data | 4 + tests/suites/test_suite_pkparse.data | 14 +- tests/suites/test_suite_psa_crypto.data | 9 ++ tests/suites/test_suite_rsa.data | 18 +-- tests/suites/test_suite_x509parse.data | 184 ++++++++++++------------ 15 files changed, 131 insertions(+), 270 deletions(-) delete mode 100644 tests/include/alt-dummy/arc4_alt.h delete mode 100644 tests/include/alt-dummy/blowfish_alt.h delete mode 100644 tests/include/alt-dummy/md2_alt.h delete mode 100644 tests/include/alt-dummy/md4_alt.h delete mode 100644 tests/include/alt-dummy/xtea_alt.h diff --git a/doxygen/input/doc_hashing.h b/doxygen/input/doc_hashing.h index 42a3754e1..931e6e928 100644 --- a/doxygen/input/doc_hashing.h +++ b/doxygen/input/doc_hashing.h @@ -34,7 +34,7 @@ * \c mbedtls_md_setup()) * * The following hashing-algorithms are provided: - * - MD5 128-bit one-way hash functions by Ron Rivest. + * - MD5 128-bit one-way hash function by Ron Rivest. * - SHA-1, SHA-256, SHA-384/512 160-bit or more one-way hash functions by * NIST and NSA. * diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h index fe0779045..cdf81dcbb 100644 --- a/include/mbedtls/compat-2.x.h +++ b/include/mbedtls/compat-2.x.h @@ -34,14 +34,6 @@ */ #define mbedtls_ctr_drbg_update_ret mbedtls_ctr_drbg_update #define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update -#define mbedtls_md2_starts_ret mbedtls_md2_starts -#define mbedtls_md2_update_ret mbedtls_md2_update -#define mbedtls_md2_finish_ret mbedtls_md2_finish -#define mbedtls_md2_ret mbedtls_md2 -#define mbedtls_md4_starts_ret mbedtls_md4_starts -#define mbedtls_md4_update_ret mbedtls_md4_update -#define mbedtls_md4_finish_ret mbedtls_md4_finish -#define mbedtls_md4_ret mbedtls_md4 #define mbedtls_md5_starts_ret mbedtls_md5_starts #define mbedtls_md5_update_ret mbedtls_md5_update #define mbedtls_md5_finish_ret mbedtls_md5_finish diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index b566bc789..e8e2b1b7b 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -335,6 +335,8 @@ //#define MBEDTLS_ECP_ALT /** + * \def MBEDTLS_SHA256_PROCESS_ALT + * * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you * alternate core implementation of symmetric crypto or hash function. Keep in * mind that function prototypes should remain the same. diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 1bda9c066..be0acb78f 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -38,7 +38,7 @@ /* * Ordered from most preferred to least preferred in terms of security. * - * Current rule (except RC4 and 3DES, weak and null which come last): + * Current rule (except weak and null which come last): * 1. By key exchange: * Forward-secure non-PSK > forward-secure PSK > ECJPAKE > other non-PSK > other PSK * 2. By key length and cipher: diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 16685d26d..e86706c8a 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -416,6 +416,8 @@ rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der +keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des + ### 2048-bit rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES @@ -433,6 +435,8 @@ rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der +keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des + ### 4096-bit rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES @@ -450,6 +454,8 @@ rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der +keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des + ### ### PKCS8-v2 encoded, encrypted RSA keys, no PRF specified (default for OpenSSL1.0: hmacWithSHA1) ### @@ -863,10 +869,6 @@ server1.req.sha1: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 all_final += server1.req.sha1 -server1.req.md4: server1.key - $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD4 -all_final += server1.req.md4 - server1.req.md5: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=MD5 all_final += server1.req.md5 diff --git a/tests/include/alt-dummy/arc4_alt.h b/tests/include/alt-dummy/arc4_alt.h deleted file mode 100644 index b8c2e86a0..000000000 --- a/tests/include/alt-dummy/arc4_alt.h +++ /dev/null @@ -1,30 +0,0 @@ -/* arc4_alt.h with dummy types for MBEDTLS_ARC4_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef ARC4_ALT_H -#define ARC4_ALT_H - -typedef struct mbedtls_arc4_context -{ - int dummy; -} -mbedtls_arc4_context; - - -#endif /* arc4_alt.h */ diff --git a/tests/include/alt-dummy/blowfish_alt.h b/tests/include/alt-dummy/blowfish_alt.h deleted file mode 100644 index 5a4f739d5..000000000 --- a/tests/include/alt-dummy/blowfish_alt.h +++ /dev/null @@ -1,29 +0,0 @@ -/* blowfish_alt.h with dummy types for MBEDTLS_BLOWFISH_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef BLOWFISH_ALT_H -#define BLOWFISH_ALT_H - -typedef struct mbedtls_blowfish_context -{ - int dummy; -} -mbedtls_blowfish_context; - - -#endif /* blowfish_alt.h */ diff --git a/tests/include/alt-dummy/md2_alt.h b/tests/include/alt-dummy/md2_alt.h deleted file mode 100644 index 70c7f1519..000000000 --- a/tests/include/alt-dummy/md2_alt.h +++ /dev/null @@ -1,30 +0,0 @@ -/* md2_alt.h with dummy types for MBEDTLS_MD2_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef MD2_ALT_H -#define MD2_ALT_H - -typedef struct mbedtls_md2_context -{ - int dummy; -} -mbedtls_md2_context; - - -#endif /* md2_alt.h */ diff --git a/tests/include/alt-dummy/md4_alt.h b/tests/include/alt-dummy/md4_alt.h deleted file mode 100644 index db13f3d8d..000000000 --- a/tests/include/alt-dummy/md4_alt.h +++ /dev/null @@ -1,30 +0,0 @@ -/* md4_alt.h with dummy types for MBEDTLS_MD4_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -#ifndef MD4_ALT_H -#define MD4_ALT_H - -typedef struct mbedtls_md4_context -{ - int dummy; -} -mbedtls_md4_context; - - -#endif /* md4_alt.h */ diff --git a/tests/include/alt-dummy/xtea_alt.h b/tests/include/alt-dummy/xtea_alt.h deleted file mode 100644 index cb21a3a54..000000000 --- a/tests/include/alt-dummy/xtea_alt.h +++ /dev/null @@ -1,29 +0,0 @@ -/* xtea_alt.h with dummy types for MBEDTLS_XTEA_ALT */ -/* - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef XTEA_ALT_H -#define XTEA_ALT_H - -typedef struct mbedtls_xtea_context -{ - int dummy; -} -mbedtls_xtea_context; - - -#endif /* xtea_alt.h */ diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index cdb1898a0..a1b876e60 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -13,6 +13,10 @@ CCM init #3 AES-224: bad key size depends_on:MBEDTLS_AES_C mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:224:MBEDTLS_ERR_CCM_BAD_INPUT +CCM init #4 BLOWFISH-128: bad block size +depends_on:MBEDTLS_DES_C +mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_DES:128:MBEDTLS_ERR_CCM_BAD_INPUT + CCM lengths #1 all OK ccm_lengths:5:10:5:8:0 diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 53746282b..1172b308a 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -984,31 +984,31 @@ Parse EC Key #5c (PKCS8 PEM, with parameters) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_prv.pk8param.pem":"NULL":0 -Parse EC Key #6 (SEC1 PEM, secp224r1) +Parse EC Key #8 (SEC1 PEM, secp224r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_224_prv.pem":"NULL":0 -Parse EC Key #7 (SEC1 PEM, secp256r1) +Parse EC Key #9 (SEC1 PEM, secp256r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_256_prv.pem":"NULL":0 -Parse EC Key #8 (SEC1 PEM, secp384r1) +Parse EC Key #10 (SEC1 PEM, secp384r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_384_prv.pem":"NULL":0 -Parse EC Key #9 (SEC1 PEM, secp521r1) +Parse EC Key #11 (SEC1 PEM, secp521r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_521_prv.pem":"NULL":0 -Parse EC Key #10 (SEC1 PEM, bp256r1) +Parse EC Key #12 (SEC1 PEM, bp256r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp256_prv.pem":"NULL":0 -Parse EC Key #11 (SEC1 PEM, bp384r1) +Parse EC Key #13 (SEC1 PEM, bp384r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp384_prv.pem":"NULL":0 -Parse EC Key #12 (SEC1 PEM, bp512r1) +Parse EC Key #14 (SEC1 PEM, bp512r1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_parse_keyfile_ec:"data_files/ec_bp512_prv.pem":"NULL":0 diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 2b92a06c1..56ba2412c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1130,6 +1130,10 @@ PSA MAC setup: bad algorithm (HMAC without specified hash) # Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(0):PSA_ERROR_NOT_SUPPORTED +PSA MAC setup: bad algorithm (unsupported HMAC hash algorithm) +depends_on:!PSA_WANT_ALG_MD5 +mac_setup:PSA_KEY_TYPE_HMAC:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f":PSA_ALG_HMAC(PSA_ALG_MD5):PSA_ERROR_NOT_SUPPORTED + PSA MAC setup: bad algorithm (not a MAC algorithm) depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES mac_setup:PSA_KEY_TYPE_AES:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CBC_NO_PADDING:PSA_ERROR_INVALID_ARGUMENT @@ -1390,6 +1394,11 @@ depends_on:MBEDTLS_CIPHER_MODE_CTR # Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here cipher_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED +PSA cipher setup: incompatible key ChaCha20 for CTR +depends_on:MBEDTLS_ARC4_C:MBEDTLS_CIPHER_MODE_CTR +# Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here +cipher_setup:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED + PSA cipher: bad order function calls cipher_bad_order: diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 98dad0b06..e81f208ef 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -220,39 +220,39 @@ RSA PKCS1 Sign #4 Verify depends_on:MBEDTLS_SHA384_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"40dcc96822e5612eb33f1dca247a35109ba3845c7a3d556a60e656624bf1c103d94686ca7379e9e329ccd1b19b52bfd48b608df9f59a96a82d3feb0101096dbcb80e46da543b4c982ac6bb1717f24f9fe3f76b7154492b47525be1ddcaf4631d33481531be8f3e685837b40bdf4a02827d79f6a32374147174680f51c8e0d8eed9d5c445a563a7bce9ef4236e7cfdc12b2223ef457c3e8ccc6dd65cc23e977a1f03f5ef584feb9af00efc71a701f9d413b0290af17692cb821a1e863d5778e174b1130659f30583f434f09cb1212471a41dd65c102de64a194b6ae3e43cd75928049db78042c58e980aff3ea2774e42845bcf217410a118cf5deeaa64224dbc8":0 -RSA PKCS1 Sign #5 (MD5, 2048 bits RSA) +RSA PKCS1 Sign #7 (MD5, 2048 bits RSA) depends_on:MBEDTLS_MD5_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_MD5:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":0 -RSA PKCS1 Sign #5 Verify +RSA PKCS1 Sign #7 Verify depends_on:MBEDTLS_MD5_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_MD5:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":0 -RSA PKCS1 Sign #6 (RAW, 2048 bits RSA) +RSA PKCS1 Sign #8 (RAW, 2048 bits RSA) depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_sign_raw:"1234567890deadbeef":MBEDTLS_RSA_PKCS_V15:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8" -RSA PKCS1 Sign #6 Verify +RSA PKCS1 Sign #8 Verify depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_verify_raw:"1234567890deadbeef":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":0 -RSA PKCS1 Sign #6 Verify (Wrong raw hash) +RSA PKCS1 Sign #8 Verify (Wrong raw hash) depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_verify_raw:"1234567890deadcafe":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"605baf947c0de49e4f6a0dfb94a43ae318d5df8ed20ba4ba5a37a73fb009c5c9e5cce8b70a25b1c7580f389f0d7092485cdfa02208b70d33482edf07a7eafebdc54862ca0e0396a5a7d09991b9753eb1ffb6091971bb5789c6b121abbcd0a3cbaa39969fa7c28146fce96c6d03272e3793e5be8f5abfa9afcbebb986d7b3050604a2af4d3a40fa6c003781a539a60259d1e84f13322da9e538a49c369b83e7286bf7d30b64bbb773506705da5d5d5483a563a1ffacc902fb75c9a751b1e83cdc7a6db0470056883f48b5a5446b43b1d180ea12ba11a6a8d93b3b32a30156b6084b7fb142998a2a0d28014b84098ece7d9d5e4d55cc342ca26f5a0167a679dec8":MBEDTLS_ERR_RSA_VERIFY_FAILED -RSA PKCS1 Sign #7 (Invalid Digest type) +RSA PKCS1 Sign #9 (Invalid Digest type) depends_on:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:255:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSA PKCS1 Sign #7 Verify (Invalid Digest type) +RSA PKCS1 Sign #9 Verify (Invalid Digest type) depends_on:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:255:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"3bcf673c3b27f6e2ece4bb97c7a37161e6c6ee7419ef366efc3cfee0f15f415ff6d9d4390937386c6fec1771acba73f24ec6b0469ea8b88083f0b4e1b6069d7bf286e67cf94182a548663137e82a6e09c35de2c27779da0503f1f5bedfebadf2a875f17763a0564df4a6d945a5a3e46bc90fb692af3a55106aafc6b577587456ff8d49cfd5c299d7a2b776dbe4c1ae777b0f64aa3bab27689af32d6cc76157c7dc6900a3469e18a7d9b6bfe4951d1105a08864575e4f4ec05b3e053f9b7a2d5653ae085e50a63380d6bdd6f58ab378d7e0a2be708c559849891317089ab04c82d8bc589ea088b90b11dea5cf85856ff7e609cc1adb1d403beead4c126ff29021":MBEDTLS_ERR_RSA_BAD_INPUT_DATA -RSA PKCS1 Sign #8 (RIPEMD160, 2048 bits RSA) +RSA PKCS1 Sign #10 (RIPEMD160, 2048 bits RSA) depends_on:MBEDTLS_RIPEMD160_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_sign:"616263":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_RIPEMD160:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"aa2d9f88334d61bed74317ba549b1463600a9219801240cca5c11b9cdda29373172a28151313fb2cf73bb68af167e4ec645b6f065028802afbcfbc10e6c2c824e3c4d50c7181193b93734832170f0c5d3dd9ba5808f0e2a5c16b3d0df90defefef8e8fde5906962d42a2f0d62d7f81977f367f436f10c8b1183ccf6676953f7219445938f725d0cb62efbabf092de531642863b381e2694f2bf544ff6a4fefa7b37cdbf6292dbedcacf6e57d6f206ce5df0fd2771f9f64818f59a0ab7a5f003b368dc3eb51ab9409a0ec4e43f45281ee9a560664de88965ab207e256303d9dcb8233ed6ad0a5ad7f81e2f8c7a196dc81e2c8b6dde8a77fb6cfd1e5477ece9df8":0 -RSA PKCS1 Verify #8 (RIPEMD160, 2048 bits RSA) +RSA PKCS1 Verify #10 (RIPEMD160, 2048 bits RSA) depends_on:MBEDTLS_RIPEMD160_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"616263":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_RIPEMD160:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"aa2d9f88334d61bed74317ba549b1463600a9219801240cca5c11b9cdda29373172a28151313fb2cf73bb68af167e4ec645b6f065028802afbcfbc10e6c2c824e3c4d50c7181193b93734832170f0c5d3dd9ba5808f0e2a5c16b3d0df90defefef8e8fde5906962d42a2f0d62d7f81977f367f436f10c8b1183ccf6676953f7219445938f725d0cb62efbabf092de531642863b381e2694f2bf544ff6a4fefa7b37cdbf6292dbedcacf6e57d6f206ce5df0fd2771f9f64818f59a0ab7a5f003b368dc3eb51ab9409a0ec4e43f45281ee9a560664de88965ab207e256303d9dcb8233ed6ad0a5ad7f81e2f8c7a196dc81e2c8b6dde8a77fb6cfd1e5477ece9df8":0 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 7c6a9d39a..e21b450b9 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -507,371 +507,371 @@ X509 CRT verification #10 (Not trusted Cert, Expired CRL) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #11 (Valid Cert MD5 Digest, MD5 forbidden) +X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 forbidden) depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL" -X509 CRT verification #11 (Valid Cert MD5 Digest, MD5 allowed) +X509 CRT verification #13 (Valid Cert MD5 Digest, MD5 allowed) depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL" -X509 CRT verification #12 (Valid Cert SHA1 Digest explicitly allowed in profile) +X509 CRT verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile) depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #12 (Valid Cert SHA1 Digest forbidden in default profile) +X509 CRT verification #14 (Valid Cert SHA1 Digest forbidden in default profile) depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"":"NULL" -X509 CRT verification #13 (Valid Cert SHA224 Digest) +X509 CRT verification #15 (Valid Cert SHA224 Digest) depends_on:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #14 (Valid Cert SHA256 Digest) +X509 CRT verification #16 (Valid Cert SHA256 Digest) depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #15 (Valid Cert SHA384 Digest) +X509 CRT verification #17 (Valid Cert SHA384 Digest) depends_on:MBEDTLS_SHA384_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #16 (Valid Cert SHA512 Digest) +X509 CRT verification #18 (Valid Cert SHA512 Digest) depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #17 (Valid Cert, denying callback) +X509 CRT verification #19 (Valid Cert, denying callback) depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"compat":"verify_none" -X509 CRT verification #18 (Not trusted Cert, allowing callback) +X509 CRT verification #19 (Not trusted Cert, allowing callback) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"compat":"verify_all" -X509 CRT verification #19 (domain matching wildcard certificate, case insensitive) +X509 CRT verification #21 (domain matching wildcard certificate, case insensitive) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.ExAmPlE.com":0:0:"compat":"NULL" -X509 CRT verification #20 (domain not matching wildcard certificate) +X509 CRT verification #22 (domain not matching wildcard certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #21 (domain not matching wildcard certificate) +X509 CRT verification #23 (domain not matching wildcard certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #22 (domain matching CN of multi certificate) +X509 CRT verification #24 (domain matching CN of multi certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #23 (domain matching multi certificate) +X509 CRT verification #25 (domain matching multi certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.net":0:0:"compat":"NULL" -X509 CRT verification #24 (domain not matching multi certificate) +X509 CRT verification #26 (domain not matching multi certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #25.1 (domain not matching multi certificate: suffix) +X509 CRT verification #27.1 (domain not matching multi certificate: suffix) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"xample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #25.2 (domain not matching multi certificate: head junk) +X509 CRT verification #27.2 (domain not matching multi certificate: head junk) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"bexample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #26 (domain not matching wildcard in multi certificate) +X509 CRT verification #28 (domain not matching wildcard in multi certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.org":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL" -X509 CRT verification #27 (domain matching wildcard in multi certificate) +X509 CRT verification #29 (domain matching wildcard in multi certificate) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.org":0:0:"compat":"NULL" -X509 CRT verification #28 (domain matching multi certificate without CN) +X509 CRT verification #30 (domain matching multi certificate without CN) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.shotokan-braunschweig.de":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #29 (domain not matching multi certificate without CN) +X509 CRT verification #31 (domain not matching multi certificate without CN) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #30 (Valid, EC cert, RSA CA) +X509 CRT verification #32 (Valid, EC cert, RSA CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #31 (Valid, RSA cert, EC CA) +X509 CRT verification #33 (Valid, RSA cert, EC CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #32 (Valid, EC cert, EC CA) +X509 CRT verification #34 (Valid, EC cert, EC CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #33 (Revoked, EC CA) +X509 CRT verification #35 (Revoked, EC CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" -X509 CRT verification #34 (Valid, EC CA, SHA1 Digest) +X509 CRT verification #36 (Valid, EC CA, SHA1 Digest) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #35 (Valid, EC CA, SHA224 Digest) +X509 CRT verification #37 (Valid, EC CA, SHA224 Digest) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA224_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #36 (Valid, EC CA, SHA384 Digest) +X509 CRT verification #38 (Valid, EC CA, SHA384 Digest) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA384_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #37 (Valid, EC CA, SHA512 Digest) +X509 CRT verification #39 (Valid, EC CA, SHA512 Digest) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #38 (Valid, depth 0, RSA, CA) +X509 CRT verification #40 (Valid, depth 0, RSA, CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #39 (Valid, depth 0, EC, CA) +X509 CRT verification #41 (Valid, depth 0, EC, CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #40 (Depth 0, not CA, RSA) +X509 CRT verification #42 (Depth 0, not CA, RSA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #41 (Depth 0, not CA, EC) +X509 CRT verification #43 (Depth 0, not CA, EC) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #42 (Corrupted signature, EC) +X509 CRT verification #44 (Corrupted signature, EC) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #43 (Corrupted signature, RSA) +X509 CRT verification #45 (Corrupted signature, RSA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #43b (Corrupted signature, intermediate CA) +X509 CRT verification #45b (Corrupted signature, intermediate CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server7-badsign.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #44 (Valid, depth 2, EC-RSA-EC) +X509 CRT verification #46 (Valid, depth 2, EC-RSA-EC) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #45 (Untrusted, depth 2, EC-RSA-EC) +X509 CRT verification #47 (Untrusted, depth 2, EC-RSA-EC) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #46 (Missing intermediate CA, EC-RSA-EC) +X509 CRT verification #48 (Missing intermediate CA, EC-RSA-EC) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #47 (Valid, depth 2, RSA-EC-RSA) +X509 CRT verification #49 (Valid, depth 2, RSA-EC-RSA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #48 (Valid, multiple CAs) +X509 CRT verification #50 (Valid, multiple CAs) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #49 (Valid, multiple CAs, reverse order) +X509 CRT verification #51 (Valid, multiple CAs, reverse order) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #50 (CA keyUsage valid) +X509 CRT verification #52 (CA keyUsage valid) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #51 (CA keyUsage missing cRLSign) +X509 CRT verification #53 (CA keyUsage missing cRLSign) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #52 (CA keyUsage missing cRLSign, no CRL) +X509 CRT verification #54 (CA keyUsage missing cRLSign, no CRL) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #53 (CA keyUsage missing keyCertSign) +X509 CRT verification #55 (CA keyUsage missing keyCertSign) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #54 (CA keyUsage plain wrong) +X509 CRT verification #56 (CA keyUsage plain wrong) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #55 (Valid, RSASSA-PSS, SHA-1) +X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #56 (Valid, RSASSA-PSS, SHA-224) +X509 CRT verification #58 (Valid, RSASSA-PSS, SHA-224) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA224_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #57 (Valid, RSASSA-PSS, SHA-256) +X509 CRT verification #59 (Valid, RSASSA-PSS, SHA-256) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #58 (Valid, RSASSA-PSS, SHA-384) +X509 CRT verification #60 (Valid, RSASSA-PSS, SHA-384) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA384_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #59 (Valid, RSASSA-PSS, SHA-512) +X509 CRT verification #61 (Valid, RSASSA-PSS, SHA-512) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #60 (Revoked, RSASSA-PSS, SHA-1) +X509 CRT verification #62 (Revoked, RSASSA-PSS, SHA-1) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" -X509 CRT verification #61 (Revoked, RSASSA-PSS, SHA-1, CRL badsign) +X509 CRT verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #62 (Valid, RSASSA-PSS, SHA-1, not top) +X509 CRT verification #64 (Valid, RSASSA-PSS, SHA-1, not top) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #63 (RSASSA-PSS, SHA1, bad cert signature) +X509 CRT verification #65 (RSASSA-PSS, SHA1, bad cert signature) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #64 (RSASSA-PSS, SHA1, no RSA CA) +X509 CRT verification #66 (RSASSA-PSS, SHA1, no RSA CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #65 (Valid, RSASSA-PSS, all defaults) +X509 CRT verification #67 (Valid, RSASSA-PSS, all defaults) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C x509_verify:"data_files/server9-defaults.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #66 (RSASSA-PSS, wrong salt_len) +X509 CRT verification #68 (RSASSA-PSS, wrong salt_len) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #67 (RSASSA-PSS, wrong mgf_hash) +X509 CRT verification #69 (RSASSA-PSS, wrong mgf_hash) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #68 (v1 trusted CA) +X509 CRT verification #70 (v1 trusted CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server1-v1.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #69 (v1 trusted CA, other) +X509 CRT verification #71 (v1 trusted CA, other) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server2-v1.crt":"data_files/server1-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #70 (v1 chain) +X509 CRT verification #72 (v1 chain) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #71 (selfsigned trusted without CA bit) +X509 CRT verification #73 (selfsigned trusted without CA bit) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #72 (signed by selfsigned trusted without CA bit) +X509 CRT verification #74 (signed by selfsigned trusted without CA bit) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 CRT verification #73 (encoding mismatch) +X509 CRT verification #75 (encoding mismatch) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #74 (multiple CRLs, not revoked) +X509 CRT verification #76 (multiple CRLs, not revoked) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #75 (multiple CRLs, revoked) +X509 CRT verification #77 (multiple CRLs, revoked) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" -X509 CRT verification #76 (multiple CRLs, revoked by second) +X509 CRT verification #78 (multiple CRLs, revoked by second) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" -X509 CRT verification #77 (multiple CRLs, revoked by future) +X509 CRT verification #79 (multiple CRLs, revoked by future) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" -X509 CRT verification #78 (multiple CRLs, first future, revoked by second) +X509 CRT verification #80 (multiple CRLs, first future, revoked by second) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" -X509 CRT verification #79 (multiple CRLs, none relevant) +X509 CRT verification #81 (multiple CRLs, none relevant) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #80 (Not yet valid CA and valid CA) +X509 CRT verification #82 (Not yet valid CA and valid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #81 (valid CA and Not yet valid CA) +X509 CRT verification #83 (valid CA and Not yet valid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #82 (valid CA and Not yet valid CA) +X509 CRT verification #84 (valid CA and Not yet valid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #83 (Not yet valid CA and valid CA) +X509 CRT verification #85 (Not yet valid CA and valid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #84 (Not yet valid CA and invalid CA) +X509 CRT verification #86 (Not yet valid CA and invalid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL" -X509 CRT verification #85 (Expired CA and invalid CA) +X509 CRT verification #87 (Expired CA and invalid CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL" -X509 CRT verification #86 (Spurious cert in the chain) +X509 CRT verification #88 (Spurious cert in the chain) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server7_spurious_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #87 (Spurious cert later in the chain) +X509 CRT verification #89 (Spurious cert later in the chain) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/server10_int3_spurious_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #88 (EE with same name as trusted root) +X509 CRT verification #90 (EE with same name as trusted root) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C x509_verify:"data_files/server5-ss-forgeca.crt":"data_files/test-int-ca3.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"":"NULL" -X509 CRT verification #89 (same CA with good then bad key) +X509 CRT verification #91 (same CA with good then bad key) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C x509_verify:"data_files/server1.crt":"data_files/test-ca-good-alt.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #89 (same CA with bad then good key) +X509 CRT verification #91 (same CA with bad then good key) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C x509_verify:"data_files/server1.crt":"data_files/test-ca-alt-good.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL" -X509 CRT verification #90 (bad name, allowing callback) +X509 CRT verification #92 (bad name, allowing callback) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all" -X509 CRT verification #91 (Suite B invalid, EC cert, RSA CA) +X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL" -X509 CRT verification #92 (Suite B invalid, RSA cert, EC CA) +X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_PK:"suite_b":"NULL" -X509 CRT verification #93 (Suite B Valid, EC cert, EC CA) +X509 CRT verification #95 (Suite B Valid, EC cert, EC CA) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"suite_b":"NULL" -X509 CRT verification #94 (next profile Invalid Cert SHA224 Digest) +X509 CRT verification #96 (next profile Invalid Cert SHA224 Digest) depends_on:MBEDTLS_SHA224_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCRL_BAD_MD:"next":"NULL" -X509 CRT verification #95 (next profile Valid Cert SHA256 Digest) +X509 CRT verification #97 (next profile Valid Cert SHA256 Digest) depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECDSA_C:MBEDTLS_SHA1_C x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"next":"NULL" -X509 CRT verification #96 (Revoked Cert, revocation date in the future, _with_ MBEDTLS_HAVE_TIME_DATE) +X509 CRT verification #98 (Revoked Cert, revocation date in the future, _with_ MBEDTLS_HAVE_TIME_DATE) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL" -X509 CRT verification #97 (Revoked Cert, revocation date in the future, _without_ MBEDTLS_HAVE_TIME_DATE) +X509 CRT verification #99 (Revoked Cert, revocation date in the future, _without_ MBEDTLS_HAVE_TIME_DATE) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_HAVE_TIME_DATE x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl-futureRevocationDate.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL" From 5c5b820352295a2726a5562af3261eb493efdc52 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 18 Jun 2021 12:21:25 +0100 Subject: [PATCH 231/236] Fix typo in doc'n of session resumption API Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 1e8976ed1..68fee03a7 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -3718,7 +3718,7 @@ const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ss * This must have been initialized with mbedtls_ssl_init_session() * but otherwise be unused. * - * \note This function can handle a variety of mechanism for session + * \note This function can handle a variety of mechanisms for session * resumption: For TLS 1.2, both session ID-based resumption and * ticket-based resumption will be considered. For TLS 1.3, * once implemented, sessions equate to tickets, and calling From 963bb810f4116f5ab8ad90cbc1cfb66677a69b52 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Fri, 18 Jun 2021 13:22:57 +0200 Subject: [PATCH 232/236] Removing global variable and moving variant function comment block Signed-off-by: TRodziewicz --- include/mbedtls/timing.h | 2 -- library/timing.c | 40 +++++++++++++++++++--------------------- 2 files changed, 19 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 5289889f9..6ffc812d8 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -61,8 +61,6 @@ typedef struct mbedtls_timing_delay_context #include "timing_alt.h" #endif /* MBEDTLS_TIMING_ALT */ -extern volatile int mbedtls_timing_alarmed; - /* Internal use */ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ); diff --git a/library/timing.c b/library/timing.c index e6dfc72d1..a85ce67b8 100644 --- a/library/timing.c +++ b/library/timing.c @@ -56,8 +56,25 @@ struct _hr_time #endif /* _WIN32 && !EFIX64 && !EFI32 */ -volatile int mbedtls_timing_alarmed = 0; - +/** + * \brief Return the elapsed time in milliseconds + * + * \warning May change without notice + * + * \param val points to a timer structure + * \param reset If 0, query the elapsed time. Otherwise (re)start the timer. + * + * \return Elapsed time since the previous reset in ms. When + * restarting, this is always 0. + * + * \note To initialize a timer, call this function with reset=1. + * + * Determining the elapsed time and resetting the timer is not + * atomic on all platforms, so after the sequence + * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 = + * get_timer(0) }` the value time1+time2 is only approximately + * the delay since the first reset. + */ #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32) unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) @@ -83,25 +100,6 @@ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int #else /* _WIN32 && !EFIX64 && !EFI32 */ -/** - * \brief Return the elapsed time in milliseconds - * - * \warning May change without notice - * - * \param val points to a timer structure - * \param reset If 0, query the elapsed time. Otherwise (re)start the timer. - * - * \return Elapsed time since the previous reset in ms. When - * restarting, this is always 0. - * - * \note To initialize a timer, call this function with reset=1. - * - * Determining the elapsed time and resetting the timer is not - * atomic on all platforms, so after the sequence - * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 = - * get_timer(0) }` the value time1+time2 is only approximately - * the delay since the first reset. - */ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) { struct _hr_time *t = (struct _hr_time *) val; From 05360005e37d66ae5b5e437c2f6ec1dadf13735b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 20 Jun 2021 23:08:19 +0200 Subject: [PATCH 233/236] Refactor file descriptor checks into a common function This will make it easier to change the behavior uniformly. No behavior change. Signed-off-by: Gilles Peskine --- library/net_sockets.c | 54 +++++++++++++++++++++++++------------------ 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 8f79b7401..746ed2a73 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -135,6 +135,26 @@ static int net_prepare( void ) return( 0 ); } +/* + * Return 0 if the file descriptor is valid, an error otherwise. + * If for_select != 0, check whether the file descriptor is within the range + * allowed for fd_set used for the FD_xxx macros and the select() function. + */ +static int check_fd( int fd, int for_select ) +{ + if( fd < 0 ) + return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + + /* A limitation of select() is that it only works with file descriptors + * that are strictly less than FD_SETSIZE. This is a limitation of the + * fd_set type. Error out early, because attempting to call FD_SET on a + * large file descriptor is a buffer overflow on typical platforms. */ + if( for_select && fd >= FD_SETSIZE ) + return( MBEDTLS_ERR_NET_POLL_FAILED ); + + return( 0 ); +} + /* * Initialize a context */ @@ -466,15 +486,9 @@ int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout ) int fd = ctx->fd; - if( fd < 0 ) - return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); - - /* A limitation of select() is that it only works with file descriptors - * that are strictly less than FD_SETSIZE. This is a limitation of the - * fd_set type. Error out early, because attempting to call FD_SET on a - * large file descriptor is a buffer overflow on typical platforms. */ - if( fd >= FD_SETSIZE ) - return( MBEDTLS_ERR_NET_POLL_FAILED ); + ret = check_fd( fd, 1 ); + if( ret != 0 ) + return( ret ); #if defined(__has_feature) #if __has_feature(memory_sanitizer) @@ -553,8 +567,9 @@ int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len ) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int fd = ((mbedtls_net_context *) ctx)->fd; - if( fd < 0 ) - return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + ret = check_fd( fd, 0 ); + if( ret != 0 ) + return( ret ); ret = (int) read( fd, buf, len ); @@ -592,15 +607,9 @@ int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, fd_set read_fds; int fd = ((mbedtls_net_context *) ctx)->fd; - if( fd < 0 ) - return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); - - /* A limitation of select() is that it only works with file descriptors - * that are strictly less than FD_SETSIZE. This is a limitation of the - * fd_set type. Error out early, because attempting to call FD_SET on a - * large file descriptor is a buffer overflow on typical platforms. */ - if( fd >= FD_SETSIZE ) - return( MBEDTLS_ERR_NET_POLL_FAILED ); + ret = check_fd( fd, 1 ); + if( ret != 0 ) + return( ret ); FD_ZERO( &read_fds ); FD_SET( fd, &read_fds ); @@ -640,8 +649,9 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len ) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int fd = ((mbedtls_net_context *) ctx)->fd; - if( fd < 0 ) - return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); + ret = check_fd( fd, 0 ); + if( ret != 0 ) + return( ret ); ret = (int) write( fd, buf, len ); From a5dd7bded8a0fb84043db1ef28b3577d173a54a1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 20 Jun 2021 22:01:36 +0200 Subject: [PATCH 234/236] Fix fd range for select on Windows Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with MBEDTLS_ERR_NET_POLL_FAILED on Windows: they were testing that the file descriptor is in range for fd_set, but on Windows socket descriptors are not limited to a small range. Fixes #4465. Signed-off-by: Gilles Peskine --- ChangeLog.d/winsock.txt | 4 ++++ library/net_sockets.c | 5 +++++ 2 files changed, 9 insertions(+) create mode 100644 ChangeLog.d/winsock.txt diff --git a/ChangeLog.d/winsock.txt b/ChangeLog.d/winsock.txt new file mode 100644 index 000000000..0b42e691c --- /dev/null +++ b/ChangeLog.d/winsock.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix mbedtls_net_poll() and mbedtls_net_recv_timeout() often failing with + MBEDTLS_ERR_NET_POLL_FAILED on Windows. Fixes #4465. + diff --git a/library/net_sockets.c b/library/net_sockets.c index 746ed2a73..5fbe1f764 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -145,12 +145,17 @@ static int check_fd( int fd, int for_select ) if( fd < 0 ) return( MBEDTLS_ERR_NET_INVALID_CONTEXT ); +#if (defined(_WIN32) || defined(_WIN32_WCE)) && !defined(EFIX64) && \ + !defined(EFI32) + (void) for_select; +#else /* A limitation of select() is that it only works with file descriptors * that are strictly less than FD_SETSIZE. This is a limitation of the * fd_set type. Error out early, because attempting to call FD_SET on a * large file descriptor is a buffer overflow on typical platforms. */ if( for_select && fd >= FD_SETSIZE ) return( MBEDTLS_ERR_NET_POLL_FAILED ); +#endif return( 0 ); } From f41dc7cb356db6efc06b0baba3ad0b95b9694ff0 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 21 Jun 2021 13:27:29 +0200 Subject: [PATCH 235/236] Removal of RC4 certs and fixes to docs and tests Signed-off-by: TRodziewicz --- .../rename_the__ret_functions.md | 8 --- docs/3.0-migration-guide.md | 2 +- .../rsa_pkcs8_pbe_sha1_1024_rc4_128.der | Bin 674 -> 0 bytes .../rsa_pkcs8_pbe_sha1_1024_rc4_128.pem | 17 ------ .../rsa_pkcs8_pbe_sha1_2048_rc4_128.der | Bin 1256 -> 0 bytes .../rsa_pkcs8_pbe_sha1_2048_rc4_128.pem | 29 ---------- .../rsa_pkcs8_pbe_sha1_4096_rc4_128.der | Bin 2412 -> 0 bytes .../rsa_pkcs8_pbe_sha1_4096_rc4_128.pem | 53 ------------------ tests/suites/test_suite_ccm.data | 2 +- tests/suites/test_suite_nist_kw.data | 4 ++ 10 files changed, 6 insertions(+), 109 deletions(-) delete mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der delete mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem delete mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der delete mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem delete mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der delete mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem diff --git a/docs/3.0-migration-guide.d/rename_the__ret_functions.md b/docs/3.0-migration-guide.d/rename_the__ret_functions.md index 44435f872..875164b25 100644 --- a/docs/3.0-migration-guide.d/rename_the__ret_functions.md +++ b/docs/3.0-migration-guide.d/rename_the__ret_functions.md @@ -13,14 +13,6 @@ original names of those functions. The renamed functions are: |------------------------------|--------------------------| | mbedtls_ctr_drbg_update_ret | mbedtls_ctr_drbg_update | | mbedtls_hmac_drbg_update_ret | mbedtls_hmac_drbg_update | -| mbedtls_md2_starts_ret | mbedtls_md2_starts | -| mbedtls_md2_update_ret | mbedtls_md2_update | -| mbedtls_md2_finish_ret | mbedtls_md2_finish | -| mbedtls_md2_ret | mbedtls_md2 | -| mbedtls_md4_starts_ret | mbedtls_md4_starts | -| mbedtls_md4_update_ret | mbedtls_md4_update | -| mbedtls_md4_finish_ret | mbedtls_md4_finish | -| mbedtls_md4_ret | mbedtls_md4 | | mbedtls_md5_starts_ret | mbedtls_md5_starts | | mbedtls_md5_update_ret | mbedtls_md5_update | | mbedtls_md5_finish_ret | mbedtls_md5_finish | diff --git a/docs/3.0-migration-guide.md b/docs/3.0-migration-guide.md index a4a59b889..d0ba43d0f 100644 --- a/docs/3.0-migration-guide.md +++ b/docs/3.0-migration-guide.md @@ -22,7 +22,7 @@ in order to match the new signature. Deprecated functions were removed from hashing modules ------------------------------------------------------ -Modules: MD2, MD4, MD5, SHA1, SHA256, SHA512, MD. +Modules: MD5, SHA1, SHA256, SHA512, MD. - The functions `mbedtls_xxx_starts()`, `mbedtls_xxx_update()`, `mbedtls_xxx_finish()` and `mbedtls_xxx()` were removed. Please use the diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der deleted file mode 100644 index e7e32b0becd4c95a83d3acf00d0f68280b8e77b1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 674 zcmV;T0$u$uf&!i}90m$1hDe6@4FL=R0Wb~(2#NLD)Dq1ka{>Yg00e>pd~;XIT-7rX zDBm0EzJ&z0p)Y4&28CpLV5F_nJg`kPcZfgZVhqQG8-V3KlXVTXT)TRknZnX$FDG{e zrxgP)xd}A&a=QuPP#*PtKVvyEqd)oq%u8q?YO9P#{M*|+xNrbIcNcnA=cC+f;(zcI z|1s}Ke9Tb!sI-vlDJ#lNjma@NlhATwOc;1Kj1s# z6M467t|kNez>TOu*EGK*#Wt|_z&~Av*3O(_&qEEA5&2ka7wp;Qo^_mOM%taaD_9K1 zliO`z*qp_tgu15nn(vHy*fzP2t%n%`CiJ}DXAnd98$^KrCH+#L0ScrzMBF7M){?rA zutv)QT?SYL%hFgQhOVu7KUoD=Z;4L0KMoykHtduh(SlP1GU7)pI`=%dll$t zaOZ?CPMlhUAC@UDX&!Nx9yZn;=yEACUY#YU{{(KxafZ&7wt0#IgJ6qWrhz**q?oID z0=u@-r7yy&+kLoy&#hCf5c!SC@n0FonKhs!r=GE?`ko%R*+)OmVX&%xP;oaL5M1E+ ztDaOt>St=!nMs;Rs(%U8P+V6>2ha#FZcM9lk)sjPE4nUbPM*`UoR1Prow4~sxsYeC IUzg?1#0gSGs{jB1 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem deleted file mode 100644 index 089945b05..000000000 --- a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICnjAcBgoqhkiG9w0BDAEBMA4ECHgR0/cyo14UAgIIAASCAnzDfJIvSkRQKqrV -lAzAMnhd42XlhqWAJLh6aB76LIWVmepDkNnXRNX0W1R+XE27/uzgs4lcovW5hU40 -2HZlv3R0u9MEvMhadjL4ZWS94143p9y7P4vnYembOcc2WnlhFaGSMLFSwMI5vgnL -8xz2P9+d8IuxGpFSgw8S8zchg4Ewzk+0nSdG0px4T5K21uhsFzjvZRLrG7XXuIee -tKluUauy4diqA5jrJ1ShmrFmNTvtzAPfMX+QohuY8nhRUeH6bx9dEWpbIq/1K/25 -1uIdInZff850YKRQpK1IkinW0YfFxoA+sUGvxs+aDecbq8w3noaRIjJN7r7ipFEK -dhdehOxD21Mq7iqsujV9RJxAbqkuoTfECHJP6N/Dmp9CY0wpnE1lnHOTZwCWqDPh -aumtaFsMxJdNPZ3M5xmGInPWnT3JpW2hwtoOF0Vb0pP9VSfo+3yCm9b5ipFvcs8C -+c2MdK87zSqFvKc19cuv9tggguCzNjAcECHN7pgY4VId7cWMK/y3k4mk2C8hPQDw -S7gm/n76BSxjZFjs9ZQn9n5meO/47ohgV1ua2WICPMuPmzz+IPJpT6mQrcPTbzm+ -nNGrBVRooPYwnHPYKGlPJWkfFzsWnQ6dRgEOcM3DJMfU29QLHmNHu0ucz2k2f2C2 -AHB1EFEIC5Rw2BxH1x/gqYlZAB7TCHZ86XWIzbYdJlyNjb+poXNczLvghpvoIBC6 -dxEEsxVVzRYCRbmLtNTdXa7XfQfEaRs5GR3qrKoNNDzms11btQWo8eiZUNIMA6sA -i3Qhs73feJ5P3hup8Kl2P9N29MuAjYsS2oeZApjdiXAzf5IeFaqTQRHR6Vumvn65 -TLE= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der deleted file mode 100644 index 7ebca110c1bb346d99cbe0b362f40dd53fd9cd22..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1256 zcmVr!ebm9w|w(s z#P5MFH=4cWYna;;oVKlDrR|k~RJ*%xqi@pUm2%PbHXQ6`@St{=65wIRTV)d(cae>HfU+p&^c%{7jv zF;HqMVcD;+c3LJ5tMeEYECvcP`M3uV3gu*3Y+hmE>lC$9yAd*aQzUn4>0#Mfki9KE zy1qqBv6qI7@1)M6e_KJw;h8`fGlk7RMsGRjMEJ<-(>Qnl#J$!yAG!uYdHix^&k5P~ z`%g7FbHT(C9ER(bCw`4?x3vybB{`9S_%EpvjYnpg=1K>RU0*2hzYY^M`{O5Q+tJ97 zADe6iSS@7E(}G;be6{o@&$}6bq{v8~671B9m_dV#1)!xBe+x&@#YG9M1OZBZW$cLE zz^gj-pu)16-uX}5sf{*8VDqwF ziNu5q!w^p{UjPWCf|r3?+f&hCjc*2cnDHVU_7-S>YueOY2dg;j))Vu-v6LOdLV)j2 zxX1I#u}>K9sC+LcNMx^8k{csUj;}Y?C6h_^QjfTMI!4@U(_ot0-!G9C%(;BJmcsu> zBeU1(*yn_xAX$23M5i4{(D+CG1%a)VB{vhl4Ql4nk6-QP!bEZ}mud-q(CMi=m7`P6 z4)y;^;xq-Tmrd1ln@rWMwJHuiR4{E3<{xy|p+2?UEj|q$bMjuqOHr5T?DqWAbU7Ve zjgb8fomayTu~mFS4tyd8rlt{NOXv6gj|ShyvvE+d0@(6(2--<^hw6KFV9Qs-(RLsP zE6MB_FFj-6RLxYnEwGwD{dRG0&R9*I!})xM^H861<;Y}Y-0bosf=J`QO4mKL-lys@ z=ZE2@VeHVV8~JdLKZut>I&OsPGW2N4FFfAl)Cy+lq_uvZ87SBrct_Y$;?<%UBkh6| zX2oGWhW#R|@?w;qF}g5NLK1_r)ti5T6W{(><>*URJvbgVFoa4bf4zYxW^>L%JHGtc z^FZ~^fTyjSLi7CYyG4ErJhdi`-@ZM~irMwH(1Av5wo)znsR6N&HijLnlj~ikOJXHVQnC(}+E=E!xGj&4eJhWiSw7Rcl%xyg zCKY&^3k)=kNXe z$UUzvaElx>)jR-R-smI-3!ja!(fMW73dKywM(Z0H-uQW) z@5Fvn`oD+=-66Vl!b=vj;W=;adBlq=!Ri@3)@YPWE#?n- z9r{cHB`sVOrT2jD?_pXG^OMeV7Nd8(50ho!2VlRWfuR|8lngZiVHq}x3MC+fXfXrz z2O7_91I#w-%qav!Bf(u#65B$TVR%61e!*JgOFL=F-F3CU%yQb#PVf(DZn3WmhZC3! zC`Jfzm}beXNqTBHUp~dBLAPs`D#lz@2=_*!Y|R|KiX;Ci`Z9KPvulOe|9!u_I8v+9 zOv6c^a3A|^5ewrciRI-LJ7O^zVoiGtvJAP^q@?MIo5Mp}>oK$P#5#;u+F33*Iav(C{%%(GI-u zmi2GSZ*UQrlcIA{U3KE7{D+2iI$ZmfzQ}SCzBTA28*n*_ADH(LsM04{RX~BsWk2UV zSm9@Z7xOdjNR?#Zs&_X-pBma3Z^N;x(1&sx7Hn01Z2_KXO>}Ic#d@9;WL9`#?Wv5E zzg?i`S+LI`)Nu-}4gf{$sRP{@ES*?Va-pk{H0^3{rDgL|u{th3D~BaJv59ND8^ui8 zKx&8S#;JVRQ&7O#rD_lWLsrqh2{mYcMlR2Ayvhysp@F2)NiJ&Q;&f!FF2M7EzF^G4 z#jib>ozEm2C4gYvcR0{s?tV}7+B=(Lcx@09*$>>IN2zXVA8ybEooy>}_W>=~4@Kcj z-F_oM4^U_3(Nu*2OIa9Bt>t(4d7Nxqys>F8FmpA%Uu^a|9N%E)c~adl&M5JsdQDHK z@OxwC6LPIE68vc_X=Ckqc{)iOn4rcq!`n2ofJ)^?K*c7XVb2EclAw~($@3Fc2tGMm zZ8Wz~{D|P{H$bmBQ`)z`2~P%wa92Og3Dyuj@b3Cd**I%R(FAbsy8Oa`f;r!z6a!)p zUYoNTcatp675L&?Lx7R)jZ5#u8G61Hs!hD54J1B@eB<--WcM&xWM6W{TtSX?J4v)-X#WcOKaZ36zf&;Yp}>@e*UhUu?SR z5cR{|@j+E)CF_jZc&DJ$;fj;~@>ac9{nvHm1Euz`VJyFYY)iU(%XR@EPt7J}qmGRs z5z2y41eWrFmt(8(mNL)opytdQ?yM}n7jAg|4b;9|RcJ}{%F5dTwxScUYtEiw`%oBJ z)TJjQ(_YHH z4VpZmfjZ&pB*MwFb?1>Ng=7^XT0k33@Sm-P31IIB0PS|KeBP)$rX&v3LGJT7eW!2i z&Zy!608|}89re~qf5&k6$`1)7IKG%l(=IwbuG+?)#l~ZXzWKg`jvT2k<(_m`+5q_*P=BH zpt-f(5sPy8DMFLf22?|9X+8Dn$(ar0+O2DRZCEnY*aEv^dJ!$r&fqFTc*U}q{v$$#;+4>m+BG}<;v@7*g9m~pSL8D zxe2GxlcKKTApoBeWWXK6UV%4iW6)FW+4l6lM!#Gl#vB@|t#)KPp}9bt82;BGo!Os_ z(6NN?y@^i8M}hp5uL?<_F^;;&+F-Y6L?IU1X%VxQ&YFv0LU=hlGF<{W|CB&Z+w-80 zg`2>l9{AGey1@*%qc4r4)lnY}qZe8q%tdBLq8I!Cx}br^zuskK**>TXd&)m~+xS0; zlrrYSsYH^canBsb{3_wgvR3L4o_(7;@-K(E%!NhTXuVI&Cn>9RD$O@k9GAelYp#~@ zYc5Luz03ijVJs_y2pE?M(d8jS0TpJ8nKsr1`}Kq&jdj<1pgZx;>;;}yz;+C9nN__s zHlDUGt*{As0#fMc!+dntoJe*Aifp2onPWJ$uF3!L9fghbIF`ECUZ=OB#!wpNN}}v0 zH3tkQTwvk0`W4a0g~+yWF1!KRVqNAw1fZ-{|9U|SFWV1L9Q(i2H-a^xA4=$fmUp=y za~WDETR<{0o+aj;O@%=&DA7?pT z=|an#z}|BQfd0Hs!9#AlEb~)5eOJd}V6cEFtj$O(lks90m2?fgycoJ6LTEa%a7%H$ e4b>KVe;92Q%sFRX4hjGC7p+t1Yx5%ihJV6X=AK;u diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem deleted file mode 100644 index 53867ac53..000000000 --- a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIJaDAcBgoqhkiG9w0BDAEBMA4ECOJxEWpN/HEEAgIIAASCCUYouEt15A4DUZoG -aJvr19vCKfGPErYDkh1fI9u04hDEKCdb+Z7oxaqXQ34rr0H1t8/SPdhpvqms9Bsz -3nMIlgzEPnppyiRLCa4Ycev0jtA66xkxgGGXnA5uxZQcTOFsGDR4gpTn2hi7//BO -gHhKVDbCd6nShZkNgNUe++tclNg65Fmazm2pwpnCPfY9TGnou8bynMrJrau0CPB+ -v+pI3NR39yxDcq6MNII542Ma8bZWE++WmqmSXjsnXyEV850Dw4j7khbevXlKIh3C -fsf1mb1/lUc+8HtsjFLgBS3Iag2D/AfAbCDCY3wWG5KcMJk2CtNayOAmMetL7P1t -S+i/zTmqAeNVaUF/6ciwY8JNA9YHnjV/0LH04I1Dn1emQVltcqKJahDSoxwGeLD0 -lv0EMQ9CBRHqdKKVaDjBJSqLkwQzLuiqye6ZREnoeIL2cYXDqWoxZzjtxr5t261F -jl+gGBvAX5RRKz3+Vj7hb8y4n7npYJYXk+CanrsTblsBhOMaFhgup+Vd+UhHGQku -FqHR28bHlJzxgUvlhYV/WdMUtHlGHvpax1Zo57ToC0JxlX/o+lPHiZvvpGZegYOe -Mta5f4xI8PcfVrVbfpHaEnt+ffZPtDVZUfhfZwlMniUKX/kJgKGdtpnrgm0wefUR -ymKmn4af2tY/nT828+pOBcRY8WV5G5EPthkA/EemXTor04bb9mglX9ZJ78vrv0n9 -XaOXkMGYuj698Rqkx5BtaVX8EjWKnknHn/GOLSINu38UelRDV+xf5GQyDQREHsuu -Mkj6AcygD5eP0p4AZZaHw9H6nytoZ9SX/vhUmRTk2vbrgnAPwRBFnZy6S4mipfFc -m82EyC4RHklbIriMRRY7EHamBrUTg+8axCqBWY1jtSvTXwm40ybpigsiphtbcaCN -9hT13VfVkglyQIbmxvxeoo9McgKv2BoP+0i5xIdmstu63bcHxO/DaMXw9WPOGgdm -kyFU4MwJZhvk57H4HwleIPXXJd93OJ0NNunDgBWxh3mnKqnM9hpit6ljjl8y41RC -QvJTO5cR3cKuzPpzTqfpC8eYeXiYChuFDgXKXubGE/PSSzSmU7cnKUrHAOyrXlD0 -EdCZkQBFF0gnLksVSjaF/owORlc1KualcD9ahOgWoaup4MqlyW7A+BHJ+f3Iz22z -oezU/B/FGPTcRc+kEpPyIHG+98nNeh2N5nmY1+piXkJCsq0WdcjB13t8MHLLGqQ8 -shUpiKtkwtO45DIP3xVykntZsPb2gHuj2JoHjXYnxmZ7MRVbTe+s1F3xpITNa+G2 -2Yorp0zqVrhNfvtsLG1i0XdOwockHo5k+dAFkNngJvQVTwsBUw/gqcDwgkoG0yKZ -NZTZDRJDv3yfopbIvGxmXBj723/OcR0prKLHUc5qaCvK5y0rvM7G+Dg2/W1rzRGx -9IjCOyZzkUVwE9vKZO+mdsa1zeVja1DtU1sjh3k3+Lw6P2+LcVZKWI7IjJ7vcNxt -XRI6+jlaR3/ht++3+ADgBpZUVAzBwiKeaneanFoiu0kbXv+G74bVDXvKLTXXbynv -0mabkp8cszm2wMehp9WuqnBKtAot5Q6sPg4i6E0si3LrdDzKgENgMAF8+ShG5r4w -ULHQBwMpvNS6LnrY69TqAQp7MNS5JoCCHnQqXSgUQN53Zmcnmaz9qysHvbJLK/On -Rp0akU5A+WHFNPvGqkF8ou5OZRrN9XQMk75RRgi1YYY+UddiaBAsxqFQBKq5ooxN -0sE65WM76WU2/v10va4iCNPTFjB0MhGLrq08sgSNfHhePpBK+WANuzjWDUWS+ekC -VCTNBAARzlPoxuF0YsUUhwYxqFw/VC4PW9WeT0kx8pvaIwhf7Xk++4TKbdayQehK -ImH5vmvpeWxNa1O7nVyvaJfNvSoj49X1zNg4PKDAOm+kEAjGvWeWKEOiHTLIXbzu -HztTw/pjNJ5NaCNVWeThYYduFuRZaqap5khpqP4s07zvDvkTyKiJj3MSFel/K7UV -uy1e0HPymTFToeinLW0x3YaJnLcOKDmF0DSJB1gVwl55B3rEYb8tODF6BLjz149J -BT91EXgj/Futj3YpPTcIjJXsBDElP/KaBtB6uZGkmXgnz8OvRgg7wJR3n1uHU6r+ -S+19ugY5I5hAFFMLAIg+zO2IqSXW1B+CiE94tr5z96VTyIckO2Ov6p5fcGpI1VkB -KtcuXGUVuF9pqFRKkFChu90OiqxdcdKYqgjHy1z1jovuYm2pfCB4kvPLn57XVsmB -T0ZcdHFBf+SwxuKdr8KsK2k4er5c4jTTIflWWktrD9JLcWLc1WUecL18lFByOOWh -5fF7zX+NNsbMBES3F6TG+06NfgC6z24/h29zfnps75usEExBc7YHJsmWl3Aef6bF -vcoS2ug8ZXaiefhlFkyx/frGpRnD57ZOvLCi/TUVf2G0cynEKvfsb21LN50eMKD2 -HiIBGoNj9f3vJdIhLTDFurf42ocY5EQzLGleIQ0Zpv6285LqwqKKl5v28o+A4qnp -Xhkt/3pqZ6aJeSCNQd9Zg5tOd1tXpcTdzl/BmFIvmE+SIsYydLxrX1UEWfJfEL41 -J6qXTzebh7N16bGfxU09OT7puztuK+/vAHEvCGINddDaOJFayVdEaMVUux9nDkoz -b1U/5UxzpzFdNUZBHg1JjkUWK8oTGmkJTlI1aKJKKA1RfmnzwOd4PeHI1hIuT8YQ -8qwKY72mCCb4Sr+Xiw43CqJ9NgWCxYr0ua+hqm2xv43QMhSCNd7v1Dg0bi3ZgOi8 -1eSns5VZFww2JkYo7rrKz21EiFXjhZ4u8MF45M5/cbDqbaPVb6FMx7MqaKmnkpQ8 -xT4BC2M4xCiXnYrrjhugw2/FMkMchIN9jG47IQiACQ8pNqoTd2tLFCFpTZeeRCaP -Dgd8rvaMXjY/Uu9zB+LgRlQ/c01hGL+/d8cNEFzTU9jajOLobi3pKQqLdvlo40Dl -qH6eLTnYusrZnZySBuZD5c57BBW4GMuetvtqr2l8iV4BJnMvLZ9tB69eA1PhKXwq -tHY7a0YkhLUUqKFyPvYcnHjU9Bvg9PnciXnoDFMP1Obkou27vpI6NVmIFKMX1OxQ -A2IJ5YWaN6h8nJOV/THzKjMDmPbXLmtQDuaDPpDaNE+oDwto/UlSQPV8KtW/MR+s -k3rLyN3KXoVl95gT ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index a1b876e60..a14d4be25 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -13,7 +13,7 @@ CCM init #3 AES-224: bad key size depends_on:MBEDTLS_AES_C mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_AES:224:MBEDTLS_ERR_CCM_BAD_INPUT -CCM init #4 BLOWFISH-128: bad block size +CCM init #4 DES: bad block size depends_on:MBEDTLS_DES_C mbedtls_ccm_setkey:MBEDTLS_CIPHER_ID_DES:128:MBEDTLS_ERR_CCM_BAD_INPUT diff --git a/tests/suites/test_suite_nist_kw.data b/tests/suites/test_suite_nist_kw.data index 2d7b672d0..ec8282417 100644 --- a/tests/suites/test_suite_nist_kw.data +++ b/tests/suites/test_suite_nist_kw.data @@ -20,6 +20,10 @@ NIST KW init #4 AES-224: bad key size depends_on:MBEDTLS_AES_C mbedtls_nist_kw_setkey:MBEDTLS_CIPHER_ID_AES:224:1:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA +NIST KW init #5 3DES: bad cipher +depends_on:MBEDTLS_DES_C +mbedtls_nist_kw_setkey:MBEDTLS_CIPHER_ID_3DES:128:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA + NIST KW lengths #1 KW plaintext OK (2 to 2^54 - 1 semiblocks) nist_kw_plaintext_lengths:16:24:MBEDTLS_KW_MODE_KW:0 From 4a28ade6e96be18e22db09f3b24ff0e3e65a7ad4 Mon Sep 17 00:00:00 2001 From: TRodziewicz Date: Mon, 21 Jun 2021 17:37:39 +0200 Subject: [PATCH 236/236] Changing the key length to 32 bytes in one of the PSA cipher setup tests Signed-off-by: TRodziewicz --- tests/suites/test_suite_psa_crypto.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 56ba2412c..b4df5ec7e 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1397,7 +1397,7 @@ cipher_setup:PSA_KEY_TYPE_RAW_DATA:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CT PSA cipher setup: incompatible key ChaCha20 for CTR depends_on:MBEDTLS_ARC4_C:MBEDTLS_CIPHER_MODE_CTR # Either INVALID_ARGUMENT or NOT_SUPPORTED would be reasonable here -cipher_setup:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED +cipher_setup:PSA_KEY_TYPE_CHACHA20:"000102030405060708090a0b0c0d0e0f10111213141516171819202122232425":PSA_ALG_CTR:PSA_ERROR_NOT_SUPPORTED PSA cipher: bad order function calls cipher_bad_order: