From 3f93012bf1a0b34bbadb9d1f5e07ee2945244aec Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Wed, 26 Oct 2022 08:08:26 -0400 Subject: [PATCH 001/440] Use config.py as a module in depends.py Signed-off-by: Andrzej Kurek --- tests/scripts/depends.py | 94 ++++++++++++++++++++++++---------------- 1 file changed, 56 insertions(+), 38 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 0d6ec94c8..86e8fff46 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -23,7 +23,7 @@ Test Mbed TLS with a subset of algorithms. This script can be divided into several steps: First, include/mbedtls/mbedtls_config.h or a different config file passed -in the arguments is parsed to extract any configuration options (collect_config_symbols). +in the arguments is parsed to extract any configuration options (using config.py). Then, test domains (groups of jobs, tests) are built based on predefined data collected in the DomainData class. Here, each domain has five major traits: @@ -72,6 +72,9 @@ import subprocess import sys import traceback +import scripts_path # pylint: disable=unused-import +import config + class Colors: # pylint: disable=too-few-public-methods """Minimalistic support for colored output. Each field of an object of this class is either None if colored output @@ -80,6 +83,7 @@ that outputting start switches the text color to the desired color and stop switches the text color back to the default.""" red = None green = None + cyan = None bold_red = None bold_green = None def __init__(self, options=None): @@ -95,6 +99,7 @@ stop switches the text color back to the default.""" normal = '\033[0m' self.red = ('\033[31m', normal) self.green = ('\033[32m', normal) + self.cyan = ('\033[36m', normal) self.bold_red = ('\033[1;31m', normal) self.bold_green = ('\033[1;32m', normal) NO_COLORS = Colors(None) @@ -130,34 +135,39 @@ Remove the backup file if it was saved earlier.""" else: shutil.copy(options.config_backup, options.config) -def run_config_py(options, args): - """Run scripts/config.py with the specified arguments.""" - cmd = ['scripts/config.py'] - if options.config != 'include/mbedtls/mbedtls_config.h': - cmd += ['--file', options.config] - cmd += args - log_command(cmd) - subprocess.check_call(cmd) +def option_exists(conf, option): + if option not in conf.settings: + return False + return True -def set_reference_config(options): +def set_config_option(conf, option, colors, value=None): + """Set configuration option, optionally specifying a value""" + if not option_exists(conf, option): + log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red) + return False + log_command(['config.py', 'set', option]) + conf.set(option, value) + return True + +def unset_config_option(conf, option, colors): + """Unset configuration option if it exists""" + if not option_exists(conf, option): + log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red) + return False + log_command(['config.py', 'unset', option]) + conf.unset(option) + return True + +def set_reference_config(conf, options, colors): """Change the library configuration file (mbedtls_config.h) to the reference state. The reference state is the one from which the tested configurations are derived.""" # Turn off options that are not relevant to the tests and slow them down. - run_config_py(options, ['full']) - run_config_py(options, ['unset', 'MBEDTLS_TEST_HOOKS']) + log_command(['config.py', 'full']) + conf.adapt(config.full_adapter) + unset_config_option(conf, 'MBEDTLS_TEST_HOOKS', colors) if options.unset_use_psa: - run_config_py(options, ['unset', 'MBEDTLS_USE_PSA_CRYPTO']) - -def collect_config_symbols(options): - """Read the list of settings from mbedtls_config.h. -Return them in a generator.""" - with open(options.config, encoding="utf-8") as config_file: - rx = re.compile(r'\s*(?://\s*)?#define\s+(\w+)\s*(?:$|/[/*])') - for line in config_file: - m = re.match(rx, line) - if m: - yield m.group(1) + unset_config_option(conf, 'MBEDTLS_USE_PSA_CRYPTO', colors) class Job: """A job builds the library in a specific configuration and runs some tests.""" @@ -185,19 +195,22 @@ If what is False, announce that the job has failed.''' elif what is False: log_line(self.name + ' FAILED', color=colors.red) else: - log_line('starting ' + self.name) + log_line('starting ' + self.name, color=colors.cyan) - def configure(self, options): + def configure(self, conf, options, colors): '''Set library configuration options as required for the job.''' - set_reference_config(options) + set_reference_config(conf, options, colors) for key, value in sorted(self.config_settings.items()): + ret = False if value is True: - args = ['set', key] + ret = set_config_option(conf, key, colors) elif value is False: - args = ['unset', key] + ret = unset_config_option(conf, key, colors) else: - args = ['set', key, value] - run_config_py(options, args) + ret = set_config_option(conf, key, colors, value) + if ret is False: + return False + return True def test(self, options): '''Run the job's build and test commands. @@ -392,11 +405,11 @@ class DomainData: return [symbol for symbol in self.all_config_symbols if re.match(regexp, symbol)] - def __init__(self, options): + def __init__(self, options, conf): """Gather data about the library and establish a list of domains to test.""" build_command = [options.make_command, 'CFLAGS=-Werror'] build_and_test = [build_command, [options.make_command, 'test']] - self.all_config_symbols = set(collect_config_symbols(options)) + self.all_config_symbols = set(conf.settings.keys()) # Find hash modules by name. hash_symbols = self.config_symbols_matching(r'MBEDTLS_(MD|RIPEMD|SHA)[0-9]+_C\Z') # Find elliptic curve enabling macros by name. @@ -455,16 +468,19 @@ A name can either be the name of a domain or the name of one specific job.""" else: return [self.jobs[name]] -def run(options, job, colors=NO_COLORS): +def run(options, job, conf, colors=NO_COLORS): """Run the specified job (a Job instance).""" subprocess.check_call([options.make_command, 'clean']) job.announce(colors, None) - job.configure(options) + if not job.configure(conf, options, colors): + job.announce(colors, False) + return False + conf.write() success = job.test(options) job.announce(colors, success) return success -def run_tests(options, domain_data): +def run_tests(options, domain_data, conf): """Run the desired jobs. domain_data should be a DomainData instance that describes the available domains and jobs. @@ -480,7 +496,7 @@ Run the jobs listed in options.tasks.""" backup_config(options) try: for job in jobs: - success = run(options, job, colors=colors) + success = run(options, job, conf, colors=colors) if not success: if options.keep_going: failures.append(job.name) @@ -546,7 +562,9 @@ def main(): default=True) options = parser.parse_args() os.chdir(options.directory) - domain_data = DomainData(options) + conf = config.ConfigFile(options.config) + domain_data = DomainData(options, conf) + if options.tasks is True: options.tasks = sorted(domain_data.domains.keys()) if options.list: @@ -555,7 +573,7 @@ def main(): print(domain_name) sys.exit(0) else: - sys.exit(0 if run_tests(options, domain_data) else 1) + sys.exit(0 if run_tests(options, domain_data, conf) else 1) except Exception: # pylint: disable=broad-except traceback.print_exc() sys.exit(3) From 3b0215d453d4d153f1be60c061b155d44a633b73 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 23 Jan 2023 07:19:22 -0500 Subject: [PATCH 002/440] depends.py: merge set/unset config option into one function Signed-off-by: Andrzej Kurek --- tests/scripts/depends.py | 38 ++++++++++++++++---------------------- 1 file changed, 16 insertions(+), 22 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 86e8fff46..c6583e545 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -71,7 +71,7 @@ import shutil import subprocess import sys import traceback - +# Add the Mbed TLS Python library directory to the module search path import scripts_path # pylint: disable=unused-import import config @@ -140,22 +140,22 @@ def option_exists(conf, option): return False return True -def set_config_option(conf, option, colors, value=None): - """Set configuration option, optionally specifying a value""" +def set_config_option_value(conf, option, colors, value): + """Set/unset a configuration option, optionally specifying a value""" if not option_exists(conf, option): log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red) return False - log_command(['config.py', 'set', option]) - conf.set(option, value) - return True -def unset_config_option(conf, option, colors): - """Unset configuration option if it exists""" - if not option_exists(conf, option): - log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red) - return False - log_command(['config.py', 'unset', option]) - conf.unset(option) + if value is False: + log_command(['config.py', 'unset', option]) + conf.unset(option) + else: + if value is True: + log_command(['config.py', 'set', option]) + conf.set(option) + else: + log_command(['config.py', 'set', option, value]) + conf.set(option, value) return True def set_reference_config(conf, options, colors): @@ -165,9 +165,9 @@ derived.""" # Turn off options that are not relevant to the tests and slow them down. log_command(['config.py', 'full']) conf.adapt(config.full_adapter) - unset_config_option(conf, 'MBEDTLS_TEST_HOOKS', colors) + set_config_option_value(conf, 'MBEDTLS_TEST_HOOKS', colors, False) if options.unset_use_psa: - unset_config_option(conf, 'MBEDTLS_USE_PSA_CRYPTO', colors) + set_config_option_value(conf, 'MBEDTLS_USE_PSA_CRYPTO', colors, False) class Job: """A job builds the library in a specific configuration and runs some tests.""" @@ -201,13 +201,7 @@ If what is False, announce that the job has failed.''' '''Set library configuration options as required for the job.''' set_reference_config(conf, options, colors) for key, value in sorted(self.config_settings.items()): - ret = False - if value is True: - ret = set_config_option(conf, key, colors) - elif value is False: - ret = unset_config_option(conf, key, colors) - else: - ret = set_config_option(conf, key, colors, value) + ret = set_config_option_value(conf, key, colors, value) if ret is False: return False return True From 576803faa2ff3f0477f744a364197171ce27ce30 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 24 Jan 2023 07:40:42 -0500 Subject: [PATCH 003/440] depends.py: improve expected argument type Requested config option can be either boolean or a string. Signed-off-by: Andrzej Kurek --- tests/scripts/depends.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index c6583e545..302a4be51 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -71,6 +71,8 @@ import shutil import subprocess import sys import traceback +from typing import Union + # Add the Mbed TLS Python library directory to the module search path import scripts_path # pylint: disable=unused-import import config @@ -140,8 +142,10 @@ def option_exists(conf, option): return False return True -def set_config_option_value(conf, option, colors, value): - """Set/unset a configuration option, optionally specifying a value""" +def set_config_option_value(conf, option, colors, value: Union[bool, str]): + """Set/unset a configuration option, optionally specifying a value. +value can be either True/False (set/unset config option), or a string, +which will make a symbol defined with a certain value.""" if not option_exists(conf, option): log_line('Symbol {} was not found in {}'.format(option, conf.filename), color=colors.red) return False From 81cf5ad347677e7ca1416e5abdd7d6334aedad2f Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 6 Feb 2023 10:48:43 +0100 Subject: [PATCH 004/440] Improve tests/scripts/depends.py code As suggested by gilles-peskine-arm. Co-authored-by: Gilles Peskine Signed-off-by: Andrzej Kurek --- tests/scripts/depends.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 302a4be51..2f0fbc219 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -138,9 +138,7 @@ Remove the backup file if it was saved earlier.""" shutil.copy(options.config_backup, options.config) def option_exists(conf, option): - if option not in conf.settings: - return False - return True + return option in conf.settings def set_config_option_value(conf, option, colors, value: Union[bool, str]): """Set/unset a configuration option, optionally specifying a value. From 2fddfd7f8f3750c131a5a98a3e74cead84df43b4 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 10 Jan 2023 16:32:03 +0800 Subject: [PATCH 005/440] Add AESCE confige options Signed-off-by: Jerry Yu --- include/mbedtls/check_config.h | 10 ++++++++++ include/mbedtls/mbedtls_config.h | 19 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 1efabdc1f..055bfa7aa 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -70,6 +70,16 @@ #error "MBEDTLS_AESNI_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_AESCE_C) && !defined(MBEDTLS_HAVE_ASM) +#error "MBEDTLS_AESCE_C defined, but not all prerequisites" +#endif + +#if defined(MBEDTLS_AESCE_C) && \ + (defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \ + defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)) +#error "MBEDTLS_AESCE_C defined, MBEDTLS_SHA512_USE_A64_CRYPTO_* MUST be disabled for known fail." +#endif + #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" #endif diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 9ae51c964..6cea05011 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2065,6 +2065,25 @@ */ #define MBEDTLS_AESNI_C +/** + * \def MBEDTLS_AESCE_C + * + * Enable AES crypto engine support on Arm64. + * + * Module: library/aesce.c + * Caller: library/aes.c + * + * Requires: MBEDTLS_HAVE_ASM, MBEDTLS_AES_C + * + * \note The code uses Neon intrinsics, so \c CFLAGS must be set to a minimum + * of \c -march=armv8-a+crypto . + * + * \warning `MBEDTLS_SHA512_USE_A64_CRYPTO_*` should be disabled when enabled + * + * This modules adds support for the AES crypto instructions on Arm64 + */ +#define MBEDTLS_AESCE_C + /** * \def MBEDTLS_AES_C * From 49231319fd56389866199cd16dddae2f9129fefd Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 10 Jan 2023 16:57:21 +0800 Subject: [PATCH 006/440] Add empty aesce files For time being, we only support gcc and clang Signed-off-by: Jerry Yu --- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/aesce.c | 50 ++++++++++++++++++++++++++++++++++++++++++ library/aesce.h | 50 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 102 insertions(+) create mode 100644 library/aesce.c create mode 100644 library/aesce.h diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index c9714bbfb..bef2e1c4b 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -13,6 +13,7 @@ endif() set(src_crypto aes.c aesni.c + aesce.c aria.c asn1parse.c asn1write.c diff --git a/library/Makefile b/library/Makefile index dd16d0615..ed5e1e172 100644 --- a/library/Makefile +++ b/library/Makefile @@ -78,6 +78,7 @@ endif OBJS_CRYPTO= \ aes.o \ aesni.o \ + aesce.o \ aria.o \ asn1parse.o \ asn1write.o \ diff --git a/library/aesce.c b/library/aesce.c new file mode 100644 index 000000000..608e5e367 --- /dev/null +++ b/library/aesce.c @@ -0,0 +1,50 @@ +/* + * Arm64 crypto engine support functions + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include "common.h" + +#if defined(MBEDTLS_AESCE_C) + +#include "aesce.h" + +#if defined(MBEDTLS_HAVE_ARM64) + +#if defined(__clang__) +# if __clang_major__ < 4 +# error "A more recent Clang is required for MBEDTLS_AES_C" +# endif +#elif defined(__GNUC__) +# if __GNUC__ < 6 +# error "A more recent GCC is required for MBEDTLS_AES_C" +# endif +#else +# error "Only GCC and Clang supported for MBEDTLS_AES_C" +#endif + +#if !defined(__ARM_FEATURE_CRYPTO) +# error "`crypto` feature moddifier MUST be enabled for MBEDTLS_AESCE_C." +# error "Typical option for GCC and Clang is `-march=armv8-a+crypto`." +#endif /* !__ARM_FEATURE_CRYPTO */ + +#include + +#endif /* MBEDTLS_HAVE_ARM64 */ + +#endif /* MBEDTLS_AESCE_C */ diff --git a/library/aesce.h b/library/aesce.h new file mode 100644 index 000000000..4968feda9 --- /dev/null +++ b/library/aesce.h @@ -0,0 +1,50 @@ +/** + * \file aesce.h + * + * \brief AES-CE for hardware AES acceleration on ARMv8 processors with crypto + * engine. + * + * \warning These functions are only for internal use by other library + * functions; you must not call them directly. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef MBEDTLS_AESCE_H +#define MBEDTLS_AESCE_H + +#include "mbedtls/build_info.h" + +#include "mbedtls/aes.h" + + +#if !defined(MBEDTLS_HAVE_ARM64) && \ + (defined(__aarch64__) || defined(_M_ARM64)) +#define MBEDTLS_HAVE_ARM64 +#endif + +#if defined(MBEDTLS_HAVE_ARM64) + +#ifdef __cplusplus +extern "C" { +#endif +#ifdef __cplusplus +} +#endif + +#endif /* MBEDTLS_HAVE_ARM64 */ + +#endif /* MBEDTLS_AESCE_H */ From b95c776c435b56905b0e2e10ab19737abf739797 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 10 Jan 2023 16:59:51 +0800 Subject: [PATCH 007/440] Add linux runtime detection Signed-off-by: Jerry Yu --- library/aesce.c | 20 ++++++++++++++++++++ library/aesce.h | 12 ++++++++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index 608e5e367..f33d59342 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -45,6 +45,26 @@ #include +#if defined(__linux__) +#include +#include +#endif + +/* + * AES instruction support detection routine + */ +int mbedtls_aesce_has_support(void) +{ +#if defined(__linux__) + unsigned long auxval = getauxval(AT_HWCAP); + return (auxval & (HWCAP_ASIMD | HWCAP_AES)) == + (HWCAP_ASIMD | HWCAP_AES); +#else + /* Suppose aes instructions are supported. */ + return 1; +#endif +} + #endif /* MBEDTLS_HAVE_ARM64 */ #endif /* MBEDTLS_AESCE_C */ diff --git a/library/aesce.h b/library/aesce.h index 4968feda9..2d5dde985 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -31,8 +31,8 @@ #include "mbedtls/aes.h" -#if !defined(MBEDTLS_HAVE_ARM64) && \ - (defined(__aarch64__) || defined(_M_ARM64)) +#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \ + defined(__aarch64__) && !defined(MBEDTLS_HAVE_ARM64) #define MBEDTLS_HAVE_ARM64 #endif @@ -41,6 +41,14 @@ #ifdef __cplusplus extern "C" { #endif + +/** + * \brief Internal function to detect the crypto engine in CPUs. + * + * \return 1 if CPU has support for the feature, 0 otherwise + */ +int mbedtls_aesce_has_support(void); + #ifdef __cplusplus } #endif From 3f2fb71072678d494b88e477c74273c3fa7fa654 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 10 Jan 2023 17:05:42 +0800 Subject: [PATCH 008/440] Add key expansion for encrypt Signed-off-by: Jerry Yu --- library/aes.c | 9 ++++ library/aesce.c | 108 ++++++++++++++++++++++++++++++++++++++++++++++++ library/aesce.h | 14 +++++++ 3 files changed, 131 insertions(+) diff --git a/library/aes.c b/library/aes.c index 566e74715..f0ade2149 100644 --- a/library/aes.c +++ b/library/aes.c @@ -39,6 +39,9 @@ #if defined(MBEDTLS_AESNI_C) #include "aesni.h" #endif +#if defined(MBEDTLS_AESCE_C) +#include "aesce.h" +#endif #include "mbedtls/platform.h" @@ -544,6 +547,12 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, } #endif +#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64) + if (mbedtls_aesce_has_support()) { + return mbedtls_aesce_setkey_enc((unsigned char *) RK, key, keybits); + } +#endif + for (i = 0; i < (keybits >> 5); i++) { RK[i] = MBEDTLS_GET_UINT32_LE(key, i << 2); } diff --git a/library/aesce.c b/library/aesce.c index f33d59342..4b0f9d744 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -65,6 +65,114 @@ int mbedtls_aesce_has_support(void) #endif } + +static uint8_t const rcon[] = { 0x01, 0x02, 0x04, 0x08, 0x10, + 0x20, 0x40, 0x80, 0x1b, 0x36 }; + +static inline uint32_t ror32_8(uint32_t word) +{ + return (word << (32 - 8)) | (word >> 8); +} + +static inline uint32_t aes_sub(uint32_t in) +{ + uint32x4_t _in = vdupq_n_u32(in); + uint32x4_t v; + uint8x16_t zero = vdupq_n_u8(0); + v = vreinterpretq_u32_u8(vaeseq_u8(zero, vreinterpretq_u8_u32(_in))); + return vgetq_lane_u32(v, 0); +} + +/* + * Key expansion, 128-bit case + */ +static void aesce_setkey_enc_128(unsigned char *rk, + const unsigned char *key) +{ + uint32_t *rki; + uint32_t *rko; + uint32_t *rk_u32 = (uint32_t *) rk; + memcpy(rk, key, (128 / 8)); + + for (size_t i = 0; i < sizeof(rcon); i++) { + rki = rk_u32 + i * (128 / 32); + rko = rki + (128 / 32); + rko[0] = ror32_8(aes_sub(rki[(128 / 32) - 1])) ^ rcon[i] ^ rki[0]; + rko[1] = rko[0] ^ rki[1]; + rko[2] = rko[1] ^ rki[2]; + rko[3] = rko[2] ^ rki[3]; + } +} + +/* + * Key expansion, 192-bit case + */ +static void aesce_setkey_enc_192(unsigned char *rk, + const unsigned char *key) +{ + uint32_t *rki; + uint32_t *rko; + uint32_t *rk_u32 = (uint32_t *) rk; + memcpy(rk, key, (192 / 8)); + + for (size_t i = 0; i < 8; i++) { + rki = rk_u32 + i * (192 / 32); + rko = rki + (192 / 32); + rko[0] = ror32_8(aes_sub(rki[(192 / 32) - 1])) ^ rcon[i] ^ rki[0]; + rko[1] = rko[0] ^ rki[1]; + rko[2] = rko[1] ^ rki[2]; + rko[3] = rko[2] ^ rki[3]; + if (i < 7) { + rko[4] = rko[3] ^ rki[4]; + rko[5] = rko[4] ^ rki[5]; + } + } +} + +/* + * Key expansion, 256-bit case + */ +static void aesce_setkey_enc_256(unsigned char *rk, + const unsigned char *key) +{ + uint32_t *rki; + uint32_t *rko; + uint32_t *rk_u32 = (uint32_t *) rk; + memcpy(rk, key, (256 / 8)); + + for (size_t i = 0; i < 7; i++) { + rki = rk_u32 + i * (256 / 32); + rko = rki + (256 / 32); + rko[0] = ror32_8(aes_sub(rki[(256 / 32) - 1])) ^ rcon[i] ^ rki[0]; + rko[1] = rko[0] ^ rki[1]; + rko[2] = rko[1] ^ rki[2]; + rko[3] = rko[2] ^ rki[3]; + if (i < 6) { + rko[4] = aes_sub(rko[3]) ^ rki[4]; + rko[5] = rko[4] ^ rki[5]; + rko[6] = rko[5] ^ rki[6]; + rko[7] = rko[6] ^ rki[7]; + } + } +} + +/* + * Key expansion, wrapper + */ +int mbedtls_aesce_setkey_enc(unsigned char *rk, + const unsigned char *key, + size_t bits) +{ + switch (bits) { + case 128: aesce_setkey_enc_128(rk, key); break; + case 192: aesce_setkey_enc_192(rk, key); break; + case 256: aesce_setkey_enc_256(rk, key); break; + default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; + } + + return 0; +} + #endif /* MBEDTLS_HAVE_ARM64 */ #endif /* MBEDTLS_AESCE_C */ diff --git a/library/aesce.h b/library/aesce.h index 2d5dde985..7fc0cfa0e 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -49,6 +49,20 @@ extern "C" { */ int mbedtls_aesce_has_support(void); + +/** + * \brief Internal key expansion for encryption + * + * \param rk Destination buffer where the round keys are written + * \param key Encryption key + * \param bits Key size in bits (must be 128, 192 or 256) + * + * \return 0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH + */ +int mbedtls_aesce_setkey_enc(unsigned char *rk, + const unsigned char *key, + size_t bits); + #ifdef __cplusplus } #endif From e096da1af61efc6a35e9bcd4f2fd35690299f17e Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 10 Jan 2023 17:07:01 +0800 Subject: [PATCH 009/440] Add inverse key function Signed-off-by: Jerry Yu --- library/aes.c | 10 ++++++++++ library/aesce.c | 18 ++++++++++++++++++ library/aesce.h | 12 ++++++++++++ 3 files changed, 40 insertions(+) diff --git a/library/aes.c b/library/aes.c index f0ade2149..6306fecf8 100644 --- a/library/aes.c +++ b/library/aes.c @@ -661,6 +661,16 @@ int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, } #endif +#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64) + if (mbedtls_aesce_has_support()) { + mbedtls_aesce_inverse_key( + (unsigned char *) RK, + (const unsigned char *) (cty.buf + cty.rk_offset), + ctx->nr); + goto exit; + } +#endif + SK = cty.buf + cty.rk_offset + cty.nr * 4; *RK++ = *SK++; diff --git a/library/aesce.c b/library/aesce.c index 4b0f9d744..ba9adc95c 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -66,6 +66,24 @@ int mbedtls_aesce_has_support(void) } +/* + * Compute decryption round keys from encryption round keys + */ +void mbedtls_aesce_inverse_key(unsigned char *invkey, + const unsigned char *fwdkey, + int nr) +{ + int i, j; + j = nr; + vst1q_u8(invkey, vld1q_u8(fwdkey + j * 16)); + for (i = 1, j--; j > 0; i++, j--) { + vst1q_u8(invkey + i * 16, + vaesimcq_u8(vld1q_u8(fwdkey + j * 16))); + } + vst1q_u8(invkey + i * 16, vld1q_u8(fwdkey + j * 16)); + +} + static uint8_t const rcon[] = { 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36 }; diff --git a/library/aesce.h b/library/aesce.h index 7fc0cfa0e..d0e02a49d 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -50,6 +50,18 @@ extern "C" { int mbedtls_aesce_has_support(void); +/** + * \brief Internal round key inversion. This function computes + * decryption round keys from the encryption round keys. + * + * \param invkey Round keys for the equivalent inverse cipher + * \param fwdkey Original round keys (for encryption) + * \param nr Number of rounds (that is, number of round keys minus one) + */ +void mbedtls_aesce_inverse_key(unsigned char *invkey, + const unsigned char *fwdkey, + int nr); + /** * \brief Internal key expansion for encryption * From 2bb3d8101f19aa9395498dd49746c3764ff739d3 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 10 Jan 2023 17:38:26 +0800 Subject: [PATCH 010/440] Add en(de)crypt routine Signed-off-by: Jerry Yu --- library/aes.c | 6 +++++ library/aesce.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++ library/aesce.h | 15 +++++++++++++ 3 files changed, 81 insertions(+) diff --git a/library/aes.c b/library/aes.c index 6306fecf8..64392fc56 100644 --- a/library/aes.c +++ b/library/aes.c @@ -963,6 +963,12 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, } #endif +#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64) + if (mbedtls_aesce_has_support()) { + return mbedtls_aesce_crypt_ecb(ctx, mode, input, output); + } +#endif + #if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86) if (aes_padlock_ace > 0) { if (mbedtls_padlock_xcryptecb(ctx, mode, input, output) == 0) { diff --git a/library/aesce.c b/library/aesce.c index ba9adc95c..e6b675a3d 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -65,6 +65,66 @@ int mbedtls_aesce_has_support(void) #endif } +static uint8x16_t aesce_encrypt_block(uint8x16_t block, + unsigned char *keys, + int rounds) +{ + for (int i = 0; i < rounds - 1; i++) { + block = vaeseq_u8(block, vld1q_u8(keys + i * 16)); + /* AES mix columns */ + block = vaesmcq_u8(block); + } + + /* AES single round encryption */ + block = vaeseq_u8(block, vld1q_u8(keys + (rounds -1) * 16)); + + /* Final Add (bitwise Xor) */ + block = veorq_u8(block, vld1q_u8(keys + rounds * 16)); + + return block; +} + +static uint8x16_t aesce_decrypt_block(uint8x16_t block, + unsigned char *keys, + int rounds) +{ + + for (int i = 0; i < rounds - 1; i++) { + block = vaesdq_u8(block, vld1q_u8(keys + i * 16)); + /* AES inverse mix columns */ + block = vaesimcq_u8(block); + } + + /* AES single round encryption */ + block = vaesdq_u8(block, vld1q_u8(keys + (rounds - 1) * 16)); + + /* Final Add (bitwise Xor) */ + block = veorq_u8(block, vld1q_u8(keys + rounds * 16)); + + return block; +} + +/* + * AES-ECB block en(de)cryption + */ +int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]) +{ + uint8x16_t block = vld1q_u8(&input[0]); + unsigned char *keys = (unsigned char *) (ctx->buf + ctx->rk_offset); + + if (mode == MBEDTLS_AES_ENCRYPT) { + block = aesce_encrypt_block(block, keys, ctx->nr); + } else { + block = aesce_decrypt_block(block, keys, ctx->nr); + } + vst1q_u8(&output[0], block); + + return 0; +} + /* * Compute decryption round keys from encryption round keys diff --git a/library/aesce.h b/library/aesce.h index d0e02a49d..741519cfe 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -49,6 +49,21 @@ extern "C" { */ int mbedtls_aesce_has_support(void); +/** + * \brief Internal AES-ECB block encryption and decryption + * + * \param ctx AES context + * \param mode MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT + * \param input 16-byte input block + * \param output 16-byte output block + * + * \return 0 on success (cannot fail) + */ +int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, + int mode, + const unsigned char input[16], + unsigned char output[16]); + /** * \brief Internal round key inversion. This function computes From e51eddce38ada83236a2d1f62c4d226ebd925fce Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 11 Jan 2023 14:16:08 +0800 Subject: [PATCH 011/440] disable aesce when ASM not available Change-Id: Icd53a620cc3aed437b0e0e022ca5a36f29caeea1 Signed-off-by: Jerry Yu --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 883d58b6f..a769da2ac 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1972,6 +1972,7 @@ component_build_module_alt () { # aesni.c and padlock.c reference mbedtls_aes_context fields directly. scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_PADLOCK_C + scripts/config.py unset MBEDTLS_AESCE_C # MBEDTLS_ECP_RESTARTABLE is documented as incompatible. scripts/config.py unset MBEDTLS_ECP_RESTARTABLE # You can only have one threading implementation: alt or pthread, not both. @@ -3336,6 +3337,7 @@ component_test_have_int32 () { scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_PADLOCK_C + scripts/config.py unset MBEDTLS_AESCE_C make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' msg "test: gcc, force 32-bit bignum limbs" @@ -3347,6 +3349,7 @@ component_test_have_int64 () { scripts/config.py unset MBEDTLS_HAVE_ASM scripts/config.py unset MBEDTLS_AESNI_C scripts/config.py unset MBEDTLS_PADLOCK_C + scripts/config.py unset MBEDTLS_AESCE_C make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' msg "test: gcc, force 64-bit bignum limbs" From 32f977e82057b7753f4ec883f25eaee203fe233b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 11 Jan 2023 22:48:51 +0800 Subject: [PATCH 012/440] Add arm64 tests on travis ci Due to time limitation of travis, the job is spited into two job Signed-off-by: Jerry Yu --- .travis.yml | 49 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/.travis.yml b/.travis.yml index 54df77606..41bb44cd1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -80,6 +80,55 @@ jobs: - sleep 5 - scripts/windows_msbuild.bat v141 # Visual Studio 2017 + - name: full configuration on arm64 + os: linux + dist: focal + arch: arm64 + addons: + apt: + packages: + - gcc + script: + # See above + - scripts/config.py full + - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT + - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY + - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT + - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY + - make generated_files + - make CFLAGS='-march=armv8-a+crypto -O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all' + - make test + - programs/test/selftest + - tests/scripts/test_psa_constant_names.py + # Modern OpenSSL does not support fixed ECDH or null ciphers. + - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH-' + - tests/scripts/travis-log-failure.sh + - tests/context-info.sh + + - name: full configuration(GnuTLS compat tests) on arm64 + os: linux + dist: focal + arch: arm64 + addons: + apt: + packages: + - clang + - gnutls-bin + script: + # See above + - scripts/config.py full + - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT + - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY + - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT + - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY + - make generated_files + - make CC=clang CFLAGS='-march=armv8-a+crypto -O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all' + # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it. + - tests/compat.sh -p GnuTLS -e 'CAMELLIA' + - tests/scripts/travis-log-failure.sh + - tests/context-info.sh + + after_failure: - tests/scripts/travis-log-failure.sh From e908c57f95d05cac83bb9532ba50a82e925e3df1 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 13 Jan 2023 21:37:11 +0800 Subject: [PATCH 013/440] Disable clang tests Signed-off-by: Jerry Yu --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 41bb44cd1..3b1d70551 100644 --- a/.travis.yml +++ b/.travis.yml @@ -112,7 +112,7 @@ jobs: addons: apt: packages: - - clang + - gcc - gnutls-bin script: # See above @@ -122,7 +122,7 @@ jobs: - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY - make generated_files - - make CC=clang CFLAGS='-march=armv8-a+crypto -O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all' + - make CFLAGS='-march=armv8-a+crypto -O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all' # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it. - tests/compat.sh -p GnuTLS -e 'CAMELLIA' - tests/scripts/travis-log-failure.sh From b3b85ddf4ac738947b088f2f2e50d85637a440fc Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 30 Jan 2023 15:22:12 +0800 Subject: [PATCH 014/440] Disable macro conflict check It cause full configuration test fail Signed-off-by: Jerry Yu --- include/mbedtls/check_config.h | 6 ------ 1 file changed, 6 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 055bfa7aa..ac374d2a4 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -74,12 +74,6 @@ #error "MBEDTLS_AESCE_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_AESCE_C) && \ - (defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \ - defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)) -#error "MBEDTLS_AESCE_C defined, MBEDTLS_SHA512_USE_A64_CRYPTO_* MUST be disabled for known fail." -#endif - #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C) #error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites" #endif From 8c6325cc8eacd5b463ffa16e9e804cde80928282 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 6 Feb 2023 14:29:02 +0800 Subject: [PATCH 015/440] code_style.py: Apply exclusions to the file list This commit rename `--files` options to `--subset` and it means to check a subset of the files known to git. Signed-off-by: Pengyu Lv --- scripts/code_style.py | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/scripts/code_style.py b/scripts/code_style.py index dd8305faf..4a5fb68c1 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -174,22 +174,19 @@ def main() -> int: parser.add_argument('-f', '--fix', action='store_true', help=('modify source files to fix the code style ' '(default: print diff, do not modify files)')) - # --files is almost useless: it only matters if there are no files - # ('code_style.py' without arguments checks all files known to Git, - # 'code_style.py --files' does nothing). In particular, - # 'code_style.py --fix --files ...' is intended as a stable ("porcelain") - # way to restyle a possibly empty set of files. - parser.add_argument('--files', action='store_true', - help='only check the specified files (default with non-option arguments)') + parser.add_argument('--subset', action='store_true', + help=('check a subset of the files known to git ' + '(default: empty FILE means full set)')) parser.add_argument('operands', nargs='*', metavar='FILE', - help='files to check (if none: check files that are known to git)') + help='files to check') args = parser.parse_args() - if args.files or args.operands: - src_files = args.operands - else: - src_files = get_src_files() + all_src_files = get_src_files() + src_files = args.operands if args.operands else all_src_files + if args.subset: + # We are to check a subset of the default list + src_files = [f for f in args.operands if f in all_src_files] if args.fix: # Fix mode From acbeb7fa303338d1dadce9b3add3c6470b9a5bb1 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 6 Feb 2023 14:27:30 +0800 Subject: [PATCH 016/440] code_style.py: Add helpers to print warning and skipped files Signed-off-by: Pengyu Lv --- scripts/code_style.py | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/scripts/code_style.py b/scripts/code_style.py index 4a5fb68c1..61b1ab0e6 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -33,6 +33,17 @@ CHECK_GENERATED_FILES = "tests/scripts/check-generated-files.sh" def print_err(*args): print("Error: ", *args, file=sys.stderr) +def print_warn(*args): + print("Warn:", *args, file=sys.stderr) + +# Print the file names that will be skipped and the help message +def print_skip(files_to_skip): + print() + print(*files_to_skip, sep=", SKIP\n", end=", SKIP\n") + print_warn("The listed files will be skipped because\n" + "they are not included in the default list.") + print() + # Match FILENAME(s) in "check SCRIPT (FILENAME...)" CHECK_CALL_RE = re.compile(r"\n\s*check\s+[^\s#$&*?;|]+([^\n#$&*?;|]+)", re.ASCII) @@ -187,6 +198,9 @@ def main() -> int: if args.subset: # We are to check a subset of the default list src_files = [f for f in args.operands if f in all_src_files] + skip_src_files = [f for f in args.operands if f not in src_files] + if skip_src_files: + print_skip(skip_src_files) if args.fix: # Fix mode From 837e9cfc77009df92354b9020d3716422e2ef938 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 8 Feb 2023 10:57:23 +0800 Subject: [PATCH 017/440] fix wrong typo Signed-off-by: Jerry Yu --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 3b1d70551..a97a3c2ef 100644 --- a/.travis.yml +++ b/.travis.yml @@ -101,7 +101,7 @@ jobs: - programs/test/selftest - tests/scripts/test_psa_constant_names.py # Modern OpenSSL does not support fixed ECDH or null ciphers. - - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH-' + - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH_' - tests/scripts/travis-log-failure.sh - tests/context-info.sh From b4a87b07f8e2791eb368bb79fb9ae8c32c7cb82e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 4 Oct 2022 22:54:26 +0200 Subject: [PATCH 018/440] Don't use pk_write in ecdsa_verify_wrap with USE_PSA_CRYPTO Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_verify_wrap() was calling mbedtls_pk_write_pubkey() to write a public key in the form of a subjectPublicKey, only to then extract the part that represents the EC point which psa_import_key() actually wants. Instead, call an ecp function to directly get the public key in the desired format (just the point). This slightly reduces the code size and stack usage, and removes a dependency on pk_write. Signed-off-by: Gilles Peskine --- library/pk_wrap.c | 35 +++++++++++++++++------------------ 1 file changed, 17 insertions(+), 18 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index fa296e824..0f0ae5b2b 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -691,11 +691,13 @@ static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; - mbedtls_pk_context key; - int key_len; - unsigned char buf[MBEDTLS_PK_ECP_PUB_DER_MAX_BYTES]; + size_t key_len; + /* This buffer contains first the public key (consisting of two public + * points plus a header byte), then the signature (consisting of two + * public points). Size it for the public key which is one byte larger. */ + unsigned char buf[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( + PSA_VENDOR_ECC_MAX_CURVE_BITS )]; unsigned char *p; - mbedtls_pk_info_t pk_info = mbedtls_eckey_info; psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY; size_t curve_bits; psa_ecc_family_t curve = @@ -707,25 +709,22 @@ static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - /* mbedtls_pk_write_pubkey() expects a full PK context; - * re-construct one to make it happy */ - key.pk_info = &pk_info; - key.pk_ctx = ctx; - p = buf + sizeof(buf); - key_len = mbedtls_pk_write_pubkey(&p, buf, &key); - if (key_len <= 0) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) ); + psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); + psa_set_key_algorithm( &attributes, psa_sig_md ); + + ret = mbedtls_ecp_point_write_binary(&ctx->grp, &ctx->Q, + MBEDTLS_ECP_PF_UNCOMPRESSED, + &key_len, buf, sizeof(buf)); + if (ret != 0) { + goto cleanup; } - psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); - psa_set_key_algorithm(&attributes, psa_sig_md); - status = psa_import_key(&attributes, - buf + sizeof(buf) - key_len, key_len, + buf, key_len, &key_id); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa(status); + ret = mbedtls_pk_error_from_psa( status ); goto cleanup; } From 13caa94746354ecd0b8fe8ba1529916aed0d599e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 4 Oct 2022 22:59:26 +0200 Subject: [PATCH 019/440] Don't use pk_write in ecdsa_sign_wrap with USE_PSA_CRYPTO Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_sign_wrap() was calling mbedtls_pk_write_key_der() to write a private key in SEC1 format, only to then extract the part that represents the private value which is what psa_import_key() actually wants. Instead, call an mpi function to directly get the private key in the desired format. This slightly reduces the code size and stack usage, and removes a dependency on pk_write. Signed-off-by: Gilles Peskine --- library/pk_wrap.c | 82 +++++++---------------------------------------- 1 file changed, 11 insertions(+), 71 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 0f0ae5b2b..464634db2 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -869,54 +869,6 @@ static int pk_ecdsa_sig_asn1_from_psa(unsigned char *sig, size_t *sig_len, return 0; } -/* Locate an ECDSA privateKey in a RFC 5915, or SEC1 Appendix C.4 ASN.1 buffer - * - * [in/out] buf: ASN.1 buffer start as input - ECDSA privateKey start as output - * [in] end: ASN.1 buffer end - * [out] key_len: the ECDSA privateKey length in bytes - */ -static int find_ecdsa_private_key(unsigned char **buf, unsigned char *end, - size_t *key_len) -{ - size_t len; - int ret; - - /* - * RFC 5915, or SEC1 Appendix C.4 - * - * ECPrivateKey ::= SEQUENCE { - * version INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1), - * privateKey OCTET STRING, - * parameters [0] ECParameters {{ NamedCurve }} OPTIONAL, - * publicKey [1] BIT STRING OPTIONAL - * } - */ - - if ((ret = mbedtls_asn1_get_tag(buf, end, &len, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)) != 0) { - return ret; - } - - /* version */ - if ((ret = mbedtls_asn1_get_tag(buf, end, &len, - MBEDTLS_ASN1_INTEGER)) != 0) { - return ret; - } - - *buf += len; - - /* privateKey */ - if ((ret = mbedtls_asn1_get_tag(buf, end, &len, - MBEDTLS_ASN1_OCTET_STRING)) != 0) { - return ret; - } - - *key_len = len; - - return 0; -} - static int ecdsa_sign_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, unsigned char *sig, size_t sig_size, size_t *sig_len, @@ -927,19 +879,14 @@ static int ecdsa_sign_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; - mbedtls_pk_context key; - size_t key_len; - unsigned char buf[MBEDTLS_PK_ECP_PRV_DER_MAX_BYTES]; - unsigned char *p; - psa_algorithm_t psa_hash = mbedtls_hash_info_psa_from_md(md_alg); -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) - psa_algorithm_t psa_sig_md = PSA_ALG_DETERMINISTIC_ECDSA(psa_hash); -#else - psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA(psa_hash); -#endif + unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE( + PSA_VENDOR_ECC_MAX_CURVE_BITS )]; + psa_algorithm_t psa_sig_md = + PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) ); size_t curve_bits; psa_ecc_family_t curve = - mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits); + mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits ); + size_t key_len = PSA_BITS_TO_BYTES(curve_bits); /* PSA has its own RNG */ ((void) f_rng); @@ -949,18 +896,11 @@ static int ecdsa_sign_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - /* mbedtls_pk_write_key_der() expects a full PK context; - * re-construct one to make it happy */ - key.pk_info = &mbedtls_eckey_info; - key.pk_ctx = ctx; - key_len = mbedtls_pk_write_key_der(&key, buf, sizeof(buf)); - if (key_len <= 0) { - return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + if (key_len > sizeof(buf)) { + return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); } - - p = buf + sizeof(buf) - key_len; - ret = find_ecdsa_private_key(&p, buf + sizeof(buf), &key_len); - if (ret != 0) { + ret = mbedtls_mpi_write_binary(&ctx->d, buf, key_len); + if( ret != 0 ) { goto cleanup; } @@ -969,7 +909,7 @@ static int ecdsa_sign_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, psa_set_key_algorithm(&attributes, psa_sig_md); status = psa_import_key(&attributes, - p, key_len, + buf, key_len, &key_id); if (status != PSA_SUCCESS) { ret = mbedtls_pk_error_from_psa(status); From bbccdd485c808d77b7cc11356832d547bbd0db2b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 4 Oct 2022 23:00:42 +0200 Subject: [PATCH 020/440] pk no longer needs pk_write for ECDSA with MBEDTLS_USE_PSA_CRYPTO The dependency is still useful for RSA, for which PSA encodes keys with an ASN.1 structure. Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 18 +++--------------- 1 file changed, 3 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index bbfd5d48d..6cf1176de 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -82,21 +82,9 @@ /* The PK wrappers need pk_write functions to format RSA key objects * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO, - * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). - * PSA crypto also needs pk_write to export RSA keys (otherwise the build - * goes through but psa_export_key() and psa_export_public_key() fail on - * RSA keys), and pk_parse to work with RSA keys in almost any way. - */ -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) -#define MBEDTLS_PK_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PK_PARSE_C -#endif - -/* Under MBEDTLS_USE_PSA_CRYPTO, the pk module needs pk_write functions - * to pass ECC keys to PSA. */ -#if defined(MBEDTLS_PK_C) && \ - defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECP_C) + * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */ +#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_PSA_CRYPTO_C) && \ + defined(MBEDTLS_RSA_C) #define MBEDTLS_PK_WRITE_C #endif From 8a6022e94885ba73e34019b45849718afdbad446 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 4 Oct 2022 23:01:59 +0200 Subject: [PATCH 021/440] Clean up header inclusions in pk_wrap.c To better reflect what the code relies on, limit the headers that are included when MBEDTLS_USE_PSA_CRYPTO is disabled. Also stop including "pkwrite.h" when it is no longer needed. Include "mbedlts/platform_util.h" unconditionally. It was only included for RSA ALT but was also used for MBEDTLS_USE_PSA_CRYPTO (the code worked because other headers include "mbedtls/platform_util.h"). Signed-off-by: Gilles Peskine --- library/pk_wrap.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 464634db2..ab19a47af 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -19,6 +19,8 @@ #include "common.h" +#include "mbedtls/platform_util.h" + #if defined(MBEDTLS_PK_C) #include "pk_wrap.h" #include "mbedtls/error.h" @@ -26,39 +28,34 @@ /* Even if RSA not activated, for the sake of RSA-alt */ #include "mbedtls/rsa.h" -#include - #if defined(MBEDTLS_ECP_C) #include "mbedtls/ecp.h" #endif -#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECP_C) -#include "pkwrite.h" -#endif - #if defined(MBEDTLS_ECDSA_C) #include "mbedtls/ecdsa.h" #endif -#if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "mbedtls/asn1write.h" -#endif - -#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) -#include "mbedtls/platform_util.h" +#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PSA_CRYPTO_C) +#include "pkwrite.h" #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#include "mbedtls/asn1.h" #include "hash_info.h" + +#if defined(MBEDTLS_ECDSA_C) +#include "mbedtls/asn1write.h" +#include "mbedtls/asn1.h" #endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ #include "mbedtls/platform.h" #include #include +#include #if defined(MBEDTLS_PSA_CRYPTO_C) int mbedtls_pk_error_from_psa(psa_status_t status) From be9e2a1634ce4798d6ba36316ed2cd4ebc5acd7b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 6 Oct 2022 17:37:07 +0200 Subject: [PATCH 022/440] The pk_psa_sign test function needs pk_write Signed-off-by: Gilles Peskine --- tests/suites/test_suite_pk.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index d8a8f863e..9ec354eed 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1182,7 +1182,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO */ +/* BEGIN_CASE depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PK_WRITE_C */ void pk_psa_sign(int parameter_arg, int psa_type_arg, int expected_bits_arg) { From 5bc52248eff9a7833c0b256b1b82409eee2fbff2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 30 Jan 2023 15:48:28 +0100 Subject: [PATCH 023/440] pk_wrap: fix for DETERMINISTIC_ECDSA case in ecdsa_sign_wrap() Signed-off-by: Valerio Setti --- library/pk_wrap.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index ab19a47af..525f6bc90 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -878,8 +878,13 @@ static int ecdsa_sign_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, psa_status_t status; unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE( PSA_VENDOR_ECC_MAX_CURVE_BITS )]; +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + psa_algorithm_t psa_sig_md = + PSA_ALG_DETERMINISTIC_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) ); +#else psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) ); +#endif size_t curve_bits; psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits ); From 1337a4f334854f9482b80244b4a90f7df7694773 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 30 Jan 2023 15:54:55 +0100 Subject: [PATCH 024/440] pk_wrap: use specific lengths for EC's private key and key-pair Signed-off-by: Valerio Setti --- include/mbedtls/psa_util.h | 3 +++ library/pk_wrap.c | 6 ++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index dc74ac60c..f6070dcba 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -257,6 +257,9 @@ static inline int mbedtls_psa_get_ecc_oid_from_id( #define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH \ PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) +#define MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH \ + PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) + /* Expose whatever RNG the PSA subsystem uses to applications using the * mbedtls_xxx API. The declarations and definitions here need to be * consistent with the implementation in library/psa_crypto_random_impl.h. diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 525f6bc90..6fba6e9b2 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -692,8 +692,7 @@ static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, /* This buffer contains first the public key (consisting of two public * points plus a header byte), then the signature (consisting of two * public points). Size it for the public key which is one byte larger. */ - unsigned char buf[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE( - PSA_VENDOR_ECC_MAX_CURVE_BITS )]; + unsigned char buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; unsigned char *p; psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY; size_t curve_bits; @@ -876,8 +875,7 @@ static int ecdsa_sign_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; - unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE( - PSA_VENDOR_ECC_MAX_CURVE_BITS )]; + unsigned char buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; #if defined(MBEDTLS_ECDSA_DETERMINISTIC) psa_algorithm_t psa_sig_md = PSA_ALG_DETERMINISTIC_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) ); From d0b83e1fc7e08fe7633f52b1b59771b8e53806fe Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 31 Jan 2023 10:16:23 +0100 Subject: [PATCH 025/440] build_info: fix PK's requirements for RSA_C Signed-off-by: Valerio Setti --- include/mbedtls/build_info.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 6cf1176de..b10b1ad4e 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -83,9 +83,10 @@ /* The PK wrappers need pk_write functions to format RSA key objects * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO, * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */ -#if defined(MBEDTLS_PK_C) && defined(MBEDTLS_PSA_CRYPTO_C) && \ - defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) +#define MBEDTLS_PK_C #define MBEDTLS_PK_WRITE_C +#define MBEDTLS_PK_PARSE_C #endif #if !defined(MBEDTLS_SSL_PROTO_TLS1_2) From b761b15f060dc6ec0c43b20c9d67ae2d58a03c3c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 31 Jan 2023 14:56:04 +0100 Subject: [PATCH 026/440] fix code style Signed-off-by: Valerio Setti --- library/pk_wrap.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 6fba6e9b2..2a71bd852 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -705,9 +705,9 @@ static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, return MBEDTLS_ERR_PK_BAD_INPUT_DATA; } - psa_set_key_type( &attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ) ); - psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_VERIFY_HASH ); - psa_set_key_algorithm( &attributes, psa_sig_md ); + psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve)); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&attributes, psa_sig_md); ret = mbedtls_ecp_point_write_binary(&ctx->grp, &ctx->Q, MBEDTLS_ECP_PF_UNCOMPRESSED, @@ -720,7 +720,7 @@ static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, buf, key_len, &key_id); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa( status ); + ret = mbedtls_pk_error_from_psa(status); goto cleanup; } @@ -878,14 +878,14 @@ static int ecdsa_sign_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, unsigned char buf[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH]; #if defined(MBEDTLS_ECDSA_DETERMINISTIC) psa_algorithm_t psa_sig_md = - PSA_ALG_DETERMINISTIC_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) ); + PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); #else psa_algorithm_t psa_sig_md = - PSA_ALG_ECDSA( mbedtls_hash_info_psa_from_md( md_alg ) ); + PSA_ALG_ECDSA(mbedtls_hash_info_psa_from_md(md_alg)); #endif size_t curve_bits; psa_ecc_family_t curve = - mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits ); + mbedtls_ecc_group_to_psa(ctx->grp.id, &curve_bits); size_t key_len = PSA_BITS_TO_BYTES(curve_bits); /* PSA has its own RNG */ @@ -897,10 +897,10 @@ static int ecdsa_sign_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, } if (key_len > sizeof(buf)) { - return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED ); + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } ret = mbedtls_mpi_write_binary(&ctx->d, buf, key_len); - if( ret != 0 ) { + if (ret != 0) { goto cleanup; } From 5c032b5e1bd3b072bc4d54be2f3db1f95eb5a78b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 2 Feb 2023 15:10:32 +0100 Subject: [PATCH 027/440] pk_wrap: fix comment in ecdsa_verify_wrap Signed-off-by: Valerio Setti --- library/pk_wrap.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 2a71bd852..7f266d23d 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -689,9 +689,11 @@ static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t status; size_t key_len; - /* This buffer contains first the public key (consisting of two public - * points plus a header byte), then the signature (consisting of two - * public points). Size it for the public key which is one byte larger. */ + /* This buffer will initially contain the public key and then the signature + * but at different points in time. For all curves except secp224k1, which + * is not currently supported in PSA, the public key is one byte longer + * (header byte + 2 numbers, while the signature is only 2 numbers), + * so use that as the buffer size. */ unsigned char buf[MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH]; unsigned char *p; psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY; From a1e3e3a28fe404c2e166f6095844d75718b1800f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 2 Feb 2023 15:21:48 +0100 Subject: [PATCH 028/440] test: pk: keep PK_WRITE_C only in RSA tests Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.data | 2 +- tests/suites/test_suite_pk.function | 41 ++++++++++++++++++++++++++--- 2 files changed, 39 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 531a2f1e0..01d8d2dc0 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -618,7 +618,7 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512 PSA wrapped sign: RSA PKCS1 v1.5 -depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME +depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_GENPRIME:MBEDTLS_PK_WRITE_C pk_psa_sign:1024:PSA_KEY_TYPE_RSA_KEY_PAIR:1024 PK Sign ext:RSA2048,PK_RSA,MD_SHA256 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 9ec354eed..f124c9a5f 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1182,7 +1182,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PK_WRITE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO */ void pk_psa_sign(int parameter_arg, int psa_type_arg, int expected_bits_arg) { @@ -1242,12 +1242,22 @@ void pk_psa_sign(int parameter_arg, } /* Export underlying public key for re-importing in a legacy context. */ +#if defined(MBEDTLS_PK_WRITE_C) ret = mbedtls_pk_write_pubkey_der(&pk, pkey_legacy, sizeof(pkey_legacy)); TEST_ASSERT(ret >= 0); klen_legacy = (size_t) ret; /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ pkey_legacy_start = pkey_legacy + sizeof(pkey_legacy) - klen_legacy; +#else + ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec(pk)->grp), + &(mbedtls_pk_ec(pk)->Q), + MBEDTLS_ECP_PF_UNCOMPRESSED, + &klen_legacy, pkey_legacy, + sizeof(pkey_legacy)); + TEST_EQUAL(ret, 0); + pkey_legacy_start = pkey_legacy; +#endif /* MBEDTLS_PK_WRITE_C */ /* Turn PK context into an opaque one. */ TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&pk, &key_id, alg_psa, @@ -1268,12 +1278,21 @@ void pk_psa_sign(int parameter_arg, NULL, NULL) == 0); /* Export underlying public key for re-importing in a psa context. */ +#if defined(MBEDTLS_PK_WRITE_C) ret = mbedtls_pk_write_pubkey_der(&pk, pkey_psa, sizeof(pkey_psa)); TEST_ASSERT(ret >= 0); klen_psa = (size_t) ret; /* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */ pkey_psa_start = pkey_psa + sizeof(pkey_psa) - klen_psa; +#else + psa_status_t status; + + status = psa_export_public_key(key_id, pkey_psa, sizeof(pkey_psa), + &klen_psa); + TEST_EQUAL(status, PSA_SUCCESS); + pkey_psa_start = pkey_psa; +#endif /* MBEDTLS_PK_WRITE_C */ TEST_ASSERT(klen_psa == klen_legacy); TEST_ASSERT(memcmp(pkey_psa_start, pkey_legacy_start, klen_psa) == 0); @@ -1282,8 +1301,24 @@ void pk_psa_sign(int parameter_arg, TEST_ASSERT(PSA_SUCCESS == psa_destroy_key(key_id)); mbedtls_pk_init(&pk); - TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, pkey_legacy_start, - klen_legacy) == 0); + + /* If we used "pk_write" previously, then we go for a "pk_parse" here; + * otherwise if we went for "ecp_point_write_binary" then we'll go + * for a "ecp_point_read_binary" here. This allows to drop dependencies + * on "PK_WRITE" and "PK_PARSE" if required */ +#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PK_PARSE_C) + TEST_EQUAL(mbedtls_pk_parse_public_key(&pk, pkey_legacy_start, + klen_legacy), 0); +#else + TEST_EQUAL(mbedtls_pk_setup(&pk, + mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0); + TEST_EQUAL(mbedtls_ecp_group_load( + &(mbedtls_pk_ec(pk)->grp), + (mbedtls_ecp_group_id) parameter_arg), 0); + TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec(pk)->grp) , + &(mbedtls_pk_ec(pk)->Q), + pkey_legacy_start, klen_legacy), 0); +#endif TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, sizeof(hash), sig, sig_len) == 0); From 683a432a7f99f88a93e52efd47a661ca3f92a0b9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Feb 2023 09:52:40 +0100 Subject: [PATCH 029/440] fix code style Signed-off-by: Valerio Setti --- tests/suites/test_suite_pk.function | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index f124c9a5f..c252cc664 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1251,10 +1251,10 @@ void pk_psa_sign(int parameter_arg, pkey_legacy_start = pkey_legacy + sizeof(pkey_legacy) - klen_legacy; #else ret = mbedtls_ecp_point_write_binary(&(mbedtls_pk_ec(pk)->grp), - &(mbedtls_pk_ec(pk)->Q), - MBEDTLS_ECP_PF_UNCOMPRESSED, - &klen_legacy, pkey_legacy, - sizeof(pkey_legacy)); + &(mbedtls_pk_ec(pk)->Q), + MBEDTLS_ECP_PF_UNCOMPRESSED, + &klen_legacy, pkey_legacy, + sizeof(pkey_legacy)); TEST_EQUAL(ret, 0); pkey_legacy_start = pkey_legacy; #endif /* MBEDTLS_PK_WRITE_C */ @@ -1289,7 +1289,7 @@ void pk_psa_sign(int parameter_arg, psa_status_t status; status = psa_export_public_key(key_id, pkey_psa, sizeof(pkey_psa), - &klen_psa); + &klen_psa); TEST_EQUAL(status, PSA_SUCCESS); pkey_psa_start = pkey_psa; #endif /* MBEDTLS_PK_WRITE_C */ @@ -1308,16 +1308,16 @@ void pk_psa_sign(int parameter_arg, * on "PK_WRITE" and "PK_PARSE" if required */ #if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_PK_PARSE_C) TEST_EQUAL(mbedtls_pk_parse_public_key(&pk, pkey_legacy_start, - klen_legacy), 0); + klen_legacy), 0); #else TEST_EQUAL(mbedtls_pk_setup(&pk, - mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0); + mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)), 0); TEST_EQUAL(mbedtls_ecp_group_load( - &(mbedtls_pk_ec(pk)->grp), - (mbedtls_ecp_group_id) parameter_arg), 0); - TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec(pk)->grp) , - &(mbedtls_pk_ec(pk)->Q), - pkey_legacy_start, klen_legacy), 0); + &(mbedtls_pk_ec(pk)->grp), + (mbedtls_ecp_group_id) parameter_arg), 0); + TEST_EQUAL(mbedtls_ecp_point_read_binary(&(mbedtls_pk_ec(pk)->grp), + &(mbedtls_pk_ec(pk)->Q), + pkey_legacy_start, klen_legacy), 0); #endif TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, sizeof(hash), sig, sig_len) == 0); From 80d0798ae89316bb78e8fa41934c455d5a781c9d Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Feb 2023 13:49:17 +0100 Subject: [PATCH 030/440] pk_wrap: use new macros for ECDSA capabilities Signed-off-by: Valerio Setti --- library/pk_wrap.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 7f266d23d..378c36833 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -45,7 +45,7 @@ #include "mbedtls/psa_util.h" #include "hash_info.h" -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) #include "mbedtls/asn1write.h" #include "mbedtls/asn1.h" #endif @@ -950,8 +950,7 @@ static int ecdsa_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, #endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ -#if defined(MBEDTLS_ECDSA_C) -#if defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE) /* Forward declarations */ static int ecdsa_verify_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, const unsigned char *hash, size_t hash_len, @@ -1057,8 +1056,7 @@ static int eckey_sign_rs_wrap(void *ctx, mbedtls_md_type_t md_alg, cleanup: return ret; } -#endif /* MBEDTLS_ECP_RESTARTABLE */ -#endif /* MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */ static int eckey_check_pair(const void *pub, const void *prv, int (*f_rng)(void *, unsigned char *, size_t), From a4e1eece3d097667f7ed132c679e400927d7c2a3 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 10 Feb 2023 10:55:29 +0800 Subject: [PATCH 031/440] print skipped file names to stdout Signed-off-by: Pengyu Lv --- scripts/code_style.py | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/scripts/code_style.py b/scripts/code_style.py index 61b1ab0e6..85008bec1 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -33,15 +33,12 @@ CHECK_GENERATED_FILES = "tests/scripts/check-generated-files.sh" def print_err(*args): print("Error: ", *args, file=sys.stderr) -def print_warn(*args): - print("Warn:", *args, file=sys.stderr) - # Print the file names that will be skipped and the help message def print_skip(files_to_skip): print() print(*files_to_skip, sep=", SKIP\n", end=", SKIP\n") - print_warn("The listed files will be skipped because\n" - "they are not included in the default list.") + print("Warn: The listed files will be skipped because\n" + "they are not included in the default list.") print() # Match FILENAME(s) in "check SCRIPT (FILENAME...)" From b10cf0dd3980a435a8f1d424fd24260748aadcad Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Fri, 10 Feb 2023 11:06:36 +0800 Subject: [PATCH 032/440] adjust help message Signed-off-by: Pengyu Lv --- scripts/code_style.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/code_style.py b/scripts/code_style.py index 85008bec1..65c9cccfb 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -184,9 +184,10 @@ def main() -> int: '(default: print diff, do not modify files)')) parser.add_argument('--subset', action='store_true', help=('check a subset of the files known to git ' - '(default: empty FILE means full set)')) + '(default: check all files passed as arguments, ' + 'known to git or not)')) parser.add_argument('operands', nargs='*', metavar='FILE', - help='files to check') + help='files to check (if none: check files that are known to git)') args = parser.parse_args() From 512818b1d2173e0ea906316075a6e01fd1654fac Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Sun, 27 Nov 2022 22:48:55 -0500 Subject: [PATCH 033/440] pkcs7: check that content lengths fill whole buffer Otherwise invalid data could be accepted. Signed-off-by: Demi Marie Obenour Signed-off-by: Dave Rodgman --- library/pkcs7.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/pkcs7.c b/library/pkcs7.c index 4fdbe3628..ec5d569aa 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -58,6 +58,9 @@ static int pkcs7_get_next_content_len(unsigned char **p, unsigned char *end, | MBEDTLS_ASN1_CONTEXT_SPECIFIC); if (ret != 0) { ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); + } else if ((size_t) (end - *p) != *len) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } return ret; From aaf3c0028d33262c2707f84ba228d0080eae7396 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Mon, 28 Nov 2022 00:20:42 -0500 Subject: [PATCH 034/440] pkcs7: do not store content type OID Since only one content type (signed data) is supported, storing the content type just wastes memory. Signed-off-by: Demi Marie Obenour --- include/mbedtls/pkcs7.h | 1 - library/pkcs7.c | 55 +++++++++++++++++++++-------------------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index 5ddd5a3d7..f354db629 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -165,7 +165,6 @@ mbedtls_pkcs7_signed_data; */ typedef struct mbedtls_pkcs7 { mbedtls_pkcs7_buf MBEDTLS_PRIVATE(raw); - mbedtls_pkcs7_buf MBEDTLS_PRIVATE(content_type_oid); mbedtls_pkcs7_signed_data MBEDTLS_PRIVATE(signed_data); } mbedtls_pkcs7; diff --git a/library/pkcs7.c b/library/pkcs7.c index ec5d569aa..398c0c826 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -556,7 +556,6 @@ int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf, unsigned char *end, *end_content_info; size_t len = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - int isoidset = 0; if (pkcs7 == NULL) { return MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; @@ -572,34 +571,42 @@ int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf, pkcs7->raw.len = buflen; end = p + buflen; - ret = pkcs7_get_content_info_type(&p, end, &end_content_info, - &pkcs7->content_type_oid); + ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_SEQUENCE); if (ret != 0) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); + goto out; + } + + if ((size_t) (end - p) != len) { + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + goto out; + } + + if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OID)) != 0) { + if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + goto out; + } + p = pkcs7->raw.p; len = buflen; goto try_data; } - /* Ensure PKCS7 data uses the exact number of bytes specified in buflen */ - if (end_content_info != end) { - ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; + if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_SIGNED_DATA, p, len)) { + if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_DATA, p, len) + || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, p, len) + || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_ENVELOPED_DATA, p, len) + || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, p, len) + || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_DIGESTED_DATA, p, len)) { + ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; + } else { + ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; + } goto out; } - if (!MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DATA, &pkcs7->content_type_oid) - || !MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_ENVELOPED_DATA, &pkcs7->content_type_oid) - || !MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, &pkcs7->content_type_oid) - || !MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DIGESTED_DATA, &pkcs7->content_type_oid) - || !MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, &pkcs7->content_type_oid)) { - ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; - goto out; - } - - if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_SIGNED_DATA, &pkcs7->content_type_oid)) { - ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; - goto out; - } - - isoidset = 1; + p += len; ret = pkcs7_get_next_content_len(&p, end, &len); if (ret != 0) { @@ -618,12 +625,6 @@ try_data: goto out; } - if (!isoidset) { - pkcs7->content_type_oid.tag = MBEDTLS_ASN1_OID; - pkcs7->content_type_oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKCS7_SIGNED_DATA); - pkcs7->content_type_oid.p = (unsigned char *) MBEDTLS_OID_PKCS7_SIGNED_DATA; - } - ret = MBEDTLS_PKCS7_SIGNED_DATA; out: From 4ec835579509200b77864cec72a5f7324bfa491d Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Mon, 28 Nov 2022 00:23:00 -0500 Subject: [PATCH 035/440] Check for junk after SignedData There must not be any. Signed-off-by: Demi Marie Obenour --- library/pkcs7.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 398c0c826..5d470dc15 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -457,7 +457,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, { unsigned char *p = buf; unsigned char *end = buf + buflen; - unsigned char *end_set, *end_content_info; + unsigned char *end_content_info; size_t len = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; @@ -468,16 +468,19 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); } - end_set = p + len; + if (p + len != end) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); + } /* Get version of signed data */ - ret = pkcs7_get_version(&p, end_set, &signed_data->version); + ret = pkcs7_get_version(&p, end, &signed_data->version); if (ret != 0) { return ret; } /* Get digest algorithm */ - ret = pkcs7_get_digest_algorithm_set(&p, end_set, + ret = pkcs7_get_digest_algorithm_set(&p, end, &signed_data->digest_alg_identifiers); if (ret != 0) { return ret; @@ -518,7 +521,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, /* Look for certificates, there may or may not be any */ mbedtls_x509_crt_init(&signed_data->certs); - ret = pkcs7_get_certificates(&p, end_set, &signed_data->certs); + ret = pkcs7_get_certificates(&p, end, &signed_data->certs); if (ret < 0) { return ret; } @@ -534,7 +537,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, signed_data->no_of_crls = 0; /* Get signers info */ - ret = pkcs7_get_signers_info_set(&p, end_set, &signed_data->signers); + ret = pkcs7_get_signers_info_set(&p, end, &signed_data->signers); if (ret < 0) { return ret; } @@ -553,7 +556,7 @@ int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf, const size_t buflen) { unsigned char *p; - unsigned char *end, *end_content_info; + unsigned char *end; size_t len = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From 55d9df25ef63c8a6e5ad7d9bdfd47f38b7fa303c Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Mon, 28 Nov 2022 00:29:32 -0500 Subject: [PATCH 036/440] Simple cleanup No change in behavior. Signed-off-by: Demi Marie Obenour --- library/pkcs7.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 5d470dc15..39d9f8f20 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -216,12 +216,11 @@ static int pkcs7_get_certificates(unsigned char **p, unsigned char *end, return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; } - *p = start; - if ((ret = mbedtls_x509_crt_parse_der(certs, *p, len1)) < 0) { + if ((ret = mbedtls_x509_crt_parse_der(certs, start, len1)) < 0) { return MBEDTLS_ERR_PKCS7_INVALID_CERT; } - *p = *p + len1; + *p = end_cert; /* * Since in this version we strictly support single certificate, and reaching From e373a254c42b661f50794250634a90554c3b95c0 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Tue, 13 Dec 2022 23:50:03 -0500 Subject: [PATCH 037/440] pkcs7: do not store content type OIDs They will always be constant. Signed-off-by: Demi Marie Obenour --- include/mbedtls/pkcs7.h | 1 - library/pkcs7.c | 12 +++++------- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index f354db629..fb24604d0 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -139,7 +139,6 @@ mbedtls_pkcs7_signer_info; * Structure holding attached data as part of PKCS7 signed data format */ typedef struct mbedtls_pkcs7_data { - mbedtls_pkcs7_buf MBEDTLS_PRIVATE(oid); mbedtls_pkcs7_buf MBEDTLS_PRIVATE(data); } mbedtls_pkcs7_data; diff --git a/library/pkcs7.c b/library/pkcs7.c index 39d9f8f20..9ef76089a 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -490,12 +490,14 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, return MBEDTLS_ERR_PKCS7_INVALID_ALG; } - /* Do not expect any content */ - ret = pkcs7_get_content_info_type(&p, end_set, &end_content_info, - &signed_data->content.oid); + mbedtls_pkcs7_buf content_type; + ret = pkcs7_get_content_info_type(&p, end, &end_content_info, &content_type); if (ret != 0) { return ret; } + if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DATA, &content_type)) { + return MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO; + } if (p != end_content_info) { /* Determine if valid content is present */ @@ -514,10 +516,6 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, return MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; } - if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS7_DATA, &signed_data->content.oid)) { - return MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO; - } - /* Look for certificates, there may or may not be any */ mbedtls_x509_crt_init(&signed_data->certs); ret = pkcs7_get_certificates(&p, end, &signed_data->certs); From 6cfc4692961ba808d801ab2ffbf6e076523ccac0 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Mon, 28 Nov 2022 00:46:00 -0500 Subject: [PATCH 038/440] pkcs7: reject signatures with internal data A CMS signature can have internal data, but mbedTLS does not support verifying such signatures. Reject them during parsing. Signed-off-by: Demi Marie Obenour Signed-off-by: Dave Rodgman --- include/mbedtls/pkcs7.h | 31 ++++++++++++------------------- library/pkcs7.c | 25 ++++++++++++++++--------- 2 files changed, 28 insertions(+), 28 deletions(-) diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h index fb24604d0..126eac422 100644 --- a/include/mbedtls/pkcs7.h +++ b/include/mbedtls/pkcs7.h @@ -135,21 +135,12 @@ typedef struct mbedtls_pkcs7_signer_info { } mbedtls_pkcs7_signer_info; -/** - * Structure holding attached data as part of PKCS7 signed data format - */ -typedef struct mbedtls_pkcs7_data { - mbedtls_pkcs7_buf MBEDTLS_PRIVATE(data); -} -mbedtls_pkcs7_data; - /** * Structure holding the signed data section */ typedef struct mbedtls_pkcs7_signed_data { int MBEDTLS_PRIVATE(version); mbedtls_pkcs7_buf MBEDTLS_PRIVATE(digest_alg_identifiers); - struct mbedtls_pkcs7_data MBEDTLS_PRIVATE(content); int MBEDTLS_PRIVATE(no_of_certs); mbedtls_x509_crt MBEDTLS_PRIVATE(certs); int MBEDTLS_PRIVATE(no_of_crls); @@ -176,7 +167,7 @@ mbedtls_pkcs7; void mbedtls_pkcs7_init(mbedtls_pkcs7 *pkcs7); /** - * \brief Parse a single DER formatted pkcs7 content. + * \brief Parse a single DER formatted pkcs7 detached signature. * * \param pkcs7 The pkcs7 structure to be filled by parser for the output. * \param buf The buffer holding only the DER encoded pkcs7. @@ -186,6 +177,7 @@ void mbedtls_pkcs7_init(mbedtls_pkcs7 *pkcs7); * \note This function makes an internal copy of the PKCS7 buffer * \p buf. In particular, \p buf may be destroyed or reused * after this call returns. + * \note Signatures with internal data are not supported. * * \return The \c mbedtls_pkcs7_type of \p buf, if successful. * \return A negative error code on failure. @@ -205,7 +197,8 @@ int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf, * matches. * * This function does not use the certificates held within the - * PKCS7 structure itself. + * PKCS7 structure itself, and does not check that the + * certificate is signed by a trusted certification authority. * * \param pkcs7 PKCS7 structure containing signature. * \param cert Certificate containing key to verify signature. @@ -226,15 +219,15 @@ int mbedtls_pkcs7_signed_data_verify(mbedtls_pkcs7 *pkcs7, * \brief Verification of PKCS7 signature against a caller-supplied * certificate. * - * For each signer in the PKCS structure, this function computes - * a signature over the supplied hash, using the supplied - * certificate and the same digest algorithm as specified by the - * signer. It then compares this signature against the - * signer's signature; verification succeeds if any comparison - * matches. + * For each signer in the PKCS structure, this function + * validates a signature over the supplied hash, using the + * supplied certificate and the same digest algorithm as + * specified by the signer. Verification succeeds if any + * signature is good. * * This function does not use the certificates held within the - * PKCS7 structure itself. + * PKCS7 structure itself, and does not check that the + * certificate is signed by a trusted certification authority. * * \param pkcs7 PKCS7 structure containing signature. * \param cert Certificate containing key to verify signature. @@ -242,7 +235,7 @@ int mbedtls_pkcs7_signed_data_verify(mbedtls_pkcs7 *pkcs7, * \param hashlen Length of the hash. * * \note This function is different from mbedtls_pkcs7_signed_data_verify() - * in a way that it directly receives the hash of the data. + * in that it is directly passed the hash of the data. * * \return 0 if the signature verifies, or a negative error code on failure. */ diff --git a/library/pkcs7.c b/library/pkcs7.c index 9ef76089a..fbe959ef2 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -57,9 +57,9 @@ static int pkcs7_get_next_content_len(unsigned char **p, unsigned char *end, ret = mbedtls_asn1_get_tag(p, end, len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC); if (ret != 0) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, ret); } else if ((size_t) (end - *p) != *len) { - ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, + ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, MBEDTLS_ERR_ASN1_LENGTH_MISMATCH); } @@ -187,13 +187,13 @@ static int pkcs7_get_certificates(unsigned char **p, unsigned char *end, size_t len2 = 0; unsigned char *end_set, *end_cert, *start; - if ((ret = mbedtls_asn1_get_tag(p, end, &len1, MBEDTLS_ASN1_CONSTRUCTED - | MBEDTLS_ASN1_CONTEXT_SPECIFIC)) != 0) { - if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { - return 0; - } else { - return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); - } + ret = mbedtls_asn1_get_tag(p, end, &len1, MBEDTLS_ASN1_CONSTRUCTED + | MBEDTLS_ASN1_CONTEXT_SPECIFIC); + if (ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) { + return 0; + } + if (ret != 0) { + return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_FORMAT, ret); } start = *p; end_set = *p + len1; @@ -716,11 +716,15 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, return ret; } + int mbedtls_pkcs7_signed_data_verify(mbedtls_pkcs7 *pkcs7, const mbedtls_x509_crt *cert, const unsigned char *data, size_t datalen) { + if (data == NULL) { + return MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; + } return mbedtls_pkcs7_data_or_hash_verify(pkcs7, cert, data, datalen, 0); } @@ -729,6 +733,9 @@ int mbedtls_pkcs7_signed_hash_verify(mbedtls_pkcs7 *pkcs7, const unsigned char *hash, size_t hashlen) { + if (hash == NULL) { + return MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; + } return mbedtls_pkcs7_data_or_hash_verify(pkcs7, cert, hash, hashlen, 1); } From 35598adb781c71b93b400bff9fc7f5b7c1e957c7 Mon Sep 17 00:00:00 2001 From: Demi Marie Obenour Date: Wed, 30 Nov 2022 02:06:07 -0500 Subject: [PATCH 039/440] pkcs7: Check that hash algs are in digestAlgorithms Since only a single hash algorithm is currenlty supported, this avoids having to perform hashing more than once. Signed-off-by: Demi Marie Obenour --- library/pkcs7.c | 96 +++++++++++++++++++++++++++---------------------- 1 file changed, 53 insertions(+), 43 deletions(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index fbe959ef2..36e1960e9 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -287,7 +287,8 @@ static void pkcs7_free_signer_info(mbedtls_pkcs7_signer_info *signer) * and unauthenticatedAttributes. **/ static int pkcs7_get_signer_info(unsigned char **p, unsigned char *end, - mbedtls_pkcs7_signer_info *signer) + mbedtls_pkcs7_signer_info *signer, + mbedtls_x509_buf *alg) { unsigned char *end_signer, *end_issuer_and_sn; int asn1_ret = 0, ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -345,8 +346,15 @@ static int pkcs7_get_signer_info(unsigned char **p, unsigned char *end, goto out; } - /* Assume authenticatedAttributes is nonexistent */ + /* Check that the digest algorithm used matches the one provided earlier */ + if (signer->alg_identifier.tag != alg->tag || + signer->alg_identifier.len != alg->len || + memcmp(signer->alg_identifier.p, alg->p, alg->len) != 0) { + ret = MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO; + goto out; + } + /* Asssume authenticatedAttributes is nonexistent */ ret = pkcs7_get_digest_algorithm(p, end_signer, &signer->sig_alg_identifier); if (ret != 0) { goto out; @@ -379,7 +387,8 @@ out: * Return negative error code for failure. **/ static int pkcs7_get_signers_info_set(unsigned char **p, unsigned char *end, - mbedtls_pkcs7_signer_info *signers_set) + mbedtls_pkcs7_signer_info *signers_set, + mbedtls_x509_buf *digest_alg) { unsigned char *end_set; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -399,7 +408,7 @@ static int pkcs7_get_signers_info_set(unsigned char **p, unsigned char *end, end_set = *p + len; - ret = pkcs7_get_signer_info(p, end_set, signers_set); + ret = pkcs7_get_signer_info(p, end_set, signers_set, digest_alg); if (ret != 0) { return ret; } @@ -414,7 +423,7 @@ static int pkcs7_get_signers_info_set(unsigned char **p, unsigned char *end, goto cleanup; } - ret = pkcs7_get_signer_info(p, end_set, signer); + ret = pkcs7_get_signer_info(p, end_set, signer, digest_alg); if (ret != 0) { mbedtls_free(signer); goto cleanup; @@ -534,7 +543,10 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, signed_data->no_of_crls = 0; /* Get signers info */ - ret = pkcs7_get_signers_info_set(&p, end, &signed_data->signers); + ret = pkcs7_get_signers_info_set(&p, + end, + &signed_data->signers, + &signed_data->digest_alg_identifiers); if (ret < 0) { return ret; } @@ -657,6 +669,39 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, return MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID; } + ret = mbedtls_oid_get_md_alg(&pkcs7->signed_data.digest_alg_identifiers, &md_alg); + if (ret != 0) { + return ret; + } + + md_info = mbedtls_md_info_from_type(md_alg); + if (md_info == NULL) { + return MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + } + + hash = mbedtls_calloc(mbedtls_md_get_size(md_info), 1); + if (hash == NULL) { + return MBEDTLS_ERR_PKCS7_ALLOC_FAILED; + } + /* BEGIN must free hash before jumping out */ + + if (is_data_hash) { + if (datalen != mbedtls_md_get_size(md_info)) { + ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + } else { + memcpy(hash, data, datalen); + } + } else { + ret = mbedtls_md(md_info, data, datalen, hash); + } + if (ret != 0) { + mbedtls_free(hash); + return MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + } + + /* assume failure */ + ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; + /* * Potential TODOs * Currently we iterate over all signers and return success if any of them @@ -666,54 +711,19 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, * identification and SignerIdentifier fields first. That would also allow * us to distinguish between 'no signature for key' and 'signature for key * failed to validate'. - * - * We could also cache hashes by md, so if there are several sigs all using - * the same algo we don't recalculate the hash each time. */ for (signer = &pkcs7->signed_data.signers; signer; signer = signer->next) { - ret = mbedtls_oid_get_md_alg(&signer->alg_identifier, &md_alg); - if (ret != 0) { - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - continue; - } - - md_info = mbedtls_md_info_from_type(md_alg); - if (md_info == NULL) { - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - continue; - } - - hash = mbedtls_calloc(mbedtls_md_get_size(md_info), 1); - if (hash == NULL) { - return MBEDTLS_ERR_PKCS7_ALLOC_FAILED; - } - /* BEGIN must free hash before jumping out */ - if (is_data_hash) { - if (datalen != mbedtls_md_get_size(md_info)) { - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - } else { - memcpy(hash, data, datalen); - } - } else { - ret = mbedtls_md(md_info, data, datalen, hash); - } - if (ret != 0) { - ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; - mbedtls_free(hash); - continue; - } - ret = mbedtls_pk_verify(&pk_cxt, md_alg, hash, mbedtls_md_get_size(md_info), signer->sig.p, signer->sig.len); - mbedtls_free(hash); - /* END must free hash before jumping out */ if (ret == 0) { break; } } + mbedtls_free(hash); + /* END must free hash before jumping out */ return ret; } From f691268ee9dc298325ea83e133e8a76cf4c1ddc9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 9 Feb 2023 17:55:41 +0000 Subject: [PATCH 040/440] Add missing initialisers Signed-off-by: Dave Rodgman --- library/pkcs7.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 36e1960e9..60d117528 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -465,7 +465,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, { unsigned char *p = buf; unsigned char *end = buf + buflen; - unsigned char *end_content_info; + unsigned char *end_content_info = NULL; size_t len = 0; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_md_type_t md_alg; @@ -500,6 +500,7 @@ static int pkcs7_get_signed_data(unsigned char *buf, size_t buflen, } mbedtls_pkcs7_buf content_type; + memset(&content_type, 0, sizeof(content_type)); ret = pkcs7_get_content_info_type(&p, end, &end_content_info, &content_type); if (ret != 0) { return ret; From b2783f66b505cc62634ea6a5f92114fb5d90ffab Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 13 Feb 2023 18:03:25 +0800 Subject: [PATCH 041/440] fix typo issue The error message is wrong Signed-off-by: Jerry Yu --- library/aesce.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index e6b675a3d..18322a62a 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -28,14 +28,14 @@ #if defined(__clang__) # if __clang_major__ < 4 -# error "A more recent Clang is required for MBEDTLS_AES_C" +# error "A more recent Clang is required for MBEDTLS_AESCE_C" # endif #elif defined(__GNUC__) # if __GNUC__ < 6 -# error "A more recent GCC is required for MBEDTLS_AES_C" +# error "A more recent GCC is required for MBEDTLS_AESCE_C" # endif #else -# error "Only GCC and Clang supported for MBEDTLS_AES_C" +# error "Only GCC and Clang supported for MBEDTLS_AESCE_C" #endif #if !defined(__ARM_FEATURE_CRYPTO) From e19b51bc533194c7447e47e15d75441450e93408 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 14 Feb 2023 10:29:53 +0800 Subject: [PATCH 042/440] Improve readability Signed-off-by: Pengyu Lv --- scripts/code_style.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/code_style.py b/scripts/code_style.py index 65c9cccfb..eaf1f6b88 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -191,12 +191,12 @@ def main() -> int: args = parser.parse_args() - all_src_files = get_src_files() - src_files = args.operands if args.operands else all_src_files + covered = frozenset(get_src_files()) + src_files = args.operands if args.operands else covered if args.subset: # We are to check a subset of the default list - src_files = [f for f in args.operands if f in all_src_files] - skip_src_files = [f for f in args.operands if f not in src_files] + src_files = [f for f in args.operands if f in covered] + skip_src_files = [f for f in args.operands if f not in covered] if skip_src_files: print_skip(skip_src_files) From c7f700c795b7b17b9694fef5b53dcc58f1bc46f7 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 14 Feb 2023 14:34:15 +0000 Subject: [PATCH 043/440] Fix incorrect printing of OIDs The first 2 components of an OID are combined together into the same subidentifier via the formula: subidentifier = (component1 * 40) + component2 The current code extracts component1 and component2 using division and modulo as one would expect. However, there is a subtlety in the specification[1]: >This packing of the first two object identifier components recognizes >that only three values are allocated from the root node, and at most >39 subsequent values from nodes reached by X = 0 and X = 1. If the root node (component1) is 2, the subsequent node (component2) may be greater than 38. For example, the following are real OIDs: * 2.40.0.25, UPU standard S25 * 2.49.0.0.826.0, Met Office * 2.999, Allocated example OID This has 2 implications that the current parsing code does not take account of: 1. The second component may be > 39, so (subidentifier % 40) is not correct in all circumstances. 2. The first subidentifier (containing the first 2 components) may be more than one byte long. Currently we assume it is just 1 byte. Improve parsing code to deal with these cases correctly. [1] Rec. ITU-T X.690 (02/2021), 8.19.4 Signed-off-by: David Horstmann --- library/oid.c | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/library/oid.c b/library/oid.c index e7c12248a..5668e2aa5 100644 --- a/library/oid.c +++ b/library/oid.c @@ -834,14 +834,39 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, p = buf; n = size; - /* First byte contains first two dots */ - if (oid->len > 0) { - ret = mbedtls_snprintf(p, n, "%d.%d", oid->p[0] / 40, oid->p[0] % 40); - OID_SAFE_SNPRINTF; + /* First subidentifier contains first two OID components */ + i = 0; + value = 0; + while (i < oid->len && ((oid->p[i] & 0x80) != 0)) { + /* Prevent overflow in value. */ + if (((value << 7) >> 7) != value) { + return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + } + + value += oid->p[i] & 0x7F; + value <<= 7; + i++; } + if (i >= oid->len) { + return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + } + /* Last byte of first subidentifier */ + value += oid->p[i] & 0x7F; + i++; + + unsigned int component1 = value / 40; + if (component1 > 2) { + /* The first component can only be 0, 1 or 2. + * If oid->p[0] / 40 is greater than 2, the leftover belongs to + * the second component. */ + component1 = 2; + } + unsigned int component2 = value - (40 * component1); + ret = mbedtls_snprintf(p, n, "%u.%u", component1, component2); + OID_SAFE_SNPRINTF; value = 0; - for (i = 1; i < oid->len; i++) { + for (; i < oid->len; i++) { /* Prevent overflow in value. */ if (((value << 7) >> 7) != value) { return MBEDTLS_ERR_OID_BUF_TOO_SMALL; From 8ea7d85851819d342d23389325413d7d47ac4acc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 14 Feb 2023 19:15:40 +0100 Subject: [PATCH 044/440] Define a workaround for empty \retval description Since Clang 15, `clang -Wdocumentation` warns about an empty description in a Doxygen `\retval` command: ``` include/psa/crypto.h:91:23: error: empty paragraph passed to '\retval' command [-Werror,-Wdocumentation] * \retval #PSA_SUCCESS ~~~~~~~~~~~~~~~~~~~^ ``` Ideally `\retval` directives should have a description that describes the precise meaning of the return value, but we commonly use an empty description when the return value is a status code and the status code's description is sufficient documentation. As a workaround, define a Doxygen command `\emptydescription` that we can use to make the description source code non-empty, without changing the appearance. Using the command will be done in a subsequent commit. Signed-off-by: Gilles Peskine --- doxygen/mbedtls.doxyfile | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 0c744daaa..7e8d19611 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -27,3 +27,15 @@ HAVE_DOT = YES DOT_GRAPH_MAX_NODES = 200 MAX_DOT_GRAPH_DEPTH = 1000 DOT_TRANSPARENT = YES + +# Doxygen accepts empty descriptions for commands such as \retval, +# but clang -Wdocumentation doesn't (since Clang 15, for \retval). +# https://github.com/Mbed-TLS/mbedtls/issues/6960 +# https://github.com/llvm/llvm-project/issues/60315 +# As a workaround, when documenting the status codes that a function can +# return, if you don't have anything to say beyond the status code's +# description, you can write something like +# \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription +# This does not change the documentation generated by Doxygen, but +# it pacifies clang -Wdocumentation. +ALIASES += emptydescription="" From ed73355d2eef315631c2c54772d0546393c81fce Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 14 Feb 2023 19:21:09 +0100 Subject: [PATCH 045/440] Make \retval commands non-empty Pacify Clang >=15 which complained: ``` include/psa/crypto.h:91:23: error: empty paragraph passed to '\retval' command [-Werror,-Wdocumentation] * \retval #PSA_SUCCESS ~~~~~~~~~~~~~~~~~~~^ ``` This commit performs the following systematic replacement: ``` perl -i -0777 -p -e 's/([\\@])(retval +\S+)\n(?! *\*? *([^\n \\*\/]|\\[cp]\b))/$1$2 ${1}emptydescription\n/g' $(git ls-files '*.[hc]' '*.function' '*.jinja') ``` i.e. add an `\emptydescription` argument to `\retval` commands (or `@retval`, which we don't normally used) that are followed by a single word, unless the next line looks like it contains text which would be the description. Signed-off-by: Gilles Peskine --- include/psa/crypto.h | 808 +++++++++--------- include/psa/crypto_compat.h | 14 +- include/psa/crypto_extra.h | 96 +-- include/psa/crypto_se_driver.h | 46 +- library/psa_crypto.c | 12 +- library/psa_crypto_aead.h | 8 +- library/psa_crypto_cipher.h | 46 +- library/psa_crypto_core.h | 86 +- library/psa_crypto_ecp.h | 44 +- library/psa_crypto_hash.h | 26 +- library/psa_crypto_mac.h | 28 +- library/psa_crypto_rsa.h | 70 +- library/psa_crypto_slot_management.h | 18 +- library/psa_crypto_storage.c | 28 +- library/psa_crypto_storage.h | 52 +- .../psa_crypto_driver_wrappers.c.jinja | 6 +- 16 files changed, 694 insertions(+), 694 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2b9b2a27e..d7c914e2f 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -88,16 +88,16 @@ extern "C" { * initialization may have security implications, for example due to improper * seeding of the random number generator. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription */ psa_status_t psa_crypto_init(void); @@ -368,14 +368,14 @@ static size_t psa_get_key_bits(const psa_key_attributes_t *attributes); * On failure, equivalent to a * freshly-initialized structure. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -486,7 +486,7 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key); * identifier defined in \p attributes. * \c 0 on failure. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_INVALID_HANDLE * \p source_key is invalid. * \retval #PSA_ERROR_ALREADY_EXISTS @@ -502,14 +502,14 @@ psa_status_t psa_purge_key(mbedtls_svc_key_id_t key); * The source key does not have the #PSA_KEY_USAGE_COPY usage flag, or * the source key is not exportable and its lifetime does not * allow copying it to the target's lifetime. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -631,14 +631,14 @@ psa_status_t psa_destroy_key(mbedtls_svc_key_id_t key); * the key data is not correctly formatted, or * the size in \p attributes is nonzero and does not match the size * of the key data. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -718,22 +718,22 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, * \param[out] data_length On success, the number of bytes * that make up the key data. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription * \retval #PSA_ERROR_NOT_PERMITTED * The key does not have the #PSA_KEY_USAGE_EXPORT flag. - * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p data buffer is too small. You can determine a * sufficient buffer size by calling * #PSA_EXPORT_KEY_OUTPUT_SIZE(\c type, \c bits) * where \c type is the key type * and \c bits is the key size in bits. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -793,22 +793,22 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key, * \param[out] data_length On success, the number of bytes * that make up the key data. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * The key is neither a public key nor a key pair. - * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p data buffer is too small. You can determine a * sufficient buffer size by calling * #PSA_EXPORT_KEY_OUTPUT_SIZE(#PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(\c type), \c bits) * where \c type is the key type * and \c bits is the key size in bits. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -846,13 +846,13 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key, * Success. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a hash algorithm. - * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * \p hash_size is too small - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -884,10 +884,10 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg, * \p alg is not supported or is not a hash algorithm. * \retval #PSA_ERROR_INVALID_ARGUMENT * \p input_length or \p hash_length do not match the hash size for \p alg - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -977,10 +977,10 @@ static psa_hash_operation_t psa_hash_operation_init(void); * \p alg is not a supported hash algorithm. * \retval #PSA_ERROR_INVALID_ARGUMENT * \p alg is not a hash algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive), or * the library has not been previously initialized by psa_crypto_init(). @@ -1003,10 +1003,10 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active), or * the library has not been previously initialized by psa_crypto_init(). @@ -1049,10 +1049,10 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, * The size of the \p hash buffer is too small. You can determine a * sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg) * where \c alg is the hash algorithm that is calculated. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active), or * the library has not been previously initialized by psa_crypto_init(). @@ -1090,10 +1090,10 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation, * \retval #PSA_ERROR_INVALID_SIGNATURE * The hash of the message was calculated successfully, but it * differs from the expected hash. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active), or * the library has not been previously initialized by psa_crypto_init(). @@ -1120,10 +1120,10 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation, * * \param[in,out] operation Initialized hash operation. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -1146,11 +1146,11 @@ psa_status_t psa_hash_abort(psa_hash_operation_t *operation); * \param[in,out] target_operation The operation object to set up. * It must be initialized but not active. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_BAD_STATE * The \p source_operation state is not valid (it must be active), or * the \p target_operation state is not valid (it must be inactive), or @@ -1190,18 +1190,18 @@ psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a MAC algorithm. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * \p mac_size is too small - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_STORAGE_FAILURE * The key could not be retrieved from storage. * \retval #PSA_ERROR_BAD_STATE @@ -1233,16 +1233,16 @@ psa_status_t psa_mac_compute(mbedtls_svc_key_id_t key, * \retval #PSA_ERROR_INVALID_SIGNATURE * The MAC of the message was calculated successfully, but it * differs from the expected value. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a MAC algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_STORAGE_FAILURE * The key could not be retrieved from storage. * \retval #PSA_ERROR_BAD_STATE @@ -1338,16 +1338,16 @@ static psa_mac_operation_t psa_mac_operation_init(void); * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a MAC algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_STORAGE_FAILURE * The key could not be retrieved from storage. * \retval #PSA_ERROR_BAD_STATE @@ -1400,16 +1400,16 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \c key is not compatible with \c alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \c alg is not supported or is not a MAC algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_STORAGE_FAILURE * The key could not be retrieved from storage. * \retval #PSA_ERROR_BAD_STATE @@ -1437,11 +1437,11 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active), or * the library has not been previously initialized by psa_crypto_init(). @@ -1485,11 +1485,11 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation, * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p mac buffer is too small. You can determine a * sufficient buffer size by calling PSA_MAC_LENGTH(). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be an active mac sign * operation), or the library has not been previously initialized @@ -1528,11 +1528,11 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, * \retval #PSA_ERROR_INVALID_SIGNATURE * The MAC of the message was calculated successfully, but it * differs from the expected MAC. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be an active mac verify * operation), or the library has not been previously initialized @@ -1560,10 +1560,10 @@ psa_status_t psa_mac_verify_finish(psa_mac_operation_t *operation, * * \param[in,out] operation Initialized MAC operation. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -1599,18 +1599,18 @@ psa_status_t psa_mac_abort(psa_mac_operation_t *operation); * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a cipher algorithm. - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -1646,18 +1646,18 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a cipher algorithm. - * \retval #PSA_ERROR_BUFFER_TOO_SMALL - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -1753,17 +1753,17 @@ static psa_cipher_operation_t psa_cipher_operation_init(void); * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a cipher algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive), or * the library has not been previously initialized by psa_crypto_init(). @@ -1816,17 +1816,17 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not a cipher algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive), or * the library has not been previously initialized by psa_crypto_init(). @@ -1859,11 +1859,11 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation, * Success. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p iv buffer is too small. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, with no IV set), * or the library has not been previously initialized @@ -1900,11 +1900,11 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, * \retval #PSA_ERROR_INVALID_ARGUMENT * The size of \p iv is not acceptable for the chosen algorithm, * or the chosen algorithm does not use an IV. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be an active cipher * encrypt operation, with no IV set), or the library has not been @@ -1941,11 +1941,11 @@ psa_status_t psa_cipher_set_iv(psa_cipher_operation_t *operation, * Success. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, with an IV set * if required for the algorithm), or the library has not been @@ -1993,11 +1993,11 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, * padding, and the ciphertext does not contain valid padding. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, with an IV set * if required for the algorithm), or the library has not been @@ -2026,10 +2026,10 @@ psa_status_t psa_cipher_finish(psa_cipher_operation_t *operation, * * \param[in,out] operation Initialized cipher operation. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2082,23 +2082,23 @@ psa_status_t psa_cipher_abort(psa_cipher_operation_t *operation); * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * \p ciphertext_size is too small. * #PSA_AEAD_ENCRYPT_OUTPUT_SIZE(\c key_type, \p alg, * \p plaintext_length) or * #PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(\p plaintext_length) can be used to * determine the required buffer size. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2153,25 +2153,25 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription * \retval #PSA_ERROR_INVALID_SIGNATURE * The ciphertext is not authentic. - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * \p plaintext_size is too small. * #PSA_AEAD_DECRYPT_OUTPUT_SIZE(\c key_type, \p alg, * \p ciphertext_length) or * #PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(\p ciphertext_length) can be used * to determine the required buffer size. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2280,16 +2280,16 @@ static psa_aead_operation_t psa_aead_operation_init(void); * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive), or * the library has not been previously initialized by psa_crypto_init(). - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_STORAGE_FAILURE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2344,17 +2344,17 @@ psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p key is not compatible with \p alg. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported or is not an AEAD algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive), or the * library has not been previously initialized by psa_crypto_init(). @@ -2388,11 +2388,11 @@ psa_status_t psa_aead_decrypt_setup(psa_aead_operation_t *operation, * Success. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p nonce buffer is too small. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be an active aead encrypt * operation, with no nonce set), or the library has not been @@ -2428,11 +2428,11 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, * Success. * \retval #PSA_ERROR_INVALID_ARGUMENT * The size of \p nonce is not acceptable for the chosen algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, with no nonce * set), or the library has not been previously initialized @@ -2473,10 +2473,10 @@ psa_status_t psa_aead_set_nonce(psa_aead_operation_t *operation, * \retval #PSA_ERROR_INVALID_ARGUMENT * At least one of the lengths is not acceptable for the chosen * algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, and * psa_aead_update_ad() and psa_aead_update() must not have been @@ -2520,11 +2520,11 @@ psa_status_t psa_aead_set_lengths(psa_aead_operation_t *operation, * \retval #PSA_ERROR_INVALID_ARGUMENT * The total input length overflows the additional data length that * was previously specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, have a nonce * set, have lengths set if required by the algorithm, and @@ -2605,11 +2605,11 @@ psa_status_t psa_aead_update_ad(psa_aead_operation_t *operation, * specified with psa_aead_set_lengths(), or * the total input length overflows the plaintext length that * was previously specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, have a nonce * set, and have lengths set if required by the algorithm), or the @@ -2691,11 +2691,11 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation, * the total length of input to psa_aead_update() so far is * less than the plaintext length that was previously * specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be an active encryption * operation with a nonce set), or the library has not been previously @@ -2774,11 +2774,11 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation, * the total length of input to psa_aead_update() so far is * less than the plaintext length that was previously * specified with psa_aead_set_lengths(). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be an active decryption * operation with a nonce set), or the library has not been previously @@ -2809,10 +2809,10 @@ psa_status_t psa_aead_verify(psa_aead_operation_t *operation, * * \param[in,out] operation Initialized AEAD operation. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2858,8 +2858,8 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * \param[out] signature_length On success, the number of bytes that make up * the returned signature value. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription * \retval #PSA_ERROR_NOT_PERMITTED * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag, * or it does not permit the requested algorithm. @@ -2869,16 +2869,16 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation); * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size * respectively of \p key. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2914,23 +2914,23 @@ psa_status_t psa_sign_message(mbedtls_svc_key_id_t key, * \param[out] signature Buffer containing the signature to verify. * \param[in] signature_length Size of the \p signature buffer in bytes. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription * \retval #PSA_ERROR_NOT_PERMITTED * The key does not have the #PSA_KEY_USAGE_SIGN_MESSAGE flag, * or it does not permit the requested algorithm. * \retval #PSA_ERROR_INVALID_SIGNATURE * The calculation was performed successfully, but the passed signature * is not a valid signature. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -2967,23 +2967,23 @@ psa_status_t psa_verify_message(mbedtls_svc_key_id_t key, * \param[out] signature_length On success, the number of bytes * that make up the returned signature value. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p signature buffer is too small. You can * determine a sufficient buffer size by calling * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size * respectively of \p key. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -3023,18 +3023,18 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key, * * \retval #PSA_SUCCESS * The signature is valid. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_SIGNATURE * The calculation was performed successfully, but the passed * signature is not a valid signature. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -3076,23 +3076,23 @@ psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key, * \param[out] output_length On success, the number of bytes * that make up the returned output. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. You can * determine a sufficient buffer size by calling * #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size * respectively of \p key. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -3136,24 +3136,24 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, * \param[out] output_length On success, the number of bytes * that make up the returned output. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. You can * determine a sufficient buffer size by calling * #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size * respectively of \p key. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY - * \retval #PSA_ERROR_INVALID_PADDING + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_INVALID_PADDING \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -3263,11 +3263,11 @@ static psa_key_derivation_operation_t psa_key_derivation_operation_init(void); * \c alg is not a key derivation algorithm. * \retval #PSA_ERROR_NOT_SUPPORTED * \c alg is not supported or is not a key derivation algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive), or * the library has not been previously initialized by psa_crypto_init(). @@ -3287,10 +3287,10 @@ psa_status_t psa_key_derivation_setup( * \param[in] operation The operation to query. * \param[out] capacity On success, the capacity of the operation. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active), or * the library has not been previously initialized by psa_crypto_init(). @@ -3311,14 +3311,14 @@ psa_status_t psa_key_derivation_get_capacity( * It must be less or equal to the operation's * current capacity. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p capacity is larger than the operation's current capacity. * In this case, the operation object remains valid and its capacity * remains unchanged. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active), or the * library has not been previously initialized by psa_crypto_init(). @@ -3367,11 +3367,11 @@ psa_status_t psa_key_derivation_set_capacity( * \retval #PSA_ERROR_INVALID_ARGUMENT * \c step is not compatible with the operation's algorithm, or * \c step does not allow direct inputs. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid for this input \p step, or * the library has not been previously initialized by psa_crypto_init(). @@ -3410,11 +3410,11 @@ psa_status_t psa_key_derivation_input_bytes( * \retval #PSA_ERROR_INVALID_ARGUMENT * \c step is not compatible with the operation's algorithm, or * \c step does not allow numeric inputs. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid for this input \p step, or * the library has not been previously initialized by psa_crypto_init(). @@ -3468,7 +3468,7 @@ psa_status_t psa_key_derivation_input_integer( * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription * \retval #PSA_ERROR_NOT_PERMITTED * The key allows neither #PSA_KEY_USAGE_DERIVE nor * #PSA_KEY_USAGE_VERIFY_DERIVATION, or it doesn't allow this @@ -3477,11 +3477,11 @@ psa_status_t psa_key_derivation_input_integer( * \c step is not compatible with the operation's algorithm, or * \c step does not allow key inputs of the given type * or does not allow key inputs at all. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid for this input \p step, or * the library has not been previously initialized by psa_crypto_init(). @@ -3536,8 +3536,8 @@ psa_status_t psa_key_derivation_input_key( * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \c private_key is not compatible with \c alg, * or \p peer_key is not valid for \c alg or not compatible with @@ -3545,11 +3545,11 @@ psa_status_t psa_key_derivation_input_key( * from a key agreement. * \retval #PSA_ERROR_NOT_SUPPORTED * \c alg is not supported or is not a key derivation algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid for this key agreement \p step, * or the library has not been previously initialized by psa_crypto_init(). @@ -3580,7 +3580,7 @@ psa_status_t psa_key_derivation_key_agreement( * \param[out] output Buffer where the output will be written. * \param output_length Number of bytes to output. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_NOT_PERMITTED * One of the inputs was a key whose policy didn't allow * #PSA_KEY_USAGE_DERIVE. @@ -3591,11 +3591,11 @@ psa_status_t psa_key_derivation_key_agreement( * The operation's capacity is set to 0, thus * subsequent calls to this function will not * succeed, even with a smaller output buffer. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active and completed * all required input steps), or the library has not been previously @@ -3738,14 +3738,14 @@ psa_status_t psa_key_derivation_output_bytes( * #PSA_KEY_DERIVATION_INPUT_PASSWORD input was not provided through a * key; or one of the inputs was a key whose policy didn't allow * #PSA_KEY_USAGE_DERIVE. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active and completed * all required input steps), or the library has not been previously @@ -3786,7 +3786,7 @@ psa_status_t psa_key_derivation_output_key( * \param output_length Length of the expected output; this is also the * number of bytes that will be read. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_INVALID_SIGNATURE * The output was read successfully, but it differs from the expected * output. @@ -3799,11 +3799,11 @@ psa_status_t psa_key_derivation_output_key( * the operation's capacity is set to 0, thus * subsequent calls to this function will not * succeed, even with a smaller expected output. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active and completed * all required input steps), or the library has not been previously @@ -3845,7 +3845,7 @@ psa_status_t psa_key_derivation_verify_bytes( * computed by a previous call to * psa_key_derivation_output_key(). * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_INVALID_SIGNATURE * The output was read successfully, but if differs from the expected * output. @@ -3863,11 +3863,11 @@ psa_status_t psa_key_derivation_verify_bytes( * the operation's capacity is set to 0, thus * subsequent calls to this function will not * succeed, even with a smaller expected output. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active and completed * all required input steps), or the library has not been previously @@ -3893,10 +3893,10 @@ psa_status_t psa_key_derivation_verify_key( * * \param[in,out] operation The operation to abort. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -3934,8 +3934,8 @@ psa_status_t psa_key_derivation_abort( * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p alg is not a key agreement algorithm, or * \p private_key is not compatible with \p alg, @@ -3945,11 +3945,11 @@ psa_status_t psa_key_derivation_abort( * \p output_size is too small * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not a supported key agreement algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -3981,13 +3981,13 @@ psa_status_t psa_raw_key_agreement(psa_algorithm_t alg, * \param[out] output Output buffer for the generated data. * \param output_size Number of bytes to generate and output. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -4024,17 +4024,17 @@ psa_status_t psa_generate_random(uint8_t *output, * \retval #PSA_ERROR_ALREADY_EXISTS * This is an attempt to create a persistent key, and there is * already a persistent key with the given identifier. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 97e65848c..3544f9632 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -105,11 +105,11 @@ static inline int psa_key_handle_is_null(psa_key_handle_t handle) * permission to access it. Note that this specification does not * define any way to create such a key, but it may be possible * through implementation-specific means. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -149,8 +149,8 @@ psa_status_t psa_open_key(mbedtls_svc_key_id_t key, * \p handle was a valid handle or \c 0. It is now closed. * \retval #PSA_ERROR_INVALID_HANDLE * \p handle is not a valid handle nor \c 0. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index bd1b5af56..582d94249 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -189,12 +189,12 @@ static inline void psa_clear_key_slot_number( * or the specified slot number is not valid. * \retval #PSA_ERROR_NOT_PERMITTED * The caller is not authorized to register the specified key slot. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -491,10 +491,10 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, * according to \p type as described above. * \param data_length Size of the \p data buffer in bytes. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, psa_key_type_t type, @@ -521,8 +521,8 @@ psa_status_t psa_set_key_domain_parameters(psa_key_attributes_t *attributes, * \param[out] data_length On success, the number of bytes * that make up the key domain parameters data. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_BUFFER_TOO_SMALL \emptydescription */ psa_status_t psa_get_key_domain_parameters( const psa_key_attributes_t *attributes, @@ -1352,8 +1352,8 @@ static psa_pake_operation_t psa_pake_operation_init(void); * compatible with the PAKE algorithm, or the hash algorithm in * \p cipher_suite is not supported or not compatible with the PAKE * algorithm and primitive. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid, or * the library has not been previously initialized by psa_crypto_init(). @@ -1397,11 +1397,11 @@ psa_status_t psa_pake_setup(psa_pake_operation_t *operation, * \retval #PSA_ERROR_NOT_SUPPORTED * The key type or key size of \p password is not supported with the * \p operation's cipher suite. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must have been set up.), or * the library has not been previously initialized by psa_crypto_init(). @@ -1439,9 +1439,9 @@ psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, * suite. * \retval #PSA_ERROR_NOT_SUPPORTED * The value of \p user_id is not supported by the implementation. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid, or * the library has not been previously initialized by psa_crypto_init(). @@ -1480,9 +1480,9 @@ psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, * suite. * \retval #PSA_ERROR_NOT_SUPPORTED * The algorithm doesn't associate a second identity with the session. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * Calling psa_pake_set_peer() is invalid with the \p operation's * algorithm, the operation state is not valid, or the library has not @@ -1524,8 +1524,8 @@ psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, * The \p role is not a valid PAKE role in the \p operation’s algorithm. * \retval #PSA_ERROR_NOT_SUPPORTED * The \p role for this algorithm is not supported or is not valid. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid, or * the library has not been previously initialized by psa_crypto_init(). @@ -1575,13 +1575,13 @@ psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, * \p step is not compatible with the operation's algorithm. * \retval #PSA_ERROR_NOT_SUPPORTED * \p step is not supported with the operation's algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, and fully set * up, and this call must conform to the algorithm's requirements @@ -1631,12 +1631,12 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, * \p step p is not supported with the \p operation's algorithm, or the * \p input is not supported for the \p operation's algorithm, cipher * suite or \p step. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, and fully set * up, and this call must conform to the algorithm's requirements @@ -1691,12 +1691,12 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, * \retval #PSA_ERROR_NOT_SUPPORTED * Input from a PAKE is not supported by the algorithm in the \p output * key derivation operation. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription * \retval #PSA_ERROR_BAD_STATE * The PAKE operation state is not valid (it must be active, but beyond * that validity is specific to the algorithm), or @@ -1728,8 +1728,8 @@ psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h index a0527897c..9ae631ffe 100644 --- a/include/psa/crypto_se_driver.h +++ b/include/psa/crypto_se_driver.h @@ -385,8 +385,8 @@ typedef struct { * \param[in] direction Indicates whether the operation is an encrypt * or decrypt * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription */ typedef psa_status_t (*psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_context, void *op_context, @@ -407,7 +407,7 @@ typedef psa_status_t (*psa_drv_se_cipher_setup_t)(psa_drv_se_context_t *drv_cont * \param[in] p_iv A buffer containing the initialization vector * \param[in] iv_length The size (in bytes) of the `p_iv` buffer * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription */ typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *op_context, const uint8_t *p_iv, @@ -429,7 +429,7 @@ typedef psa_status_t (*psa_drv_se_cipher_set_iv_t)(void *op_context, * \param[out] p_output_length After completion, will contain the number * of bytes placed in the `p_output` buffer * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription */ typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *op_context, const uint8_t *p_input, @@ -450,7 +450,7 @@ typedef psa_status_t (*psa_drv_se_cipher_update_t)(void *op_context, * \param[out] p_output_length After completion, will contain the number of * bytes placed in the `p_output` buffer * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription */ typedef psa_status_t (*psa_drv_se_cipher_finish_t)(void *op_context, uint8_t *p_output, @@ -485,8 +485,8 @@ typedef psa_status_t (*psa_drv_se_cipher_abort_t)(void *op_context); * \param[in] output_size The allocated size in bytes of the `p_output` * buffer * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription */ typedef psa_status_t (*psa_drv_se_cipher_ecb_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, @@ -554,7 +554,7 @@ typedef struct { * \param[out] p_signature_length On success, the number of bytes * that make up the returned signature value * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription */ typedef psa_status_t (*psa_drv_se_asymmetric_sign_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, @@ -618,7 +618,7 @@ typedef psa_status_t (*psa_drv_se_asymmetric_verify_t)(psa_drv_se_context_t *drv * \param[out] p_output_length On success, the number of bytes that make up * the returned output * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription */ typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, @@ -658,7 +658,7 @@ typedef psa_status_t (*psa_drv_se_asymmetric_encrypt_t)(psa_drv_se_context_t *dr * \param[out] p_output_length On success, the number of bytes * that make up the returned output * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription */ typedef psa_status_t (*psa_drv_se_asymmetric_decrypt_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key_slot, @@ -904,8 +904,8 @@ typedef enum { * Success. * The core will record \c *key_slot as the key slot where the key * is stored and will update the persistent data in storage. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription */ typedef psa_status_t (*psa_drv_se_allocate_key_t)( psa_drv_se_context_t *drv_context, @@ -1043,13 +1043,13 @@ typedef psa_status_t (*psa_drv_se_destroy_key_t)( * \param[out] p_data_length On success, the number of bytes * that make up the key data. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_DOES_NOT_EXIST - * \retval #PSA_ERROR_NOT_PERMITTED - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ typedef psa_status_t (*psa_drv_se_export_key_t)(psa_drv_se_context_t *drv_context, psa_key_slot_number_t key, @@ -1196,7 +1196,7 @@ typedef struct { * \param[in] source_key The key to be used as the source material for * the key derivation * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription */ typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t *drv_context, void *op_context, @@ -1216,7 +1216,7 @@ typedef psa_status_t (*psa_drv_se_key_derivation_setup_t)(psa_drv_se_context_t * * \param[in] p_collateral A buffer containing the collateral data * \param[in] collateral_size The size in bytes of the collateral * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription */ typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *op_context, uint32_t collateral_id, @@ -1231,7 +1231,7 @@ typedef psa_status_t (*psa_drv_se_key_derivation_collateral_t)(void *op_context, * \param[in] dest_key The slot where the generated key material * should be placed * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription */ typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *op_context, psa_key_slot_number_t dest_key); @@ -1245,7 +1245,7 @@ typedef psa_status_t (*psa_drv_se_key_derivation_derive_t)(void *op_context, * \param[out] p_output_length Upon success, contains the number of bytes of * key material placed in `p_output` * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription */ typedef psa_status_t (*psa_drv_se_key_derivation_export_t)(void *op_context, uint8_t *p_output, diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a683fdb8f..1a2ef5920 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1673,12 +1673,12 @@ static psa_status_t psa_start_key_creation( * * \retval #PSA_SUCCESS * The key was successfully created. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_ALREADY_EXISTS - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_ALREADY_EXISTS \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription * * \return If this function fails, the key slot is an invalid state. * You must call psa_fail_key_creation() to wipe and free the slot. diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index 2ae8fe82d..4b24b0f68 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -71,10 +71,10 @@ * \retval #PSA_SUCCESS Success. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * ciphertext_size is too small. - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_aead_encrypt( const psa_key_attributes_t *attributes, @@ -134,10 +134,10 @@ psa_status_t mbedtls_psa_aead_encrypt( * The cipher is not authentic. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * plaintext_size is too small. - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_aead_decrypt( const psa_key_attributes_t *attributes, diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h index 6cc6bf614..bf43ff08a 100644 --- a/library/psa_crypto_cipher.h +++ b/library/psa_crypto_cipher.h @@ -59,10 +59,10 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa( * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_cipher_encrypt_setup( mbedtls_psa_cipher_operation_t *operation, @@ -89,10 +89,10 @@ psa_status_t mbedtls_psa_cipher_encrypt_setup( * (\c PSA_ALG_XXX value such that * #PSA_ALG_IS_CIPHER(\p alg) is true). * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_cipher_decrypt_setup( mbedtls_psa_cipher_operation_t *operation, @@ -116,11 +116,11 @@ psa_status_t mbedtls_psa_cipher_decrypt_setup( * the core to be less or equal to * PSA_CIPHER_IV_MAX_SIZE. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * The size of \p iv is not acceptable for the chosen algorithm, * or the chosen algorithm does not use an IV. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t mbedtls_psa_cipher_set_iv( mbedtls_psa_cipher_operation_t *operation, @@ -142,10 +142,10 @@ psa_status_t mbedtls_psa_cipher_set_iv( * \param[out] output_length On success, the number of bytes * that make up the returned output. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t mbedtls_psa_cipher_update( mbedtls_psa_cipher_operation_t *operation, @@ -165,7 +165,7 @@ psa_status_t mbedtls_psa_cipher_update( * \param[out] output_length On success, the number of bytes * that make up the returned output. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * The total input size passed to this operation is not valid for * this particular algorithm. For example, the algorithm is a based @@ -176,7 +176,7 @@ psa_status_t mbedtls_psa_cipher_update( * padding, and the ciphertext does not contain valid padding. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t mbedtls_psa_cipher_finish( mbedtls_psa_cipher_operation_t *operation, @@ -195,7 +195,7 @@ psa_status_t mbedtls_psa_cipher_finish( * * \param[in,out] operation Initialized cipher operation. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription */ psa_status_t mbedtls_psa_cipher_abort(mbedtls_psa_cipher_operation_t *operation); @@ -224,10 +224,10 @@ psa_status_t mbedtls_psa_cipher_abort(mbedtls_psa_cipher_operation_t *operation) * the returned output. Initialized to zero * by the core. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -275,10 +275,10 @@ psa_status_t mbedtls_psa_cipher_encrypt(const psa_key_attributes_t *attributes, * the returned output. Initialized to zero * by the core. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. * \retval #PSA_ERROR_INVALID_ARGUMENT diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 38e4bc5cc..ed278445a 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -209,7 +209,7 @@ psa_status_t psa_get_and_lock_key_slot_with_policy(mbedtls_svc_key_id_t key, * \retval #PSA_SUCCESS * Success. This includes the case of a key slot that was * already fully wiped. - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t psa_wipe_key_slot(psa_key_slot_t *slot); @@ -285,9 +285,9 @@ psa_status_t mbedtls_to_psa_error(int ret); * \retval #PSA_SUCCESS The key was imported successfully. * \retval #PSA_ERROR_INVALID_ARGUMENT * The key data is not correctly formatted. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t psa_import_key_into_slot( const psa_key_attributes_t *attributes, @@ -310,12 +310,12 @@ psa_status_t psa_import_key_into_slot( * \p data * * \retval #PSA_SUCCESS The key was exported successfully. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t psa_export_key_internal( const psa_key_attributes_t *attributes, @@ -338,12 +338,12 @@ psa_status_t psa_export_key_internal( * \p data * * \retval #PSA_SUCCESS The public key was exported successfully. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t psa_export_public_key_internal( const psa_key_attributes_t *attributes, @@ -364,7 +364,7 @@ psa_status_t psa_export_public_key_internal( * * \retval #PSA_SUCCESS * The key was generated successfully. - * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription * \retval #PSA_ERROR_NOT_SUPPORTED * Key size in bits or type not supported. * \retval #PSA_ERROR_BUFFER_TOO_SMALL @@ -399,18 +399,18 @@ psa_status_t psa_generate_key_internal(const psa_key_attributes_t *attributes, * \param[out] signature_length On success, the number of bytes * that make up the returned signature value. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p signature buffer is too small. You can * determine a sufficient buffer size by calling * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size * respectively of the key. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription */ psa_status_t psa_sign_message_builtin( const psa_key_attributes_t *attributes, @@ -445,9 +445,9 @@ psa_status_t psa_sign_message_builtin( * \retval #PSA_ERROR_INVALID_SIGNATURE * The calculation was performed successfully, but the passed * signature is not a valid signature. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t psa_verify_message_builtin( const psa_key_attributes_t *attributes, @@ -475,18 +475,18 @@ psa_status_t psa_verify_message_builtin( * \param[out] signature_length On success, the number of bytes * that make up the returned signature value. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p signature buffer is too small. You can * determine a sufficient buffer size by calling * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size * respectively of the key. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription */ psa_status_t psa_sign_hash_builtin( const psa_key_attributes_t *attributes, @@ -519,9 +519,9 @@ psa_status_t psa_sign_hash_builtin( * \retval #PSA_ERROR_INVALID_SIGNATURE * The calculation was performed successfully, but the passed * signature is not a valid signature. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t psa_verify_hash_builtin( const psa_key_attributes_t *attributes, @@ -577,8 +577,8 @@ psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type, * up the returned shared secret. * \retval #PSA_SUCCESS * Success. Shared secret successfully calculated. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p alg is not a key agreement algorithm, or * \p private_key is not compatible with \p alg, @@ -588,12 +588,12 @@ psa_status_t psa_validate_unstructured_key_bit_size(psa_key_type_t type, * \p shared_secret_size is too small * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not a supported key agreement algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_BAD_STATE + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_BAD_STATE \emptydescription */ psa_status_t psa_key_agreement_raw_builtin( const psa_key_attributes_t *attributes, diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index 71f9d6acc..e0656e79c 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -70,9 +70,9 @@ psa_status_t mbedtls_psa_ecp_load_representation(psa_key_type_t type, * \retval #PSA_SUCCESS The ECP key was imported successfully. * \retval #PSA_ERROR_INVALID_ARGUMENT * The key data is not correctly formatted. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_ecp_import_key( const psa_key_attributes_t *attributes, @@ -111,12 +111,12 @@ psa_status_t mbedtls_psa_ecp_export_key(psa_key_type_t type, * \p data * * \retval #PSA_SUCCESS The ECP public key was exported successfully. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t mbedtls_psa_ecp_export_public_key( const psa_key_attributes_t *attributes, @@ -166,17 +166,17 @@ psa_status_t mbedtls_psa_ecp_generate_key( * \param[out] signature_length On success, the number of bytes * that make up the returned signature value. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p signature buffer is too small. You can * determine a sufficient buffer size by calling * #PSA_SIGN_OUTPUT_SIZE(\c PSA_KEY_TYPE_ECC_KEY_PAIR, \c key_bits, * \p alg) where \c key_bits is the bit-size of the ECC key. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription */ psa_status_t mbedtls_psa_ecdsa_sign_hash( const psa_key_attributes_t *attributes, @@ -209,9 +209,9 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash( * \retval #PSA_ERROR_INVALID_SIGNATURE * The calculation was performed successfully, but the passed * signature is not a valid signature. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t mbedtls_psa_ecdsa_verify_hash( const psa_key_attributes_t *attributes, @@ -247,8 +247,8 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash( * up the returned shared secret. * \retval #PSA_SUCCESS * Success. Shared secret successfully calculated. - * \retval #PSA_ERROR_INVALID_HANDLE - * \retval #PSA_ERROR_NOT_PERMITTED + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription + * \retval #PSA_ERROR_NOT_PERMITTED \emptydescription * \retval #PSA_ERROR_INVALID_ARGUMENT * \p alg is not a key agreement algorithm, or * \p private_key is not compatible with \p alg, @@ -258,8 +258,8 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash( * \p shared_secret_size is too small * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not a supported key agreement algorithm. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_key_agreement_ecdh( const psa_key_attributes_t *attributes, diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h index 63874e87d..d6bbd3fee 100644 --- a/library/psa_crypto_hash.h +++ b/library/psa_crypto_hash.h @@ -48,8 +48,8 @@ * \p alg is not supported * \retval #PSA_ERROR_BUFFER_TOO_SMALL * \p hash_size is too small - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_hash_compute( psa_algorithm_t alg, @@ -88,8 +88,8 @@ psa_status_t mbedtls_psa_hash_compute( * \p alg is not supported * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_hash_setup( mbedtls_psa_hash_operation_t *operation, @@ -115,13 +115,13 @@ psa_status_t mbedtls_psa_hash_setup( * \param[in,out] target_operation The operation object to set up. * It must be initialized but not active. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_BAD_STATE * The \p source_operation state is not valid (it must be active). * \retval #PSA_ERROR_BAD_STATE * The \p target_operation state is not valid (it must be inactive). - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t mbedtls_psa_hash_clone( const mbedtls_psa_hash_operation_t *source_operation, @@ -147,8 +147,8 @@ psa_status_t mbedtls_psa_hash_clone( * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_hash_update( mbedtls_psa_hash_operation_t *operation, @@ -186,8 +186,8 @@ psa_status_t mbedtls_psa_hash_update( * The size of the \p hash buffer is too small. You can determine a * sufficient buffer size by calling #PSA_HASH_LENGTH(\c alg) * where \c alg is the hash algorithm that is calculated. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_hash_finish( mbedtls_psa_hash_operation_t *operation, @@ -216,8 +216,8 @@ psa_status_t mbedtls_psa_hash_finish( * * \param[in,out] operation Initialized hash operation. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_hash_abort( mbedtls_psa_hash_operation_t *operation); diff --git a/library/psa_crypto_mac.h b/library/psa_crypto_mac.h index 21c4de636..4f8024a9e 100644 --- a/library/psa_crypto_mac.h +++ b/library/psa_crypto_mac.h @@ -52,8 +52,8 @@ * \p alg is not supported. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * \p mac_size is too small - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_mac_compute( const psa_key_attributes_t *attributes, @@ -89,8 +89,8 @@ psa_status_t mbedtls_psa_mac_compute( * Success. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive). */ @@ -124,8 +124,8 @@ psa_status_t mbedtls_psa_mac_sign_setup( * Success. * \retval #PSA_ERROR_NOT_SUPPORTED * \p alg is not supported. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be inactive). */ @@ -158,8 +158,8 @@ psa_status_t mbedtls_psa_mac_verify_setup( * Success. * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_mac_update( mbedtls_psa_mac_operation_t *operation, @@ -200,8 +200,8 @@ psa_status_t mbedtls_psa_mac_update( * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p mac buffer is too small. A sufficient buffer size * can be determined by calling PSA_MAC_LENGTH(). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_mac_sign_finish( mbedtls_psa_mac_operation_t *operation, @@ -241,8 +241,8 @@ psa_status_t mbedtls_psa_mac_sign_finish( * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be an active mac verify * operation). - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_mac_verify_finish( mbedtls_psa_mac_operation_t *operation, @@ -267,8 +267,8 @@ psa_status_t mbedtls_psa_mac_verify_finish( * * \param[in,out] operation Initialized MAC operation. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_mac_abort( mbedtls_psa_mac_operation_t *operation); diff --git a/library/psa_crypto_rsa.h b/library/psa_crypto_rsa.h index c3acdd0eb..bc24ef5d5 100644 --- a/library/psa_crypto_rsa.h +++ b/library/psa_crypto_rsa.h @@ -61,9 +61,9 @@ psa_status_t mbedtls_psa_rsa_load_representation(psa_key_type_t type, * \retval #PSA_SUCCESS The RSA key was imported successfully. * \retval #PSA_ERROR_INVALID_ARGUMENT * The key data is not correctly formatted. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription */ psa_status_t mbedtls_psa_rsa_import_key( const psa_key_attributes_t *attributes, @@ -102,12 +102,12 @@ psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type, * \p data. * * \retval #PSA_SUCCESS The RSA public key was exported successfully. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t mbedtls_psa_rsa_export_public_key( const psa_key_attributes_t *attributes, @@ -158,17 +158,17 @@ psa_status_t mbedtls_psa_rsa_generate_key( * \param[out] signature_length On success, the number of bytes * that make up the returned signature value. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p signature buffer is too small. You can * determine a sufficient buffer size by calling * #PSA_SIGN_OUTPUT_SIZE(\c PSA_KEY_TYPE_RSA_KEY_PAIR, \c key_bits, * \p alg) where \c key_bits is the bit-size of the RSA key. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription */ psa_status_t mbedtls_psa_rsa_sign_hash( const psa_key_attributes_t *attributes, @@ -202,9 +202,9 @@ psa_status_t mbedtls_psa_rsa_sign_hash( * \retval #PSA_ERROR_INVALID_SIGNATURE * The calculation was performed successfully, but the passed * signature is not a valid signature. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t mbedtls_psa_rsa_verify_hash( const psa_key_attributes_t *attributes, @@ -237,20 +237,20 @@ psa_status_t mbedtls_psa_rsa_verify_hash( * \param[out] output_length On success, the number of bytes * that make up the returned output. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. You can * determine a sufficient buffer size by calling * #PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size * respectively of \p key. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -294,21 +294,21 @@ psa_status_t mbedtls_psa_asymmetric_encrypt(const psa_key_attributes_t *attribut * \param[out] output_length On success, the number of bytes * that make up the returned output. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. You can * determine a sufficient buffer size by calling * #PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) * where \c key_type and \c key_bits are the type and bit-size * respectively of \p key. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY - * \retval #PSA_ERROR_INVALID_PADDING + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription + * \retval #PSA_ERROR_INVALID_PADDING \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index ff8ccdeae..c8366abeb 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -88,9 +88,9 @@ static inline int psa_key_id_is_volatile(psa_key_id_t key_id) * due to a lack of empty key slot, or available memory. * \retval #PSA_ERROR_DOES_NOT_EXIST * There is no key with key identifier \p key. - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription */ psa_status_t psa_get_and_lock_key_slot(mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot); @@ -118,9 +118,9 @@ void psa_wipe_all_key_slots(void); * associated to the returned slot. * \param[out] p_slot On success, a pointer to the slot. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_BAD_STATE + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_BAD_STATE \emptydescription */ psa_status_t psa_get_empty_key_slot(psa_key_id_t *volatile_key_id, psa_key_slot_t **p_slot); @@ -195,8 +195,8 @@ static inline int psa_key_lifetime_is_external(psa_key_lifetime_t lifetime) * storage, returns a pointer to the driver table * associated with the key's storage location. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription */ psa_status_t psa_validate_key_location(psa_key_lifetime_t lifetime, psa_se_drv_table_entry_t **p_drv); @@ -205,7 +205,7 @@ psa_status_t psa_validate_key_location(psa_key_lifetime_t lifetime, * * \param[in] lifetime The key lifetime attribute. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS \emptydescription * \retval #PSA_ERROR_NOT_SUPPORTED The key is persistent but persistent keys * are not supported. */ diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index 822501439..a8ed93753 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -79,11 +79,11 @@ static psa_storage_uid_t psa_its_identifier_of_slot(mbedtls_svc_key_id_t key) * \param[out] data Buffer where the data is to be written. * \param data_size Size of the \c data buffer in bytes. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DOES_NOT_EXIST + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription */ static psa_status_t psa_crypto_storage_load( const mbedtls_svc_key_id_t key, uint8_t *data, size_t data_size) @@ -131,11 +131,11 @@ int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key) * \param data_length The number of bytes * that make up the data. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_ALREADY_EXISTS - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_ALREADY_EXISTS \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription */ static psa_status_t psa_crypto_storage_store(const mbedtls_svc_key_id_t key, const uint8_t *data, @@ -205,10 +205,10 @@ psa_status_t psa_destroy_persistent_key(const mbedtls_svc_key_id_t key) * is to be obtained. * \param[out] data_length The number of bytes that make up the data. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DOES_NOT_EXIST - * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription */ static psa_status_t psa_crypto_storage_get_data_length( const mbedtls_svc_key_id_t key, diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index 8e108c568..04768f8a4 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -96,14 +96,14 @@ int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key); * \param[in] data Buffer containing the key data. * \param data_length The number of bytes that make up the key data. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_ALREADY_EXISTS - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_ALREADY_EXISTS \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription */ psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr, const uint8_t *data, @@ -129,11 +129,11 @@ psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr, * \param[out] data Pointer to an allocated key data buffer on return. * \param[out] data_length The number of bytes that make up the key data. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DOES_NOT_EXIST + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription */ psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr, uint8_t **data, @@ -148,7 +148,7 @@ psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr, * \retval #PSA_SUCCESS * The key was successfully removed, * or the key did not exist. - * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_DATA_INVALID \emptydescription */ psa_status_t psa_destroy_persistent_key(const mbedtls_svc_key_id_t key); @@ -190,9 +190,9 @@ void psa_format_key_data_for_storage(const uint8_t *data, * \param[out] attr On success, the attribute structure is filled * with the loaded key metadata. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription */ psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data, size_t storage_data_length, @@ -322,10 +322,10 @@ static inline void psa_crypto_prepare_transaction( * You may call this function multiple times during a transaction to * atomically update the transaction state. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE - * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription */ psa_status_t psa_crypto_save_transaction(void); @@ -339,9 +339,9 @@ psa_status_t psa_crypto_save_transaction(void); * #psa_crypto_transaction. * \retval #PSA_ERROR_DOES_NOT_EXIST * There is no ongoing transaction. - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription */ psa_status_t psa_crypto_load_transaction(void); @@ -380,8 +380,8 @@ psa_status_t psa_crypto_stop_transaction(void); * * \retval #PSA_SUCCESS * Success - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_INSUFFICIENT_STORAGE + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_STORAGE \emptydescription * \retval #PSA_ERROR_NOT_PERMITTED * The entropy seed file already exists. */ diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index bdf331516..942798075 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -441,9 +441,9 @@ psa_status_t psa_driver_wrapper_verify_hash( * \param[in] data_length The input data length. * \param[out] key_buffer_size Minimum buffer size to contain the key material. * - * \retval #PSA_SUCCESS - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_SUCCESS \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription */ psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data( const psa_key_attributes_t *attributes, From 4386cf188d1299f5652f99c6f0293baa67af996b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 14 Feb 2023 19:26:56 +0100 Subject: [PATCH 046/440] Changelog entry for pacifying clang -Wdocumentation about \retval Fixes #6960 Signed-off-by: Gilles Peskine --- ChangeLog.d/empty-retval-description.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/empty-retval-description.txt diff --git a/ChangeLog.d/empty-retval-description.txt b/ChangeLog.d/empty-retval-description.txt new file mode 100644 index 000000000..491adf55d --- /dev/null +++ b/ChangeLog.d/empty-retval-description.txt @@ -0,0 +1,3 @@ +Bugfix + * Silence warnings from clang -Wdocumentation about empty \retval + descriptions, which started appearing with Clang 15. Fixes #6960. From c36743f4e076974076212094de451ad7b51e0988 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 15 Feb 2023 10:20:40 +0800 Subject: [PATCH 047/440] Only check files known to git Signed-off-by: Pengyu Lv --- scripts/code_style.py | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/scripts/code_style.py b/scripts/code_style.py index eaf1f6b88..e40a20cfc 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -37,8 +37,8 @@ def print_err(*args): def print_skip(files_to_skip): print() print(*files_to_skip, sep=", SKIP\n", end=", SKIP\n") - print("Warn: The listed files will be skipped because\n" - "they are not included in the default list.") + print("Warning: The listed files will be skipped because\n" + "they are not known to git.") print() # Match FILENAME(s) in "check SCRIPT (FILENAME...)" @@ -182,23 +182,27 @@ def main() -> int: parser.add_argument('-f', '--fix', action='store_true', help=('modify source files to fix the code style ' '(default: print diff, do not modify files)')) + # --subset is almost useless: it only matters if there are no files + # ('code_style.py' without arguments checks all files known to Git, + # 'code_style.py --subset' does nothing). In particular, + # 'code_style.py --fix --subset ...' is intended as a stable ("porcelain") + # way to restyle a possibly empty set of files. parser.add_argument('--subset', action='store_true', - help=('check a subset of the files known to git ' - '(default: check all files passed as arguments, ' - 'known to git or not)')) + help='only check the specified files (default with non-option arguments)') parser.add_argument('operands', nargs='*', metavar='FILE', - help='files to check (if none: check files that are known to git)') + help='files to check (files MUST be known to git, if none: check all)') args = parser.parse_args() covered = frozenset(get_src_files()) - src_files = args.operands if args.operands else covered - if args.subset: - # We are to check a subset of the default list + # We only check files that are known to git + if args.subset or args.operands: src_files = [f for f in args.operands if f in covered] skip_src_files = [f for f in args.operands if f not in covered] if skip_src_files: print_skip(skip_src_files) + else: + src_files = covered if args.fix: # Fix mode From 35f2b26fd80c223976eb68c05d305764388fc096 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Feb 2023 11:35:55 +0800 Subject: [PATCH 048/440] move cpu modifier flags check to source file Signed-off-by: Jerry Yu --- include/mbedtls/check_config.h | 39 +--------------------------------- library/sha256.c | 5 +++++ library/sha512.c | 38 +++++++++++++++++++++++++++++++++ 3 files changed, 44 insertions(+), 38 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 1efabdc1f..21daabe48 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -708,41 +708,6 @@ #if defined(MBEDTLS_SHA512_ALT) || defined(MBEDTLS_SHA512_PROCESS_ALT) #error "MBEDTLS_SHA512_*ALT can't be used with MBEDTLS_SHA512_USE_A64_CRYPTO_*" #endif -/* - * Best performance comes from most recent compilers, with intrinsics and -O3. - * Must compile with -march=armv8.2-a+sha3, but we can't detect armv8.2-a, and - * can't always detect __ARM_FEATURE_SHA512 (notably clang 7-12). - * - * GCC < 8 won't work at all (lacks the sha512 instructions) - * GCC >= 8 uses intrinsics, sets __ARM_FEATURE_SHA512 - * - * Clang < 7 won't work at all (lacks the sha512 instructions) - * Clang 7-12 don't have intrinsics (but we work around that with inline - * assembler) or __ARM_FEATURE_SHA512 - * Clang == 13.0.0 same as clang 12 (only seen on macOS) - * Clang >= 13.0.1 has __ARM_FEATURE_SHA512 and intrinsics - */ -#if defined(__aarch64__) && !defined(__ARM_FEATURE_SHA512) - /* Test Clang first, as it defines __GNUC__ */ -# if defined(__clang__) -# if __clang_major__ < 7 -# error "A more recent Clang is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*" -# elif __clang_major__ < 13 || \ - (__clang_major__ == 13 && __clang_minor__ == 0 && __clang_patchlevel__ == 0) - /* We implement the intrinsics with inline assembler, so don't error */ -# else -# error "Must use minimum -march=armv8.2-a+sha3 for MBEDTLS_SHA512_USE_A64_CRYPTO_*" -# endif -# elif defined(__GNUC__) -# if __GNUC__ < 8 -# error "A more recent GCC is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*" -# else -# error "Must use minimum -march=armv8.2-a+sha3 for MBEDTLS_SHA512_USE_A64_CRYPTO_*" -# endif -# else -# error "Only GCC and Clang supported for MBEDTLS_SHA512_USE_A64_CRYPTO_*" -# endif -#endif #endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */ @@ -763,9 +728,7 @@ #if defined(MBEDTLS_SHA256_ALT) || defined(MBEDTLS_SHA256_PROCESS_ALT) #error "MBEDTLS_SHA256_*ALT can't be used with MBEDTLS_SHA256_USE_A64_CRYPTO_*" #endif -#if defined(__aarch64__) && !defined(__ARM_FEATURE_CRYPTO) -#error "Must use minimum -march=armv8-a+crypto for MBEDTLS_SHA256_USE_A64_CRYPTO_*" -#endif + #endif #if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) && \ diff --git a/library/sha256.c b/library/sha256.c index cb09a71ec..010f4bc02 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -37,6 +37,11 @@ #if defined(__aarch64__) # if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \ defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) +/* *INDENT-OFF* */ +# if !defined(__ARM_FEATURE_CRYPTO) +# error "Must use minimum -march=armv8-a+crypto for MBEDTLS_SHA256_USE_A64_CRYPTO_*" +# endif +/* *INDENT-ON* */ # include # endif # if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) diff --git a/library/sha512.c b/library/sha512.c index efcbed413..767857f34 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -43,6 +43,44 @@ #if defined(__aarch64__) # if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \ defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY) +/* *INDENT-OFF* */ +/* + * Best performance comes from most recent compilers, with intrinsics and -O3. + * Must compile with -march=armv8.2-a+sha3, but we can't detect armv8.2-a, and + * can't always detect __ARM_FEATURE_SHA512 (notably clang 7-12). + * + * GCC < 8 won't work at all (lacks the sha512 instructions) + * GCC >= 8 uses intrinsics, sets __ARM_FEATURE_SHA512 + * + * Clang < 7 won't work at all (lacks the sha512 instructions) + * Clang 7-12 don't have intrinsics (but we work around that with inline + * assembler) or __ARM_FEATURE_SHA512 + * Clang == 13.0.0 same as clang 12 (only seen on macOS) + * Clang >= 13.0.1 has __ARM_FEATURE_SHA512 and intrinsics + */ +#if !defined(__ARM_FEATURE_SHA512) + /* Test Clang first, as it defines __GNUC__ */ +# if defined(__clang__) +# if __clang_major__ < 7 +# error "A more recent Clang is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*" +# elif __clang_major__ < 13 || \ + (__clang_major__ == 13 && __clang_minor__ == 0 && __clang_patchlevel__ == 0) + /* We implement the intrinsics with inline assembler, so don't error */ +# else +# error "Must use minimum -march=armv8.2-a+sha3 for MBEDTLS_SHA512_USE_A64_CRYPTO_*" +# endif +# elif defined(__GNUC__) +# if __GNUC__ < 8 +# error "A more recent GCC is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*" +# else +# error "Must use minimum -march=armv8.2-a+sha3 for MBEDTLS_SHA512_USE_A64_CRYPTO_*" +# endif +# else +# error "Only GCC and Clang supported for MBEDTLS_SHA512_USE_A64_CRYPTO_*" +# endif +#endif +/* *INDENT-ON* */ + # include # endif # if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) From 64e5d4a2cdb64c274c0001a281b3c5c583c87f0c Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 15 Feb 2023 11:46:57 +0800 Subject: [PATCH 049/440] Replace error output with target pragma if possible Signed-off-by: Jerry Yu --- library/sha256.c | 24 ++++++++++++++++++++- library/sha512.c | 54 +++++++++++++++++++++++++++++------------------- 2 files changed, 56 insertions(+), 22 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 010f4bc02..432176551 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -39,7 +39,29 @@ defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) /* *INDENT-OFF* */ # if !defined(__ARM_FEATURE_CRYPTO) -# error "Must use minimum -march=armv8-a+crypto for MBEDTLS_SHA256_USE_A64_CRYPTO_*" +# if defined(__clang__) +# if __clang_major__ < 18 + /* TODO: Re-consider above after https://reviews.llvm.org/D131064 + * merged. + * + * The intrinsic declaration are guarded with ACLE predefined macros + * in clang, and those macros are only enabled with command line. + * Define the macros can enable those declaration and avoid compile + * error on it. + */ +# define __ARM_FEATURE_CRYPTO 1 +# endif +# pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) +# define MBEDTLS_POP_TARGET_PRAGMA +# elif defined(__GNUC__) +# if __GNUC__ < 6 /* TODO: check sha256 compatible for GCC */ +# error "A more recent GCC is required for MBEDTLS_SHA256_USE_A64_CRYPTO_*" +# else +# pragma GCC target ("arch=armv8-a+crypto") +# endif +# else +# error "Only GCC and Clang supported for MBEDTLS_SHA256_USE_A64_CRYPTO_*" +# endif # endif /* *INDENT-ON* */ # include diff --git a/library/sha512.c b/library/sha512.c index 767857f34..fec974a36 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -58,29 +58,41 @@ * Clang == 13.0.0 same as clang 12 (only seen on macOS) * Clang >= 13.0.1 has __ARM_FEATURE_SHA512 and intrinsics */ -#if !defined(__ARM_FEATURE_SHA512) - /* Test Clang first, as it defines __GNUC__ */ -# if defined(__clang__) -# if __clang_major__ < 7 -# error "A more recent Clang is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*" -# elif __clang_major__ < 13 || \ - (__clang_major__ == 13 && __clang_minor__ == 0 && __clang_patchlevel__ == 0) - /* We implement the intrinsics with inline assembler, so don't error */ -# else -# error "Must use minimum -march=armv8.2-a+sha3 for MBEDTLS_SHA512_USE_A64_CRYPTO_*" +# if !defined(__ARM_FEATURE_SHA512) + /* Test Clang first, as it defines __GNUC__ */ +# if defined(__clang__) +# if __clang_major__ < 7 +# error "A more recent Clang is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*" +# elif __clang_major__ < 13 || \ + (__clang_major__ == 13 && __clang_minor__ == 0 && \ + __clang_patchlevel__ == 0) + /* We implement the intrinsics with inline assembler, so don't error */ +# else +# if __clang_major__ < 18 + /* TODO: Re-consider above after https://reviews.llvm.org/D131064 + * merged. + * + * The intrinsic declaration are guarded with ACLE predefined macros + * in clang, and those macros are only enabled with command line. + * Define the macros can enable those declaration and avoid compile + * error on it. + */ +# define __ARM_FEATURE_SHA512 1 +# endif +# pragma clang attribute push (__attribute__((target("sha3"))), apply_to=function) +# define MBEDTLS_POP_TARGET_PRAGMA +# endif +# elif defined(__GNUC__) +# if __GNUC__ < 8 +# error "A more recent GCC is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*" +# else +# pragma GCC target ("arch=armv8.2-a+sha3") +# endif +# else +# error "Only GCC and Clang supported for MBEDTLS_SHA512_USE_A64_CRYPTO_*" +# endif # endif -# elif defined(__GNUC__) -# if __GNUC__ < 8 -# error "A more recent GCC is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*" -# else -# error "Must use minimum -march=armv8.2-a+sha3 for MBEDTLS_SHA512_USE_A64_CRYPTO_*" -# endif -# else -# error "Only GCC and Clang supported for MBEDTLS_SHA512_USE_A64_CRYPTO_*" -# endif -#endif /* *INDENT-ON* */ - # include # endif # if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) From 10f41444a0d4c8d665d98200ffeaf07e3d47abfe Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 15 Feb 2023 16:58:09 +0800 Subject: [PATCH 050/440] Fix CI failure Signed-off-by: Pengyu Lv --- scripts/code_style.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/code_style.py b/scripts/code_style.py index e40a20cfc..c31fb2949 100755 --- a/scripts/code_style.py +++ b/scripts/code_style.py @@ -202,7 +202,7 @@ def main() -> int: if skip_src_files: print_skip(skip_src_files) else: - src_files = covered + src_files = list(covered) if args.fix: # Fix mode From 72082dc28e416fde9fa53d3e27582ba9f78453ee Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 6 Feb 2023 10:49:46 +0100 Subject: [PATCH 051/440] Improve tests/scripts/depends.py code As suggested by gilles-peskine-arm. Co-authored-by: Gilles Peskine Signed-off-by: Andrzej Kurek --- tests/scripts/depends.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 2f0fbc219..3e8a2b0e6 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -151,13 +151,12 @@ which will make a symbol defined with a certain value.""" if value is False: log_command(['config.py', 'unset', option]) conf.unset(option) + elif value is True: + log_command(['config.py', 'set', option]) + conf.set(option) else: - if value is True: - log_command(['config.py', 'set', option]) - conf.set(option) - else: - log_command(['config.py', 'set', option, value]) - conf.set(option, value) + log_command(['config.py', 'set', option, value]) + conf.set(option, value) return True def set_reference_config(conf, options, colors): From f01de145bd5fdb2e843bab427f45a566d358b225 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 14 Feb 2023 17:29:16 +0000 Subject: [PATCH 052/440] Add tests for mbedtls_oid_get_numeric_string() Signed-off-by: David Horstmann --- tests/suites/test_suite_oid.data | 24 ++++++++++++++++++++++++ tests/suites/test_suite_oid.function | 21 +++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index 1738841d5..18b019a05 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -89,3 +89,27 @@ oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160 OID hash id - invalid oid oid_get_md_alg_id:"2B864886f70d0204":-1 +OID get numeric string - hardware module name +oid_get_numeric_string:"2B06010505070804":0:"1.3.6.1.5.5.7.8.4" + +OID get numeric string - multi-byte subidentifier +oid_get_numeric_string:"29903C":0:"1.1.2108" + +OID get numeric string - second component greater than 39 +oid_get_numeric_string:"81010000863A00":0:"2.49.0.0.826.0" + +OID get numeric string - multi-byte first subidentifier +oid_get_numeric_string:"8837":0:"2.999" + +OID get numeric string - empty oid buffer +oid_get_numeric_string:"":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" + +OID get numeric string - no final / all bytes have top bit set +oid_get_numeric_string:"818181":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" + +# Encodes the number 0x0400000000 as a subidentifier which overflows 32-bits +OID get numeric string - 32-bit overflow +oid_get_numeric_string:"C080808000":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" + +OID get numeric string - 32-bit overflow, second subidentifier +oid_get_numeric_string:"2BC080808000":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function index 687b2168a..3004b65fe 100644 --- a/tests/suites/test_suite_oid.function +++ b/tests/suites/test_suite_oid.function @@ -96,3 +96,24 @@ void oid_get_md_alg_id(data_t *oid, int exp_md_id) } } /* END_CASE */ + +/* BEGIN_CASE */ +void oid_get_numeric_string(data_t *oid, int error_ret, char *result_str) +{ + char buf[256]; + mbedtls_asn1_buf input_oid = { 0, 0, NULL }; + int ret; + + input_oid.tag = MBEDTLS_ASN1_OID; + input_oid.p = oid->x; + input_oid.len = oid->len; + + ret = mbedtls_oid_get_numeric_string(buf, sizeof(buf), &input_oid); + + if (error_ret == 0) { + TEST_ASSERT(strcmp(buf, result_str) == 0); + } else { + TEST_EQUAL(ret, error_ret); + } +} +/* END_CASE */ From 9c1887c4c7baaa388cf561c11ed32ed07935aa77 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 15 Feb 2023 11:48:13 +0000 Subject: [PATCH 053/440] Disallow overlong encoding when parsing OIDs OID subidentifiers are encoded as follow. For every byte: * The top bit is 1 if there is another byte to come, 0 if this is the last byte. * The other 7 bits form 7 bits of the number. These groups of 7 are concatenated together in big-endian order. Overlong encodings are explicitly disallowed by the BER/DER/X690 specification. For example, the number 1 cannot be encoded as: 0x80 0x80 0x01 It must be encoded as: 0x01 Enforce this in Mbed TLS' OID DER-to-string parser. Signed-off-by: David Horstmann --- library/oid.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/oid.c b/library/oid.c index 5668e2aa5..17d3e093a 100644 --- a/library/oid.c +++ b/library/oid.c @@ -837,6 +837,11 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, /* First subidentifier contains first two OID components */ i = 0; value = 0; + if ((oid->p[0]) == 0x80) { + /* Overlong encoding is not allowed */ + return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + } + while (i < oid->len && ((oid->p[i] & 0x80) != 0)) { /* Prevent overflow in value. */ if (((value << 7) >> 7) != value) { @@ -871,6 +876,10 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, if (((value << 7) >> 7) != value) { return MBEDTLS_ERR_OID_BUF_TOO_SMALL; } + if ((value == 0) && ((oid->p[i]) == 0x80)) { + /* Overlong encoding is not allowed */ + return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + } value <<= 7; value += oid->p[i] & 0x7F; From 895eb7c9b5eb58a2c86650ed6834f9146b214695 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 15 Feb 2023 11:58:40 +0000 Subject: [PATCH 054/440] Add testcases for overlong encoding of OIDs Signed-off-by: David Horstmann --- tests/suites/test_suite_oid.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index 18b019a05..f4801c426 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -113,3 +113,9 @@ oid_get_numeric_string:"C080808000":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" OID get numeric string - 32-bit overflow, second subidentifier oid_get_numeric_string:"2BC080808000":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" + +OID get numeric string - overlong encoding +oid_get_numeric_string:"8001":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" + +OID get numeric string - overlong encoding, second subidentifier +oid_get_numeric_string:"2B8001":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" From 1265f004941967cbf5cfba0d14d3cb4f63f7d3a1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 9 Sep 2022 17:15:43 +0100 Subject: [PATCH 055/440] First draft of PSA interruptible ECC signing design Signed-off-by: Paul Elliott --- include/psa/crypto.h | 606 ++++++++++++++++++++++++++++++++++++ include/psa/crypto_struct.h | 42 +++ include/psa/crypto_values.h | 21 ++ 3 files changed, 669 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2b9b2a27e..482b58288 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4045,6 +4045,612 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes, /**@}*/ +/** \defgroup interruptible_hash Interruptible sign/verify hash + * @{ + */ + +/** The type of the state data structure for interruptible hash + * signing operations. + * + * Before calling any function on a sign hash operation object, the + * application must initialize it by any of the following means: + * - Set the structure to all-bits-zero, for example: + * \code + * psa_sign_hash_interruptible_operation_t operation; + * memset(&operation, 0, sizeof(operation)); + * \endcode + * - Initialize the structure to logical zero values, for example: + * \code + * psa_sign_hash_interruptible_operation_t operation = {0}; + * \endcode + * - Initialize the structure to the initializer + * #PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT, for example: + * \code + * psa_sign_hash_interruptible_operation_t operation = + * PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT; + * \endcode + * - Assign the result of the function + * psa_sign_hash_interruptible_operation_init() to the structure, for + * example: + * \code + * psa_sign_hash_interruptible_operation_t operation; + * operation = psa_sign_hash_interruptible_operation_init(); + * \endcode + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ +typedef struct psa_sign_hash_interruptible_operation_s psa_sign_hash_interruptible_operation_t; + +/** The type of the state data structure for interruptible hash + * verification operations. + * + * Before calling any function on a sign hash operation object, the + * application must initialize it by any of the following means: + * - Set the structure to all-bits-zero, for example: + * \code + * psa_verify_hash_interruptible_operation_t operation; + * memset(&operation, 0, sizeof(operation)); + * \endcode + * - Initialize the structure to logical zero values, for example: + * \code + * psa_verify_hash_interruptible_operation_t operation = {0}; + * \endcode + * - Initialize the structure to the initializer + * #PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT, for example: + * \code + * psa_verify_hash_interruptible_operation_t operation = + * PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT; + * \endcode + * - Assign the result of the function + * psa_verify_hash_interruptible_operation_init() to the structure, for + * example: + * \code + * psa_verify_hash_interruptible_operation_t operation; + * operation = psa_verify_hash_interruptible_operation_init(); + * \endcode + * + * This is an implementation-defined \c struct. Applications should not + * make any assumptions about the content of this structure. + * Implementation details can change in future versions without notice. */ +typedef struct psa_verify_hash_interruptible_operation_s psa_verify_hash_interruptible_operation_t; + +/** + * \brief Set the maximum number of ops allowed to be + * executed by an interruptible function in a + * single call. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note The time taken to execute a single op is + * implementation specific and depends on + * software, hardware, the algorithm, key type and + * curve chosen. Even within a single operation, + * successive ops can take differing amounts of + * time. The only guarantee is that lower values + * for \p max_ops means functions will block for a + * lesser maximum amount of time. The functions + * \c psa_sign_interruptible_get_num_ops() and + * \c psa_verify_interruptible_get_num_ops() are + * provided to help with tuning this value. + * + * \note This value defaults to + * #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, which + * means the whole operation will be done in one + * go, regardless of the number of ops required. + * + * \note If more ops are needed to complete a + * computation, #PSA_OPERATION_INCOMPLETE will be + * returned by the function performing the + * computation. It is then the caller's + * responsibility to either call again with the + * same operation context until it returns 0 or an + * error code; or to call the relevant abort + * function if the answer is no longer required. + * + * \note The interpretation of \p max_ops is also + * implementation defined. On a hard real time + * system, this can indicate a hard deadline, as a + * real-time system needs a guarantee of not + * spending more than X time, however care must be + * taken in such an implementation to avoid the + * situation whereby calls just return, not being + * able to do any actual work within the allotted + * time. On a non-real-time system, the + * implementation can be more relaxed, but again + * whether this number should be interpreted as as + * hard or soft limit or even whether a less than + * or equals as regards to ops executed in a + * single call is implementation defined. + * + * \warning With implementations that interpret this number + * as a hard limit, setting this number too small + * may result in an infinite loop, whereby each + * call results in immediate return with no ops + * done (as there is not enough time to execute + * any), and thus no result will ever be achieved. + * + * \note This only applies to functions whose + * documentation mentions they may return + * #PSA_OPERATION_INCOMPLETE. + * + * \param max_ops The maximum number of ops to be executed in a + * single call. This can be a number from 0 to + * #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, where 0 + * is the least amount of work done per call. + */ +void psa_interruptible_set_max_ops(uint32_t max_ops); + +/** + * \brief Get the maximum number of ops allowed to be + * executed by an interruptible function in a + * single call. This will return the last + * value set by + * \c psa_interruptible_set_max_ops() or + * #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED if + * that function has never been called. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \return Maximum number of ops allowed to be + * executed by an interruptible function in a + * single call. + */ +uint32_t psa_interruptible_get_max_ops(void); + +/** + * \brief Get the number of ops that a hash signing + * operation has taken so far. If the operation + * has completed, then this will represent the + * number of ops required for the entire + * operation. After initialization or calling + * \c psa_sign_hash_interruptible_abort() on + * the operation, a value of 0 will be returned. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * This is a helper provided to help you tune the + * value passed to \c + * psa_interruptible_set_max_ops(). + * + * \param operation The \c psa_sign_hash_interruptible_operation_t + * to use. This must be initialized first. + * + * \return Number of ops that the operation has taken so + * far. + */ +uint32_t psa_sign_hash_get_num_ops( + const psa_sign_hash_interruptible_operation_t *operation); + +/** + * \brief Get the number of ops that a hash verification + * operation has taken so far. If the operation + * has completed, then this will represent the + * number of ops required for the entire + * operation. After initialization or calling \c + * psa_verify_hash_interruptible_abort() on the + * operation, a value of 0 will be returned. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * This is a helper provided to help you tune the + * value passed to \c + * psa_interruptible_set_max_ops(). + * + * \param operation The \c + * psa_verify_hash_interruptible_operation_t to + * use. This must be initialized first. + * + * \return Number of ops that the operation has taken so + * far. + */ +uint32_t psa_verify_hash_get_num_ops( + const psa_verify_hash_interruptible_operation_t *operation); + +/** + * \brief Start signing a hash or short message with a + * private key, in an interruptible manner. + * + * \see \c psa_sign_hash_complete() + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function combined with \c + * psa_sign_hash_complete() is equivalent to + * \c psa_sign_hash() but + * \c psa_sign_hash_complete() can return early and + * resume according to the limit set with \c + * psa_interruptible_set_max_ops() to reduce the + * maximum time spent in a function call. + * + * \note Users should call \c psa_sign_hash_complete() + * repeatedly on the same context after a + * successful call to this function until \c + * psa_sign_hash_complete() either returns 0 or an + * error. \c psa_sign_hash_complete() will return + * #PSA_OPERATION_INCOMPLETE if there is more work + * to do. Alternatively users can call + * \c psa_sign_hash_abort() at any point if they no + * longer want the result. + * + * \note If this function returns an error status, the + * operation enters an error state and must be + * aborted by calling \c psa_sign_hash_abort(). + * + * \param[in, out] operation The \c psa_sign_hash_interruptible_operation_t + * to use. This must be initialized first. + * + * \param key Identifier of the key to use for the operation. + * It must be an asymmetric key pair. The key must + * allow the usage #PSA_KEY_USAGE_SIGN_HASH. + * \param alg A signature algorithm (\c PSA_ALG_XXX + * value such that #PSA_ALG_IS_SIGN_HASH(\p alg) + * is true), that is compatible with + * the type of \p key. + * \param[in] hash The hash or message to sign. + * \param hash_length Size of the \p hash buffer in bytes. + * + * \retval #PSA_SUCCESS + * The operation started successfully - call \c psa_sign_hash_complete() + * with the same context to complete the operation + * + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_NOT_PERMITTED + * The key does not have the #PSA_KEY_USAGE_SIGN_HASH flag, or it does + * not permit the requested algorithm. + * \retval #PSA_ERROR_BAD_STATE + * An operation has previously been started on this context, and is + * still in progress. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_sign_hash_start( + psa_sign_hash_interruptible_operation_t *operation, + mbedtls_svc_key_id_t key, psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length); + +/** + * \brief Continue and eventually complete the action of + * signing a hash or short message with a private + * key, in an interruptible manner. + * + * \see \c psa_sign_hash_start() + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function combined with \c + * psa_sign_hash_start() is equivalent to + * \c psa_sign_hash() but this function can return + * early and resume according to the limit set with + * \c psa_interruptible_set_max_ops() to reduce the + * maximum time spent in a function call. + * + * \note Users should call this function on the same + * operation object repeatedly until it either + * returns 0 or an error. This function will return + * #PSA_OPERATION_INCOMPLETE if there is more work + * to do. Alternatively users can call + * \c psa_sign_hash_abort() at any point if they no + * longer want the result. + * + * \note When this function returns successfully, the + * operation becomes inactive. If this function + * returns an error status, the operation enters an + * error state and must be aborted by calling + * \c psa_sign_hash_abort(). + * + * \param[in, out] operation The \c psa_sign_hash_interruptible_operation_t + * to use. This must be initialized first, and have + * had \c psa_sign_hash_start() called with it + * first. + * + * \param[out] signature Buffer where the signature is to be written. + * \param signature_size Size of the \p signature buffer in bytes. This + * must be appropriate for the selected + * algorithm and key: + * - The required signature size is + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c + * key_bits, \c alg) where \c key_type and \c + * key_bits are the type and bit-size + * respectively of key. + * - #PSA_SIGNATURE_MAX_SIZE evaluates to the + * maximum signature size of any supported + * signature algorithm. + * \param[out] signature_length On success, the number of bytes that make up + * the returned signature value. + * + * \retval #PSA_SUCCESS + * Operation completed successfully + * + * \retval #PSA_OPERATION_INCOMPLETE + * Operation was interrupted due to the setting of \c + * psa_interruptible_set_max_ops(). There is still work to be done. + * Call this function again with the same operation object. + * + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p signature buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) + * where \c key_type and \c key_bits are the type and bit-size + * respectively of \p key. + * + * \retval #PSA_ERROR_BAD_STATE + * An operation was not previously started on this context via + * \c psa_sign_hash_start(). + * + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_BAD_STATE + * The library has either not been previously initialized by + * psa_crypto_init() or you did not previously call + * psa_sign_hash_start() with this operation object. It is + * implementation-dependent whether a failure to initialize results in + * this error code. + */ +psa_status_t psa_sign_hash_complete( + psa_sign_hash_interruptible_operation_t *operation, + uint8_t *signature, size_t signature_size, + size_t *signature_length); + +/** + * \brief Abort a sign hash operation. + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + + * \note Aborting an operation frees all associated + * resources except for the \p operation structure + * itself. Once aborted, the operation object can + * be reused for another operation by calling \c + * psa_sign_hash_start() again. + * + * \note You may call this function any time after the + * operation object has been initialized. In + * particular, calling \c psa_sign_hash_abort() + * after the operation has already been terminated + * by a call to \c psa_sign_hash_abort() or + * psa_sign_hash_complete() is safe and has no + * effect. + * + * \param[in,out] operation Initialized sign hash operation. + * + * \retval #PSA_SUCCESS + * The operation was aborted successfully. + * + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_sign_hash_abort( + psa_sign_hash_interruptible_operation_t *operation); + +/** + * \brief Start reading and verifying a hash or short + * message, in an interruptible manner. + * + * \see \c psa_verify_hash_complete() + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function combined with \c + * psa_verify_hash_complete() is equivalent to + * \c psa_verify_hash() but \c + * psa_verify_hash_complete() can return early and + * resume according to the limit set with \c + * psa_interruptible_set_max_ops() to reduce the + * maximum time spent in a function. + * + * \note Users should call \c psa_verify_hash_complete() + * repeatedly on the same operation object after a + * successful call to this function until \c + * psa_verify_hash_complete() either returns 0 or + * an error. \c psa_verify_hash_complete() will + * return #PSA_OPERATION_INCOMPLETE if there is + * more work to do. Alternatively users can call + * \c psa_verify_hash_abort() at any point if they + * no longer want the result. + * + * \note If this function returns an error status, the + * operation enters an error state and must be + * aborted by calling \c psa_verify_hash_abort(). + * + * \param[in, out] operation The \c psa_verify_hash_interruptible_operation_t + * to use. This must be initialized first. + * + * \param key Identifier of the key to use for the operation. + * The key must allow the usage + * #PSA_KEY_USAGE_VERIFY_HASH. + * \param alg A signature algorithm (\c PSA_ALG_XXX + * value such that #PSA_ALG_IS_SIGN_HASH(\p alg) + * is true), that is compatible with + * the type of \p key. + * \param[in] hash The hash whose signature is to be verified. + * \param hash_length Size of the \p hash buffer in bytes. + * \param[in] signature Buffer containing the signature to verify. + * \param signature_length Size of the \p signature buffer in bytes. + * + * \retval #PSA_SUCCESS + * The operation started successfully - please call \c + * psa_verify_hash_complete() with the same context to complete the + * operation. + * + * \retval #PSA_ERROR_BAD_STATE + * Another operation has already been started on this context, and is + * still in progress. + * + * \retval #PSA_ERROR_NOT_PERMITTED + * The key does not have the #PSA_KEY_USAGE_VERIFY_HASH flag, or it does + * not permit the requested algorithm. + * + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval PSA_ERROR_DATA_CORRUPT + * \retval PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_verify_hash_start( + psa_verify_hash_interruptible_operation_t *operation, + mbedtls_svc_key_id_t key, psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length); + +/** + * \brief Continue and eventually complete the action of + * reading and verifying a hash or short message + * signed with a private key, in an interruptible + * manner. + * + * \see \c psa_verify_hash_start() + * + * \warning This is a beta API, and thus subject to change + * at any point. It is not bound by the usual + * interface stability promises. + * + * \note This function combined with \c + * psa_verify_hash_start() is equivalent to + * \c psa_verify_hash() but this function can + * return early and resume according to the limit + * set with \c psa_interruptible_set_max_ops() to + * reduce the maximum time spent in a function + * call. + * + * \note Users should call this function on the same + * operation object repeatedly until it either + * returns 0 or an error. This function will return + * #PSA_OPERATION_INCOMPLETE if there is more work + * to do. Alternatively users can call + * \c psa_verify_hash_abort() at any point if they + * no longer want the result. + * + * \note When this function returns successfully, the + * operation becomes inactive. If this function + * returns an error status, the operation enters an + * error state and must be aborted by calling + * \c psa_verify_hash_abort(). + * + * \param[in, out] operation The \c psa_verify_hash_interruptible_operation_t + * to use. This must be initialized first, and have + * had \c psa_verify_hash_start() called with it + * first. + * + * \retval #PSA_SUCCESS + * Operation completed successfully, and the passed signature is valid. + * + * \retval #PSA_OPERATION_INCOMPLETE + * Operation was interrupted due to the setting of \c + * psa_interruptible_set_max_ops(). There is still work to be done. + * Call this function again with the same operation object. + * + * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed + * signature is not a valid signature. + *\retval #PSA_ERROR_BAD_STATE + * An operation was not previously started on this context via + * \c psa_verify_hash_start(). + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_HARDWARE_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_BAD_STATE + * The library has either not been previously initialized by + * psa_crypto_init() or you did not previously call + * psa_verify_hash_start() on this object. It is + * implementation-dependent whether a failure to initialize results in + * this error code. + */ +psa_status_t psa_verify_hash_complete( + psa_verify_hash_interruptible_operation_t *operation); + +/** + * \brief Abort a verify hash operation. + * + * \warning This is a beta API, and thus subject to change at + * any point. It is not bound by the usual interface + * stability promises. + * + * \note Aborting an operation frees all associated + * resources except for the operation structure + * itself. Once aborted, the operation object can be + * reused for another operation by calling \c + * psa_verify_hash_start() again. + * + * \note You may call this function any time after the + * operation object has been initialized. + * In particular, calling \c psa_verify_hash_abort() + * after the operation has already been terminated by + * a call to \c psa_verify_hash_abort() or + * psa_verify_hash_complete() is safe and has no + * effect. + * + * \param[in,out] operation Initialized verify hash operation. + * + * \retval #PSA_SUCCESS + * The operation was aborted successfully. + * + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t psa_verify_hash_abort( + psa_verify_hash_interruptible_operation_t *operation); + + +/**@}*/ + #ifdef __cplusplus } #endif diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 7a6caa2ed..ff49eb962 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -491,6 +491,48 @@ static inline size_t psa_get_key_bits( return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits); } +/** + * \brief The context for PSA interruptible hash signing. + * + * \note Contents not yet designed as implementation specific. + * + */ +struct psa_sign_hash_interruptible_operation_s { + size_t MBEDTLS_PRIVATE(num_ops); +}; + +#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 } + +static inline struct psa_sign_hash_interruptible_operation_s +psa_sign_hash_interruptible_operation_init(void) +{ + const struct psa_sign_hash_interruptible_operation_s v = + PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT; + + return v; +} + +/** + * \brief The context for PSA interruptible hash verification. + * + * \note Contents not yet designed as implementation specific. + * + */ +struct psa_verify_hash_interruptible_operation_s { + size_t MBEDTLS_PRIVATE(num_ops); +}; + +#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 } + +static inline struct psa_verify_hash_interruptible_operation_s +psa_verify_hash_interruptible_operation_init(void) +{ + const struct psa_verify_hash_interruptible_operation_s v = + PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT; + + return v; +} + #ifdef __cplusplus } #endif diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index ee95745ad..07e96f70b 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -335,6 +335,13 @@ */ #define PSA_ERROR_DATA_INVALID ((psa_status_t)-153) +/** The function that returns this status is defined as interruptible and + * still has work to do, thus the user should call the function again with the + * same operation context until it either returns #PSA_SUCCESS or any other + * error. This is not an error per se, more a notification of status. + */ +#define PSA_OPERATION_INCOMPLETE ((psa_status_t)-248) + /* *INDENT-ON* */ /**@}*/ @@ -2739,4 +2746,18 @@ static inline int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key) /**@}*/ +/**@}*/ + +/** \defgroup interruptible Interruptible operations + * @{ + */ + +/** Maximum value for use with \c psa_interruptible_set_max_ops() to determine + * the maximum number of ops allowed to be executed by an interruptible + * function in a single call. + */ +#define PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED INT32_MAX + +/**@}*/ + #endif /* PSA_CRYPTO_VALUES_H */ From 2d247923e58ce51959db45b3fa6c66c4810b34c0 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 29 Nov 2022 14:54:44 +0000 Subject: [PATCH 056/440] Initial empty driver wrapper implementation Signed-off-by: Paul Elliott --- include/psa/crypto_struct.h | 20 +- library/psa_crypto_driver_wrappers.h | 41 +++ .../psa_crypto_driver_wrappers.c.jinja | 236 ++++++++++++++++++ 3 files changed, 295 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index ff49eb962..bd20937e5 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -498,10 +498,18 @@ static inline size_t psa_get_key_bits( * */ struct psa_sign_hash_interruptible_operation_s { + /** Unique ID indicating which driver got assigned to do the + * operation. Since driver contexts are driver-specific, swapping + * drivers halfway through the operation is not supported. + * ID values are auto-generated in psa_crypto_driver_wrappers.h + * ID value zero means the context is not valid or not assigned to + * any driver (i.e. none of the driver contexts are active). */ + unsigned int MBEDTLS_PRIVATE(id); + size_t MBEDTLS_PRIVATE(num_ops); }; -#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 } +#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, 0 } static inline struct psa_sign_hash_interruptible_operation_s psa_sign_hash_interruptible_operation_init(void) @@ -519,10 +527,18 @@ psa_sign_hash_interruptible_operation_init(void) * */ struct psa_verify_hash_interruptible_operation_s { + /** Unique ID indicating which driver got assigned to do the + * operation. Since driver contexts are driver-specific, swapping + * drivers halfway through the operation is not supported. + * ID values are auto-generated in psa_crypto_driver_wrappers.h + * ID value zero means the context is not valid or not assigned to + * any driver (i.e. none of the driver contexts are active). */ + unsigned int MBEDTLS_PRIVATE(id); + size_t MBEDTLS_PRIVATE(num_ops); }; -#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 } +#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, 0 } static inline struct psa_verify_hash_interruptible_operation_s psa_verify_hash_interruptible_operation_init(void) diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index da3cd1d5d..26df08835 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -66,6 +66,47 @@ psa_status_t psa_driver_wrapper_verify_hash( psa_algorithm_t alg, const uint8_t *hash, size_t hash_length, const uint8_t *signature, size_t signature_length); +/* + * Interruptible Signature functions + */ + +void psa_driver_wrapper_interruptible_set_max_ops(uint32_t max_ops); + +uint32_t psa_driver_wrapper_interruptible_get_max_ops(void); + +uint32_t psa_driver_wrapper_sign_hash_get_num_ops( + const psa_sign_hash_interruptible_operation_t *operation); + +uint32_t psa_driver_wrapper_verify_hash_get_num_ops( + const psa_verify_hash_interruptible_operation_t *operation); + +psa_status_t psa_driver_wrapper_sign_hash_start( + psa_sign_hash_interruptible_operation_t *operation, + const psa_key_attributes_t *attributes, const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length); + +psa_status_t psa_driver_wrapper_sign_hash_complete( + psa_sign_hash_interruptible_operation_t *operation, + uint8_t *signature, size_t signature_size, + size_t *signature_length); + +psa_status_t psa_driver_wrapper_sign_hash_abort( + psa_sign_hash_interruptible_operation_t *operation); + +psa_status_t psa_driver_wrapper_verify_hash_start( + psa_verify_hash_interruptible_operation_t *operation, + const psa_key_attributes_t *attributes, const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length); + +psa_status_t psa_driver_wrapper_verify_hash_complete( + psa_verify_hash_interruptible_operation_t *operation); + +psa_status_t psa_driver_wrapper_verify_hash_abort( + psa_verify_hash_interruptible_operation_t *operation); + /* * Key handling functions */ diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index bdf331516..e1f7b1fe8 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -433,6 +433,242 @@ psa_status_t psa_driver_wrapper_verify_hash( } } +void psa_driver_wrapper_interruptible_set_max_ops( uint32_t max_ops ) +{ + ( void ) max_ops; +} + +uint32_t psa_driver_wrapper_interruptible_get_max_ops( void ) +{ + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +uint32_t psa_driver_wrapper_sign_hash_get_num_ops( + const psa_sign_hash_interruptible_operation_t *operation ) +{ + switch( operation->id ) + { + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +uint32_t psa_driver_wrapper_verify_hash_get_num_ops( + const psa_verify_hash_interruptible_operation_t *operation ) +{ + switch( operation->id ) + { + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_sign_hash_start( + psa_sign_hash_interruptible_operation_t *operation, + const psa_key_attributes_t *attributes, const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length ) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + + /* Add test driver tests here */ + + /* Declared with fallback == true */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + /* Fell through, meaning no accelerator supports this operation */ + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + break; + + /* Add cases for opaque driver here */ + + default: + /* Key is declared with a lifetime not known to us */ + ( void ) status; + return( PSA_ERROR_INVALID_ARGUMENT ); + } + + ( void ) operation; + ( void ) key_buffer; + ( void ) key_buffer_size; + ( void ) alg; + ( void ) hash; + ( void ) hash_length; + + return( status ); +} + +psa_status_t psa_driver_wrapper_sign_hash_complete( + psa_sign_hash_interruptible_operation_t *operation, + uint8_t *signature, size_t signature_size, + size_t *signature_length ) +{ + switch( operation->id ) + { + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + ( void ) signature; + ( void ) signature_size; + ( void ) signature_length; + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_sign_hash_abort( + psa_sign_hash_interruptible_operation_t *operation ) +{ + switch( operation->id ) + { + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_verify_hash_start( + psa_verify_hash_interruptible_operation_t *operation, + const psa_key_attributes_t *attributes, const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length ) +{ + + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + + /* Add test driver tests here */ + + /* Declared with fallback == true */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + /* Fell through, meaning no accelerator supports this operation */ + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + break; + + /* Add cases for opaque driver here */ + + default: + /* Key is declared with a lifetime not known to us */ + ( void ) status; + return( PSA_ERROR_INVALID_ARGUMENT ); + } + + ( void ) operation; + ( void ) key_buffer; + ( void ) key_buffer_size; + ( void ) alg; + ( void ) hash; + ( void ) hash_length; + ( void ) signature; + ( void ) signature_length; + + return( status ); +} + +psa_status_t psa_driver_wrapper_verify_hash_complete( + psa_verify_hash_interruptible_operation_t *operation ) +{ + switch( operation->id ) + { + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + +psa_status_t psa_driver_wrapper_verify_hash_abort( + psa_verify_hash_interruptible_operation_t *operation ) +{ + switch( operation->id ) + { + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + + /* Add cases for opaque driver here */ + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } + + return( PSA_ERROR_INVALID_ARGUMENT ); +} + /** Calculate the key buffer size required to store the key material of a key * associated with an opaque driver from input key data. * From 9fe12f666b9a37de13228fa22427cf17989f2ddf Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 30 Nov 2022 19:16:02 +0000 Subject: [PATCH 057/440] PSA level initial implementation Signed-off-by: Paul Elliott --- library/psa_crypto.c | 236 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 236 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a683fdb8f..a21f6d963 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3124,6 +3124,242 @@ exit: return (status == PSA_SUCCESS) ? unlock_status : status; } +/****************************************************************/ +/* Asymmetric interruptible cryptography */ +/****************************************************************/ + +void psa_interruptible_set_max_ops(uint32_t max_ops) +{ + psa_driver_wrapper_interruptible_set_max_ops(max_ops); +} + +uint32_t psa_interruptible_get_max_ops(void) +{ + return psa_driver_wrapper_interruptible_get_max_ops(); +} + + +uint32_t psa_sign_hash_get_num_ops( + const psa_sign_hash_interruptible_operation_t *operation) +{ + return psa_driver_wrapper_sign_hash_get_num_ops(operation); +} + +uint32_t psa_verify_hash_get_num_ops( + const psa_verify_hash_interruptible_operation_t *operation) +{ + return psa_driver_wrapper_verify_hash_get_num_ops(operation); +} + +psa_status_t psa_sign_hash_start( + psa_sign_hash_interruptible_operation_t *operation, + mbedtls_svc_key_id_t key, psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot; + + /* Check that start has not been previously called. */ + if (operation->id != 0) { + return PSA_ERROR_BAD_STATE; + } + + + status = psa_sign_verify_check_alg(0, alg); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_get_and_lock_key_slot_with_policy(key, &slot, + PSA_KEY_USAGE_SIGN_HASH, + alg); + + if (status != PSA_SUCCESS) { + goto exit; + } + + if (!PSA_KEY_TYPE_IS_KEY_PAIR(slot->attr.type)) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; + } + + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + status = psa_driver_wrapper_sign_hash_start(operation, &attributes, + slot->key.data, + slot->key.bytes, alg, + hash, hash_length); +exit: + + if (status != PSA_SUCCESS) { + psa_sign_hash_abort(operation); + } + + unlock_status = psa_unlock_key_slot(slot); + + return (status == PSA_SUCCESS) ? unlock_status : status; + +} + + +psa_status_t psa_sign_hash_complete( + psa_sign_hash_interruptible_operation_t *operation, + uint8_t *signature, size_t signature_size, + size_t *signature_length) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + *signature_length = 0; + + /* Check that start has been called first. */ + if (operation->id == 0) { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + /* Immediately reject a zero-length signature buffer. This guarantees + * that signature must be a valid pointer. (On the other hand, the input + * buffer can in principle be empty since it doesn't actually have + * to be a hash.) */ + if (signature_size == 0) { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } + + status = psa_driver_wrapper_sign_hash_complete(operation, signature, + signature_size, + signature_length); +exit: + + if (status != PSA_OPERATION_INCOMPLETE) { + /* Fill the unused part of the output buffer (the whole buffer on error, + * the trailing part on success) with something that isn't a valid + * signature (barring an attack on the signature and + * deliberately-crafted input), in case the caller doesn't check the + * return status properly.*/ + if (status == PSA_SUCCESS) { + memset(signature + *signature_length, '!', + signature_size - *signature_length); + } else if (signature_size > 0) { + memset(signature, '!', signature_size); + } + /* If signature_size is 0 then we have nothing to do. We must not + * call memset because signature may be NULL in this case.*/ + + psa_sign_hash_abort(operation); + } + + return status; +} + +psa_status_t psa_sign_hash_abort( + psa_sign_hash_interruptible_operation_t *operation) +{ + if (operation->id == 0) { + /* The object has (apparently) been initialized but it is not (yet) + * in use. It's ok to call abort on such an object, and there's + * nothing to do. */ + return PSA_SUCCESS; + } + + psa_driver_wrapper_sign_hash_abort(operation); + + operation->id = 0; + + return PSA_SUCCESS; +} + +psa_status_t psa_verify_hash_start( + psa_verify_hash_interruptible_operation_t *operation, + mbedtls_svc_key_id_t key, psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot; + + /* Check that start has not been previously called. */ + if (operation->id != 0) { + return PSA_ERROR_BAD_STATE; + } + + status = psa_sign_verify_check_alg(0, alg); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_get_and_lock_key_slot_with_policy(key, &slot, + PSA_KEY_USAGE_VERIFY_HASH, + alg); + + if (status != PSA_SUCCESS) { + return status; + } + + psa_key_attributes_t attributes = { + .core = slot->attr + }; + + status = psa_driver_wrapper_verify_hash_start(operation, &attributes, + slot->key.data, + slot->key.bytes, + alg, hash, hash_length, + signature, signature_length); + + if (status != PSA_SUCCESS) { + psa_verify_hash_abort(operation); + } + + unlock_status = psa_unlock_key_slot(slot); + + return (status == PSA_SUCCESS) ? unlock_status : status; + + return status; +} + +psa_status_t psa_verify_hash_complete( + psa_verify_hash_interruptible_operation_t *operation) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + /* Check that start has been called first. */ + if (operation->id == 0) { + status = PSA_ERROR_BAD_STATE; + goto exit; + } + + status = psa_driver_wrapper_verify_hash_complete(operation); + +exit: + + if (status != PSA_OPERATION_INCOMPLETE) { + psa_verify_hash_abort(operation); + } + + return status; +} + +psa_status_t psa_verify_hash_abort( + psa_verify_hash_interruptible_operation_t *operation) +{ + if (operation->id == 0) { + /* The object has (apparently) been initialized but it is not (yet) + * in use. It's ok to call abort on such an object, and there's + * nothing to do. */ + return PSA_SUCCESS; + } + + psa_driver_wrapper_verify_hash_abort(operation); + + operation->id = 0; + + return PSA_SUCCESS; +} + /****************************************************************/ From 21b83879299d27c1d3f5b1399354d68e30d89b9e Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 15 Feb 2023 13:07:49 +0000 Subject: [PATCH 058/440] Add ChangeLog for OID-to-string fixes Signed-off-by: David Horstmann --- ChangeLog.d/fix-oid-to-string-bugs.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/fix-oid-to-string-bugs.txt diff --git a/ChangeLog.d/fix-oid-to-string-bugs.txt b/ChangeLog.d/fix-oid-to-string-bugs.txt new file mode 100644 index 000000000..799f44474 --- /dev/null +++ b/ChangeLog.d/fix-oid-to-string-bugs.txt @@ -0,0 +1,6 @@ +Bugfix + * Fix bug in conversion from OID to string in + mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed + correctly. + * Reject OIDs with overlong-encoded subidentifiers when converting + OID-to-string. From 34b3f1b7576565975715f4732c506e4dd49cccdd Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 15 Feb 2023 13:46:53 +0000 Subject: [PATCH 059/440] Make overflow checks more readable Signed-off-by: David Horstmann --- library/oid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/oid.c b/library/oid.c index 17d3e093a..22f1f1c23 100644 --- a/library/oid.c +++ b/library/oid.c @@ -844,7 +844,7 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, while (i < oid->len && ((oid->p[i] & 0x80) != 0)) { /* Prevent overflow in value. */ - if (((value << 7) >> 7) != value) { + if (value > (UINT_MAX >> 7)) { return MBEDTLS_ERR_OID_BUF_TOO_SMALL; } @@ -873,7 +873,7 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, value = 0; for (; i < oid->len; i++) { /* Prevent overflow in value. */ - if (((value << 7) >> 7) != value) { + if (value > (UINT_MAX >> 7)) { return MBEDTLS_ERR_OID_BUF_TOO_SMALL; } if ((value == 0) && ((oid->p[i]) == 0x80)) { From f51851dc702c475eb6729fa04c1d3f1bec11e1c2 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 15 Feb 2023 15:44:24 +0000 Subject: [PATCH 060/440] Change += to |= for clearer semantics Signed-off-by: David Horstmann --- library/oid.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/oid.c b/library/oid.c index 22f1f1c23..acea12585 100644 --- a/library/oid.c +++ b/library/oid.c @@ -848,7 +848,7 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, return MBEDTLS_ERR_OID_BUF_TOO_SMALL; } - value += oid->p[i] & 0x7F; + value |= oid->p[i] & 0x7F; value <<= 7; i++; } @@ -856,7 +856,7 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, return MBEDTLS_ERR_OID_BUF_TOO_SMALL; } /* Last byte of first subidentifier */ - value += oid->p[i] & 0x7F; + value |= oid->p[i] & 0x7F; i++; unsigned int component1 = value / 40; @@ -882,7 +882,7 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, } value <<= 7; - value += oid->p[i] & 0x7F; + value |= oid->p[i] & 0x7F; if (!(oid->p[i] & 0x80)) { /* Last byte */ From 42df16c84b4720588d5694700b92493233a092e5 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 1 Feb 2023 13:58:04 +0100 Subject: [PATCH 061/440] Extract Secp521r1 from the prototype Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 65 +++++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 31 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 2a97b8c00..a1a21c27a 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5189,11 +5189,6 @@ cleanup: MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -/* - * Here we have an actual Mersenne prime, so things are more straightforward. - * However, chunks are aligned on a 'weird' boundary (521 bits). - */ - /* Size of p521 in terms of mbedtls_mpi_uint */ #define P521_WIDTH (521 / 8 / sizeof(mbedtls_mpi_uint) + 1) @@ -5201,48 +5196,56 @@ cleanup: #define P521_MASK 0x01FF /* - * Fast quasi-reduction modulo p521 (FIPS 186-3 D.2.5) - * Write N as A1 + 2^521 A0, return A0 + A1 + * Fast quasi-reduction modulo p521 = 2^521 - 1 (FIPS 186-3 D.2.5) */ static int ecp_mod_p521(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i; - mbedtls_mpi M; - mbedtls_mpi_uint Mp[P521_WIDTH + 1]; - /* Worst case for the size of M is when mbedtls_mpi_uint is 16 bits: - * we need to hold bits 513 to 1056, which is 34 limbs, that is - * P521_WIDTH + 1. Otherwise P521_WIDTH is enough. */ + size_t expected_width = 2 * ((521 + biL - 1) / biL); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = ecp_mod_p521_raw(N->p, expected_width); +cleanup: + return ret; +} +static int ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n) +{ + mbedtls_mpi_uint carry = 0; - if (N->n < P521_WIDTH) { + if (N_n > 2*P521_WIDTH) { + N_n = 2*P521_WIDTH; + } + if (N_n < P521_WIDTH) { return 0; } - /* M = A1 */ - M.s = 1; - M.n = N->n - (P521_WIDTH - 1); - if (M.n > P521_WIDTH + 1) { - M.n = P521_WIDTH + 1; - } - M.p = Mp; - memcpy(Mp, N->p + P521_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint)); - MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 521 % (8 * sizeof(mbedtls_mpi_uint)))); + /* Step 1: Reduction to P521_WIDTH limbs */ + if (N_n > P521_WIDTH) { + /* Helper references for top part of N */ + mbedtls_mpi_uint *NT_p = N_p + P521_WIDTH; + size_t NT_n = N_n - P521_WIDTH; - /* N = A0 */ - N->p[P521_WIDTH - 1] &= P521_MASK; - for (i = P521_WIDTH; i < N->n; i++) { - N->p[i] = 0; + /* Split N as A0 + 2^(512 + biL) A1 and compute A0 + 2^(biL - 9) * A1. + * This can be done in place. */ + mbedtls_mpi_uint shift = ((mbedtls_mpi_uint) 1u) << (biL - 9); + carry = MPI_CORE(mla)(N_p, P521_WIDTH, NT_p, NT_n, shift); + + /* Clear top part */ + memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); } - /* N = A0 + A1 */ - MBEDTLS_MPI_CHK(mbedtls_mpi_add_abs(N, N, &M)); + /* Step 2: Reduction to < 2p. + * Now split as A0 + 2^521 * c, with c a scalar, and compute A0 + c. */ + carry <<= (biL - 9); + carry += (N_p[P521_WIDTH-1] >> 9); + N_p[P521_WIDTH-1] &= P521_MASK; + (void) mbedtls_core_add_int(N_p, N_p, carry, P521_WIDTH); -cleanup: - return ret; + return 0; } #undef P521_WIDTH #undef P521_MASK + #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #endif /* MBEDTLS_ECP_NIST_OPTIM */ From 8450ab9c60249db6ec0855ca8539756eda6061ab Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 6 Feb 2023 15:47:00 +0100 Subject: [PATCH 062/440] Fix Secp521r1 reduction The prototype calculated with wrong limb size and not taken into account the overflow in the shared limb. Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index a1a21c27a..f58539d22 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5211,14 +5211,19 @@ static int ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n) { mbedtls_mpi_uint carry = 0; - if (N_n > 2*P521_WIDTH) { - N_n = 2*P521_WIDTH; + if (N_n > 2 * P521_WIDTH - 1) { + N_n = 2 * P521_WIDTH - 1; } if (N_n < P521_WIDTH) { return 0; } - /* Step 1: Reduction to P521_WIDTH limbs */ + /* Save and clear the A1 content of the shared limb to prevent it + from overwrite. */ + mbedtls_mpi_uint remainder[P521_WIDTH] = {0}; + remainder[0] = N_p[P521_WIDTH - 1] >> 9; + N_p[P521_WIDTH - 1] &= P521_MASK; + if (N_n > P521_WIDTH) { /* Helper references for top part of N */ mbedtls_mpi_uint *NT_p = N_p + P521_WIDTH; @@ -5227,18 +5232,14 @@ static int ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n) /* Split N as A0 + 2^(512 + biL) A1 and compute A0 + 2^(biL - 9) * A1. * This can be done in place. */ mbedtls_mpi_uint shift = ((mbedtls_mpi_uint) 1u) << (biL - 9); - carry = MPI_CORE(mla)(N_p, P521_WIDTH, NT_p, NT_n, shift); + carry = mbedtls_mpi_core_mla(N_p, P521_WIDTH - 1, NT_p, NT_n, shift); /* Clear top part */ memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); } - /* Step 2: Reduction to < 2p. - * Now split as A0 + 2^521 * c, with c a scalar, and compute A0 + c. */ - carry <<= (biL - 9); - carry += (N_p[P521_WIDTH-1] >> 9); - N_p[P521_WIDTH-1] &= P521_MASK; - (void) mbedtls_core_add_int(N_p, N_p, carry, P521_WIDTH); + (void)mbedtls_mpi_core_add(N_p, N_p, remainder, P521_WIDTH); + N_p[P521_WIDTH - 1] += carry; return 0; } From 2cb630edee50c9799e88af39b7d52a3162cd4ec5 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 1 Feb 2023 14:02:16 +0100 Subject: [PATCH 063/440] Change the ecp_mod_p521_raw to be testable Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 6 +++++- library/ecp_invasive.h | 7 +++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index f58539d22..269f5fcf9 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4584,6 +4584,8 @@ static int ecp_mod_p384(mbedtls_mpi *); #endif #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) static int ecp_mod_p521(mbedtls_mpi *); +MBEDTLS_STATIC_TESTABLE +int ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n); #endif #define NIST_MODP(P) grp->modp = ecp_mod_ ## P; @@ -5207,7 +5209,9 @@ static int ecp_mod_p521(mbedtls_mpi *N) cleanup: return ret; } -static int ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n) + +MBEDTLS_STATIC_TESTABLE +int ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n) { mbedtls_mpi_uint carry = 0; diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 3ee238ee5..31646b92d 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -95,6 +95,13 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + +MBEDTLS_STATIC_TESTABLE +int ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n); + +#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ + #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_INVASIVE_H */ From d8f67b975bdaca75a0eed75fad2e968fa8bd34d3 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 6 Feb 2023 15:49:42 +0100 Subject: [PATCH 064/440] Add test generation for ecp_mod_p521_raw Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/ecp.py | 83 ++++++++++++++++++++++++++++ tests/suites/test_suite_ecp.function | 44 ++++++++++++++- 2 files changed, 126 insertions(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 93cd2123f..96ddd057f 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -75,3 +75,86 @@ class EcpP192R1Raw(bignum_common.ModOperationCommon, @property def is_valid(self) -> bool: return True + +class EcpP521R1Raw(bignum_common.ModOperationCommon, + EcpTarget): + """Test cases for ecp quasi_reduction().""" + test_function = "ecp_mod_p521_raw" + test_name = "ecp_mod_p521_raw" + input_style = "fixed" + arity = 1 + + moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff") + ] # type: List[str] + + input_values = [ + "0", "1", + + # Test case for overflow during addition + ("0001efffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "000001ef" + "0000000000000000000000000000000000000000000000000000000000000000" + "000000000000000000000000000000000000000000000000000000000f000000"), + + # First 8 number generated by random.getrandbits(1042) - seed(2,2) + ("0003cc2e82523e86feac7eb7dc38f519b91751dacdbd47d364be8049a372db8f" + "6e405d93ffed9235288bc781ae66267594c9c9500925e4749b575bd13653f8dd" + "9b1f282e" + "4067c3584ee207f8da94e3e8ab73738fcf1822ffbc6887782b491044d5e34124" + "5c6e433715ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), + ("00017052829e07b0829a48d422fe99a22c70501e533c91352d3d854e061b9030" + "3b08c6e33c7295782d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c5055" + "6c71c4a6" + "6148a86fe8624fab5186ee32ee8d7ee9770348a05d300cb90706a045defc044a" + "09325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd128b4f2fc15f3f57eb"), + ("00021f15a7a83ee0761ebfd2bd143fa9b714210c665d7435c1066932f4767f26" + "294365b2721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b97eeab64" + "ca2ce6bc" + "5d3fd983c34c769fe89204e2e8168561867e5e15bc01bfce6a27e0dfcbf87544" + "72154e76e4c11ab2fec3f6b32e8d4b8a8f54f8ceacaab39e83844b40ffa9b9f1"), + ("000381bc2a838af8d5c44a4eb3172062d08f1bb2531d6460f0caeef038c89b38" + "a8acb5137c9260dc74e088a9b9492f258ebdbfe3eb9ac688b9d39cca91551e82" + "59cc60b1" + "7604e4b4e73695c3e652c71a74667bffe202849da9643a295a9ac6decbd4d3e2" + "d4dec9ef83f0be4e80371eb97f81375eecc1cb6347733e847d718d733ff98ff3"), + ("00034816c8c69069134bccd3e1cf4f589f8e4ce0af29d115ef24bd625dd961e6" + "830b54fa7d28f93435339774bb1e386c4fd5079e681b8f5896838b769da59b74" + "a6c3181c" + "81e220df848b1df78feb994a81167346d4c0dca8b4c9e755cc9c3adcf515a823" + "4da4daeb4f3f87777ad1f45ae9500ec9c5e2486c44a4a8f69dc8db48e86ec9c6"), + ("000397846c4454b90f756132e16dce72f18e859835e1f291d322a7353ead4efe" + "440e2b4fda9c025a22f1a83185b98f5fc11e60de1b343f52ea748db9e020307a" + "aeb6db2c" + "3a038a709779ac1f45e9dd320c855fdfa7251af0930cdbd30f0ad2a81b2d19a2" + "beaa14a7ff3fe32a30ffc4eed0a7bd04e85bfcdd0227eeb7b9d7d01f5769da05"), + ("00002c3296e6bc4d62b47204007ee4fab105d83e85e951862f0981aebc1b00d9" + "2838e766ef9b6bf2d037fe2e20b6a8464174e75a5f834da70569c018eb2b5693" + "babb7fbb" + "0a76c196067cfdcb11457d9cf45e2fa01d7f4275153924800600571fac3a5b26" + "3fdf57cd2c0064975c3747465cc36c270e8a35b10828d569c268a20eb78ac332"), + ("00009d23b4917fc09f20dbb0dcc93f0e66dfe717c17313394391b6e2e6eacb0f" + "0bb7be72bd6d25009aeb7fa0c4169b148d2f527e72daf0a54ef25c0707e33868" + "7d1f7157" + "5653a45c49390aa51cf5192bbf67da14be11d56ba0b4a2969d8055a9f03f2d71" + "581d8e830112ff0f0948eccaf8877acf26c377c13f719726fd70bddacb4deeec"), + + # Next 2 number generated by random.getrandbits(521) + ("12b84ae65e920a63ac1f2b64df6dff07870c9d531ae72a47403063238da1a1fe" + "3f9d6a179fa50f96cd4aff9261aa92c0e6f17ec940639bc2ccdf572df00790813e3"), + ("166049dd332a73fa0b26b75196cf87eb8a09b27ec714307c68c425424a1574f1" + "eedf5b0f16cdfdb839424d201e653f53d6883ca1c107ca6e706649889c0c7f38608") + ] + + @property + def arg_a(self) -> str: + return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits - 2 * self.bits_in_limb // 8) + + def result(self) -> List[str]: + result = self.int_a % self.int_n + return [self.format_result(result)] + + @property + def is_valid(self) -> bool: + return True diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index b9d2b5ea5..b1a096d04 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -4,8 +4,8 @@ #include "mbedtls/ecdh.h" #include "bignum_core.h" -#include "bignum_mod_raw_invasive.h" #include "ecp_invasive.h" +#include "bignum_mod_raw_invasive.h" #if defined(MBEDTLS_TEST_HOOKS) && \ (defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ @@ -1344,3 +1344,45 @@ exit: mbedtls_free(N); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +void ecp_mod_p521_raw(char *input_N, + char *input_X, + char *result) +{ + mbedtls_mpi_uint *X = NULL; + mbedtls_mpi_uint *N = NULL; + mbedtls_mpi_uint *res = NULL; + size_t limbs_X; + size_t limbs_N; + size_t limbs_res; + + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_modulus_init(&m); + + TEST_EQUAL(mbedtls_test_read_mpi_core(&X, &limbs_X, input_X), 0); + TEST_EQUAL(mbedtls_test_read_mpi_core(&N, &limbs_N, input_N), 0); + TEST_EQUAL(mbedtls_test_read_mpi_core(&res, &limbs_res, result), 0); + + size_t limbs = limbs_N; + size_t bytes = limbs * sizeof(mbedtls_mpi_uint); + + TEST_EQUAL(limbs_X, 2 * limbs - 1); + TEST_EQUAL(limbs_res, limbs); + + TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( + &m, N, limbs, + MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + + TEST_EQUAL(ecp_mod_p521_raw(X, limbs_X), 0); + mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); + ASSERT_COMPARE(X, bytes, res, bytes); + +exit: + mbedtls_free(X); + mbedtls_free(res); + + mbedtls_mpi_mod_modulus_free(&m); + mbedtls_free(N); +} +/* END_CASE */ From b1c62caa1fce2e6ea10629b44e6efc912ba7c4d4 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 6 Feb 2023 16:02:05 +0100 Subject: [PATCH 065/440] Add documentation Signed-off-by: Gabor Mezei --- library/ecp_invasive.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 31646b92d..2854fb0a9 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -97,6 +97,12 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +/** Fast quasi-reduction modulo p521 = 2^521 - 1 (FIPS 186-3 D.2.5) + * + * \param[in,out] N_p The address of the MPI to be converted. + * Must have 2 * N - 1 limbs, where N is the modulus. + * \param[in] N_n The length of \p N_p in limbs. + */ MBEDTLS_STATIC_TESTABLE int ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n); From b62ad5d569a1df385f6d81df10d1f804e2e27e22 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 6 Feb 2023 17:13:02 +0100 Subject: [PATCH 066/440] Rename function to follow naming convention Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 6 +++--- library/ecp_invasive.h | 2 +- tests/suites/test_suite_ecp.function | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 269f5fcf9..2da4bdd92 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4585,7 +4585,7 @@ static int ecp_mod_p384(mbedtls_mpi *); #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) static int ecp_mod_p521(mbedtls_mpi *); MBEDTLS_STATIC_TESTABLE -int ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n); +int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n); #endif #define NIST_MODP(P) grp->modp = ecp_mod_ ## P; @@ -5205,13 +5205,13 @@ static int ecp_mod_p521(mbedtls_mpi *N) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t expected_width = 2 * ((521 + biL - 1) / biL); MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = ecp_mod_p521_raw(N->p, expected_width); + ret = mbedtls_ecp_mod_p521_raw(N->p, expected_width); cleanup: return ret; } MBEDTLS_STATIC_TESTABLE -int ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n) +int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n) { mbedtls_mpi_uint carry = 0; diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 2854fb0a9..45b000696 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -104,7 +104,7 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); * \param[in] N_n The length of \p N_p in limbs. */ MBEDTLS_STATIC_TESTABLE -int ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n); +int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n); #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index b1a096d04..a0042ed34 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1374,7 +1374,7 @@ void ecp_mod_p521_raw(char *input_N, &m, N, limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); - TEST_EQUAL(ecp_mod_p521_raw(X, limbs_X), 0); + TEST_EQUAL(mbedtls_ecp_mod_p521_raw(X, limbs_X), 0); mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); ASSERT_COMPARE(X, bytes, res, bytes); From 05c138e1722860d603894a340dcfeef5bc05f6be Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 6 Feb 2023 18:03:39 +0100 Subject: [PATCH 067/440] Fix pylint issues Create a new function for calculating the number of hex digits needed for a certain amount of limbs. Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/bignum_common.py | 6 +++++- scripts/mbedtls_dev/ecp.py | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 242217554..5319ec68b 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -74,6 +74,10 @@ def combination_pairs(values: List[T]) -> List[Tuple[T, T]]: """Return all pair combinations from input values.""" return [(x, y) for x in values for y in values] +def hex_digits_for_limb(limbs: int, bits_in_limb: int) -> int: + """ Retrun the hex digits need for a number of limbs. """ + return 2 * (limbs * bits_in_limb // 8) + class OperationCommon(test_data_generation.BaseTest): """Common features for bignum binary operations. @@ -138,7 +142,7 @@ class OperationCommon(test_data_generation.BaseTest): @property def hex_digits(self) -> int: - return 2 * (self.limbs * self.bits_in_limb // 8) + return hex_digits_for_limb(self.limbs, self.bits_in_limb) def format_arg(self, val: str) -> str: if self.input_style not in self.input_styles: diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 96ddd057f..c167f6b6f 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -149,7 +149,9 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon, @property def arg_a(self) -> str: - return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits - 2 * self.bits_in_limb // 8) + # Number of limbs: 2 * N - 1 + hex_digits = bignum_common.hex_digits_for_limb(2 * self.limbs - 1, self.bits_in_limb) + return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits) def result(self) -> List[str]: result = self.int_a % self.int_n From 6bfbd3650788bc82216906c9bf540f4090ee7f06 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 6 Feb 2023 18:06:54 +0100 Subject: [PATCH 068/440] Fix coding style issues Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 2da4bdd92..00642650c 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5224,7 +5224,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n) /* Save and clear the A1 content of the shared limb to prevent it from overwrite. */ - mbedtls_mpi_uint remainder[P521_WIDTH] = {0}; + mbedtls_mpi_uint remainder[P521_WIDTH] = { 0 }; remainder[0] = N_p[P521_WIDTH - 1] >> 9; N_p[P521_WIDTH - 1] &= P521_MASK; @@ -5242,7 +5242,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n) memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); } - (void)mbedtls_mpi_core_add(N_p, N_p, remainder, P521_WIDTH); + (void) mbedtls_mpi_core_add(N_p, N_p, remainder, P521_WIDTH); N_p[P521_WIDTH - 1] += carry; return 0; From b50aeb8f0533d5f5ed981c6eeb68163fb7e3c909 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 7 Feb 2023 12:46:54 +0100 Subject: [PATCH 069/440] Fix 32-bit issues The 521 bit needs different limb alignment for different word sizes. Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/ecp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index c167f6b6f..e0fb00035 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -81,7 +81,7 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon, """Test cases for ecp quasi_reduction().""" test_function = "ecp_mod_p521_raw" test_name = "ecp_mod_p521_raw" - input_style = "fixed" + input_style = "arch_split" arity = 1 moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" From 13c3aa13af220d96b95d98f0bf47bb0105f56267 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 7 Feb 2023 15:24:57 +0000 Subject: [PATCH 070/440] Revert changes to mod_p521 flow It is not necessary to save the middle limb upfront as overwriting it is the desired result: in the first step we are reducing modulo 2^{512+biL}. Arguably, the original flow is more intuitive and easier to see the idea behind it. Signed-off-by: Janos Follath Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 00642650c..7d029de1f 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5222,12 +5222,6 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n) return 0; } - /* Save and clear the A1 content of the shared limb to prevent it - from overwrite. */ - mbedtls_mpi_uint remainder[P521_WIDTH] = { 0 }; - remainder[0] = N_p[P521_WIDTH - 1] >> 9; - N_p[P521_WIDTH - 1] &= P521_MASK; - if (N_n > P521_WIDTH) { /* Helper references for top part of N */ mbedtls_mpi_uint *NT_p = N_p + P521_WIDTH; @@ -5236,14 +5230,17 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n) /* Split N as A0 + 2^(512 + biL) A1 and compute A0 + 2^(biL - 9) * A1. * This can be done in place. */ mbedtls_mpi_uint shift = ((mbedtls_mpi_uint) 1u) << (biL - 9); - carry = mbedtls_mpi_core_mla(N_p, P521_WIDTH - 1, NT_p, NT_n, shift); + carry = mbedtls_mpi_core_mla(N_p, P521_WIDTH, NT_p, NT_n, shift); /* Clear top part */ memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); } + mbedtls_mpi_uint remainder[P521_WIDTH] = { 0 }; + remainder[0] = carry << (biL - 9); + remainder[0] += (N_p[P521_WIDTH - 1] >> 9); + N_p[P521_WIDTH - 1] &= P521_MASK; (void) mbedtls_mpi_core_add(N_p, N_p, remainder, P521_WIDTH); - N_p[P521_WIDTH - 1] += carry; return 0; } From 755ff0e6853fbc568abb0414da21991fbabc2411 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 7 Feb 2023 15:27:44 +0000 Subject: [PATCH 071/440] Add corner case to mod_p521 tests Signed-off-by: Janos Follath Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/ecp.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index e0fb00035..fa70dedb5 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -91,6 +91,13 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon, input_values = [ "0", "1", + # Corner case: maximum canonical P521 multiplication result + ("0003ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "fffff800" + "0000000000000000000000000000000000000000000000000000000000000000" + "0000000000000000000000000000000000000000000000000000000000000004"), + # Test case for overflow during addition ("0001efffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" From 666673e83f2e692dfd0720ed0547fdf4eabc7fd6 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Tue, 7 Feb 2023 15:49:15 +0000 Subject: [PATCH 072/440] modp521: apply naming conventions Apply the usual parameter name and align the local variables and comments. This naming diverges from the standard notation, but this is beneficial as our variable meanings diverge as well and the difference can help avoiding confusion. Signed-off-by: Janos Follath Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 35 +++++++++++++++++++---------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 7d029de1f..186dabef2 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5211,36 +5211,39 @@ cleanup: } MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n) +int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) { mbedtls_mpi_uint carry = 0; - if (N_n > 2 * P521_WIDTH - 1) { - N_n = 2 * P521_WIDTH - 1; + if (X_limbs > 2 * P521_WIDTH - 1) { + X_limbs = 2 * P521_WIDTH - 1; } - if (N_n < P521_WIDTH) { + if (X_limbs < P521_WIDTH) { return 0; } - if (N_n > P521_WIDTH) { - /* Helper references for top part of N */ - mbedtls_mpi_uint *NT_p = N_p + P521_WIDTH; - size_t NT_n = N_n - P521_WIDTH; + if (X_limbs > P521_WIDTH) { + /* Helper references for bottom part of X */ + mbedtls_mpi_uint *X0 = X; + size_t X0_limbs = P521_WIDTH; + /* Helper references for top part of X */ + mbedtls_mpi_uint *X1 = X + X0_limbs; + size_t X1_limbs = X_limbs - X0_limbs; - /* Split N as A0 + 2^(512 + biL) A1 and compute A0 + 2^(biL - 9) * A1. + /* Split X as X0 + 2^(512 + biL) X1 and compute X0 + 2^(biL - 9) * X1. * This can be done in place. */ mbedtls_mpi_uint shift = ((mbedtls_mpi_uint) 1u) << (biL - 9); - carry = mbedtls_mpi_core_mla(N_p, P521_WIDTH, NT_p, NT_n, shift); + carry = mbedtls_mpi_core_mla(X0, X0_limbs, X1, X1_limbs, shift); /* Clear top part */ - memset(NT_p, 0, sizeof(mbedtls_mpi_uint) * NT_n); + memset(X1, 0, X1_limbs * sizeof(mbedtls_mpi_uint)); } - mbedtls_mpi_uint remainder[P521_WIDTH] = { 0 }; - remainder[0] = carry << (biL - 9); - remainder[0] += (N_p[P521_WIDTH - 1] >> 9); - N_p[P521_WIDTH - 1] &= P521_MASK; - (void) mbedtls_mpi_core_add(N_p, N_p, remainder, P521_WIDTH); + mbedtls_mpi_uint addend[P521_WIDTH] = { 0 }; + addend[0] = carry << (biL - 9); + addend[0] += (X[P521_WIDTH - 1] >> 9); + X[P521_WIDTH - 1] &= P521_MASK; + (void) mbedtls_mpi_core_add(X, X, addend, P521_WIDTH); return 0; } From fe24e91a34324a5ee20dd2beda5d81de53dc3fe5 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Wed, 8 Feb 2023 10:14:21 +0000 Subject: [PATCH 073/440] mod_p521: document reduction algorithm Signed-off-by: Janos Follath Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 38 +++++++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 7 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 186dabef2..74392661c 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5222,6 +5222,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) return 0; } + /* Step 1: Reduction to P521_WIDTH limbs */ if (X_limbs > P521_WIDTH) { /* Helper references for bottom part of X */ mbedtls_mpi_uint *X0 = X; @@ -5230,20 +5231,43 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) mbedtls_mpi_uint *X1 = X + X0_limbs; size_t X1_limbs = X_limbs - X0_limbs; - /* Split X as X0 + 2^(512 + biL) X1 and compute X0 + 2^(biL - 9) * X1. - * This can be done in place. */ + /* Split X as X0 + 2^P521_WIDTH X1 and compute X0 + 2^(biL - 9) X1. + * (We are using that 2^P521_WIDTH = 2^(512 + biL) and that + * 2^(512 + biL) X1 = 2^(biL - 9) X1 mod P521.) + * The high order limb of the result will be held in carry and the rest + * in X0 (that is the result will be represented as + * 2^P521_WIDTH carry + X0). + * + * Also, note that the resulting carry is either 0 or 1: + * X0 < 2^P521_WIDTH = 2^(512 + biL) and X1 < 2^(P521_WIDTH-biL) = 2^512 + * therefore + * X0 + 2^(biL - 9) X1 < 2^(512 + biL) + 2^(512 + biL - 9) + * which in turn is less than 2 * 2^(512 + biL). + */ mbedtls_mpi_uint shift = ((mbedtls_mpi_uint) 1u) << (biL - 9); carry = mbedtls_mpi_core_mla(X0, X0_limbs, X1, X1_limbs, shift); - /* Clear top part */ + /* Set X to X0 (by clearing the top part). */ memset(X1, 0, X1_limbs * sizeof(mbedtls_mpi_uint)); } - mbedtls_mpi_uint addend[P521_WIDTH] = { 0 }; - addend[0] = carry << (biL - 9); - addend[0] += (X[P521_WIDTH - 1] >> 9); + /* Step 2: Reduction modulo P521 + * + * At this point X is reduced to P521_WIDTH limbs. What remains is to add + * the carry (that is 2^P521_WIDTH carry) and to reduce mod P521. */ + + /* 2^P521_WIDTH carry = 2^(512 + biL) carry = 2^(biL - 9) carry mod P521. + * Also, recall that carry is either 0 or 1. */ + mbedtls_mpi_uint addend = carry << (biL - 9); + /* Keep the top 9 bits and reduce the rest, using 2^521 = 1 mod P521. */ + addend += (X[P521_WIDTH - 1] >> 9); X[P521_WIDTH - 1] &= P521_MASK; - (void) mbedtls_mpi_core_add(X, X, addend, P521_WIDTH); + /* Declare a helper array for carrying out the addition. */ + mbedtls_mpi_uint addend_arr[P521_WIDTH] = { 0 }; + addend_arr[0] = addend; + (void) mbedtls_mpi_core_add(X, X, addend_arr, P521_WIDTH); + /* Both addends were less than P521 therefore X < 2 P521. (This also means + * that the result fit in P521_WIDTH limbs and there won't be any carry.) */ return 0; } From d10d429380135040a0af53539ebd9788ef9b09f1 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 8 Feb 2023 16:27:03 +0100 Subject: [PATCH 074/440] Stack usage optimization for mod_p521 Instead of creating an mpi on the stack, reuse the unused part of the input mpi. Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 74392661c..49182a44f 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5262,12 +5262,22 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) /* Keep the top 9 bits and reduce the rest, using 2^521 = 1 mod P521. */ addend += (X[P521_WIDTH - 1] >> 9); X[P521_WIDTH - 1] &= P521_MASK; - /* Declare a helper array for carrying out the addition. */ - mbedtls_mpi_uint addend_arr[P521_WIDTH] = { 0 }; + + /* Resuse the top part of X (already zeroed) as a helper array for + * carrying out the addition. */ + mbedtls_mpi_uint *addend_arr = X + P521_WIDTH; addend_arr[0] = addend; - (void) mbedtls_mpi_core_add(X, X, addend_arr, P521_WIDTH); - /* Both addends were less than P521 therefore X < 2 P521. (This also means - * that the result fit in P521_WIDTH limbs and there won't be any carry.) */ + /* The unused part of X is P521_WIDTH - 1 limbs in size and only that + * size can be used for addition. Due to the addend fit in a limb + * the limbs other the first in the helper array are only used for + * propagating the carry. By adding the carry of the P521_WIDTH - 1 limb + * addition to the last limb of X makes the addition of X and the addend + * complete. */ + carry = mbedtls_mpi_core_add(X, X, addend_arr, P521_WIDTH - 1); + X[P521_WIDTH - 1] += carry; + + /* Clear the reused part of X. */ + addend_arr[0] = 0; return 0; } From cf228706cdb8bab4b3b4d7a8a0281a8eda418a51 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 15 Feb 2023 16:52:33 +0100 Subject: [PATCH 075/440] Restrict input parameter size for ecp_mod_p521_raw The imput mpi parameter must have twice as many limbs as the modulus. Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 70 ++++++++++++---------------- scripts/mbedtls_dev/ecp.py | 7 ++- tests/suites/test_suite_ecp.function | 2 +- 3 files changed, 33 insertions(+), 46 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 49182a44f..85d634ab0 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5203,7 +5203,7 @@ cleanup: static int ecp_mod_p521(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((521 + biL - 1) / biL); + size_t expected_width = 2 * P521_WIDTH; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = mbedtls_ecp_mod_p521_raw(N->p, expected_width); cleanup: @@ -5215,41 +5215,34 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) { mbedtls_mpi_uint carry = 0; - if (X_limbs > 2 * P521_WIDTH - 1) { - X_limbs = 2 * P521_WIDTH - 1; - } - if (X_limbs < P521_WIDTH) { - return 0; + if (X_limbs != 2 * P521_WIDTH || X[2 * P521_WIDTH - 1] != 0) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } /* Step 1: Reduction to P521_WIDTH limbs */ - if (X_limbs > P521_WIDTH) { - /* Helper references for bottom part of X */ - mbedtls_mpi_uint *X0 = X; - size_t X0_limbs = P521_WIDTH; - /* Helper references for top part of X */ - mbedtls_mpi_uint *X1 = X + X0_limbs; - size_t X1_limbs = X_limbs - X0_limbs; - - /* Split X as X0 + 2^P521_WIDTH X1 and compute X0 + 2^(biL - 9) X1. - * (We are using that 2^P521_WIDTH = 2^(512 + biL) and that - * 2^(512 + biL) X1 = 2^(biL - 9) X1 mod P521.) - * The high order limb of the result will be held in carry and the rest - * in X0 (that is the result will be represented as - * 2^P521_WIDTH carry + X0). - * - * Also, note that the resulting carry is either 0 or 1: - * X0 < 2^P521_WIDTH = 2^(512 + biL) and X1 < 2^(P521_WIDTH-biL) = 2^512 - * therefore - * X0 + 2^(biL - 9) X1 < 2^(512 + biL) + 2^(512 + biL - 9) - * which in turn is less than 2 * 2^(512 + biL). - */ - mbedtls_mpi_uint shift = ((mbedtls_mpi_uint) 1u) << (biL - 9); - carry = mbedtls_mpi_core_mla(X0, X0_limbs, X1, X1_limbs, shift); - - /* Set X to X0 (by clearing the top part). */ - memset(X1, 0, X1_limbs * sizeof(mbedtls_mpi_uint)); - } + /* Helper references for bottom part of X */ + mbedtls_mpi_uint *X0 = X; + size_t X0_limbs = P521_WIDTH; + /* Helper references for top part of X */ + mbedtls_mpi_uint *X1 = X + X0_limbs; + size_t X1_limbs = X_limbs - X0_limbs; + /* Split X as X0 + 2^P521_WIDTH X1 and compute X0 + 2^(biL - 9) X1. + * (We are using that 2^P521_WIDTH = 2^(512 + biL) and that + * 2^(512 + biL) X1 = 2^(biL - 9) X1 mod P521.) + * The high order limb of the result will be held in carry and the rest + * in X0 (that is the result will be represented as + * 2^P521_WIDTH carry + X0). + * + * Also, note that the resulting carry is either 0 or 1: + * X0 < 2^P521_WIDTH = 2^(512 + biL) and X1 < 2^(P521_WIDTH-biL) = 2^512 + * therefore + * X0 + 2^(biL - 9) X1 < 2^(512 + biL) + 2^(512 + biL - 9) + * which in turn is less than 2 * 2^(512 + biL). + */ + mbedtls_mpi_uint shift = ((mbedtls_mpi_uint) 1u) << (biL - 9); + carry = mbedtls_mpi_core_mla(X0, X0_limbs, X1, X1_limbs, shift); + /* Set X to X0 (by clearing the top part). */ + memset(X1, 0, X1_limbs * sizeof(mbedtls_mpi_uint)); /* Step 2: Reduction modulo P521 * @@ -5267,14 +5260,9 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) * carrying out the addition. */ mbedtls_mpi_uint *addend_arr = X + P521_WIDTH; addend_arr[0] = addend; - /* The unused part of X is P521_WIDTH - 1 limbs in size and only that - * size can be used for addition. Due to the addend fit in a limb - * the limbs other the first in the helper array are only used for - * propagating the carry. By adding the carry of the P521_WIDTH - 1 limb - * addition to the last limb of X makes the addition of X and the addend - * complete. */ - carry = mbedtls_mpi_core_add(X, X, addend_arr, P521_WIDTH - 1); - X[P521_WIDTH - 1] += carry; + (void) mbedtls_mpi_core_add(X, X, addend_arr, P521_WIDTH); + /* Both addends were less than P521 therefore X < 2 * P521. (This also means + * that the result fit in P521_WIDTH limbs and there won't be any carry.) */ /* Clear the reused part of X. */ addend_arr[0] = 0; diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index fa70dedb5..d436d0a35 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -81,7 +81,7 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon, """Test cases for ecp quasi_reduction().""" test_function = "ecp_mod_p521_raw" test_name = "ecp_mod_p521_raw" - input_style = "arch_split" + input_style = "fixed" arity = 1 moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" @@ -156,9 +156,8 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon, @property def arg_a(self) -> str: - # Number of limbs: 2 * N - 1 - hex_digits = bignum_common.hex_digits_for_limb(2 * self.limbs - 1, self.bits_in_limb) - return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits) + # Number of limbs: 2 * N + return super().format_arg('{:x}'.format(self.int_a)).zfill(2 * self.hex_digits) def result(self) -> List[str]: result = self.int_a % self.int_n diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index a0042ed34..212dfcbf9 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1367,7 +1367,7 @@ void ecp_mod_p521_raw(char *input_N, size_t limbs = limbs_N; size_t bytes = limbs * sizeof(mbedtls_mpi_uint); - TEST_EQUAL(limbs_X, 2 * limbs - 1); + TEST_EQUAL(limbs_X, 2 * limbs); TEST_EQUAL(limbs_res, limbs); TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( From 2b064ec33221c4f41663cd0f379ef4dcd960cb1d Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 15 Feb 2023 17:04:40 +0100 Subject: [PATCH 076/440] Revert the addition of hex digit calculator function This reverts commit 0f83e15e670565147daa32fd1fac510759520e26. Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/bignum_common.py | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 5319ec68b..242217554 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -74,10 +74,6 @@ def combination_pairs(values: List[T]) -> List[Tuple[T, T]]: """Return all pair combinations from input values.""" return [(x, y) for x in values for y in values] -def hex_digits_for_limb(limbs: int, bits_in_limb: int) -> int: - """ Retrun the hex digits need for a number of limbs. """ - return 2 * (limbs * bits_in_limb // 8) - class OperationCommon(test_data_generation.BaseTest): """Common features for bignum binary operations. @@ -142,7 +138,7 @@ class OperationCommon(test_data_generation.BaseTest): @property def hex_digits(self) -> int: - return hex_digits_for_limb(self.limbs, self.bits_in_limb) + return 2 * (self.limbs * self.bits_in_limb // 8) def format_arg(self, val: str) -> str: if self.input_style not in self.input_styles: From 555b1f7e44480a6231a69328daf0e97ba2e2219c Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 15 Feb 2023 17:13:20 +0100 Subject: [PATCH 077/440] Add check for test Check the bit length of the output of ecp_mod_p521_raw. Signed-off-by: Gabor Mezei --- tests/suites/test_suite_ecp.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 212dfcbf9..4e74d9b8e 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1375,6 +1375,7 @@ void ecp_mod_p521_raw(char *input_N, MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); TEST_EQUAL(mbedtls_ecp_mod_p521_raw(X, limbs_X), 0); + TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), 522); mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); ASSERT_COMPARE(X, bytes, res, bytes); From 7e6fcc1fbc83c8d9d613e85001fd4bf559faba88 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 15 Feb 2023 17:51:59 +0100 Subject: [PATCH 078/440] Update documentation Signed-off-by: Gabor Mezei --- library/ecp_invasive.h | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 45b000696..3d1321c52 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -99,12 +99,21 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); /** Fast quasi-reduction modulo p521 = 2^521 - 1 (FIPS 186-3 D.2.5) * - * \param[in,out] N_p The address of the MPI to be converted. - * Must have 2 * N - 1 limbs, where N is the modulus. - * \param[in] N_n The length of \p N_p in limbs. + * \param[in,out] X The address of the MPI to be converted. + * Must have twice as many limbs as the modulus + * (the modulus is 521 bits long). Upon return this + * holds the reduced value. The reduced value is + * in range `0 <= X < 2 * N` (where N is the modulus). + * and its the bitlength is one plus the bitlength + * of the modulus. + * \param[in] X_limbs The length of \p X in limbs. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p X_limbs does not have + * twice as many limbs as the modulus. */ MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *N_p, size_t N_n); +int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ From 2ba002cc2f7be32b838490a6f7f2ecb0848a774e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 9 Dec 2022 18:59:26 +0000 Subject: [PATCH 079/440] Make ECDSA restartable sign and verify functions public Make public the versions of ECSDA sign and verify which return raw signatures rather than returning ASN.1 encoded signatures, in order to use them for the internal implemention of psa_sign/verify_hash_interruptible. Signed-off-by: Paul Elliott --- include/mbedtls/ecdsa.h | 173 ++++++++++++++++++++++++++++++++++++++++ library/ecdsa.c | 71 +++++++++-------- 2 files changed, 209 insertions(+), 35 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 9847a6836..1741d2c20 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -222,6 +222,134 @@ int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r, void *p_rng_blind); #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ +#if !defined(MBEDTLS_ECDSA_SIGN_ALT) +/** + * \brief This function computes the ECDSA signature of a + * previously-hashed message, in a restartable way. + * + * \note The deterministic version implemented in + * mbedtls_ecdsa_sign_det_restartable() is usually + * preferred. + * + * \note This function is like \c mbedtls_ecdsa_sign() but + * it can return early and restart according to the + * limit set with \c mbedtls_ecp_set_max_ops() to + * reduce blocking. + * + * \note If the bitlength of the message hash is larger + * than the bitlength of the group order, then the + * hash is truncated as defined in Standards for + * Efficient Cryptography Group (SECG): SEC1 Elliptic + * Curve Cryptography, section 4.1.3, step 5. + * + * \see ecp.h + * + * \param grp The context for the elliptic curve to use. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param r The MPI context in which to store the first part + * the signature. This must be initialized. + * \param s The MPI context in which to store the second part + * the signature. This must be initialized. + * \param d The private signing key. This must be initialized + * and setup, for example through + * mbedtls_ecp_gen_privkey(). + * \param buf The hashed content to be signed. This must be a readable + * buffer of length \p blen Bytes. It may be \c NULL if + * \p blen is zero. + * \param blen The length of \p buf in Bytes. + * \param f_rng The RNG function. This must not be \c NULL. + * \param p_rng The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng doesn't need a context parameter. + * \param f_rng_blind The RNG function used for blinding. This must not be + * \c NULL. + * \param p_rng_blind The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng doesn't need a context parameter. + * \param rs_ctx The restart context to use. This may be \c NULL + * to disable restarting. If it is not \c NULL, it + * must point to an initialized restart context. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c + * mbedtls_ecp_set_max_ops(). + * \return Another \c MBEDTLS_ERR_ECP_XXX, \c + * MBEDTLS_ERR_MPI_XXX or \c MBEDTLS_ERR_ASN1_XXX + * error code on failure. + */ +int mbedtls_ecdsa_sign_restartable( + mbedtls_ecp_group *grp, + mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, + const unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + int (*f_rng_blind)(void *, unsigned char *, size_t), + void *p_rng_blind, + mbedtls_ecdsa_restart_ctx *rs_ctx); + +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) + +/** + * \brief This function computes the ECDSA signature of a + * previously-hashed message, in a restartable way. + * + * \note This function is like \c + * mbedtls_ecdsa_sign_det_ext() but it can return + * early and restart according to the limit set with + * \c mbedtls_ecp_set_max_ops() to reduce blocking. + * + * \note If the bitlength of the message hash is larger + * than the bitlength of the group order, then the + * hash is truncated as defined in Standards for + * Efficient Cryptography Group (SECG): SEC1 Elliptic + * Curve Cryptography, section 4.1.3, step 5. + * + * \see ecp.h + * + * \param grp The context for the elliptic curve to use. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param r The MPI context in which to store the first part + * the signature. This must be initialized. + * \param s The MPI context in which to store the second part + * the signature. This must be initialized. + * \param d The private signing key. This must be initialized + * and setup, for example through + * mbedtls_ecp_gen_privkey(). + * \param buf The hashed content to be signed. This must be a readable + * buffer of length \p blen Bytes. It may be \c NULL if + * \p blen is zero. + * \param blen The length of \p buf in Bytes. + * \param f_rng_blind The RNG function used for blinding. This must not be + * \c NULL. + * \param p_rng_blind The RNG context to be passed to \p f_rng. This may be + * \c NULL if \p f_rng doesn't need a context parameter. + * \param rs_ctx The restart context to use. This may be \c NULL + * to disable restarting. If it is not \c NULL, it + * must point to an initialized restart context. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c + * mbedtls_ecp_set_max_ops(). + * \return Another \c MBEDTLS_ERR_ECP_XXX, \c + * MBEDTLS_ERR_MPI_XXX or \c MBEDTLS_ERR_ASN1_XXX + * error code on failure. + */ +int mbedtls_ecdsa_sign_det_restartable( + mbedtls_ecp_group *grp, + mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg, + int (*f_rng_blind)(void *, unsigned char *, size_t), + void *p_rng_blind, + mbedtls_ecdsa_restart_ctx *rs_ctx); + +#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ + +#endif /* !MBEDTLS_ECDSA_SIGN_ALT */ + /** * \brief This function verifies the ECDSA signature of a * previously-hashed message. @@ -257,6 +385,49 @@ int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp, const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s); +#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) +/** + * \brief This function verifies the ECDSA signature of a + * previously-hashed message, in a restartable manner + * + * \note If the bitlength of the message hash is larger than the + * bitlength of the group order, then the hash is truncated as + * defined in Standards for Efficient Cryptography Group + * (SECG): SEC1 Elliptic Curve Cryptography, section + * 4.1.4, step 3. + * + * \see ecp.h + * + * \param grp The ECP group to use. + * This must be initialized and have group parameters + * set, for example through mbedtls_ecp_group_load(). + * \param buf The hashed content that was signed. This must be a readable + * buffer of length \p blen Bytes. It may be \c NULL if + * \p blen is zero. + * \param blen The length of \p buf in Bytes. + * \param Q The public key to use for verification. This must be + * initialized and setup. + * \param r The first integer of the signature. + * This must be initialized. + * \param s The second integer of the signature. + * This must be initialized. + * \param rs_ctx The restart context to use. This may be \c NULL to disable + * restarting. If it is not \c NULL, it must point to an + * initialized restart context. + * + * \return \c 0 on success. + * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX + * error code on failure. + */ +int mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, + const mbedtls_mpi *r, + const mbedtls_mpi *s, + mbedtls_ecdsa_restart_ctx *rs_ctx); + +#endif /* !MBEDTLS_ECDSA_VERIFY_ALT */ + /** * \brief This function computes the ECDSA signature and writes it * to a buffer, serialized as defined in RFC-4492: @@ -303,6 +474,8 @@ int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp, * \c NULL if \p f_rng is \c NULL or doesn't use a context. * * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ diff --git a/library/ecdsa.c b/library/ecdsa.c index 3ddb82b1e..eb3c30319 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -239,13 +239,13 @@ cleanup: * Compute ECDSA signature of a hashed message (SEC1 4.1.3) * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message) */ -static int ecdsa_sign_restartable(mbedtls_ecp_group *grp, - mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - int (*f_rng_blind)(void *, unsigned char *, size_t), - void *p_rng_blind, - mbedtls_ecdsa_restart_ctx *rs_ctx) +int mbedtls_ecdsa_sign_restartable(mbedtls_ecp_group *grp, + mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + int (*f_rng_blind)(void *, unsigned char *, size_t), + void *p_rng_blind, + mbedtls_ecdsa_restart_ctx *rs_ctx) { int ret, key_tries, sign_tries; int *p_sign_tries = &sign_tries, *p_key_tries = &key_tries; @@ -394,8 +394,8 @@ int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng) { /* Use the same RNG for both blinding and ephemeral key generation */ - return ecdsa_sign_restartable(grp, r, s, d, buf, blen, - f_rng, p_rng, f_rng, p_rng, NULL); + return mbedtls_ecdsa_sign_restartable(grp, r, s, d, buf, blen, + f_rng, p_rng, f_rng, p_rng, NULL); } #endif /* !MBEDTLS_ECDSA_SIGN_ALT */ @@ -406,13 +406,13 @@ int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, * note: The f_rng_blind parameter must not be NULL. * */ -static int ecdsa_sign_det_restartable(mbedtls_ecp_group *grp, - mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg, - int (*f_rng_blind)(void *, unsigned char *, size_t), - void *p_rng_blind, - mbedtls_ecdsa_restart_ctx *rs_ctx) +int mbedtls_ecdsa_sign_det_restartable(mbedtls_ecp_group *grp, + mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg, + int (*f_rng_blind)(void *, unsigned char *, size_t), + void *p_rng_blind, + mbedtls_ecdsa_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_hmac_drbg_context rng_ctx; @@ -462,9 +462,9 @@ sign: ret = mbedtls_ecdsa_sign(grp, r, s, d, buf, blen, mbedtls_hmac_drbg_random, p_rng); #else - ret = ecdsa_sign_restartable(grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, p_rng, - f_rng_blind, p_rng_blind, rs_ctx); + ret = mbedtls_ecdsa_sign_restartable(grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, p_rng, + f_rng_blind, p_rng_blind, rs_ctx); #endif /* MBEDTLS_ECDSA_SIGN_ALT */ cleanup: @@ -487,8 +487,8 @@ int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r, size_t), void *p_rng_blind) { - return ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg, - f_rng_blind, p_rng_blind, NULL); + return mbedtls_ecdsa_sign_det_restartable(grp, r, s, d, buf, blen, md_alg, + f_rng_blind, p_rng_blind, NULL); } #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ @@ -497,11 +497,12 @@ int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp, mbedtls_mpi *r, * Verify ECDSA signature of hashed message (SEC1 4.1.4) * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message) */ -static int ecdsa_verify_restartable(mbedtls_ecp_group *grp, - const unsigned char *buf, size_t blen, - const mbedtls_ecp_point *Q, - const mbedtls_mpi *r, const mbedtls_mpi *s, - mbedtls_ecdsa_restart_ctx *rs_ctx) +int mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp, + const unsigned char *buf, size_t blen, + const mbedtls_ecp_point *Q, + const mbedtls_mpi *r, + const mbedtls_mpi *s, + mbedtls_ecdsa_restart_ctx *rs_ctx) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_mpi e, s_inv, u1, u2; @@ -610,7 +611,7 @@ int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp, const mbedtls_mpi *r, const mbedtls_mpi *s) { - return ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL); + return mbedtls_ecdsa_verify_restartable(grp, buf, blen, Q, r, s, NULL); } #endif /* !MBEDTLS_ECDSA_VERIFY_ALT */ @@ -665,9 +666,9 @@ int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx, mbedtls_mpi_init(&s); #if defined(MBEDTLS_ECDSA_DETERMINISTIC) - MBEDTLS_MPI_CHK(ecdsa_sign_det_restartable(&ctx->grp, &r, &s, &ctx->d, - hash, hlen, md_alg, f_rng, - p_rng, rs_ctx)); + MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_det_restartable(&ctx->grp, &r, &s, &ctx->d, + hash, hlen, md_alg, f_rng, + p_rng, rs_ctx)); #else (void) md_alg; @@ -678,9 +679,9 @@ int mbedtls_ecdsa_write_signature_restartable(mbedtls_ecdsa_context *ctx, hash, hlen, f_rng, p_rng)); #else /* Use the same RNG for both blinding and ephemeral key generation */ - MBEDTLS_MPI_CHK(ecdsa_sign_restartable(&ctx->grp, &r, &s, &ctx->d, - hash, hlen, f_rng, p_rng, f_rng, - p_rng, rs_ctx)); + MBEDTLS_MPI_CHK(mbedtls_ecdsa_sign_restartable(&ctx->grp, &r, &s, &ctx->d, + hash, hlen, f_rng, p_rng, f_rng, + p_rng, rs_ctx)); #endif /* MBEDTLS_ECDSA_SIGN_ALT */ #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ @@ -760,8 +761,8 @@ int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx, goto cleanup; } #else - if ((ret = ecdsa_verify_restartable(&ctx->grp, hash, hlen, - &ctx->Q, &r, &s, rs_ctx)) != 0) { + if ((ret = mbedtls_ecdsa_verify_restartable(&ctx->grp, hash, hlen, + &ctx->Q, &r, &s, rs_ctx)) != 0) { goto cleanup; } #endif /* MBEDTLS_ECDSA_VERIFY_ALT */ From 588f8ed498216b3f600f6d423328bd290ffe4a97 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 2 Dec 2022 18:10:26 +0000 Subject: [PATCH 080/440] Add internal implementation Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 55 +++ .../psa/crypto_driver_contexts_composites.h | 10 + include/psa/crypto_struct.h | 8 +- library/psa_crypto.c | 421 ++++++++++++++++++ library/psa_crypto_core.h | 299 +++++++++++++ .../psa_crypto_driver_wrappers.c.jinja | 61 ++- 6 files changed, 829 insertions(+), 25 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index b7f0b1162..0f1220de9 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -107,4 +107,59 @@ typedef struct { #define MBEDTLS_PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, { 0 } } +#include "mbedtls/ecdsa.h" + +/* Context structure for the Mbed TLS interruptible sign hash implementation. */ +typedef struct { + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx); +#if defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx); +#endif /* MBEDTLS_ECP_RESTARTABLE */ + + size_t MBEDTLS_PRIVATE(curve_bytes); + psa_algorithm_t MBEDTLS_PRIVATE(alg); + mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg); + const uint8_t *MBEDTLS_PRIVATE(hash); + size_t MBEDTLS_PRIVATE(hash_length); + + mbedtls_mpi MBEDTLS_PRIVATE(r); + mbedtls_mpi MBEDTLS_PRIVATE(s); + +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA */ + +} mbedtls_psa_sign_hash_interruptible_operation_t; + +#define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, 0, { 0 }, \ + { 0 } } + +/* Context structure for the Mbed TLS interruptible verify hash + * implementation.*/ +typedef struct { + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx); +#if defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx); +#endif /* MBEDTLS_ECP_RESTARTABLE */ + + size_t MBEDTLS_PRIVATE(curve_bytes); + const uint8_t *MBEDTLS_PRIVATE(hash); + size_t MBEDTLS_PRIVATE(hash_length); + + mbedtls_mpi MBEDTLS_PRIVATE(r); + mbedtls_mpi MBEDTLS_PRIVATE(s); + +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA */ + +} mbedtls_psa_verify_hash_interruptible_operation_t; + +#define MBEDTLS_VERIFY_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, { 0 }, \ + { 0 } } + + + #endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */ diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h index bcd000e70..1b95814f9 100644 --- a/include/psa/crypto_driver_contexts_composites.h +++ b/include/psa/crypto_driver_contexts_composites.h @@ -114,5 +114,15 @@ typedef union { #endif } psa_driver_aead_context_t; +typedef union { + unsigned dummy; /* Make sure this union is always non-empty */ + mbedtls_psa_sign_hash_interruptible_operation_t mbedtls_ctx; +} psa_driver_sign_hash_interruptible_context_t; + +typedef union { + unsigned dummy; /* Make sure this union is always non-empty */ + mbedtls_psa_verify_hash_interruptible_operation_t mbedtls_ctx; +} psa_driver_verify_hash_interruptible_context_t; + #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */ /* End of automatically generated file. */ diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index bd20937e5..8874e97a2 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -506,10 +506,12 @@ struct psa_sign_hash_interruptible_operation_s { * any driver (i.e. none of the driver contexts are active). */ unsigned int MBEDTLS_PRIVATE(id); + psa_driver_sign_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx); + size_t MBEDTLS_PRIVATE(num_ops); }; -#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, 0 } +#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0 } static inline struct psa_sign_hash_interruptible_operation_s psa_sign_hash_interruptible_operation_init(void) @@ -535,10 +537,12 @@ struct psa_verify_hash_interruptible_operation_s { * any driver (i.e. none of the driver contexts are active). */ unsigned int MBEDTLS_PRIVATE(id); + psa_driver_verify_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx); + size_t MBEDTLS_PRIVATE(num_ops); }; -#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, 0 } +#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0 } static inline struct psa_verify_hash_interruptible_operation_s psa_verify_hash_interruptible_operation_init(void) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a21f6d963..b31d51b4b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -81,6 +81,7 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" +#include "hash_info.h" #define ARRAY_LENGTH(array) (sizeof(array) / sizeof(*(array))) @@ -310,6 +311,9 @@ psa_status_t mbedtls_to_psa_error(int ret) case MBEDTLS_ERR_ECP_RANDOM_FAILED: return PSA_ERROR_INSUFFICIENT_ENTROPY; + case MBEDTLS_ERR_ECP_IN_PROGRESS: + return PSA_OPERATION_INCOMPLETE; + case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED: return PSA_ERROR_CORRUPTION_DETECTED; @@ -3360,7 +3364,424 @@ psa_status_t psa_verify_hash_abort( return PSA_SUCCESS; } +/****************************************************************/ +/* Asymmetric interruptible cryptography internal */ +/* implementations */ +/****************************************************************/ +static uint32_t mbedtls_psa_interruptible_max_ops = + PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; + +void mbedtls_psa_interruptible_set_max_ops(uint32_t max_ops) +{ +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) + + /* Internal implementation uses zero to indicate infinite number max ops, + * therefore avoid this value, and set to minimum possible. */ + if (max_ops == 0) { + max_ops = 1; + } + + mbedtls_psa_interruptible_max_ops = max_ops; + mbedtls_ecp_set_max_ops(max_ops); +#else + (void) max_ops; +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && + * defined( MBEDTLS_ECP_RESTARTABLE ) */ +} + +uint32_t mbedtls_psa_interruptible_get_max_ops(void) +{ + return mbedtls_psa_interruptible_max_ops; +} + +uint32_t mbedtls_psa_sign_hash_get_num_ops( + const mbedtls_psa_sign_hash_interruptible_operation_t *operation) +{ +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) + + return operation->restart_ctx.ecp.ops_done; +#else + (void) operation; + return 0; +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && + * defined( MBEDTLS_ECP_RESTARTABLE ) */ +} + +uint32_t mbedtls_psa_verify_hash_get_num_ops( + const mbedtls_psa_verify_hash_interruptible_operation_t *operation) +{ + #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) + + return operation->restart_ctx.ecp.ops_done; +#else + (void) operation; + return 0; +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && + * defined( MBEDTLS_ECP_RESTARTABLE ) */ +} + +psa_status_t mbedtls_psa_sign_hash_start( + mbedtls_psa_sign_hash_interruptible_operation_t *operation, + const psa_key_attributes_t *attributes, const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + if (PSA_ALG_IS_ECDSA(alg)) { + +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) + +#if !defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) { + return PSA_ERROR_NOT_SUPPORTED; + } +#endif + + /* Ensure default is set even if + * mbedtls_psa_interruptible_get_max_ops() has not been called. */ + mbedtls_ecp_set_max_ops(mbedtls_psa_interruptible_get_max_ops()); + + status = mbedtls_psa_ecp_load_representation(attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &operation->ctx); + + if (status != PSA_SUCCESS) { + return status; + } + + mbedtls_ecdsa_restart_init(&operation->restart_ctx); + + mbedtls_mpi_init(&operation->r); + mbedtls_mpi_init(&operation->s); + + operation->curve_bytes = PSA_BITS_TO_BYTES( + operation->ctx->grp.pbits); + + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); + operation->md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + operation->alg = alg; + + operation->hash = hash; + operation->hash_length = hash_length; + +#else + (void) operation; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) hash; + (void) hash_length; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && + * defined( MBEDTLS_ECP_RESTARTABLE ) */ + } else { + status = PSA_ERROR_INVALID_ARGUMENT; + } + } else { + status = PSA_ERROR_NOT_SUPPORTED; + } + + return status; +} + +psa_status_t mbedtls_psa_sign_hash_complete( + mbedtls_psa_sign_hash_interruptible_operation_t *operation, + uint8_t *signature, size_t signature_size, + size_t *signature_length) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) + + if (signature_size < 2 * operation->curve_bytes) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + + if (PSA_ALG_ECDSA_IS_DETERMINISTIC(operation->alg)) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) + status = mbedtls_to_psa_error( + mbedtls_ecdsa_sign_det_restartable(&operation->ctx->grp, + &operation->r, + &operation->s, + &operation->ctx->d, + operation->hash, + operation->hash_length, + operation->md_alg, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + &operation->restart_ctx)); +#else /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ + return PSA_ERROR_NOT_SUPPORTED; +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ + } else { + + status = mbedtls_to_psa_error( + mbedtls_ecdsa_sign_restartable(&operation->ctx->grp, + &operation->r, + &operation->s, + &operation->ctx->d, + operation->hash, + operation->hash_length, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE, + &operation->restart_ctx)); + } + + if (status != PSA_SUCCESS) { + return status; + } else { + status = mbedtls_to_psa_error( + mbedtls_mpi_write_binary(&operation->r, + signature, + operation->curve_bytes)); + + if (status != PSA_SUCCESS) { + return status; + } + + status = mbedtls_to_psa_error( + mbedtls_mpi_write_binary(&operation->s, + signature + + operation->curve_bytes, + operation->curve_bytes)); + + if (status != PSA_SUCCESS) { + return status; + } + + *signature_length = operation->curve_bytes * 2; + + return PSA_SUCCESS; + } + #else + + (void) operation; + (void) status; + (void) signature; + (void) signature_size; + (void) signature_length; + + return PSA_ERROR_NOT_SUPPORTED; + +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && + * defined( MBEDTLS_ECP_RESTARTABLE ) */ +} + +psa_status_t mbedtls_psa_sign_hash_abort( + mbedtls_psa_sign_hash_interruptible_operation_t *operation) +{ + +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) + + if (operation->ctx) { + mbedtls_ecdsa_free(operation->ctx); + mbedtls_free(operation->ctx); + } + + mbedtls_ecdsa_restart_free(&operation->restart_ctx); + + mbedtls_mpi_free(&operation->r); + mbedtls_mpi_free(&operation->s); + + return PSA_SUCCESS; + +#else + + (void) operation; + + return PSA_ERROR_NOT_SUPPORTED; + +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && + * defined( MBEDTLS_ECP_RESTARTABLE ) */ +} + +psa_status_t mbedtls_psa_verify_hash_start( + mbedtls_psa_verify_hash_interruptible_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + if (PSA_ALG_IS_ECDSA(alg)) { + +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) + + /* Ensure default is set even if + * mbedtls_psa_interruptible_get_max_ops() has not been called. */ + mbedtls_ecp_set_max_ops(mbedtls_psa_interruptible_get_max_ops()); + + status = mbedtls_psa_ecp_load_representation(attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &operation->ctx); + + if (status != PSA_SUCCESS) { + return status; + } + + operation->curve_bytes = PSA_BITS_TO_BYTES( + operation->ctx->grp.pbits); + + + if (signature_length != 2 * operation->curve_bytes) { + return PSA_ERROR_INVALID_SIGNATURE; + } + + mbedtls_mpi_init(&operation->r); + status = mbedtls_to_psa_error( + mbedtls_mpi_read_binary(&operation->r, + signature, + operation->curve_bytes)); + + if (status != PSA_SUCCESS) { + return status; + } + + mbedtls_mpi_init(&operation->s); + status = mbedtls_to_psa_error( + mbedtls_mpi_read_binary(&operation->s, + signature + + operation->curve_bytes, + operation->curve_bytes)); + + if (status != PSA_SUCCESS) { + return status; + } + + /* Check whether the public part is loaded. If not, load it. */ + if (mbedtls_ecp_is_zero(&operation->ctx->Q)) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + ret = mbedtls_ecp_mul(&operation->ctx->grp, + &operation->ctx->Q, + &operation->ctx->d, + &operation->ctx->grp.G, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE); + + if (ret != 0) { + return mbedtls_to_psa_error(ret); + } + } + + mbedtls_ecdsa_restart_init(&operation->restart_ctx); + + operation->hash = hash; + operation->hash_length = hash_length; +#else + (void) operation; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_length; + + return PSA_ERROR_NOT_SUPPORTED; +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && + * defined( MBEDTLS_ECP_RESTARTABLE ) */ + } else { + status = PSA_ERROR_INVALID_ARGUMENT; + } + } else { + status = PSA_ERROR_NOT_SUPPORTED; + } + + return status; +} + +psa_status_t mbedtls_psa_verify_hash_complete( + mbedtls_psa_verify_hash_interruptible_operation_t *operation) +{ + +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) + + return mbedtls_to_psa_error( + mbedtls_ecdsa_verify_restartable(&operation->ctx->grp, + operation->hash, + operation->hash_length, + &operation->ctx->Q, + &operation->r, + &operation->s, + &operation->restart_ctx)); + +#else + (void) operation; + + return PSA_ERROR_NOT_SUPPORTED; + +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && + * defined( MBEDTLS_ECP_RESTARTABLE ) */ +} + +psa_status_t mbedtls_psa_verify_hash_abort( + mbedtls_psa_verify_hash_interruptible_operation_t *operation) +{ + +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) + + if (operation->ctx) { + mbedtls_ecdsa_free(operation->ctx); + mbedtls_free(operation->ctx); + } + + mbedtls_ecdsa_restart_free(&operation->restart_ctx); + + mbedtls_mpi_free(&operation->r); + mbedtls_mpi_free(&operation->s); + + return PSA_SUCCESS; + +#else + (void) operation; + + return PSA_ERROR_NOT_SUPPORTED; + +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && + * defined( MBEDTLS_ECP_RESTARTABLE ) */ +} /****************************************************************/ /* Symmetric cryptography */ diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 38e4bc5cc..2f3cb6458 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -606,4 +606,303 @@ psa_status_t psa_key_agreement_raw_builtin( size_t shared_secret_size, size_t *shared_secret_length); +/** + * \brief Set the maximum number of ops allowed to be executed by an + * interruptible function in a single call. + * + * \warning This is a beta API, and thus subject to change at any point. It is + * not bound by the usual interface stability promises. + * + * \note The signature of this function is that of a PSA driver + * interruptible_set_max_ops entry point. This function behaves as an + * interruptible_set_max_ops entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \param[in] max_ops The maximum number of ops to be executed in a + * single call, this can be a number from 0 to + * #PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, where 0 + * is obviously the least amount of work done per + * call. + */ +void mbedtls_psa_interruptible_set_max_ops(uint32_t max_ops); + +/** + * \brief Get the maximum number of ops allowed to be executed by an + * interruptible function in a single call. + * + * \warning This is a beta API, and thus subject to change at any point. It is + * not bound by the usual interface stability promises. + * + * \note The signature of this function is that of a PSA driver + * interruptible_get_max_ops entry point. This function behaves as an + * interruptible_get_max_ops entry point as defined in the PSA driver + * interface specification for transparent drivers. + * + * \return Maximum number of ops allowed to be executed + * by an interruptible function in a single call. + */ +uint32_t mbedtls_psa_interruptible_get_max_ops(void); + +/** + * \brief Get the number of ops that a hash signing operation has taken so + * far. If the operation has completed, then this will represent the + * number of ops required for the entire operation. After initialization + * or calling psa_sign_hash_interruptible_abort() on the operation, a + * value of 0 will be returned. + * + * \warning This is a beta API, and thus subject to change at any point. It is + * not bound by the usual interface stability promises. + * + * \note The signature of this function is that of a PSA driver + * sign_get_num_ops entry point. This function behaves as a + * sign_get_num_ops entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * \param[in] operation The \c + * mbedtls_psa_sign_hash_interruptible_operation_t + * to use. This must be initialized first. + * + * \return Number of ops that the operation has taken so + * far. + */ +uint32_t mbedtls_psa_sign_hash_get_num_ops( + const mbedtls_psa_sign_hash_interruptible_operation_t *operation); + +/** + * \brief Get the number of ops that a hash verification operation has taken + * so far. If the operation has completed, then this will represent the + * number of ops required for the entire operation. After initialization + * or calling psa_verify_hash_interruptible_abort() on the operation, a + * value of 0 will be returned. + * + * \warning This is a beta API, and thus subject to change at any point. It is + * not bound by the usual interface stability promises. + * + * \note The signature of this function is that of a PSA driver + * verify_get_num_ops entry point. This function behaves as a + * verify_get_num_ops entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * \param[in] operation The \c + * mbedtls_psa_verify_hash_interruptible_operation_t + * to use. This must be initialized first. + * + * \return Number of ops that the operation has taken so + * far. + */ +uint32_t mbedtls_psa_verify_hash_get_num_ops( + const mbedtls_psa_verify_hash_interruptible_operation_t *operation); + +/** + * \brief Start signing a hash or short message with a private key, in an + * interruptible manner. + * + * \warning This is a beta API, and thus subject to change at any point. It is + * not bound by the usual interface stability promises. + * + * \note The signature of this function is that of a PSA driver + * sign_hash_start entry point. This function behaves as a + * sign_hash_start entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * \param[in] operation The \c + * mbedtls_psa_sign_hash_interruptible_operation_t + * to use. This must be initialized first. + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg A signature algorithm that is compatible with + * the type of the key. + * \param[in] hash The hash or message to sign. + * \param hash_length Size of the \p hash buffer in bytes. + * + * \retval #PSA_SUCCESS + * The operation started successfully - call \c psa_sign_hash_complete() + * with the same context to complete the operation + * \retval #PSA_ERROR_INVALID_ARGUMENT + * An unsupported, incorrectly formatted or incorrect type of key was + * used. + * \retval #PSA_ERROR_NOT_SUPPORTED Either no internal interruptible operations + * are currently supported, or the key type is currently unsupported. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * There was insufficient memory to load the key representation. + */ +psa_status_t mbedtls_psa_sign_hash_start( + mbedtls_psa_sign_hash_interruptible_operation_t *operation, + const psa_key_attributes_t *attributes, const uint8_t *key_buffer, + size_t key_buffer_size, psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length); + +/** + * \brief Continue and eventually complete the action of signing a hash or + * short message with a private key, in an interruptible manner. + * + * \warning This is a beta API, and thus subject to change at any point. It is + * not bound by the usual interface stability promises. + * + * \note The signature of this function is that of a PSA driver + * sign_hash_complete entry point. This function behaves as a + * sign_hash_complete entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * \param[in] operation The \c + * mbedtls_psa_sign_hash_interruptible_operation_t + * to use. This must be initialized first. + * + * \param[out] signature Buffer where the signature is to be written. + * \param signature_size Size of the \p signature buffer in bytes. This + * must be appropriate for the selected + * algorithm and key. + * \param[out] signature_length On success, the number of bytes that make up + * the returned signature value. + * + * \retval #PSA_SUCCESS + * Operation completed successfully + * + * \retval #PSA_OPERATION_INCOMPLETE + * Operation was interrupted due to the setting of \c + * psa_interruptible_set_max_ops(), there is still work to be done, + * please call this function again with the same operation object. + * + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p signature buffer is too small. You can + * determine a sufficient buffer size by calling + * #PSA_SIGN_OUTPUT_SIZE(\c key_type, \c key_bits, \p alg) + * where \c key_type and \c key_bits are the type and bit-size + * respectively of \p key. + * + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + */ +psa_status_t mbedtls_psa_sign_hash_complete( + mbedtls_psa_sign_hash_interruptible_operation_t *operation, + uint8_t *signature, size_t signature_size, + size_t *signature_length); + +/** + * \brief Abort a sign hash operation. + * + * \warning This is a beta API, and thus subject to change at any point. It is + * not bound by the usual interface stability promises. + * + * \note The signature of this function is that of a PSA driver sign_hash_abort + * entry point. This function behaves as a sign_hash_abort entry point as + * defined in the PSA driver interface specification for transparent + * drivers. + * + * \param[in] operation The \c + * mbedtls_psa_sign_hash_interruptible_operation_t + * to abort. + * + * \retval #PSA_SUCCESS + * The operation was aborted successfully. + */ +psa_status_t mbedtls_psa_sign_hash_abort( + mbedtls_psa_sign_hash_interruptible_operation_t *operation); + +/** + * \brief Start reading and verifying a hash or short message, in an + * interruptible manner. + * + * \warning This is a beta API, and thus subject to change at any point. It is + * not bound by the usual interface stability promises. + * + * \note The signature of this function is that of a PSA driver + * verify_hash_start entry point. This function behaves as a + * verify_hash_start entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * \param[in] operation The \c + * mbedtls_psa_verify_hash_interruptible_operation_t + * to use. This must be initialized first. + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The buffer containing the key context. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[in] alg A signature algorithm that is compatible with + * the type of the key. + * \param[in] hash The hash whose signature is to be verified. + * \param hash_length Size of the \p hash buffer in bytes. + * \param[in] signature Buffer containing the signature to verify. + * \param signature_length Size of the \p signature buffer in bytes. + * + * \retval #PSA_SUCCESS + * The operation started successfully - call \c psa_sign_hash_complete() + * with the same context to complete the operation + * \retval #PSA_ERROR_INVALID_ARGUMENT + * An unsupported or incorrect type of key was used. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Either no internal interruptible operations are currently supported, + * or the key type is currently unsupported. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * There was insufficient memory to load the key representation. + */ +psa_status_t mbedtls_psa_verify_hash_start( + mbedtls_psa_verify_hash_interruptible_operation_t *operation, + const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, size_t key_buffer_size, + psa_algorithm_t alg, + const uint8_t *hash, size_t hash_length, + const uint8_t *signature, size_t signature_length); + +/** + * \brief Continue and eventually complete the action of signing a hash or + * short message with a private key, in an interruptible manner. + * + * \warning This is a beta API, and thus subject to change at any point. It is + * not bound by the usual interface stability promises. + * + * \note The signature of this function is that of a PSA driver + * sign_hash_complete entry point. This function behaves as a + * sign_hash_complete entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * \param[in] operation The \c + * mbedtls_psa_sign_hash_interruptible_operation_t + * to use. This must be initialized first. + * + * \retval #PSA_SUCCESS + * Operation completed successfully, and the passed signature is valid. + * + * \retval #PSA_OPERATION_INCOMPLETE + * Operation was interrupted due to the setting of \c + * psa_interruptible_set_max_ops(), there is still work to be done, + * please call this function again with the same operation object. + * + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed + * signature is not a valid signature. + * + * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + */ +psa_status_t mbedtls_psa_verify_hash_complete( + mbedtls_psa_verify_hash_interruptible_operation_t *operation); + +/** + * \brief Abort a verify signed hash operation. + * + * \warning This is a beta API, and thus subject to change at any point. It is + * not bound by the usual interface stability promises. + * + * \note The signature of this function is that of a PSA driver + * verify_hash_abort entry point. This function behaves as a + * verify_hash_abort entry point as defined in the PSA driver interface + * specification for transparent drivers. + * + * \param[in] operation The \c + * mbedtls_psa_verify_hash_interruptible_operation_t + * to abort. + * + * \retval #PSA_SUCCESS + * The operation was aborted successfully. + */ +psa_status_t mbedtls_psa_verify_hash_abort( + mbedtls_psa_verify_hash_interruptible_operation_t *operation); + #endif /* PSA_CRYPTO_CORE_H */ diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index e1f7b1fe8..6093fdf81 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -435,12 +435,12 @@ psa_status_t psa_driver_wrapper_verify_hash( void psa_driver_wrapper_interruptible_set_max_ops( uint32_t max_ops ) { - ( void ) max_ops; + mbedtls_psa_interruptible_set_max_ops( max_ops ); } uint32_t psa_driver_wrapper_interruptible_get_max_ops( void ) { - return( PSA_ERROR_INVALID_ARGUMENT ); + return mbedtls_psa_interruptible_get_max_ops( ); } uint32_t psa_driver_wrapper_sign_hash_get_num_ops( @@ -449,12 +449,13 @@ uint32_t psa_driver_wrapper_sign_hash_get_num_ops( switch( operation->id ) { case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_sign_hash_get_num_ops( + &operation->ctx.mbedtls_ctx ) + ); #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: - - /* Add cases for opaque driver here */ + /* Add test driver tests here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -469,15 +470,17 @@ uint32_t psa_driver_wrapper_verify_hash_get_num_ops( switch( operation->id ) { case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_verify_hash_get_num_ops( + &operation->ctx.mbedtls_ctx ) + ); #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: - - /* Add cases for opaque driver here */ + /* Add test driver tests here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + } return( PSA_ERROR_INVALID_ARGUMENT ); @@ -491,7 +494,8 @@ psa_status_t psa_driver_wrapper_sign_hash_start( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( + attributes->core.lifetime ); switch( location ) { @@ -511,6 +515,10 @@ psa_status_t psa_driver_wrapper_sign_hash_start( /* Fell through, meaning no accelerator supports this operation */ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + return( mbedtls_psa_sign_hash_start( &operation->ctx.mbedtls_ctx, + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length ) ); break; /* Add cases for opaque driver here */ @@ -539,12 +547,13 @@ psa_status_t psa_driver_wrapper_sign_hash_complete( switch( operation->id ) { case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_sign_hash_complete( &operation->ctx.mbedtls_ctx, + signature, signature_size, + signature_length ) ); #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: - - /* Add cases for opaque driver here */ + /* Add test driver tests here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -563,12 +572,11 @@ psa_status_t psa_driver_wrapper_sign_hash_abort( switch( operation->id ) { case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_sign_hash_abort( &operation->ctx.mbedtls_ctx ) ); #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: - - /* Add cases for opaque driver here */ + /* Add test driver tests here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -586,8 +594,8 @@ psa_status_t psa_driver_wrapper_verify_hash_start( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( + attributes->core.lifetime ); switch( location ) { @@ -607,6 +615,12 @@ psa_status_t psa_driver_wrapper_verify_hash_start( /* Fell through, meaning no accelerator supports this operation */ operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + return( mbedtls_psa_verify_hash_start( &operation->ctx.mbedtls_ctx, + attributes, + key_buffer, key_buffer_size, + alg, hash, hash_length, + signature, signature_length + ) ); break; /* Add cases for opaque driver here */ @@ -635,12 +649,13 @@ psa_status_t psa_driver_wrapper_verify_hash_complete( switch( operation->id ) { case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_verify_hash_complete( + &operation->ctx.mbedtls_ctx + ) ); #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: - - /* Add cases for opaque driver here */ + /* Add test driver tests here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -655,12 +670,12 @@ psa_status_t psa_driver_wrapper_verify_hash_abort( switch( operation->id ) { case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_verify_hash_abort( &operation->ctx.mbedtls_ctx + ) ); #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: - - /* Add cases for opaque driver here */ + /* Add test driver tests here */ #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ From 296ede99c9649c7606f09c4888b0ea157835027d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 15 Dec 2022 17:00:30 +0000 Subject: [PATCH 081/440] Fix issues with get_{sign/verify}_num_ops Move to accumulate ops in context rather than attempting to read straight out of structures due to structure ops getting reset per operation, and also issues with _abort clearing internal data. Fix usage of size_t in structures Signed-off-by: Paul Elliott --- include/psa/crypto_struct.h | 4 ++-- library/psa_crypto.c | 17 +++++++++++++++-- .../psa_crypto_driver_wrappers.c.jinja | 8 ++++++++ 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 8874e97a2..bc56a4fa6 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -508,7 +508,7 @@ struct psa_sign_hash_interruptible_operation_s { psa_driver_sign_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx); - size_t MBEDTLS_PRIVATE(num_ops); + uint32_t MBEDTLS_PRIVATE(num_ops); }; #define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0 } @@ -539,7 +539,7 @@ struct psa_verify_hash_interruptible_operation_s { psa_driver_verify_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx); - size_t MBEDTLS_PRIVATE(num_ops); + uint32_t MBEDTLS_PRIVATE(num_ops); }; #define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0 } diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b31d51b4b..e3be65013 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3146,13 +3146,13 @@ uint32_t psa_interruptible_get_max_ops(void) uint32_t psa_sign_hash_get_num_ops( const psa_sign_hash_interruptible_operation_t *operation) { - return psa_driver_wrapper_sign_hash_get_num_ops(operation); + return operation->num_ops; } uint32_t psa_verify_hash_get_num_ops( const psa_verify_hash_interruptible_operation_t *operation) { - return psa_driver_wrapper_verify_hash_get_num_ops(operation); + return operation->num_ops; } psa_status_t psa_sign_hash_start( @@ -3192,6 +3192,9 @@ psa_status_t psa_sign_hash_start( .core = slot->attr }; + /* Ensure ops count gets reset, in case of operation re-use. */ + operation->num_ops = 0; + status = psa_driver_wrapper_sign_hash_start(operation, &attributes, slot->key.data, slot->key.bytes, alg, @@ -3238,6 +3241,9 @@ psa_status_t psa_sign_hash_complete( signature_length); exit: + /* Update ops count with work done. */ + operation->num_ops += psa_driver_wrapper_sign_hash_get_num_ops(operation); + if (status != PSA_OPERATION_INCOMPLETE) { /* Fill the unused part of the output buffer (the whole buffer on error, * the trailing part on success) with something that isn't a valid @@ -3308,6 +3314,9 @@ psa_status_t psa_verify_hash_start( .core = slot->attr }; + /* Ensure ops count gets reset, in case of operation re-use. */ + operation->num_ops = 0; + status = psa_driver_wrapper_verify_hash_start(operation, &attributes, slot->key.data, slot->key.bytes, @@ -3340,6 +3349,10 @@ psa_status_t psa_verify_hash_complete( exit: + /* Update ops count with work done. */ + operation->num_ops += psa_driver_wrapper_verify_hash_get_num_ops( + operation); + if (status != PSA_OPERATION_INCOMPLETE) { psa_verify_hash_abort(operation); } diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 6093fdf81..2b2b02571 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -448,6 +448,10 @@ uint32_t psa_driver_wrapper_sign_hash_get_num_ops( { switch( operation->id ) { + /* If uninitialised, return 0, as no work can have been done. */ + case 0: + return 0; + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_sign_hash_get_num_ops( &operation->ctx.mbedtls_ctx ) @@ -469,6 +473,10 @@ uint32_t psa_driver_wrapper_verify_hash_get_num_ops( { switch( operation->id ) { + /* If uninitialised, return 0, as no work can have been done. */ + case 0: + return 0; + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_verify_hash_get_num_ops( &operation->ctx.mbedtls_ctx ) From 712d5120072fe9c9e36b78dae54b3d9a4efdd269 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 7 Dec 2022 14:03:10 +0000 Subject: [PATCH 082/440] Basic tests Sign Hash, Verify Hash and Sign and Verify Hash. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 45 ++++ tests/suites/test_suite_psa_crypto.function | 258 ++++++++++++++++++++ 2 files changed, 303 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c3561420b..c45e168a3 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4145,6 +4145,18 @@ PSA sign hash: deterministic ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f" +PSA sign hash: interruptible ECDSA SECP256R1 SHA - 256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" + +PSA sign hash: interruptible ECDSA SECP256R1 SHA - 384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca" + +PSA sign hash: interruptible ECDSA SECP384R1 SHA - 256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f" + PSA sign hash: RSA PKCS#1 v1.5 SHA-256, wrong hash size depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT @@ -4249,6 +4261,31 @@ PSA sign/verify hash: deterministic ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +PSA sign / verify hash interruptible: randomized ECDSA SECP256R1 SHA - 256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" + +PSA sign / verify hash interruptible: deterministic ECDSA SECP256R1 SHA - 256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" + +PSA sign / verify hash interruptible: randomized ECDSA SECP256R1 SHA - 384 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" + +PSA sign / verify hash interruptible: deterministic ECDSA SECP256R1 SHA - 384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" + +PSA sign / verify hash interruptible: randomized ECDSA SECP384R1 SHA - 256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" + +PSA sign / verify hash interruptible: deterministic ECDSA SECP384R1 SHA - 256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" + + PSA verify hash: RSA PKCS#1 v1.5 SHA-256, good signature depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" @@ -4369,6 +4406,14 @@ PSA verify hash with keypair: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" +PSA verify hash interruptible: ECDSA SECP256R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" + +PSA verify hash interruptible with keypair: ECDSA SECP256R1, good +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" + PSA verify hash: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index c414b65fa..9bf5039fc 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6444,6 +6444,89 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +void sign_hash_interruptible(int key_type_arg, data_t *key_data, + int alg_arg, data_t *input_data, + data_t *output_data) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + size_t key_bits; + unsigned char *signature = NULL; + size_t signature_size; + size_t signature_length = 0xdeadbeef; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_OPERATION_INCOMPLETE; + size_t num_ops = 0; + size_t num_ops_prior = 0; + psa_sign_hash_interruptible_operation_t operation = + psa_sign_hash_interruptible_operation_init(); + + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + + PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, + &key)); + PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + key_bits = psa_get_key_bits(&attributes); + + /* Allocate a buffer which has the size advertised by the + * library. */ + signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, + key_bits, alg); + TEST_ASSERT(signature_size != 0); + TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); + ASSERT_ALLOC(signature, signature_size); + + num_ops_prior = psa_sign_hash_get_num_ops(&operation); + TEST_ASSERT(num_ops_prior == 0); + + /* Start performing the signature. */ + PSA_ASSERT(psa_sign_hash_start(&operation, key, alg, + input_data->x, input_data->len)); + + num_ops_prior = psa_sign_hash_get_num_ops(&operation); + TEST_ASSERT(num_ops_prior == 0); + + /* Continue performing the signature until complete. */ + while (status == PSA_OPERATION_INCOMPLETE) { + status = psa_sign_hash_complete(&operation, signature, signature_size, + &signature_length); + + if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) { + num_ops = psa_sign_hash_get_num_ops(&operation); + + TEST_ASSERT(num_ops > num_ops_prior); + num_ops_prior = num_ops; + } + } + + TEST_ASSERT(status == PSA_SUCCESS); + + /* Verify that the signature is what is expected. */ + ASSERT_COMPARE(output_data->x, output_data->len, + signature, signature_length); + + PSA_ASSERT(psa_sign_hash_abort(&operation)); + +exit: + + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes(&attributes); + + psa_destroy_key(key); + mbedtls_free(signature); + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE */ void sign_hash_fail(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, @@ -6559,6 +6642,116 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, + int alg_arg, data_t *input_data) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + size_t key_bits; + unsigned char *signature = NULL; + size_t signature_size; + size_t signature_length = 0xdeadbeef; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_OPERATION_INCOMPLETE; + psa_sign_hash_interruptible_operation_t sign_operation = + psa_sign_hash_interruptible_operation_init(); + psa_verify_hash_interruptible_operation_t verify_operation = + psa_verify_hash_interruptible_operation_init(); + + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + + PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, + &key)); + PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + key_bits = psa_get_key_bits(&attributes); + + /* Allocate a buffer which has the size advertised by the + * library. */ + signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, + key_bits, alg); + TEST_ASSERT(signature_size != 0); + TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); + ASSERT_ALLOC(signature, signature_size); + + /* Start performing the signature. */ + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + /* Continue performing the signature until complete. */ + while (status == PSA_OPERATION_INCOMPLETE) { + + status = psa_sign_hash_complete(&sign_operation, signature, signature_size, + &signature_length); + } + + TEST_ASSERT(status == PSA_SUCCESS); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + /* Check that the signature length looks sensible. */ + TEST_LE_U(signature_length, signature_size); + TEST_ASSERT(signature_length > 0); + + status = PSA_OPERATION_INCOMPLETE; + + /* Start verification. */ + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length)); + + /* Continue performing the signature until complete. */ + while (status == PSA_OPERATION_INCOMPLETE) { + status = psa_verify_hash_complete(&verify_operation); + } + + TEST_ASSERT(status == PSA_SUCCESS); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + + verify_operation = psa_verify_hash_interruptible_operation_init(); + + if (input_data->len != 0) { + /* Flip a bit in the input and verify that the signature is now + * detected as invalid. Flip a bit at the beginning, not at the end, + * because ECDSA may ignore the last few bits of the input. */ + input_data->x[0] ^= 1; + + status = PSA_OPERATION_INCOMPLETE; + + /* Start verification. */ + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length)); + + /* Continue performing the signature until complete. */ + while (status == PSA_OPERATION_INCOMPLETE) { + status = psa_verify_hash_complete(&verify_operation); + } + + TEST_ASSERT(status == PSA_ERROR_INVALID_SIGNATURE); + } + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes(&attributes); + + psa_destroy_key(key); + mbedtls_free(signature); + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE */ void verify_hash(int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, @@ -6591,6 +6784,71 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +void verify_hash_interruptible(int key_type_arg, data_t *key_data, + int alg_arg, data_t *hash_data, + data_t *signature_data) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_status_t status = PSA_OPERATION_INCOMPLETE; + size_t num_ops = 0; + size_t num_ops_prior = 0; + psa_verify_hash_interruptible_operation_t operation = + psa_verify_hash_interruptible_operation_init(); + + TEST_LE_U(signature_data->len, PSA_SIGNATURE_MAX_SIZE); + + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + + PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, + &key)); + + num_ops_prior = psa_verify_hash_get_num_ops(&operation); + + TEST_ASSERT(num_ops_prior == 0); + + /* Start verification. */ + PSA_ASSERT(psa_verify_hash_start(&operation, key, alg, + hash_data->x, hash_data->len, + signature_data->x, signature_data->len) + ); + + num_ops_prior = psa_verify_hash_get_num_ops(&operation); + + TEST_ASSERT(num_ops_prior == 0); + + /* Continue performing the signature until complete. */ + while (status == PSA_OPERATION_INCOMPLETE) { + status = psa_verify_hash_complete(&operation); + + if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) { + num_ops = psa_verify_hash_get_num_ops(&operation); + + TEST_ASSERT(num_ops > num_ops_prior); + num_ops_prior = num_ops; + } + } + + TEST_ASSERT(status == PSA_SUCCESS); + + PSA_ASSERT(psa_verify_hash_abort(&operation)); + +exit: + psa_reset_key_attributes(&attributes); + psa_destroy_key(key); + PSA_DONE(); +} +/* END_CASE */ + + + /* BEGIN_CASE */ void verify_hash_fail(int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, From e04e15b766cabd682e51a56a86b28b6a74d82819 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 9 Dec 2022 19:27:06 +0000 Subject: [PATCH 083/440] Add Changelog entry Signed-off-by: Paul Elliott --- ChangeLog.d/add_interruptible_sign_hash | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/add_interruptible_sign_hash diff --git a/ChangeLog.d/add_interruptible_sign_hash b/ChangeLog.d/add_interruptible_sign_hash new file mode 100644 index 000000000..3d933038e --- /dev/null +++ b/ChangeLog.d/add_interruptible_sign_hash @@ -0,0 +1,5 @@ +Features + * Add an interruptible version of sign and verify hash to the PSA interface, + backed by internal library support for ECDSA signing and verification. + + From 9100797cb3373ba3c999a89b1ec8799ded2eaee5 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 16 Dec 2022 12:21:24 +0000 Subject: [PATCH 084/440] Negative tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 52 +++++++ tests/suites/test_suite_psa_crypto.function | 156 +++++++++++++++++++- 2 files changed, 206 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c45e168a3..fc6ae5c61 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4221,6 +4221,30 @@ PSA sign hash: deterministic ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED +PSA sign hash interruptible: deterministic ECDSA SECP256R1 SHA-256, output buffer too small +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL + +PSA sign hash interruptible: deterministic ECDSA SECP256R1 SHA-256, empty output buffer +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL + +PSA sign hash interruptible: deterministic ECDSA SECP256R1, invalid hash algorithm (0) +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT + +PSA sign hash interruptible: deterministic ECDSA SECP256R1, invalid hash algorithm (wildcard) +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE + +PSA sign hash interruptible: invalid algorithm for ECC key +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE + +PSA sign hash interruptible: deterministic ECDSA not supported +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE + PSA sign/verify hash: RSA PKCS#1 v1.5, raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263" @@ -4442,6 +4466,34 @@ PSA verify hash: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT +PSA verify hash interruptible: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE + +PSA verify hash interruptible: ECDSA SECP256R1, wrong signature of correct size +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE + +PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (empty) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE + +PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (truncated) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE + +PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (trailing junk) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE + +PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (leading junk) +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE + +PSA verify hash interruptible: invalid algorithm for ECC key +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE + PSA sign message: RSA PKCS#1 v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C sign_message_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 9bf5039fc..d5141790d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6572,6 +6572,89 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, + int alg_arg, data_t *input_data, + int signature_size_arg, + int expected_start_status_arg, + int expected_complete_status_arg) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + size_t signature_size = signature_size_arg; + psa_status_t actual_status; + psa_status_t expected_start_status = expected_start_status_arg; + psa_status_t expected_complete_status = expected_complete_status_arg; + unsigned char *signature = NULL; + size_t signature_length = 0xdeadbeef; + size_t num_ops = 0; + size_t num_ops_prior = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_sign_hash_interruptible_operation_t operation = + psa_sign_hash_interruptible_operation_init(); + + ASSERT_ALLOC(signature, signature_size); + + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + + PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, + &key)); + + num_ops_prior = psa_sign_hash_get_num_ops(&operation); + TEST_ASSERT(num_ops_prior == 0); + + /* Start performing the signature. */ + actual_status = psa_sign_hash_start(&operation, key, alg, + input_data->x, input_data->len); + + TEST_EQUAL(actual_status, expected_start_status); + + num_ops_prior = psa_sign_hash_get_num_ops(&operation); + TEST_ASSERT(num_ops_prior == 0); + + actual_status = PSA_OPERATION_INCOMPLETE; + + /* Continue performing the signature until complete. */ + while (actual_status == PSA_OPERATION_INCOMPLETE) { + actual_status = psa_sign_hash_complete(&operation, signature, + signature_size, + &signature_length); + + /* If the psa_sign_hash_start() failed, psa_sign_hash_complete() + * should also fail with bad state. */ + if (expected_start_status != PSA_SUCCESS) { + TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); + } else if (actual_status != PSA_OPERATION_INCOMPLETE) { + TEST_EQUAL(actual_status, expected_complete_status); + } else { + num_ops = psa_sign_hash_get_num_ops(&operation); + + TEST_ASSERT(num_ops > num_ops_prior); + num_ops_prior = num_ops; + } + } + + PSA_ASSERT(psa_sign_hash_abort(&operation)); + + /* The value of *signature_length is unspecified on error, but + * whatever it is, it should be less than signature_size, so that + * if the caller tries to read *signature_length bytes without + * checking the error code then they don't overflow a buffer. */ + TEST_LE_U(signature_length, signature_size); + +exit: + psa_reset_key_attributes(&attributes); + psa_destroy_key(key); + mbedtls_free(signature); + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE */ void sign_verify_hash(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data) @@ -6847,8 +6930,6 @@ exit: } /* END_CASE */ - - /* BEGIN_CASE */ void verify_hash_fail(int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, @@ -6883,6 +6964,77 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, + int alg_arg, data_t *hash_data, + data_t *signature_data, + int expected_start_status_arg, + int expected_complete_status_arg) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_status_t actual_status; + psa_status_t expected_start_status = expected_start_status_arg; + psa_status_t expected_complete_status = expected_complete_status_arg; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + size_t num_ops = 0; + size_t num_ops_prior = 0; + psa_verify_hash_interruptible_operation_t operation = + psa_verify_hash_interruptible_operation_init(); + + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + + PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, + &key)); + + num_ops_prior = psa_verify_hash_get_num_ops(&operation); + TEST_ASSERT(num_ops_prior == 0); + + /* Start verification. */ + actual_status = psa_verify_hash_start(&operation, key, alg, + hash_data->x, hash_data->len, + signature_data->x, + signature_data->len); + + TEST_EQUAL(actual_status, expected_start_status); + + num_ops_prior = psa_verify_hash_get_num_ops(&operation); + TEST_ASSERT(num_ops_prior == 0); + + actual_status = PSA_OPERATION_INCOMPLETE; + + /* Continue performing the signature until complete. */ + while (actual_status == PSA_OPERATION_INCOMPLETE) { + actual_status = psa_verify_hash_complete(&operation); + + /* If the psa_verify_hash_start() failed, + * psa_verify_hash_complete() should also fail with bad state.*/ + if (expected_start_status != PSA_SUCCESS) { + TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); + } else if (actual_status != PSA_OPERATION_INCOMPLETE) { + TEST_EQUAL(actual_status, expected_complete_status); + } else { + num_ops = psa_verify_hash_get_num_ops(&operation); + + TEST_ASSERT(num_ops > num_ops_prior); + num_ops_prior = num_ops; + } + } + + PSA_ASSERT(psa_verify_hash_abort(&operation)); + +exit: + psa_reset_key_attributes(&attributes); + psa_destroy_key(key); + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE */ void sign_message_deterministic(int key_type_arg, data_t *key_data, From 4cec2f60dc77a21d4a6016f3223a9acf14c8e551 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 16 Dec 2022 14:44:11 +0000 Subject: [PATCH 085/440] Add interruptible to psa_op_fail tests Signed-off-by: Paul Elliott --- .../test_suite_psa_crypto_op_fail.function | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_op_fail.function b/tests/suites/test_suite_psa_crypto_op_fail.function index 046e3c3a0..970be84b4 100644 --- a/tests/suites/test_suite_psa_crypto_op_fail.function +++ b/tests/suites/test_suite_psa_crypto_op_fail.function @@ -221,6 +221,13 @@ void sign_fail(int key_type_arg, data_t *key_data, uint8_t input[1] = { 'A' }; uint8_t output[PSA_SIGNATURE_MAX_SIZE] = { 0 }; size_t length = SIZE_MAX; + psa_sign_hash_interruptible_operation_t sign_operation = + psa_sign_hash_interruptible_operation_init(); + + psa_verify_hash_interruptible_operation_t verify_operation = + psa_verify_hash_interruptible_operation_init(); + + PSA_INIT(); @@ -237,6 +244,15 @@ void sign_fail(int key_type_arg, data_t *key_data, psa_sign_hash(key_id, alg, input, sizeof(input), output, sizeof(output), &length)); + + if (PSA_KEY_TYPE_IS_ECC(key_type)) { + TEST_STATUS(expected_status, + psa_sign_hash_start(&sign_operation, key_id, alg, + input, sizeof(input))); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + } + if (!private_only) { /* Determine a plausible signature size to avoid an INVALID_SIGNATURE * error based on this. */ @@ -253,6 +269,15 @@ void sign_fail(int key_type_arg, data_t *key_data, psa_verify_hash(key_id, alg, input, sizeof(input), output, output_length)); + + if (PSA_KEY_TYPE_IS_ECC(key_type)) { + TEST_STATUS(expected_status, + psa_verify_hash_start(&verify_operation, key_id, alg, + input, sizeof(input), + output, output_length)); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + } } exit: From 0c68335a42af6a72f85a0862f18fb8cc03815616 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 16 Dec 2022 19:16:56 +0000 Subject: [PATCH 086/440] Convert tests to configurable max_ops Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 125 ++++++++++++++------ tests/suites/test_suite_psa_crypto.function | 78 ++++++++++-- 2 files changed, 155 insertions(+), 48 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index fc6ae5c61..7164d275b 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4145,17 +4145,29 @@ PSA sign hash: deterministic ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f" -PSA sign hash: interruptible ECDSA SECP256R1 SHA - 256 +PSA sign hash: interruptible (no interrupt) ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 -PSA sign hash: interruptible ECDSA SECP256R1 SHA - 384 +PSA sign hash: interruptible (max interrupt) ECDSA SECP256R1 SHA-256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED + +PSA sign hash: interruptible (no interrupt) ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 -sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca" +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 -PSA sign hash: interruptible ECDSA SECP384R1 SHA - 256 +PSA sign hash: interruptible (max interrupt) ECDSA SECP256R1 SHA-384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED + +PSA sign hash: interruptible (no interrupt) ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f" +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 + +PSA sign hash: interruptible (max interrupt) ECDSA SECP384R1 SHA-256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash: RSA PKCS#1 v1.5 SHA-256, wrong hash size depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C @@ -4221,29 +4233,41 @@ PSA sign hash: deterministic ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED -PSA sign hash interruptible: deterministic ECDSA SECP256R1 SHA-256, output buffer too small +PSA sign hash interruptible (no interrupt): deterministic ECDSA SECP256R1 SHA-256, output buffer too small depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 -PSA sign hash interruptible: deterministic ECDSA SECP256R1 SHA-256, empty output buffer +PSA sign hash interruptible (max interrupt): deterministic ECDSA SECP256R1 SHA-256, output buffer too small depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:1:1:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign hash interruptible: deterministic ECDSA SECP256R1, invalid hash algorithm (0) +PSA sign hash interruptible (no interrupt): deterministic ECDSA SECP256R1 SHA-256, empty output buffer +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 + +PSA sign hash interruptible (max interrupt): deterministic ECDSA SECP256R1 SHA-256, empty output buffer +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:1:1:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED + +PSA sign hash interruptible (no interrupt): deterministic ECDSA SECP256R1, invalid hash algorithm (0) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 + +PSA sign hash interruptible (max interrupt): deterministic ECDSA SECP256R1, invalid hash algorithm (0) +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:1:1:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash interruptible: deterministic ECDSA SECP256R1, invalid hash algorithm (wildcard) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 PSA sign hash interruptible: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 PSA sign hash interruptible: deterministic ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 PSA sign/verify hash: RSA PKCS#1 v1.5, raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C @@ -4285,30 +4309,53 @@ PSA sign/verify hash: deterministic ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" -PSA sign / verify hash interruptible: randomized ECDSA SECP256R1 SHA - 256 +PSA sign / verify hash interruptible (no interrupt): randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 -PSA sign / verify hash interruptible: deterministic ECDSA SECP256R1 SHA - 256 +PSA sign / verify hash interruptible (max interrupt): randomized ECDSA SECP256R1 SHA-256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED + +PSA sign / verify hash interruptible (no interrupt): deterministic ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 -PSA sign / verify hash interruptible: randomized ECDSA SECP256R1 SHA - 384 +PSA sign / verify hash interruptible (max interrupt): deterministic ECDSA SECP256R1 SHA-256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED + +PSA sign / verify hash interruptible (no interrupt): randomized ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 -PSA sign / verify hash interruptible: deterministic ECDSA SECP256R1 SHA - 384 +PSA sign / verify hash interruptible (max interrupt): randomized ECDSA SECP256R1 SHA-384 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED + +PSA sign / verify hash interruptible (no interrupt): deterministic ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 -PSA sign / verify hash interruptible: randomized ECDSA SECP384R1 SHA - 256 +PSA sign / verify hash interruptible (max interrupt): deterministic ECDSA SECP256R1 SHA-384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED + +PSA sign / verify hash interruptible (no interrupt): randomized ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 -PSA sign / verify hash interruptible: deterministic ECDSA SECP384R1 SHA - 256 +PSA sign / verify hash interruptible (max interrupt): randomized ECDSA SECP384R1 SHA-256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED + +PSA sign / verify hash interruptible (no interrupt): deterministic ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +PSA sign / verify hash interruptible (max interrupt): deterministic ECDSA SECP384R1 SHA-256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA verify hash: RSA PKCS#1 v1.5 SHA-256, good signature depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C @@ -4432,11 +4479,11 @@ verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30 PSA verify hash interruptible: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" +verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 PSA verify hash interruptible with keypair: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" +verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 PSA verify hash: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 @@ -4468,31 +4515,35 @@ verify_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab4543571264 PSA verify hash interruptible: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 -PSA verify hash interruptible: ECDSA SECP256R1, wrong signature of correct size +PSA verify hash interruptible (no interrupt): ECDSA SECP256R1, wrong signature of correct size depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 + +PSA verify hash interruptible (max interrupt): ECDSA SECP256R1, wrong signature of correct size +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (empty) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (truncated) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (trailing junk) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (leading junk) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 PSA verify hash interruptible: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 PSA sign message: RSA PKCS#1 v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index d5141790d..ce5a240b2 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6447,7 +6447,8 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ void sign_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, - data_t *output_data) + data_t *output_data, int max_ops, + int min_completes, int max_completes) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -6460,6 +6461,7 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, psa_status_t status = PSA_OPERATION_INCOMPLETE; size_t num_ops = 0; size_t num_ops_prior = 0; + size_t num_completes = 0; psa_sign_hash_interruptible_operation_t operation = psa_sign_hash_interruptible_operation_init(); @@ -6482,6 +6484,8 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); ASSERT_ALLOC(signature, signature_size); + psa_interruptible_set_max_ops(max_ops); + num_ops_prior = psa_sign_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); @@ -6497,16 +6501,21 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, status = psa_sign_hash_complete(&operation, signature, signature_size, &signature_length); + num_completes++; + if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) { num_ops = psa_sign_hash_get_num_ops(&operation); - TEST_ASSERT(num_ops > num_ops_prior); + num_ops_prior = num_ops; } } TEST_ASSERT(status == PSA_SUCCESS); + TEST_LE_U(min_completes, num_completes); + TEST_LE_U(num_completes, max_completes); + /* Verify that the signature is what is expected. */ ASSERT_COMPARE(output_data->x, output_data->len, signature, signature_length); @@ -6577,7 +6586,9 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, int signature_size_arg, int expected_start_status_arg, - int expected_complete_status_arg) + int expected_complete_status_arg, + int max_ops, int min_completes, + int max_completes) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -6590,6 +6601,7 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, size_t signature_length = 0xdeadbeef; size_t num_ops = 0; size_t num_ops_prior = 0; + size_t num_completes = 0; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_sign_hash_interruptible_operation_t operation = psa_sign_hash_interruptible_operation_init(); @@ -6605,6 +6617,8 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); + psa_interruptible_set_max_ops(max_ops); + num_ops_prior = psa_sign_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); @@ -6625,6 +6639,8 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, signature_size, &signature_length); + num_completes++; + /* If the psa_sign_hash_start() failed, psa_sign_hash_complete() * should also fail with bad state. */ if (expected_start_status != PSA_SUCCESS) { @@ -6633,8 +6649,8 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, TEST_EQUAL(actual_status, expected_complete_status); } else { num_ops = psa_sign_hash_get_num_ops(&operation); - TEST_ASSERT(num_ops > num_ops_prior); + num_ops_prior = num_ops; } } @@ -6647,6 +6663,9 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, * checking the error code then they don't overflow a buffer. */ TEST_LE_U(signature_length, signature_size); + TEST_LE_U(min_completes, num_completes); + TEST_LE_U(num_completes, max_completes); + exit: psa_reset_key_attributes(&attributes); psa_destroy_key(key); @@ -6727,7 +6746,9 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, - int alg_arg, data_t *input_data) + int alg_arg, data_t *input_data, + int max_ops, int min_completes, + int max_completes) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -6738,6 +6759,7 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, size_t signature_length = 0xdeadbeef; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_OPERATION_INCOMPLETE; + size_t num_completes = 0; psa_sign_hash_interruptible_operation_t sign_operation = psa_sign_hash_interruptible_operation_init(); psa_verify_hash_interruptible_operation_t verify_operation = @@ -6745,7 +6767,8 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_crypto_init()); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_VERIFY_HASH); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); @@ -6762,6 +6785,8 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); ASSERT_ALLOC(signature, signature_size); + psa_interruptible_set_max_ops(max_ops); + /* Start performing the signature. */ PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, input_data->x, input_data->len)); @@ -6769,18 +6794,25 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, /* Continue performing the signature until complete. */ while (status == PSA_OPERATION_INCOMPLETE) { - status = psa_sign_hash_complete(&sign_operation, signature, signature_size, + status = psa_sign_hash_complete(&sign_operation, signature, + signature_size, &signature_length); + + num_completes++; } TEST_ASSERT(status == PSA_SUCCESS); + TEST_LE_U(min_completes, num_completes); + TEST_LE_U(num_completes, max_completes); + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); /* Check that the signature length looks sensible. */ TEST_LE_U(signature_length, signature_size); TEST_ASSERT(signature_length > 0); + num_completes = 0; status = PSA_OPERATION_INCOMPLETE; /* Start verification. */ @@ -6791,10 +6823,15 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, /* Continue performing the signature until complete. */ while (status == PSA_OPERATION_INCOMPLETE) { status = psa_verify_hash_complete(&verify_operation); + + num_completes++; } TEST_ASSERT(status == PSA_SUCCESS); + TEST_LE_U(min_completes, num_completes); + TEST_LE_U(num_completes, max_completes); + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); verify_operation = psa_verify_hash_interruptible_operation_init(); @@ -6870,7 +6907,8 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ void verify_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, - data_t *signature_data) + data_t *signature_data, int max_ops, + int min_completes, int max_completes) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -6879,6 +6917,7 @@ void verify_hash_interruptible(int key_type_arg, data_t *key_data, psa_status_t status = PSA_OPERATION_INCOMPLETE; size_t num_ops = 0; size_t num_ops_prior = 0; + size_t num_completes = 0; psa_verify_hash_interruptible_operation_t operation = psa_verify_hash_interruptible_operation_init(); @@ -6893,6 +6932,8 @@ void verify_hash_interruptible(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); + psa_interruptible_set_max_ops(max_ops); + num_ops_prior = psa_verify_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); @@ -6911,16 +6952,21 @@ void verify_hash_interruptible(int key_type_arg, data_t *key_data, while (status == PSA_OPERATION_INCOMPLETE) { status = psa_verify_hash_complete(&operation); + num_completes++; + if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) { num_ops = psa_verify_hash_get_num_ops(&operation); - TEST_ASSERT(num_ops > num_ops_prior); + num_ops_prior = num_ops; } } TEST_ASSERT(status == PSA_SUCCESS); + TEST_LE_U(min_completes, num_completes); + TEST_LE_U(num_completes, max_completes); + PSA_ASSERT(psa_verify_hash_abort(&operation)); exit: @@ -6969,7 +7015,9 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, data_t *signature_data, int expected_start_status_arg, - int expected_complete_status_arg) + int expected_complete_status_arg, + int max_ops, int min_completes, + int max_completes) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -6980,6 +7028,7 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; size_t num_ops = 0; size_t num_ops_prior = 0; + size_t num_completes = 0; psa_verify_hash_interruptible_operation_t operation = psa_verify_hash_interruptible_operation_init(); @@ -6992,6 +7041,8 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); + psa_interruptible_set_max_ops(max_ops); + num_ops_prior = psa_verify_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); @@ -7012,6 +7063,8 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, while (actual_status == PSA_OPERATION_INCOMPLETE) { actual_status = psa_verify_hash_complete(&operation); + num_completes++; + /* If the psa_verify_hash_start() failed, * psa_verify_hash_complete() should also fail with bad state.*/ if (expected_start_status != PSA_SUCCESS) { @@ -7020,12 +7073,15 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, TEST_EQUAL(actual_status, expected_complete_status); } else { num_ops = psa_verify_hash_get_num_ops(&operation); - TEST_ASSERT(num_ops > num_ops_prior); + num_ops_prior = num_ops; } } + TEST_LE_U(min_completes, num_completes); + TEST_LE_U(num_completes, max_completes); + PSA_ASSERT(psa_verify_hash_abort(&operation)); exit: From 20a360679b41f7139bbdf13b5eb2a4bdac2332e1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 18 Dec 2022 13:21:25 +0000 Subject: [PATCH 087/440] Add State tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 4 + tests/suites/test_suite_psa_crypto.function | 202 ++++++++++++++++++++ 2 files changed, 206 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 7164d275b..e6da057da 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4545,6 +4545,10 @@ PSA verify hash interruptible: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +PSA interruptible hash state test: randomized ECDSA SECP256R1 SHA-256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +hash_interruptible_state_test:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" + PSA sign message: RSA PKCS#1 v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C sign_message_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ce5a240b2..6860f7f07 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7091,6 +7091,208 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +void hash_interruptible_state_test(int key_type_arg, data_t *key_data, + int alg_arg, data_t *input_data) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + size_t key_bits; + unsigned char *signature = NULL; + size_t signature_size; + size_t signature_length = 0xdeadbeef; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_sign_hash_interruptible_operation_t sign_operation = + psa_sign_hash_interruptible_operation_init(); + psa_verify_hash_interruptible_operation_t verify_operation = + psa_verify_hash_interruptible_operation_init(); + + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + + PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, + &key)); + PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + key_bits = psa_get_key_bits(&attributes); + + /* Allocate a buffer which has the size advertised by the + * library. */ + signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, + key_bits, alg); + TEST_ASSERT(signature_size != 0); + TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); + ASSERT_ALLOC(signature, signature_size); + + psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); + + /* --- Attempt completes prior to starts --- */ + TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length), + PSA_ERROR_BAD_STATE); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + TEST_EQUAL(psa_verify_hash_complete(&verify_operation), + PSA_ERROR_BAD_STATE); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + + /* --- Aborts in all other places. --- */ + psa_sign_hash_abort(&sign_operation); + + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + psa_interruptible_set_max_ops(1); + + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length), + PSA_OPERATION_INCOMPLETE); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); + + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length)); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length)); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + + psa_interruptible_set_max_ops(1); + + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length)); + + TEST_EQUAL(psa_verify_hash_complete(&verify_operation), + PSA_OPERATION_INCOMPLETE); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + + psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); + + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length)); + + PSA_ASSERT(psa_verify_hash_complete(&verify_operation)); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + + /* --- Attempt double starts. --- */ + + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + TEST_EQUAL(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len), + PSA_ERROR_BAD_STATE); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length)); + + TEST_EQUAL(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length), + PSA_ERROR_BAD_STATE); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + + /* --- Ensure changing the max ops mid operation works (operation should + * complete successfully after setting max ops to unlimited --- */ + psa_interruptible_set_max_ops(1); + + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length), + PSA_OPERATION_INCOMPLETE); + + psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); + + PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length)); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + psa_interruptible_set_max_ops(1); + + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length)); + + TEST_EQUAL(psa_verify_hash_complete(&verify_operation), + PSA_OPERATION_INCOMPLETE); + + psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); + + PSA_ASSERT(psa_verify_hash_complete(&verify_operation)); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + + /* --- Change function inputs mid run, to cause an error (sign only, + * verify passes all inputs to start. --- */ + + psa_interruptible_set_max_ops(1); + + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length), + PSA_OPERATION_INCOMPLETE); + + TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, + 0, + &signature_length), + PSA_ERROR_BUFFER_TOO_SMALL); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes(&attributes); + + psa_destroy_key(key); + mbedtls_free(signature); + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE */ void sign_message_deterministic(int key_type_arg, data_t *key_data, From 59ad9457b6a8036773ca255663f0e9edc6fca6d7 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 18 Dec 2022 15:09:02 +0000 Subject: [PATCH 088/440] Add {sign/verify}_hash_abort_internal Ensure that num_ops is cleared when manual abort is called, but obviously not when an operation just completes, and test this. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 62 ++++++++++++++++----- tests/suites/test_suite_psa_crypto.function | 12 ++++ 2 files changed, 59 insertions(+), 15 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e3be65013..f7228bc4b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3155,6 +3155,25 @@ uint32_t psa_verify_hash_get_num_ops( return operation->num_ops; } +static psa_status_t psa_sign_hash_abort_internal( + psa_sign_hash_interruptible_operation_t *operation) +{ + if (operation->id == 0) { + /* The object has (apparently) been initialized but it is not (yet) + * in use. It's ok to call abort on such an object, and there's + * nothing to do. */ + return PSA_SUCCESS; + } + + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + status = psa_driver_wrapper_sign_hash_abort(operation); + + operation->id = 0; + + return status; +} + psa_status_t psa_sign_hash_start( psa_sign_hash_interruptible_operation_t *operation, mbedtls_svc_key_id_t key, psa_algorithm_t alg, @@ -3202,7 +3221,7 @@ psa_status_t psa_sign_hash_start( exit: if (status != PSA_SUCCESS) { - psa_sign_hash_abort(operation); + psa_sign_hash_abort_internal(operation); } unlock_status = psa_unlock_key_slot(slot); @@ -3259,7 +3278,7 @@ exit: /* If signature_size is 0 then we have nothing to do. We must not * call memset because signature may be NULL in this case.*/ - psa_sign_hash_abort(operation); + psa_sign_hash_abort_internal(operation); } return status; @@ -3267,6 +3286,20 @@ exit: psa_status_t psa_sign_hash_abort( psa_sign_hash_interruptible_operation_t *operation) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + status = psa_sign_hash_abort_internal(operation); + + /* We clear the number of ops done here, so that it is not cleared when + * the operation fails or succeeds, only on manual abort. */ + operation->num_ops = 0; + + return status; +} + +static psa_status_t psa_verify_hash_abort_internal( + psa_verify_hash_interruptible_operation_t *operation) { if (operation->id == 0) { /* The object has (apparently) been initialized but it is not (yet) @@ -3275,11 +3308,13 @@ psa_status_t psa_sign_hash_abort( return PSA_SUCCESS; } - psa_driver_wrapper_sign_hash_abort(operation); + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + status = psa_driver_wrapper_verify_hash_abort(operation); operation->id = 0; - return PSA_SUCCESS; + return status; } psa_status_t psa_verify_hash_start( @@ -3324,7 +3359,7 @@ psa_status_t psa_verify_hash_start( signature, signature_length); if (status != PSA_SUCCESS) { - psa_verify_hash_abort(operation); + psa_verify_hash_abort_internal(operation); } unlock_status = psa_unlock_key_slot(slot); @@ -3354,7 +3389,7 @@ exit: operation); if (status != PSA_OPERATION_INCOMPLETE) { - psa_verify_hash_abort(operation); + psa_verify_hash_abort_internal(operation); } return status; @@ -3363,18 +3398,15 @@ exit: psa_status_t psa_verify_hash_abort( psa_verify_hash_interruptible_operation_t *operation) { - if (operation->id == 0) { - /* The object has (apparently) been initialized but it is not (yet) - * in use. It's ok to call abort on such an object, and there's - * nothing to do. */ - return PSA_SUCCESS; - } + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_driver_wrapper_verify_hash_abort(operation); + status = psa_verify_hash_abort_internal(operation); - operation->id = 0; + /* We clear the number of ops done here, so that it is not cleared when + * the operation fails or succeeds, only on manual abort. */ + operation->num_ops = 0; - return PSA_SUCCESS; + return status; } /****************************************************************/ diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 6860f7f07..21965cfca 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6522,6 +6522,9 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_sign_hash_abort(&operation)); + num_ops = psa_sign_hash_get_num_ops(&operation); + TEST_ASSERT(num_ops == 0); + exit: /* @@ -6657,6 +6660,9 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_sign_hash_abort(&operation)); + num_ops = psa_sign_hash_get_num_ops(&operation); + TEST_ASSERT(num_ops == 0); + /* The value of *signature_length is unspecified on error, but * whatever it is, it should be less than signature_size, so that * if the caller tries to read *signature_length bytes without @@ -6969,6 +6975,9 @@ void verify_hash_interruptible(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_verify_hash_abort(&operation)); + num_ops = psa_verify_hash_get_num_ops(&operation); + TEST_ASSERT(num_ops == 0); + exit: psa_reset_key_attributes(&attributes); psa_destroy_key(key); @@ -7084,6 +7093,9 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_verify_hash_abort(&operation)); + num_ops = psa_verify_hash_get_num_ops(&operation); + TEST_ASSERT(num_ops == 0); + exit: psa_reset_key_attributes(&attributes); psa_destroy_key(key); From c5c6963d07c5ca423ecf5b57cfdac220ab36a2c9 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 3 Jan 2023 17:07:05 +0000 Subject: [PATCH 089/440] Remove #endif from between testcases Signed-off-by: David Horstmann From 3225f198030bd07535e163013215d2583e64827c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 10 Jan 2023 12:03:12 +0000 Subject: [PATCH 090/440] Fix ecdsa.h documentation error Signed-off-by: Paul Elliott --- include/mbedtls/ecdsa.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h index 1741d2c20..c5d9701f6 100644 --- a/include/mbedtls/ecdsa.h +++ b/include/mbedtls/ecdsa.h @@ -416,6 +416,8 @@ int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp, * initialized restart context. * * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of + * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX * error code on failure. */ @@ -474,8 +476,6 @@ int mbedtls_ecdsa_verify_restartable(mbedtls_ecp_group *grp, * \c NULL if \p f_rng is \c NULL or doesn't use a context. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of - * operations was reached: see \c mbedtls_ecp_set_max_ops(). * \return An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or * \c MBEDTLS_ERR_ASN1_XXX error code on failure. */ From 7cc4e816c16df362c0723694d1e2941d2166a70c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 10 Jan 2023 17:14:11 +0000 Subject: [PATCH 091/440] Ensure max ops gets set regardless of having built-in implementation Set the psa level global anyway, regardless of having a built in implementation, to match the set function. Also, ensure that value returned is the same as value passed in, irregardless of internal implementation requirements. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f7228bc4b..efad51035 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3419,6 +3419,8 @@ static uint32_t mbedtls_psa_interruptible_max_ops = void mbedtls_psa_interruptible_set_max_ops(uint32_t max_ops) { + mbedtls_psa_interruptible_max_ops = max_ops; + #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) @@ -3429,10 +3431,7 @@ void mbedtls_psa_interruptible_set_max_ops(uint32_t max_ops) max_ops = 1; } - mbedtls_psa_interruptible_max_ops = max_ops; mbedtls_ecp_set_max_ops(max_ops); -#else - (void) max_ops; #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && * defined( MBEDTLS_ECP_RESTARTABLE ) */ @@ -3497,8 +3496,9 @@ psa_status_t mbedtls_psa_sign_hash_start( #endif /* Ensure default is set even if - * mbedtls_psa_interruptible_get_max_ops() has not been called. */ - mbedtls_ecp_set_max_ops(mbedtls_psa_interruptible_get_max_ops()); + * mbedtls_psa_interruptible_set_max_ops() has not been called. */ + mbedtls_psa_interruptible_set_max_ops( + mbedtls_psa_interruptible_get_max_ops()); status = mbedtls_psa_ecp_load_representation(attributes->core.type, attributes->core.bits, @@ -3685,8 +3685,9 @@ psa_status_t mbedtls_psa_verify_hash_start( defined(MBEDTLS_ECP_RESTARTABLE) /* Ensure default is set even if - * mbedtls_psa_interruptible_get_max_ops() has not been called. */ - mbedtls_ecp_set_max_ops(mbedtls_psa_interruptible_get_max_ops()); + * mbedtls_psa_interruptible_set_max_ops() has not been called. */ + mbedtls_psa_interruptible_set_max_ops( + mbedtls_psa_interruptible_get_max_ops()); status = mbedtls_psa_ecp_load_representation(attributes->core.type, attributes->core.bits, From 749dec54effb21db2e9f3036b451144f8652dcf1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 16 Jan 2023 12:18:46 +0000 Subject: [PATCH 092/440] Clean up structure include guards Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 0f1220de9..c5a37e63d 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -138,13 +138,12 @@ typedef struct { /* Context structure for the Mbed TLS interruptible verify hash * implementation.*/ typedef struct { +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx); -#if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx); -#endif /* MBEDTLS_ECP_RESTARTABLE */ size_t MBEDTLS_PRIVATE(curve_bytes); const uint8_t *MBEDTLS_PRIVATE(hash); @@ -153,7 +152,9 @@ typedef struct { mbedtls_mpi MBEDTLS_PRIVATE(r); mbedtls_mpi MBEDTLS_PRIVATE(s); -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA */ +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA && + * MBEDTLS_ECP_RESTARTABLE */ } mbedtls_psa_verify_hash_interruptible_operation_t; From 068fe0774029c658a295abf1369bd113cb7aa551 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 16 Jan 2023 13:59:15 +0000 Subject: [PATCH 093/440] Improve indentation of hash start functions Signed-off-by: Paul Elliott --- library/psa_crypto.c | 230 +++++++++++++++++++++---------------------- 1 file changed, 115 insertions(+), 115 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index efad51035..ee9e0412c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3482,69 +3482,69 @@ psa_status_t mbedtls_psa_sign_hash_start( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { - if (PSA_ALG_IS_ECDSA(alg)) { + if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + return PSA_ERROR_NOT_SUPPORTED; + } + + if (!PSA_ALG_IS_ECDSA(alg)) { + return PSA_ERROR_INVALID_ARGUMENT; + } #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ - defined(MBEDTLS_ECP_RESTARTABLE) + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) #if !defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) { - return PSA_ERROR_NOT_SUPPORTED; - } + if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) { + return PSA_ERROR_NOT_SUPPORTED; + } #endif - /* Ensure default is set even if - * mbedtls_psa_interruptible_set_max_ops() has not been called. */ - mbedtls_psa_interruptible_set_max_ops( - mbedtls_psa_interruptible_get_max_ops()); + /* Ensure default is set even if + * mbedtls_psa_interruptible_set_max_ops() has not been called. */ + mbedtls_psa_interruptible_set_max_ops( + mbedtls_psa_interruptible_get_max_ops()); - status = mbedtls_psa_ecp_load_representation(attributes->core.type, - attributes->core.bits, - key_buffer, - key_buffer_size, - &operation->ctx); + status = mbedtls_psa_ecp_load_representation(attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &operation->ctx); - if (status != PSA_SUCCESS) { - return status; - } + if (status != PSA_SUCCESS) { + return status; + } - mbedtls_ecdsa_restart_init(&operation->restart_ctx); + mbedtls_ecdsa_restart_init(&operation->restart_ctx); - mbedtls_mpi_init(&operation->r); - mbedtls_mpi_init(&operation->s); + mbedtls_mpi_init(&operation->r); + mbedtls_mpi_init(&operation->s); - operation->curve_bytes = PSA_BITS_TO_BYTES( - operation->ctx->grp.pbits); + operation->curve_bytes = PSA_BITS_TO_BYTES( + operation->ctx->grp.pbits); - psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); - operation->md_alg = mbedtls_hash_info_md_from_psa(hash_alg); - operation->alg = alg; + psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); + operation->md_alg = mbedtls_hash_info_md_from_psa(hash_alg); + operation->alg = alg; - operation->hash = hash; - operation->hash_length = hash_length; + operation->hash = hash; + operation->hash_length = hash_length; + + return PSA_SUCCESS; #else - (void) operation; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) hash; - (void) hash_length; + (void) operation; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) hash; + (void) hash_length; + (void) status; - return PSA_ERROR_NOT_SUPPORTED; + return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && * defined( MBEDTLS_ECP_RESTARTABLE ) */ - } else { - status = PSA_ERROR_INVALID_ARGUMENT; - } - } else { - status = PSA_ERROR_NOT_SUPPORTED; - } - - return status; } psa_status_t mbedtls_psa_sign_hash_complete( @@ -3677,99 +3677,99 @@ psa_status_t mbedtls_psa_verify_hash_start( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { - if (PSA_ALG_IS_ECDSA(alg)) { + if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { + return PSA_ERROR_NOT_SUPPORTED; + } + + if (!PSA_ALG_IS_ECDSA(alg)) { + return PSA_ERROR_INVALID_ARGUMENT; + } #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ - defined(MBEDTLS_ECP_RESTARTABLE) + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) - /* Ensure default is set even if - * mbedtls_psa_interruptible_set_max_ops() has not been called. */ - mbedtls_psa_interruptible_set_max_ops( - mbedtls_psa_interruptible_get_max_ops()); + /* Ensure default is set even if + * mbedtls_psa_interruptible_set_max_ops() has not been called. */ + mbedtls_psa_interruptible_set_max_ops( + mbedtls_psa_interruptible_get_max_ops()); - status = mbedtls_psa_ecp_load_representation(attributes->core.type, - attributes->core.bits, - key_buffer, - key_buffer_size, - &operation->ctx); + status = mbedtls_psa_ecp_load_representation(attributes->core.type, + attributes->core.bits, + key_buffer, + key_buffer_size, + &operation->ctx); - if (status != PSA_SUCCESS) { - return status; - } + if (status != PSA_SUCCESS) { + return status; + } - operation->curve_bytes = PSA_BITS_TO_BYTES( - operation->ctx->grp.pbits); + operation->curve_bytes = PSA_BITS_TO_BYTES( + operation->ctx->grp.pbits); - if (signature_length != 2 * operation->curve_bytes) { - return PSA_ERROR_INVALID_SIGNATURE; - } + if (signature_length != 2 * operation->curve_bytes) { + return PSA_ERROR_INVALID_SIGNATURE; + } - mbedtls_mpi_init(&operation->r); - status = mbedtls_to_psa_error( - mbedtls_mpi_read_binary(&operation->r, - signature, - operation->curve_bytes)); + mbedtls_mpi_init(&operation->r); + status = mbedtls_to_psa_error( + mbedtls_mpi_read_binary(&operation->r, + signature, + operation->curve_bytes)); - if (status != PSA_SUCCESS) { - return status; - } + if (status != PSA_SUCCESS) { + return status; + } - mbedtls_mpi_init(&operation->s); - status = mbedtls_to_psa_error( - mbedtls_mpi_read_binary(&operation->s, - signature + - operation->curve_bytes, - operation->curve_bytes)); + mbedtls_mpi_init(&operation->s); + status = mbedtls_to_psa_error( + mbedtls_mpi_read_binary(&operation->s, + signature + + operation->curve_bytes, + operation->curve_bytes)); - if (status != PSA_SUCCESS) { - return status; - } + if (status != PSA_SUCCESS) { + return status; + } - /* Check whether the public part is loaded. If not, load it. */ - if (mbedtls_ecp_is_zero(&operation->ctx->Q)) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + /* Check whether the public part is loaded. If not, load it. */ + if (mbedtls_ecp_is_zero(&operation->ctx->Q)) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ret = mbedtls_ecp_mul(&operation->ctx->grp, - &operation->ctx->Q, - &operation->ctx->d, - &operation->ctx->grp.G, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE); + ret = mbedtls_ecp_mul(&operation->ctx->grp, + &operation->ctx->Q, + &operation->ctx->d, + &operation->ctx->grp.G, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE); - if (ret != 0) { - return mbedtls_to_psa_error(ret); - } - } + if (ret != 0) { + return mbedtls_to_psa_error(ret); + } + } - mbedtls_ecdsa_restart_init(&operation->restart_ctx); + mbedtls_ecdsa_restart_init(&operation->restart_ctx); - operation->hash = hash; - operation->hash_length = hash_length; + operation->hash = hash; + operation->hash_length = hash_length; + + return PSA_SUCCESS; #else - (void) operation; - (void) key_buffer; - (void) key_buffer_size; - (void) alg; - (void) hash; - (void) hash_length; - (void) signature; - (void) signature_length; + (void) operation; + (void) key_buffer; + (void) key_buffer_size; + (void) alg; + (void) hash; + (void) hash_length; + (void) signature; + (void) signature_length; + (void) status; - return PSA_ERROR_NOT_SUPPORTED; + return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && * defined( MBEDTLS_ECP_RESTARTABLE ) */ - } else { - status = PSA_ERROR_INVALID_ARGUMENT; - } - } else { - status = PSA_ERROR_NOT_SUPPORTED; - } - - return status; } psa_status_t mbedtls_psa_verify_hash_complete( From 6ee2408d26302705773b4f134e7b94775d8cbac7 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 16 Jan 2023 14:00:41 +0000 Subject: [PATCH 094/440] Remove deterministic alg restriction on sign hash Signed-off-by: Paul Elliott --- library/psa_crypto.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ee9e0412c..748cb13f8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3494,12 +3494,6 @@ psa_status_t mbedtls_psa_sign_hash_start( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) -#if !defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) - if (PSA_ALG_ECDSA_IS_DETERMINISTIC(alg)) { - return PSA_ERROR_NOT_SUPPORTED; - } -#endif - /* Ensure default is set even if * mbedtls_psa_interruptible_set_max_ops() has not been called. */ mbedtls_psa_interruptible_set_max_ops( From edfc8835688af22c073a6acd14d2fa24be33488f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 20 Jan 2023 17:13:10 +0000 Subject: [PATCH 095/440] Change test loops over to do...while Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 35 +++++++++------------ 1 file changed, 14 insertions(+), 21 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 21965cfca..aaf9d8657 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6497,7 +6497,7 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, TEST_ASSERT(num_ops_prior == 0); /* Continue performing the signature until complete. */ - while (status == PSA_OPERATION_INCOMPLETE) { + do { status = psa_sign_hash_complete(&operation, signature, signature_size, &signature_length); @@ -6509,7 +6509,7 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, num_ops_prior = num_ops; } - } + } while (status == PSA_OPERATION_INCOMPLETE); TEST_ASSERT(status == PSA_SUCCESS); @@ -6634,10 +6634,8 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, num_ops_prior = psa_sign_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); - actual_status = PSA_OPERATION_INCOMPLETE; - /* Continue performing the signature until complete. */ - while (actual_status == PSA_OPERATION_INCOMPLETE) { + do { actual_status = psa_sign_hash_complete(&operation, signature, signature_size, &signature_length); @@ -6656,7 +6654,7 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, num_ops_prior = num_ops; } - } + } while (actual_status == PSA_OPERATION_INCOMPLETE); PSA_ASSERT(psa_sign_hash_abort(&operation)); @@ -6798,14 +6796,14 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, input_data->x, input_data->len)); /* Continue performing the signature until complete. */ - while (status == PSA_OPERATION_INCOMPLETE) { + do { status = psa_sign_hash_complete(&sign_operation, signature, signature_size, &signature_length); num_completes++; - } + } while (status == PSA_OPERATION_INCOMPLETE); TEST_ASSERT(status == PSA_SUCCESS); @@ -6819,7 +6817,6 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, TEST_ASSERT(signature_length > 0); num_completes = 0; - status = PSA_OPERATION_INCOMPLETE; /* Start verification. */ PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, @@ -6827,11 +6824,11 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, signature, signature_length)); /* Continue performing the signature until complete. */ - while (status == PSA_OPERATION_INCOMPLETE) { + do { status = psa_verify_hash_complete(&verify_operation); num_completes++; - } + } while (status == PSA_OPERATION_INCOMPLETE); TEST_ASSERT(status == PSA_SUCCESS); @@ -6848,17 +6845,15 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, * because ECDSA may ignore the last few bits of the input. */ input_data->x[0] ^= 1; - status = PSA_OPERATION_INCOMPLETE; - /* Start verification. */ PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, input_data->x, input_data->len, signature, signature_length)); /* Continue performing the signature until complete. */ - while (status == PSA_OPERATION_INCOMPLETE) { + do { status = psa_verify_hash_complete(&verify_operation); - } + } while (status == PSA_OPERATION_INCOMPLETE); TEST_ASSERT(status == PSA_ERROR_INVALID_SIGNATURE); } @@ -6955,7 +6950,7 @@ void verify_hash_interruptible(int key_type_arg, data_t *key_data, TEST_ASSERT(num_ops_prior == 0); /* Continue performing the signature until complete. */ - while (status == PSA_OPERATION_INCOMPLETE) { + do { status = psa_verify_hash_complete(&operation); num_completes++; @@ -6966,7 +6961,7 @@ void verify_hash_interruptible(int key_type_arg, data_t *key_data, num_ops_prior = num_ops; } - } + } while (status == PSA_OPERATION_INCOMPLETE); TEST_ASSERT(status == PSA_SUCCESS); @@ -7066,10 +7061,8 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, num_ops_prior = psa_verify_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); - actual_status = PSA_OPERATION_INCOMPLETE; - /* Continue performing the signature until complete. */ - while (actual_status == PSA_OPERATION_INCOMPLETE) { + do { actual_status = psa_verify_hash_complete(&operation); num_completes++; @@ -7086,7 +7079,7 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, num_ops_prior = num_ops; } - } + } while (actual_status == PSA_OPERATION_INCOMPLETE); TEST_LE_U(min_completes, num_completes); TEST_LE_U(num_completes, max_completes); From 334d726d408aa79be8b55da126c17a93cfc70ff4 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 20 Jan 2023 17:29:41 +0000 Subject: [PATCH 096/440] Ensure ops are tested on successful 'fail' tests Make sure the number of ops is tested in the interruptible failure tests, should they get through the interruptible loop part. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 34 ++++++++++++--------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index aaf9d8657..d89afa336 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6642,13 +6642,8 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, num_completes++; - /* If the psa_sign_hash_start() failed, psa_sign_hash_complete() - * should also fail with bad state. */ - if (expected_start_status != PSA_SUCCESS) { - TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); - } else if (actual_status != PSA_OPERATION_INCOMPLETE) { - TEST_EQUAL(actual_status, expected_complete_status); - } else { + if (actual_status == PSA_SUCCESS || + actual_status == PSA_OPERATION_INCOMPLETE) { num_ops = psa_sign_hash_get_num_ops(&operation); TEST_ASSERT(num_ops > num_ops_prior); @@ -6656,6 +6651,14 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, } } while (actual_status == PSA_OPERATION_INCOMPLETE); + /* If the psa_sign_hash_start() failed, psa_sign_hash_complete() + * should also fail with bad state. */ + if (expected_start_status != PSA_SUCCESS) { + TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); + } else if (actual_status != PSA_OPERATION_INCOMPLETE) { + TEST_EQUAL(actual_status, expected_complete_status); + } + PSA_ASSERT(psa_sign_hash_abort(&operation)); num_ops = psa_sign_hash_get_num_ops(&operation); @@ -7067,13 +7070,8 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, num_completes++; - /* If the psa_verify_hash_start() failed, - * psa_verify_hash_complete() should also fail with bad state.*/ - if (expected_start_status != PSA_SUCCESS) { - TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); - } else if (actual_status != PSA_OPERATION_INCOMPLETE) { - TEST_EQUAL(actual_status, expected_complete_status); - } else { + if (actual_status == PSA_SUCCESS || + actual_status == PSA_OPERATION_INCOMPLETE) { num_ops = psa_verify_hash_get_num_ops(&operation); TEST_ASSERT(num_ops > num_ops_prior); @@ -7081,6 +7079,14 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, } } while (actual_status == PSA_OPERATION_INCOMPLETE); + /* If the psa_verify_hash_start() failed, + * psa_verify_hash_complete() should also fail with bad state.*/ + if (expected_start_status != PSA_SUCCESS) { + TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); + } else if (actual_status != PSA_OPERATION_INCOMPLETE) { + TEST_EQUAL(actual_status, expected_complete_status); + } + TEST_LE_U(min_completes, num_completes); TEST_LE_U(num_completes, max_completes); From 97ac7d9090fdbef679f797c7709f0f5bdebb5dfe Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 23 Jan 2023 18:09:06 +0000 Subject: [PATCH 097/440] Calculate min/max completes rather than passing in to test Only 2 options were really possible anyway - complete in 1 op, or somewhere between 2 and max ops. Anything else we cannot test due to implementation specifics. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 74 ++++++++++----------- tests/suites/test_suite_psa_crypto.function | 74 ++++++++++++++++++--- 2 files changed, 101 insertions(+), 47 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index e6da057da..a00f8ed4c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4147,27 +4147,27 @@ sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8 PSA sign hash: interruptible (no interrupt) ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash: interruptible (max interrupt) ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":1 PSA sign hash: interruptible (no interrupt) ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 -sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash: interruptible (max interrupt) ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 -sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":1 PSA sign hash: interruptible (no interrupt) ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash: interruptible (max interrupt) ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":1 PSA sign hash: RSA PKCS#1 v1.5 SHA-256, wrong hash size depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C @@ -4235,39 +4235,39 @@ sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5 PSA sign hash interruptible (no interrupt): deterministic ECDSA SECP256R1 SHA-256, output buffer too small depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash interruptible (max interrupt): deterministic ECDSA SECP256R1 SHA-256, output buffer too small depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:1:1:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA sign hash interruptible (no interrupt): deterministic ECDSA SECP256R1 SHA-256, empty output buffer depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash interruptible (max interrupt): deterministic ECDSA SECP256R1 SHA-256, empty output buffer depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:1:1:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA sign hash interruptible (no interrupt): deterministic ECDSA SECP256R1, invalid hash algorithm (0) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash interruptible (max interrupt): deterministic ECDSA SECP256R1, invalid hash algorithm (0) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:1:1:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:1 PSA sign hash interruptible: deterministic ECDSA SECP256R1, invalid hash algorithm (wildcard) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash interruptible: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash interruptible: deterministic ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign/verify hash: RSA PKCS#1 v1.5, raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C @@ -4311,51 +4311,51 @@ sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280 PSA sign / verify hash interruptible (no interrupt): randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign / verify hash interruptible (max interrupt): randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 PSA sign / verify hash interruptible (no interrupt): deterministic ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign / verify hash interruptible (max interrupt): deterministic ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 PSA sign / verify hash interruptible (no interrupt): randomized ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign / verify hash interruptible (max interrupt): randomized ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":1 PSA sign / verify hash interruptible (no interrupt): deterministic ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign / verify hash interruptible (max interrupt): deterministic ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":1 PSA sign / verify hash interruptible (no interrupt): randomized ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign / verify hash interruptible (max interrupt): randomized ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 PSA sign / verify hash interruptible (no interrupt): deterministic ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign / verify hash interruptible (max interrupt): deterministic ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 PSA verify hash: RSA PKCS#1 v1.5 SHA-256, good signature depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C @@ -4479,11 +4479,11 @@ verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30 PSA verify hash interruptible: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA verify hash interruptible with keypair: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA verify hash: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 @@ -4515,35 +4515,35 @@ verify_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab4543571264 PSA verify hash interruptible: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA verify hash interruptible (no interrupt): ECDSA SECP256R1, wrong signature of correct size depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA verify hash interruptible (max interrupt): ECDSA SECP256R1, wrong signature of correct size depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:1:2:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:1 PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (empty) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (truncated) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (trailing junk) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (leading junk) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA verify hash interruptible: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED:1:1 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA interruptible hash state test: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index d89afa336..7f50e960c 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6447,8 +6447,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ void sign_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, - data_t *output_data, int max_ops, - int min_completes, int max_completes) + data_t *output_data, int max_ops) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -6462,6 +6461,8 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, size_t num_ops = 0; size_t num_ops_prior = 0; size_t num_completes = 0; + size_t min_completes = 0; + size_t max_completes = 0; psa_sign_hash_interruptible_operation_t operation = psa_sign_hash_interruptible_operation_init(); @@ -6486,6 +6487,14 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, psa_interruptible_set_max_ops(max_ops); + if (max_ops == PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED) { + min_completes = 1; + max_completes = 1; + } else { + min_completes = 2; + max_completes = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; + } + num_ops_prior = psa_sign_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); @@ -6590,8 +6599,7 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, int signature_size_arg, int expected_start_status_arg, int expected_complete_status_arg, - int max_ops, int min_completes, - int max_completes) + int max_ops) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -6605,6 +6613,9 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, size_t num_ops = 0; size_t num_ops_prior = 0; size_t num_completes = 0; + size_t min_completes = 0; + size_t max_completes = 0; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_sign_hash_interruptible_operation_t operation = psa_sign_hash_interruptible_operation_init(); @@ -6622,6 +6633,20 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, psa_interruptible_set_max_ops(max_ops); + if (max_ops == PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED) { + min_completes = 1; + max_completes = 1; + } else { + /* Unfortunate, but failure cases tend to fail on the first op. */ + if (expected_complete_status == PSA_SUCCESS) { + min_completes = 2; + } else { + min_completes = 1; + } + + max_completes = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; + } + num_ops_prior = psa_sign_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); @@ -6754,8 +6779,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, - int max_ops, int min_completes, - int max_completes) + int max_ops) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -6767,6 +6791,9 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_OPERATION_INCOMPLETE; size_t num_completes = 0; + size_t min_completes = 0; + size_t max_completes = 0; + psa_sign_hash_interruptible_operation_t sign_operation = psa_sign_hash_interruptible_operation_init(); psa_verify_hash_interruptible_operation_t verify_operation = @@ -6794,6 +6821,14 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, psa_interruptible_set_max_ops(max_ops); + if (max_ops == PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED) { + min_completes = 1; + max_completes = 1; + } else { + min_completes = 2; + max_completes = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; + } + /* Start performing the signature. */ PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, input_data->x, input_data->len)); @@ -6911,8 +6946,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ void verify_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, - data_t *signature_data, int max_ops, - int min_completes, int max_completes) + data_t *signature_data, int max_ops) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -6922,6 +6956,9 @@ void verify_hash_interruptible(int key_type_arg, data_t *key_data, size_t num_ops = 0; size_t num_ops_prior = 0; size_t num_completes = 0; + size_t min_completes = 0; + size_t max_completes = 0; + psa_verify_hash_interruptible_operation_t operation = psa_verify_hash_interruptible_operation_init(); @@ -6938,6 +6975,14 @@ void verify_hash_interruptible(int key_type_arg, data_t *key_data, psa_interruptible_set_max_ops(max_ops); + if (max_ops == PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED) { + min_completes = 1; + max_completes = 1; + } else { + min_completes = 2; + max_completes = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; + } + num_ops_prior = psa_verify_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); @@ -7023,8 +7068,7 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, data_t *signature_data, int expected_start_status_arg, int expected_complete_status_arg, - int max_ops, int min_completes, - int max_completes) + int max_ops) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -7036,6 +7080,8 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, size_t num_ops = 0; size_t num_ops_prior = 0; size_t num_completes = 0; + size_t min_completes = 0; + size_t max_completes = 0; psa_verify_hash_interruptible_operation_t operation = psa_verify_hash_interruptible_operation_init(); @@ -7050,6 +7096,14 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, psa_interruptible_set_max_ops(max_ops); + if (max_ops == PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED) { + min_completes = 1; + max_completes = 1; + } else { + min_completes = 2; + max_completes = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; + } + num_ops_prior = psa_verify_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); From 62dfb95993f3713b4de9f2e4b303e33d653ba85b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 24 Jan 2023 11:29:24 +0000 Subject: [PATCH 098/440] Fix broken negative test Test for unsupported deterministic ECDSA was originally passing due to incorrect code, fixing the code unfortunately broke the test. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index a00f8ed4c..0c4941f59 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4265,9 +4265,13 @@ PSA sign hash interruptible: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign hash interruptible: deterministic ECDSA not supported +PSA sign hash interruptible (no interrupt): deterministic ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:1 + +PSA sign hash interruptible (max interrupt): deterministic ECDSA not supported +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign/verify hash: RSA PKCS#1 v1.5, raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C From 90a91f041c10cf45c3a3ffb178346cace93a5453 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 24 Jan 2023 15:23:25 +0000 Subject: [PATCH 099/440] Ensure structs are not empty even if ECDSA not supported Also make previous changes apply to both interruptible sign hash operation structures rather than just the one as it was. Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index c5a37e63d..ac065c163 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -111,13 +111,11 @@ typedef struct { /* Context structure for the Mbed TLS interruptible sign hash implementation. */ typedef struct { - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx); -#if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx); -#endif /* MBEDTLS_ECP_RESTARTABLE */ size_t MBEDTLS_PRIVATE(curve_bytes); psa_algorithm_t MBEDTLS_PRIVATE(alg); @@ -128,8 +126,13 @@ typedef struct { mbedtls_mpi MBEDTLS_PRIVATE(r); mbedtls_mpi MBEDTLS_PRIVATE(s); -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA */ +#else + /* Make the struct non-empty if algs not supported. */ + unsigned MBEDTLS_PRIVATE(dummy); +#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA && + * MBEDTLS_ECP_RESTARTABLE */ } mbedtls_psa_sign_hash_interruptible_operation_t; #define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, 0, { 0 }, \ @@ -152,6 +155,10 @@ typedef struct { mbedtls_mpi MBEDTLS_PRIVATE(r); mbedtls_mpi MBEDTLS_PRIVATE(s); +#else + /* Make the struct non-empty if algs not supported. */ + unsigned MBEDTLS_PRIVATE(dummy); + #endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA && * MBEDTLS_ECP_RESTARTABLE */ From c4e2be86ef4d4448fa03789691414781e000e41c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 25 Jan 2023 12:42:59 +0000 Subject: [PATCH 100/440] Fix incorrect test dependancies Test for not having determnistic ECDSA was also being run when no ECDSA, and this fails earlier. Fixed this and added a specific test for no ECDSA. Also fixed (swapped) incorrect test descriptions. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 0c4941f59..0cb5f85f3 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4265,13 +4265,17 @@ PSA sign hash interruptible: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +PSA sign hash interruptible: ECDSA not supported +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED + PSA sign hash interruptible (no interrupt): deterministic ECDSA not supported -depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:1 +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash interruptible (max interrupt): deterministic ECDSA not supported -depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:1 PSA sign/verify hash: RSA PKCS#1 v1.5, raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C From cb23311bd012b3206471840cb3904657994d018d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 26 Jan 2023 14:54:47 +0000 Subject: [PATCH 101/440] Fix incorrect test dependencies part 2 Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 0cb5f85f3..486a54457 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4266,7 +4266,7 @@ depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_P sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash interruptible: ECDSA not supported -depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash interruptible (no interrupt): deterministic ECDSA not supported From 1b49ef538443fcd008387cf570028cb6bbf026bf Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 3 Feb 2023 14:27:32 +0000 Subject: [PATCH 102/440] Fix abort documentation. Make it clear that these functions reset the number of ops, and remove statements that say they have no effect. Signed-off-by: Paul Elliott --- include/psa/crypto.h | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 482b58288..d371e1a1c 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4430,7 +4430,13 @@ psa_status_t psa_sign_hash_complete( * \warning This is a beta API, and thus subject to change * at any point. It is not bound by the usual * interface stability promises. - + * + * \note This function is the only function that clears + * the number of ops completed as part of the + * operation. Please ensure you copy this value via + * \c psa_sign_hash_get_num_ops() if required + * before calling. + * * \note Aborting an operation frees all associated * resources except for the \p operation structure * itself. Once aborted, the operation object can @@ -4442,8 +4448,7 @@ psa_status_t psa_sign_hash_complete( * particular, calling \c psa_sign_hash_abort() * after the operation has already been terminated * by a call to \c psa_sign_hash_abort() or - * psa_sign_hash_complete() is safe and has no - * effect. + * psa_sign_hash_complete() is safe. * * \param[in,out] operation Initialized sign hash operation. * @@ -4620,6 +4625,12 @@ psa_status_t psa_verify_hash_complete( * any point. It is not bound by the usual interface * stability promises. * + * \note This function is the only function that clears the + * number of ops completed as part of the operation. + * Please ensure you copy this value via + * \c psa_verify_hash_get_num_ops() if required + * before calling. + * * \note Aborting an operation frees all associated * resources except for the operation structure * itself. Once aborted, the operation object can be @@ -4631,8 +4642,7 @@ psa_status_t psa_verify_hash_complete( * In particular, calling \c psa_verify_hash_abort() * after the operation has already been terminated by * a call to \c psa_verify_hash_abort() or - * psa_verify_hash_complete() is safe and has no - * effect. + * psa_verify_hash_complete() is safe. * * \param[in,out] operation Initialized verify hash operation. * From a3a8abadff79922668ffcbc649a67c4643f96f4b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 3 Feb 2023 14:49:37 +0000 Subject: [PATCH 103/440] Fix operation initialisers if no algorithms defined Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index ac065c163..800024281 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -135,8 +135,14 @@ typedef struct { * MBEDTLS_ECP_RESTARTABLE */ } mbedtls_psa_sign_hash_interruptible_operation_t; +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) #define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, 0, { 0 }, \ { 0 } } +#else +#define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 } +#endif /* Context structure for the Mbed TLS interruptible verify hash * implementation.*/ @@ -165,8 +171,14 @@ typedef struct { } mbedtls_psa_verify_hash_interruptible_operation_t; +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) #define MBEDTLS_VERIFY_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, { 0 }, \ { 0 } } +#else +#define MBEDTLS_VERIFY_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 } +#endif From 4684525ae98eec45b36f6a5324f49fe863ec5a6b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 3 Feb 2023 14:59:11 +0000 Subject: [PATCH 104/440] Remove unrequired mpis from sign operation struct These are only used at the output stage. Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 6 +----- library/psa_crypto.c | 23 +++++++++++------------ 2 files changed, 12 insertions(+), 17 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 800024281..44fa6de4c 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -123,9 +123,6 @@ typedef struct { const uint8_t *MBEDTLS_PRIVATE(hash); size_t MBEDTLS_PRIVATE(hash_length); - mbedtls_mpi MBEDTLS_PRIVATE(r); - mbedtls_mpi MBEDTLS_PRIVATE(s); - #else /* Make the struct non-empty if algs not supported. */ unsigned MBEDTLS_PRIVATE(dummy); @@ -138,8 +135,7 @@ typedef struct { #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) -#define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, 0, { 0 }, \ - { 0 } } +#define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, 0 } #else #define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 } #endif diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 748cb13f8..78d8702d0 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3511,9 +3511,6 @@ psa_status_t mbedtls_psa_sign_hash_start( mbedtls_ecdsa_restart_init(&operation->restart_ctx); - mbedtls_mpi_init(&operation->r); - mbedtls_mpi_init(&operation->s); - operation->curve_bytes = PSA_BITS_TO_BYTES( operation->ctx->grp.pbits); @@ -3547,6 +3544,8 @@ psa_status_t mbedtls_psa_sign_hash_complete( size_t *signature_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + mbedtls_mpi r; + mbedtls_mpi s; #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ @@ -3556,13 +3555,16 @@ psa_status_t mbedtls_psa_sign_hash_complete( return PSA_ERROR_BUFFER_TOO_SMALL; } + mbedtls_mpi_init(&r); + mbedtls_mpi_init(&s); if (PSA_ALG_ECDSA_IS_DETERMINISTIC(operation->alg)) { + #if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) status = mbedtls_to_psa_error( mbedtls_ecdsa_sign_det_restartable(&operation->ctx->grp, - &operation->r, - &operation->s, + &r, + &s, &operation->ctx->d, operation->hash, operation->hash_length, @@ -3577,8 +3579,8 @@ psa_status_t mbedtls_psa_sign_hash_complete( status = mbedtls_to_psa_error( mbedtls_ecdsa_sign_restartable(&operation->ctx->grp, - &operation->r, - &operation->s, + &r, + &s, &operation->ctx->d, operation->hash, operation->hash_length, @@ -3593,7 +3595,7 @@ psa_status_t mbedtls_psa_sign_hash_complete( return status; } else { status = mbedtls_to_psa_error( - mbedtls_mpi_write_binary(&operation->r, + mbedtls_mpi_write_binary(&r, signature, operation->curve_bytes)); @@ -3602,7 +3604,7 @@ psa_status_t mbedtls_psa_sign_hash_complete( } status = mbedtls_to_psa_error( - mbedtls_mpi_write_binary(&operation->s, + mbedtls_mpi_write_binary(&s, signature + operation->curve_bytes, operation->curve_bytes)); @@ -3645,9 +3647,6 @@ psa_status_t mbedtls_psa_sign_hash_abort( mbedtls_ecdsa_restart_free(&operation->restart_ctx); - mbedtls_mpi_free(&operation->r); - mbedtls_mpi_free(&operation->s); - return PSA_SUCCESS; #else From 4ca521fcdb5acc9081209b3e09c2244866ec804d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 3 Feb 2023 15:02:54 +0000 Subject: [PATCH 105/440] Remove obsolete comments Signed-off-by: Paul Elliott --- include/psa/crypto_struct.h | 6 ------ 1 file changed, 6 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index bc56a4fa6..1153b8e78 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -493,9 +493,6 @@ static inline size_t psa_get_key_bits( /** * \brief The context for PSA interruptible hash signing. - * - * \note Contents not yet designed as implementation specific. - * */ struct psa_sign_hash_interruptible_operation_s { /** Unique ID indicating which driver got assigned to do the @@ -524,9 +521,6 @@ psa_sign_hash_interruptible_operation_init(void) /** * \brief The context for PSA interruptible hash verification. - * - * \note Contents not yet designed as implementation specific. - * */ struct psa_verify_hash_interruptible_operation_s { /** Unique ID indicating which driver got assigned to do the From ab7c5c8550443b0fdf565bea1d862a41fd176cb0 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 3 Feb 2023 15:49:42 +0000 Subject: [PATCH 106/440] Change incorrect define for MAX_OPS_UNLIMITED Signed-off-by: Paul Elliott --- include/psa/crypto_values.h | 2 +- tests/suites/test_suite_psa_crypto.function | 24 +++++++++++++-------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 07e96f70b..39acd96c5 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -2756,7 +2756,7 @@ static inline int mbedtls_svc_key_id_is_null(mbedtls_svc_key_id_t key) * the maximum number of ops allowed to be executed by an interruptible * function in a single call. */ -#define PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED INT32_MAX +#define PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED UINT32_MAX /**@}*/ diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 7f50e960c..7b9daaec1 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6447,7 +6447,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ void sign_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, - data_t *output_data, int max_ops) + data_t *output_data, int max_ops_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -6458,11 +6458,13 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, size_t signature_length = 0xdeadbeef; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_OPERATION_INCOMPLETE; - size_t num_ops = 0; + uint32_t num_ops = 0; + uint32_t max_ops = max_ops_arg; size_t num_ops_prior = 0; size_t num_completes = 0; size_t min_completes = 0; size_t max_completes = 0; + psa_sign_hash_interruptible_operation_t operation = psa_sign_hash_interruptible_operation_init(); @@ -6599,7 +6601,7 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, int signature_size_arg, int expected_start_status_arg, int expected_complete_status_arg, - int max_ops) + int max_ops_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -6610,7 +6612,8 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, psa_status_t expected_complete_status = expected_complete_status_arg; unsigned char *signature = NULL; size_t signature_length = 0xdeadbeef; - size_t num_ops = 0; + uint32_t num_ops = 0; + uint32_t max_ops = max_ops_arg; size_t num_ops_prior = 0; size_t num_completes = 0; size_t min_completes = 0; @@ -6779,7 +6782,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, - int max_ops) + int max_ops_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -6790,6 +6793,7 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, size_t signature_length = 0xdeadbeef; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_OPERATION_INCOMPLETE; + uint32_t max_ops = max_ops_arg; size_t num_completes = 0; size_t min_completes = 0; size_t max_completes = 0; @@ -6946,14 +6950,15 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ void verify_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, - data_t *signature_data, int max_ops) + data_t *signature_data, int max_ops_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_OPERATION_INCOMPLETE; - size_t num_ops = 0; + uint32_t num_ops = 0; + uint32_t max_ops = max_ops_arg; size_t num_ops_prior = 0; size_t num_completes = 0; size_t min_completes = 0; @@ -7068,7 +7073,7 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, data_t *signature_data, int expected_start_status_arg, int expected_complete_status_arg, - int max_ops) + int max_ops_arg) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -7077,7 +7082,8 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, psa_status_t expected_start_status = expected_start_status_arg; psa_status_t expected_complete_status = expected_complete_status_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - size_t num_ops = 0; + uint32_t num_ops = 0; + uint32_t max_ops = max_ops_arg; size_t num_ops_prior = 0; size_t num_completes = 0; size_t min_completes = 0; From e17a8fd9fd3e8a35c599656efbf86fa8af48193e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 3 Feb 2023 16:15:36 +0000 Subject: [PATCH 107/440] Remove unneeded warning from internal headers Signed-off-by: Paul Elliott --- library/psa_crypto_core.h | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 2f3cb6458..610d78033 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -610,9 +610,6 @@ psa_status_t psa_key_agreement_raw_builtin( * \brief Set the maximum number of ops allowed to be executed by an * interruptible function in a single call. * - * \warning This is a beta API, and thus subject to change at any point. It is - * not bound by the usual interface stability promises. - * * \note The signature of this function is that of a PSA driver * interruptible_set_max_ops entry point. This function behaves as an * interruptible_set_max_ops entry point as defined in the PSA driver @@ -630,9 +627,6 @@ void mbedtls_psa_interruptible_set_max_ops(uint32_t max_ops); * \brief Get the maximum number of ops allowed to be executed by an * interruptible function in a single call. * - * \warning This is a beta API, and thus subject to change at any point. It is - * not bound by the usual interface stability promises. - * * \note The signature of this function is that of a PSA driver * interruptible_get_max_ops entry point. This function behaves as an * interruptible_get_max_ops entry point as defined in the PSA driver @@ -650,9 +644,6 @@ uint32_t mbedtls_psa_interruptible_get_max_ops(void); * or calling psa_sign_hash_interruptible_abort() on the operation, a * value of 0 will be returned. * - * \warning This is a beta API, and thus subject to change at any point. It is - * not bound by the usual interface stability promises. - * * \note The signature of this function is that of a PSA driver * sign_get_num_ops entry point. This function behaves as a * sign_get_num_ops entry point as defined in the PSA driver interface @@ -675,9 +666,6 @@ uint32_t mbedtls_psa_sign_hash_get_num_ops( * or calling psa_verify_hash_interruptible_abort() on the operation, a * value of 0 will be returned. * - * \warning This is a beta API, and thus subject to change at any point. It is - * not bound by the usual interface stability promises. - * * \note The signature of this function is that of a PSA driver * verify_get_num_ops entry point. This function behaves as a * verify_get_num_ops entry point as defined in the PSA driver interface @@ -697,9 +685,6 @@ uint32_t mbedtls_psa_verify_hash_get_num_ops( * \brief Start signing a hash or short message with a private key, in an * interruptible manner. * - * \warning This is a beta API, and thus subject to change at any point. It is - * not bound by the usual interface stability promises. - * * \note The signature of this function is that of a PSA driver * sign_hash_start entry point. This function behaves as a * sign_hash_start entry point as defined in the PSA driver interface @@ -738,9 +723,6 @@ psa_status_t mbedtls_psa_sign_hash_start( * \brief Continue and eventually complete the action of signing a hash or * short message with a private key, in an interruptible manner. * - * \warning This is a beta API, and thus subject to change at any point. It is - * not bound by the usual interface stability promises. - * * \note The signature of this function is that of a PSA driver * sign_hash_complete entry point. This function behaves as a * sign_hash_complete entry point as defined in the PSA driver interface @@ -786,9 +768,6 @@ psa_status_t mbedtls_psa_sign_hash_complete( /** * \brief Abort a sign hash operation. * - * \warning This is a beta API, and thus subject to change at any point. It is - * not bound by the usual interface stability promises. - * * \note The signature of this function is that of a PSA driver sign_hash_abort * entry point. This function behaves as a sign_hash_abort entry point as * defined in the PSA driver interface specification for transparent @@ -808,9 +787,6 @@ psa_status_t mbedtls_psa_sign_hash_abort( * \brief Start reading and verifying a hash or short message, in an * interruptible manner. * - * \warning This is a beta API, and thus subject to change at any point. It is - * not bound by the usual interface stability promises. - * * \note The signature of this function is that of a PSA driver * verify_hash_start entry point. This function behaves as a * verify_hash_start entry point as defined in the PSA driver interface @@ -853,9 +829,6 @@ psa_status_t mbedtls_psa_verify_hash_start( * \brief Continue and eventually complete the action of signing a hash or * short message with a private key, in an interruptible manner. * - * \warning This is a beta API, and thus subject to change at any point. It is - * not bound by the usual interface stability promises. - * * \note The signature of this function is that of a PSA driver * sign_hash_complete entry point. This function behaves as a * sign_hash_complete entry point as defined in the PSA driver interface @@ -887,9 +860,6 @@ psa_status_t mbedtls_psa_verify_hash_complete( /** * \brief Abort a verify signed hash operation. * - * \warning This is a beta API, and thus subject to change at any point. It is - * not bound by the usual interface stability promises. - * * \note The signature of this function is that of a PSA driver * verify_hash_abort entry point. This function behaves as a * verify_hash_abort entry point as defined in the PSA driver interface From 096abc4dc0dd1cabf2f5f3350727e9b1b401c290 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 3 Feb 2023 18:33:23 +0000 Subject: [PATCH 108/440] Remove incorrect copied comment Signed-off-by: Paul Elliott --- library/psa_crypto.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 78d8702d0..2797291dc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3246,10 +3246,8 @@ psa_status_t psa_sign_hash_complete( goto exit; } - /* Immediately reject a zero-length signature buffer. This guarantees - * that signature must be a valid pointer. (On the other hand, the input - * buffer can in principle be empty since it doesn't actually have - * to be a hash.) */ + /* Immediately reject a zero-length signature buffer. This guarantees that + * signature must be a valid pointer. */ if (signature_size == 0) { status = PSA_ERROR_BUFFER_TOO_SMALL; goto exit; From 1bc59df92c4c82f284635bbb16fb1499e746c5df Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 5 Feb 2023 13:41:57 +0000 Subject: [PATCH 109/440] Rename curve_bytes to coordinate_bytes Also remove unneeded instance from verify operation struct. Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 3 +-- library/psa_crypto.c | 27 +++++++++++++------------ 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 44fa6de4c..7122cc829 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -117,7 +117,7 @@ typedef struct { mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx); mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx); - size_t MBEDTLS_PRIVATE(curve_bytes); + size_t MBEDTLS_PRIVATE(coordinate_bytes); psa_algorithm_t MBEDTLS_PRIVATE(alg); mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg); const uint8_t *MBEDTLS_PRIVATE(hash); @@ -150,7 +150,6 @@ typedef struct { mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx); mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx); - size_t MBEDTLS_PRIVATE(curve_bytes); const uint8_t *MBEDTLS_PRIVATE(hash); size_t MBEDTLS_PRIVATE(hash_length); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2797291dc..dcc6ab857 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3509,7 +3509,7 @@ psa_status_t mbedtls_psa_sign_hash_start( mbedtls_ecdsa_restart_init(&operation->restart_ctx); - operation->curve_bytes = PSA_BITS_TO_BYTES( + operation->coordinate_bytes = PSA_BITS_TO_BYTES( operation->ctx->grp.pbits); psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); @@ -3549,7 +3549,7 @@ psa_status_t mbedtls_psa_sign_hash_complete( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) - if (signature_size < 2 * operation->curve_bytes) { + if (signature_size < 2 * operation->coordinate_bytes) { return PSA_ERROR_BUFFER_TOO_SMALL; } @@ -3595,7 +3595,8 @@ psa_status_t mbedtls_psa_sign_hash_complete( status = mbedtls_to_psa_error( mbedtls_mpi_write_binary(&r, signature, - operation->curve_bytes)); + operation->coordinate_bytes) + ); if (status != PSA_SUCCESS) { return status; @@ -3604,14 +3605,15 @@ psa_status_t mbedtls_psa_sign_hash_complete( status = mbedtls_to_psa_error( mbedtls_mpi_write_binary(&s, signature + - operation->curve_bytes, - operation->curve_bytes)); + operation->coordinate_bytes, + operation->coordinate_bytes) + ); if (status != PSA_SUCCESS) { return status; } - *signature_length = operation->curve_bytes * 2; + *signature_length = operation->coordinate_bytes * 2; return PSA_SUCCESS; } @@ -3667,6 +3669,7 @@ psa_status_t mbedtls_psa_verify_hash_start( const uint8_t *signature, size_t signature_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t coordinate_bytes = 0; if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { return PSA_ERROR_NOT_SUPPORTED; @@ -3695,11 +3698,9 @@ psa_status_t mbedtls_psa_verify_hash_start( return status; } - operation->curve_bytes = PSA_BITS_TO_BYTES( - operation->ctx->grp.pbits); + coordinate_bytes = PSA_BITS_TO_BYTES(operation->ctx->grp.pbits); - - if (signature_length != 2 * operation->curve_bytes) { + if (signature_length != 2 * coordinate_bytes) { return PSA_ERROR_INVALID_SIGNATURE; } @@ -3707,7 +3708,7 @@ psa_status_t mbedtls_psa_verify_hash_start( status = mbedtls_to_psa_error( mbedtls_mpi_read_binary(&operation->r, signature, - operation->curve_bytes)); + coordinate_bytes)); if (status != PSA_SUCCESS) { return status; @@ -3717,8 +3718,8 @@ psa_status_t mbedtls_psa_verify_hash_start( status = mbedtls_to_psa_error( mbedtls_mpi_read_binary(&operation->s, signature + - operation->curve_bytes, - operation->curve_bytes)); + coordinate_bytes, + coordinate_bytes)); if (status != PSA_SUCCESS) { return status; From 813f9cdcbbf43307952ee18ce835dadc9d9b478c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 5 Feb 2023 15:28:46 +0000 Subject: [PATCH 110/440] Non ECDSA algorithms should return not supported Signed-off-by: Paul Elliott --- library/psa_crypto.c | 4 ++-- tests/suites/test_suite_psa_crypto.data | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index dcc6ab857..93b404569 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3485,7 +3485,7 @@ psa_status_t mbedtls_psa_sign_hash_start( } if (!PSA_ALG_IS_ECDSA(alg)) { - return PSA_ERROR_INVALID_ARGUMENT; + return PSA_ERROR_NOT_SUPPORTED; } #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ @@ -3676,7 +3676,7 @@ psa_status_t mbedtls_psa_verify_hash_start( } if (!PSA_ALG_IS_ECDSA(alg)) { - return PSA_ERROR_INVALID_ARGUMENT; + return PSA_ERROR_NOT_SUPPORTED; } #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 486a54457..8981adc0b 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4263,7 +4263,7 @@ sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):" PSA sign hash interruptible: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash interruptible: ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED @@ -4551,7 +4551,7 @@ verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R PSA verify hash interruptible: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA interruptible hash state test: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 From 0e9d6bd3f8041e86a77d3b592bc730e18ca37f93 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 5 Feb 2023 15:32:53 +0000 Subject: [PATCH 111/440] Replace MBEDTLS_ECP_DP_SECP384R1_ENABLED With more appropriate PSA_WANT_ECC_SECP_R1_384 Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 8981adc0b..ccee39b6f 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4230,7 +4230,7 @@ depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_P sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: deterministic ECDSA not supported -depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED PSA sign hash interruptible (no interrupt): deterministic ECDSA SECP256R1 SHA-256, output buffer too small @@ -4266,15 +4266,15 @@ depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_P sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash interruptible: ECDSA not supported -depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash interruptible (no interrupt): deterministic ECDSA not supported -depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash interruptible (max interrupt): deterministic ECDSA not supported -depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:1 PSA sign/verify hash: RSA PKCS#1 v1.5, raw From f9c91a7fb5766cdb5b85a6dc3292c155e8309c26 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 5 Feb 2023 18:06:38 +0000 Subject: [PATCH 112/440] Store the hash, rather than the pointer For sign and verify, the pointer passed in to the hash is not guaranteed to remain valid inbetween calls, thus we need to store the hash in the operation. Added a test to ensure this is the case. Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 4 +-- library/psa_crypto.c | 24 +++++++++++-- library/psa_crypto_core.h | 6 ++-- tests/suites/test_suite_psa_crypto.function | 40 +++++++++++++++++++++ 4 files changed, 68 insertions(+), 6 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 7122cc829..ba3d25302 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -120,7 +120,7 @@ typedef struct { size_t MBEDTLS_PRIVATE(coordinate_bytes); psa_algorithm_t MBEDTLS_PRIVATE(alg); mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg); - const uint8_t *MBEDTLS_PRIVATE(hash); + uint8_t *MBEDTLS_PRIVATE(hash); size_t MBEDTLS_PRIVATE(hash_length); #else @@ -150,7 +150,7 @@ typedef struct { mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx); mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx); - const uint8_t *MBEDTLS_PRIVATE(hash); + uint8_t *MBEDTLS_PRIVATE(hash); size_t MBEDTLS_PRIVATE(hash_length); mbedtls_mpi MBEDTLS_PRIVATE(r); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 93b404569..a3bc80698 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3516,7 +3516,13 @@ psa_status_t mbedtls_psa_sign_hash_start( operation->md_alg = mbedtls_hash_info_md_from_psa(hash_alg); operation->alg = alg; - operation->hash = hash; + operation->hash = mbedtls_calloc(1, hash_length); + + if (operation->hash == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(operation->hash, hash, hash_length); operation->hash_length = hash_length; return PSA_SUCCESS; @@ -3643,8 +3649,12 @@ psa_status_t mbedtls_psa_sign_hash_abort( if (operation->ctx) { mbedtls_ecdsa_free(operation->ctx); mbedtls_free(operation->ctx); + operation->ctx = NULL; } + mbedtls_free(operation->hash); + operation->hash = NULL; + mbedtls_ecdsa_restart_free(&operation->restart_ctx); return PSA_SUCCESS; @@ -3743,7 +3753,13 @@ psa_status_t mbedtls_psa_verify_hash_start( mbedtls_ecdsa_restart_init(&operation->restart_ctx); - operation->hash = hash; + operation->hash = mbedtls_calloc(1, hash_length); + + if (operation->hash == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(operation->hash, hash, hash_length); operation->hash_length = hash_length; return PSA_SUCCESS; @@ -3802,8 +3818,12 @@ psa_status_t mbedtls_psa_verify_hash_abort( if (operation->ctx) { mbedtls_ecdsa_free(operation->ctx); mbedtls_free(operation->ctx); + operation->ctx = NULL; } + mbedtls_free(operation->hash); + operation->hash = NULL; + mbedtls_ecdsa_restart_free(&operation->restart_ctx); mbedtls_mpi_free(&operation->r); diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 610d78033..f74db7088 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -711,7 +711,8 @@ uint32_t mbedtls_psa_verify_hash_get_num_ops( * \retval #PSA_ERROR_NOT_SUPPORTED Either no internal interruptible operations * are currently supported, or the key type is currently unsupported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * There was insufficient memory to load the key representation. + * There was insufficient memory either to load the key representation, + * or to store the hash. */ psa_status_t mbedtls_psa_sign_hash_start( mbedtls_psa_sign_hash_interruptible_operation_t *operation, @@ -815,7 +816,8 @@ psa_status_t mbedtls_psa_sign_hash_abort( * Either no internal interruptible operations are currently supported, * or the key type is currently unsupported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * There was insufficient memory to load the key representation. + * There was insufficient memory either to load the key representation, + * or to store the hash. */ psa_status_t mbedtls_psa_verify_hash_start( mbedtls_psa_verify_hash_interruptible_operation_t *operation, diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 7b9daaec1..f050abfa4 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7174,6 +7174,7 @@ void hash_interruptible_state_test(int key_type_arg, data_t *key_data, size_t signature_size; size_t signature_length = 0xdeadbeef; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t *input_buffer = NULL; psa_sign_hash_interruptible_operation_t sign_operation = psa_sign_hash_interruptible_operation_init(); psa_verify_hash_interruptible_operation_t verify_operation = @@ -7351,6 +7352,45 @@ void hash_interruptible_state_test(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + /* Trash the hash buffer in between start and complete, to ensure + * no reliance on external buffers. */ + psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); + + input_buffer = mbedtls_calloc(1, input_data->len); + TEST_ASSERT(input_buffer != NULL); + + memcpy(input_buffer, input_data->x, input_data->len); + + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_buffer, input_data->len)); + + memset(input_buffer, '!', input_data->len); + mbedtls_free(input_buffer); + input_buffer = NULL; + + PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length)); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + input_buffer = mbedtls_calloc(1, input_data->len); + TEST_ASSERT(input_buffer != NULL); + + memcpy(input_buffer, input_data->x, input_data->len); + + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_buffer, input_data->len, + signature, signature_length)); + + memset(input_buffer, '!', input_data->len); + mbedtls_free(input_buffer); + input_buffer = NULL; + + PSA_ASSERT(psa_verify_hash_complete(&verify_operation)); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + exit: /* * Key attributes may have been returned by psa_get_key_attributes() From c9774411d4b90d32b6f0821aca4d53dec461f8c4 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 6 Feb 2023 15:14:07 +0000 Subject: [PATCH 113/440] Ensure that operation is put into error state if error occurs If an error occurs, calling any function on the same operation should return PSA_ERROR_BAD_STATE, and we were not honouring that for all errors. Add extra failure tests to try and ratify this. Signed-off-by: Paul Elliott --- include/psa/crypto_struct.h | 8 +++- library/psa_crypto.c | 51 ++++++++++++++++----- tests/suites/test_suite_psa_crypto.function | 44 ++++++++++++++---- 3 files changed, 79 insertions(+), 24 deletions(-) diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index 1153b8e78..934bc176e 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -505,10 +505,12 @@ struct psa_sign_hash_interruptible_operation_s { psa_driver_sign_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx); + unsigned int MBEDTLS_PRIVATE(error_occurred) : 1; + uint32_t MBEDTLS_PRIVATE(num_ops); }; -#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0 } +#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 } static inline struct psa_sign_hash_interruptible_operation_s psa_sign_hash_interruptible_operation_init(void) @@ -533,10 +535,12 @@ struct psa_verify_hash_interruptible_operation_s { psa_driver_verify_hash_interruptible_context_t MBEDTLS_PRIVATE(ctx); + unsigned int MBEDTLS_PRIVATE(error_occurred) : 1; + uint32_t MBEDTLS_PRIVATE(num_ops); }; -#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0 } +#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 } static inline struct psa_verify_hash_interruptible_operation_s psa_verify_hash_interruptible_operation_init(void) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a3bc80698..882cb968f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3183,14 +3183,15 @@ psa_status_t psa_sign_hash_start( psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - /* Check that start has not been previously called. */ - if (operation->id != 0) { + /* Check that start has not been previously called, or operation has not + * previously errored. */ + if (operation->id != 0 || operation->error_occurred) { return PSA_ERROR_BAD_STATE; } - status = psa_sign_verify_check_alg(0, alg); if (status != PSA_SUCCESS) { + operation->error_occurred = 1; return status; } @@ -3221,13 +3222,17 @@ psa_status_t psa_sign_hash_start( exit: if (status != PSA_SUCCESS) { + operation->error_occurred = 1; psa_sign_hash_abort_internal(operation); } unlock_status = psa_unlock_key_slot(slot); - return (status == PSA_SUCCESS) ? unlock_status : status; + if (unlock_status != PSA_SUCCESS) { + operation->error_occurred = 1; + } + return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -3240,8 +3245,9 @@ psa_status_t psa_sign_hash_complete( *signature_length = 0; - /* Check that start has been called first. */ - if (operation->id == 0) { + /* Check that start has been called first, and that operation has not + * previously errored. */ + if (operation->id == 0 || operation->error_occurred) { status = PSA_ERROR_BAD_STATE; goto exit; } @@ -3276,6 +3282,10 @@ exit: /* If signature_size is 0 then we have nothing to do. We must not * call memset because signature may be NULL in this case.*/ + if (status != PSA_SUCCESS) { + operation->error_occurred = 1; + } + psa_sign_hash_abort_internal(operation); } @@ -3293,6 +3303,9 @@ psa_status_t psa_sign_hash_abort( * the operation fails or succeeds, only on manual abort. */ operation->num_ops = 0; + /* Likewise, failure state. */ + operation->error_occurred = 0; + return status; } @@ -3325,13 +3338,15 @@ psa_status_t psa_verify_hash_start( psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot; - /* Check that start has not been previously called. */ - if (operation->id != 0) { + /* Check that start has not been previously called, or operation has not + * previously errored. */ + if (operation->id != 0 || operation->error_occurred) { return PSA_ERROR_BAD_STATE; } status = psa_sign_verify_check_alg(0, alg); if (status != PSA_SUCCESS) { + operation->error_occurred = 1; return status; } @@ -3340,6 +3355,7 @@ psa_status_t psa_verify_hash_start( alg); if (status != PSA_SUCCESS) { + operation->error_occurred = 1; return status; } @@ -3357,14 +3373,17 @@ psa_status_t psa_verify_hash_start( signature, signature_length); if (status != PSA_SUCCESS) { + operation->error_occurred = 1; psa_verify_hash_abort_internal(operation); } unlock_status = psa_unlock_key_slot(slot); - return (status == PSA_SUCCESS) ? unlock_status : status; + if (unlock_status != PSA_SUCCESS) { + operation->error_occurred = 1; + } - return status; + return (status == PSA_SUCCESS) ? unlock_status : status; } psa_status_t psa_verify_hash_complete( @@ -3372,8 +3391,9 @@ psa_status_t psa_verify_hash_complete( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - /* Check that start has been called first. */ - if (operation->id == 0) { + /* Check that start has been called first, and that operation has not + * previously errored. */ + if (operation->id == 0 || operation->error_occurred) { status = PSA_ERROR_BAD_STATE; goto exit; } @@ -3387,6 +3407,10 @@ exit: operation); if (status != PSA_OPERATION_INCOMPLETE) { + if (status != PSA_SUCCESS) { + operation->error_occurred = 1; + } + psa_verify_hash_abort_internal(operation); } @@ -3404,6 +3428,9 @@ psa_status_t psa_verify_hash_abort( * the operation fails or succeeds, only on manual abort. */ operation->num_ops = 0; + /* Likewise, failure state. */ + operation->error_occurred = 0; + return status; } diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f050abfa4..bee923229 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6659,6 +6659,13 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, TEST_EQUAL(actual_status, expected_start_status); + if (expected_start_status != PSA_SUCCESS) { + actual_status = psa_sign_hash_start(&operation, key, alg, + input_data->x, input_data->len); + + TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); + } + num_ops_prior = psa_sign_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); @@ -6679,12 +6686,14 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, } } while (actual_status == PSA_OPERATION_INCOMPLETE); - /* If the psa_sign_hash_start() failed, psa_sign_hash_complete() - * should also fail with bad state. */ - if (expected_start_status != PSA_SUCCESS) { + TEST_EQUAL(actual_status, expected_complete_status); + + if (expected_complete_status != PSA_SUCCESS) { + actual_status = psa_sign_hash_complete(&operation, signature, + signature_size, + &signature_length); + TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); - } else if (actual_status != PSA_OPERATION_INCOMPLETE) { - TEST_EQUAL(actual_status, expected_complete_status); } PSA_ASSERT(psa_sign_hash_abort(&operation)); @@ -7121,6 +7130,15 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, TEST_EQUAL(actual_status, expected_start_status); + if (expected_start_status != PSA_SUCCESS) { + actual_status = psa_verify_hash_start(&operation, key, alg, + hash_data->x, hash_data->len, + signature_data->x, + signature_data->len); + + TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); + } + num_ops_prior = psa_verify_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); @@ -7139,12 +7157,12 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, } } while (actual_status == PSA_OPERATION_INCOMPLETE); - /* If the psa_verify_hash_start() failed, - * psa_verify_hash_complete() should also fail with bad state.*/ - if (expected_start_status != PSA_SUCCESS) { + TEST_EQUAL(actual_status, expected_complete_status); + + if (expected_complete_status != PSA_SUCCESS) { + actual_status = psa_verify_hash_complete(&operation); + TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); - } else if (actual_status != PSA_OPERATION_INCOMPLETE) { - TEST_EQUAL(actual_status, expected_complete_status); } TEST_LE_U(min_completes, num_completes); @@ -7350,6 +7368,12 @@ void hash_interruptible_state_test(int key_type_arg, data_t *key_data, &signature_length), PSA_ERROR_BUFFER_TOO_SMALL); + /* And test that this invalidates the operation. */ + TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, + 0, + &signature_length), + PSA_ERROR_BAD_STATE); + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); /* Trash the hash buffer in between start and complete, to ensure From eefe47292ca04717ffca05e3b6abbc5429cc96c9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 6 Feb 2023 15:59:09 +0000 Subject: [PATCH 114/440] Move loading of public part of ECP into function Signed-off-by: Paul Elliott --- library/psa_crypto.c | 16 +++------------- library/psa_crypto_ecp.c | 23 +++++++++++++++++------ library/psa_crypto_ecp.h | 9 +++++++++ 3 files changed, 29 insertions(+), 19 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 882cb968f..62828bdb4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3762,20 +3762,10 @@ psa_status_t mbedtls_psa_verify_hash_start( return status; } - /* Check whether the public part is loaded. If not, load it. */ - if (mbedtls_ecp_is_zero(&operation->ctx->Q)) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + int ret = mbedtls_psa_ecp_load_public_part(operation->ctx); - ret = mbedtls_ecp_mul(&operation->ctx->grp, - &operation->ctx->Q, - &operation->ctx->d, - &operation->ctx->grp.G, - mbedtls_psa_get_random, - MBEDTLS_PSA_RANDOM_STATE); - - if (ret != 0) { - return mbedtls_to_psa_error(ret); - } + if (ret != 0) { + return mbedtls_to_psa_error(ret); } mbedtls_ecdsa_restart_init(&operation->restart_ctx); diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index c4ccefd75..cc80f2776 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -404,6 +404,21 @@ cleanup: return mbedtls_to_psa_error(ret); } +int mbedtls_psa_ecp_load_public_part(mbedtls_ecp_keypair *ecp) +{ + int ret = 0; + + /* Check whether the public part is loaded. If not, load it. */ + if (mbedtls_ecp_is_zero(&ecp->Q)) { + ret = mbedtls_ecp_mul(&ecp->grp, &ecp->Q, + &ecp->d, &ecp->grp.G, + mbedtls_psa_get_random, + MBEDTLS_PSA_RANDOM_STATE); + } + + return ret; +} + psa_status_t mbedtls_psa_ecdsa_verify_hash( const psa_key_attributes_t *attributes, const uint8_t *key_buffer, size_t key_buffer_size, @@ -443,12 +458,8 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash( signature + curve_bytes, curve_bytes)); - /* Check whether the public part is loaded. If not, load it. */ - if (mbedtls_ecp_is_zero(&ecp->Q)) { - MBEDTLS_MPI_CHK( - mbedtls_ecp_mul(&ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G, - mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE)); - } + MBEDTLS_MPI_CHK(mbedtls_psa_ecp_load_public_part(ecp)); + ret = mbedtls_ecdsa_verify(&ecp->grp, hash, hash_length, &ecp->Q, &r, &s); diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index 71f9d6acc..8b567fe3b 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -48,6 +48,15 @@ psa_status_t mbedtls_psa_ecp_load_representation(psa_key_type_t type, size_t data_length, mbedtls_ecp_keypair **p_ecp); +/** Load the public part of an internal ECP, if required. + * + * \param ecp The ECP context to load the public part for. + * + * \return 0 on success, otherwise an MPI error. + */ + +int mbedtls_psa_ecp_load_public_part(mbedtls_ecp_keypair *ecp); + /** Import an ECP key in binary format. * * \note The signature of this function is that of a PSA driver From 6f60037589394947ebc08bfc3030231b2e08cd66 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 6 Feb 2023 18:41:05 +0000 Subject: [PATCH 115/440] Move {min|max}_complete choice logic into function Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 80 ++++++++++----------- 1 file changed, 39 insertions(+), 41 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index bee923229..a1b3c902b 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1220,6 +1220,31 @@ typedef enum { INJECT_ANTICIPATE_KEY_DERIVATION_2, } ecjpake_injected_failure_t; +static void interruptible_signverify_get_minmax_completes(uint32_t max_ops, + psa_status_t expected_status, + size_t *min_completes, + size_t *max_completes) +{ + + /* This is slightly contrived, but we only really know that with a minimum + value of max_ops that a successful operation should take more than one op + to complete, and likewise that with a max_ops of + PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, it should complete in one go. */ + if (max_ops == 0 || max_ops == 1) { + /* Failure test cases will fail on the first op. */ + if (expected_status == PSA_SUCCESS) { + *min_completes = 2; + } else { + *min_completes = 1; + } + + *max_completes = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; + } else { + *min_completes = 1; + *max_completes = 1; + } +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -6489,13 +6514,8 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, psa_interruptible_set_max_ops(max_ops); - if (max_ops == PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED) { - min_completes = 1; - max_completes = 1; - } else { - min_completes = 2; - max_completes = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; - } + interruptible_signverify_get_minmax_completes(max_ops, PSA_SUCCESS, + &min_completes, &max_completes); num_ops_prior = psa_sign_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); @@ -6636,19 +6656,10 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, psa_interruptible_set_max_ops(max_ops); - if (max_ops == PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED) { - min_completes = 1; - max_completes = 1; - } else { - /* Unfortunate, but failure cases tend to fail on the first op. */ - if (expected_complete_status == PSA_SUCCESS) { - min_completes = 2; - } else { - min_completes = 1; - } - - max_completes = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; - } + interruptible_signverify_get_minmax_completes(max_ops, + expected_complete_status, + &min_completes, + &max_completes); num_ops_prior = psa_sign_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); @@ -6834,13 +6845,8 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, psa_interruptible_set_max_ops(max_ops); - if (max_ops == PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED) { - min_completes = 1; - max_completes = 1; - } else { - min_completes = 2; - max_completes = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; - } + interruptible_signverify_get_minmax_completes(max_ops, PSA_SUCCESS, + &min_completes, &max_completes); /* Start performing the signature. */ PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, @@ -6989,13 +6995,8 @@ void verify_hash_interruptible(int key_type_arg, data_t *key_data, psa_interruptible_set_max_ops(max_ops); - if (max_ops == PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED) { - min_completes = 1; - max_completes = 1; - } else { - min_completes = 2; - max_completes = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; - } + interruptible_signverify_get_minmax_completes(max_ops, PSA_SUCCESS, + &min_completes, &max_completes); num_ops_prior = psa_verify_hash_get_num_ops(&operation); @@ -7111,13 +7112,10 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, psa_interruptible_set_max_ops(max_ops); - if (max_ops == PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED) { - min_completes = 1; - max_completes = 1; - } else { - min_completes = 2; - max_completes = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; - } + interruptible_signverify_get_minmax_completes(max_ops, + expected_complete_status, + &min_completes, + &max_completes); num_ops_prior = psa_verify_hash_get_num_ops(&operation); TEST_ASSERT(num_ops_prior == 0); From 1243f93ccaeb1b4b41e67cbb89af42270de4969e Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 7 Feb 2023 11:21:10 +0000 Subject: [PATCH 116/440] Fix build fails with non ECDSA / restartable builds Signed-off-by: Paul Elliott --- library/psa_crypto.c | 6 ++++-- tests/suites/test_suite_psa_crypto.function | 7 +++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 62828bdb4..b8abfd09e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3575,13 +3575,14 @@ psa_status_t mbedtls_psa_sign_hash_complete( size_t *signature_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - mbedtls_mpi r; - mbedtls_mpi s; #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_mpi r; + mbedtls_mpi s; + if (signature_size < 2 * operation->coordinate_bytes) { return PSA_ERROR_BUFFER_TOO_SMALL; } @@ -3790,6 +3791,7 @@ psa_status_t mbedtls_psa_verify_hash_start( (void) signature; (void) signature_length; (void) status; + (void) coordinate_bytes; return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index a1b3c902b..7ad856924 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1220,6 +1220,10 @@ typedef enum { INJECT_ANTICIPATE_KEY_DERIVATION_2, } ecjpake_injected_failure_t; +#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ + defined(MBEDTLS_ECP_RESTARTABLE) + static void interruptible_signverify_get_minmax_completes(uint32_t max_ops, psa_status_t expected_status, size_t *min_completes, @@ -1244,6 +1248,9 @@ static void interruptible_signverify_get_minmax_completes(uint32_t max_ops, *max_completes = 1; } } +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && + * defined( MBEDTLS_ECP_RESTARTABLE ) */ /* END_HEADER */ From 939bd9485d2051fb816902c007c5d34e4739ca6c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 7 Feb 2023 12:15:24 +0000 Subject: [PATCH 117/440] Move output buffer wiping code to seperate function. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 60 ++++++++++++++++++++++++++------------------ 1 file changed, 35 insertions(+), 25 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b8abfd09e..d3ac4ce61 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2683,6 +2683,37 @@ static psa_status_t psa_sign_verify_check_alg(int input_is_message, return PSA_SUCCESS; } +/** + * \brief Fill the unused part of the output buffer(the + * whole buffer on error, the trailing part on + * success) with something that isn't a valid + * signature (barring an attack on the signature + * and deliberately-crafted input), in case the + * caller doesn't check the return status properly. + * + * \param output_buffer pointer to buffer to wipe. May not be NULL + * unless /p output_buffer_size is zero. + * \param status status of function called to generate + * output_buffer originally + * \param output_buffer_size Size of output buffer. If zero, /p output_buffer + * could be NULL + * \param output_buffer_length Length of data written to output_buffer, must be + * less than /p output_buffer_size + */ +static void psa_wipe_output_buffer(uint8_t *output_buffer, psa_status_t status, + size_t output_buffer_size, size_t output_buffer_length) +{ + if (status == PSA_SUCCESS) { + memset(output_buffer + output_buffer_length, '!', + output_buffer_size - output_buffer_length); + } else if (output_buffer_size > 0) { + memset(output_buffer, '!', output_buffer_size); + } + /* If output_buffer_size is 0 then we have nothing to do. We must + * not call memset because output_buffer may be NULL in this + * case.*/ +} + static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key, int input_is_message, psa_algorithm_t alg, @@ -2745,18 +2776,8 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key, exit: - /* Fill the unused part of the output buffer (the whole buffer on error, - * the trailing part on success) with something that isn't a valid signature - * (barring an attack on the signature and deliberately-crafted input), - * in case the caller doesn't check the return status properly. */ - if (status == PSA_SUCCESS) { - memset(signature + *signature_length, '!', - signature_size - *signature_length); - } else { - memset(signature, '!', signature_size); - } - /* If signature_size is 0 then we have nothing to do. We must not call - * memset because signature may be NULL in this case. */ + psa_wipe_output_buffer(signature, status, signature_size, + *signature_length); unlock_status = psa_unlock_key_slot(slot); @@ -3268,19 +3289,8 @@ exit: operation->num_ops += psa_driver_wrapper_sign_hash_get_num_ops(operation); if (status != PSA_OPERATION_INCOMPLETE) { - /* Fill the unused part of the output buffer (the whole buffer on error, - * the trailing part on success) with something that isn't a valid - * signature (barring an attack on the signature and - * deliberately-crafted input), in case the caller doesn't check the - * return status properly.*/ - if (status == PSA_SUCCESS) { - memset(signature + *signature_length, '!', - signature_size - *signature_length); - } else if (signature_size > 0) { - memset(signature, '!', signature_size); - } - /* If signature_size is 0 then we have nothing to do. We must not - * call memset because signature may be NULL in this case.*/ + psa_wipe_output_buffer(signature, status, signature_size, + *signature_length); if (status != PSA_SUCCESS) { operation->error_occurred = 1; From de1114c8830cb86ecf1e1dba6d4bb19af969cf73 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 7 Feb 2023 12:43:11 +0000 Subject: [PATCH 118/440] Fix {sign|verify}_get_num_ops Move the obfuscation of the internal library only returning a delta of ops done into the driver wrapper, thus meaning driver wrapper and API call both return absolute values of work done. Document the differences at the internal implementation level. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 4 +- library/psa_crypto_core.h | 40 +++++++++---------- .../psa_crypto_driver_wrappers.c.jinja | 12 +++++- 3 files changed, 32 insertions(+), 24 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d3ac4ce61..419be1649 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3286,7 +3286,7 @@ psa_status_t psa_sign_hash_complete( exit: /* Update ops count with work done. */ - operation->num_ops += psa_driver_wrapper_sign_hash_get_num_ops(operation); + operation->num_ops = psa_driver_wrapper_sign_hash_get_num_ops(operation); if (status != PSA_OPERATION_INCOMPLETE) { psa_wipe_output_buffer(signature, status, signature_size, @@ -3413,7 +3413,7 @@ psa_status_t psa_verify_hash_complete( exit: /* Update ops count with work done. */ - operation->num_ops += psa_driver_wrapper_verify_hash_get_num_ops( + operation->num_ops = psa_driver_wrapper_verify_hash_get_num_ops( operation); if (status != PSA_OPERATION_INCOMPLETE) { diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index f74db7088..a00728918 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -638,45 +638,45 @@ void mbedtls_psa_interruptible_set_max_ops(uint32_t max_ops); uint32_t mbedtls_psa_interruptible_get_max_ops(void); /** - * \brief Get the number of ops that a hash signing operation has taken so - * far. If the operation has completed, then this will represent the - * number of ops required for the entire operation. After initialization - * or calling psa_sign_hash_interruptible_abort() on the operation, a - * value of 0 will be returned. + * \brief Get the number of ops that a hash signing operation has taken for the + * previous call. If no call or work has taken place, this will return + * zero. * * \note The signature of this function is that of a PSA driver - * sign_get_num_ops entry point. This function behaves as a - * sign_get_num_ops entry point as defined in the PSA driver interface - * specification for transparent drivers. + * sign_get_num_ops entry point, however it differs in behaviour from the + * driver function in that this function returns a delta of work done in + * the last call rather than all of the ops done ever by the whole + * operation, due to internal implementation differences. * * \param[in] operation The \c * mbedtls_psa_sign_hash_interruptible_operation_t * to use. This must be initialized first. * - * \return Number of ops that the operation has taken so - * far. + * \return Number of ops that were completed + * in the last call to \c + * mbedtls_psa_sign_hash_complete(). */ uint32_t mbedtls_psa_sign_hash_get_num_ops( const mbedtls_psa_sign_hash_interruptible_operation_t *operation); /** - * \brief Get the number of ops that a hash verification operation has taken - * so far. If the operation has completed, then this will represent the - * number of ops required for the entire operation. After initialization - * or calling psa_verify_hash_interruptible_abort() on the operation, a - * value of 0 will be returned. + * \brief Get the number of ops that a hash verification operation has taken for + * the previous call. If no call or work has taken place, this will + * return zero. * * \note The signature of this function is that of a PSA driver - * verify_get_num_ops entry point. This function behaves as a - * verify_get_num_ops entry point as defined in the PSA driver interface - * specification for transparent drivers. + * verify_get_num_ops entry point however it differs in behaviour from the + * driver function in that this function returns a delta of work done in + * the last call rather than all of the ops done ever by the whole + * operation, due to internal implementation differences. * * \param[in] operation The \c * mbedtls_psa_verify_hash_interruptible_operation_t * to use. This must be initialized first. * - * \return Number of ops that the operation has taken so - * far. + * \return Number of ops that were completed + * in the last call to \c + * mbedtls_psa_verify_hash_complete(). */ uint32_t mbedtls_psa_verify_hash_get_num_ops( const mbedtls_psa_verify_hash_interruptible_operation_t *operation); diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 2b2b02571..fba899033 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -453,7 +453,11 @@ uint32_t psa_driver_wrapper_sign_hash_get_num_ops( return 0; case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_sign_hash_get_num_ops( + /* Internal implementation returns a delta of ops completed in the + * last call to complete(), so need to add in ops already completed + * before this.*/ + return( operation->num_ops + + mbedtls_psa_sign_hash_get_num_ops( &operation->ctx.mbedtls_ctx ) ); @@ -478,7 +482,11 @@ uint32_t psa_driver_wrapper_verify_hash_get_num_ops( return 0; case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_verify_hash_get_num_ops( + /* Internal implementation returns a delta of ops completed in the + * last call to complete(), so need to add in ops already completed + * before this.*/ + return ( operation->num_ops + + mbedtls_psa_verify_hash_get_num_ops( &operation->ctx.mbedtls_ctx ) ); From e6145dc47fdcbaf51428cf5b5bba42eae20995af Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 7 Feb 2023 12:51:21 +0000 Subject: [PATCH 119/440] Add documentation comment to internal abort functions Explain the reasoning behind not clearing some variables. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 419be1649..97edc15a4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3192,6 +3192,10 @@ static psa_status_t psa_sign_hash_abort_internal( operation->id = 0; + /* Do not clear either the error_occurred or num_ops elements here as they + * only want to be cleared by the application calling abort, not by abort + * being called at completion of an operation. */ + return status; } @@ -3335,6 +3339,10 @@ static psa_status_t psa_verify_hash_abort_internal( operation->id = 0; + /* Do not clear either the error_occurred or num_ops elements here as they + * only want to be cleared by the application calling abort, not by abort + * being called at completion of an operation. */ + return status; } From b830b35fb1b743db4292a732bbc5e12b375c53c1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 7 Feb 2023 15:30:41 +0000 Subject: [PATCH 120/440] Shorten test descriptions. Also mark some tests as being deterministic ECDSA where this was lacking. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 80 ++++++++++++------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ccee39b6f..b44fb2e6d 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4145,27 +4145,27 @@ PSA sign hash: deterministic ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f" -PSA sign hash: interruptible (no interrupt) ECDSA SECP256R1 SHA-256 +PSA sgn hash int (ops=inf): det ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign hash: interruptible (max interrupt) ECDSA SECP256R1 SHA-256 +PSA sgn hash int (ops=min): det ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":1 -PSA sign hash: interruptible (no interrupt) ECDSA SECP256R1 SHA-384 +PSA sgn hash int (ops=inf) det ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign hash: interruptible (max interrupt) ECDSA SECP256R1 SHA-384 +PSA sgn hash int (ops=min): det ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":1 -PSA sign hash: interruptible (no interrupt) ECDSA SECP384R1 SHA-256 +PSA sign hash int (ops=inf): det ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign hash: interruptible (max interrupt) ECDSA SECP384R1 SHA-256 +PSA sign hash int (ops=min): det ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":1 @@ -4233,47 +4233,47 @@ PSA sign hash: deterministic ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED -PSA sign hash interruptible (no interrupt): deterministic ECDSA SECP256R1 SHA-256, output buffer too small +PSA Sgn hash int (ops=inf): det ECDSA SECP256R1 SHA-256, out buf too small depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign hash interruptible (max interrupt): deterministic ECDSA SECP256R1 SHA-256, output buffer too small +PSA sgn hash int (ops=min): det ECDSA SECP256R1 SHA-256, out buf too small depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:1 -PSA sign hash interruptible (no interrupt): deterministic ECDSA SECP256R1 SHA-256, empty output buffer +PSA sgn hash int(ops=inf): deterministic ECDSA SECP256R1 SHA-256, empty output buffer depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign hash interruptible (max interrupt): deterministic ECDSA SECP256R1 SHA-256, empty output buffer +PSA sgn hash int (ops=min): det ECDSA SECP256R1 SHA-256, empty out buf depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:1 -PSA sign hash interruptible (no interrupt): deterministic ECDSA SECP256R1, invalid hash algorithm (0) +PSA sgn hash int (ops=inf): det ECDSA SECP256R1, invld hash alg (0) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign hash interruptible (max interrupt): deterministic ECDSA SECP256R1, invalid hash algorithm (0) +PSA sgn hash int (ops=min): det ECDSA SECP256R1, invld hash alg (0) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:1 -PSA sign hash interruptible: deterministic ECDSA SECP256R1, invalid hash algorithm (wildcard) +PSA sgn hash int: det ECDSA SECP256R1, invld hash alg (wildcard) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign hash interruptible: invalid algorithm for ECC key +PSA sgn hash int: invld alg for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign hash interruptible: ECDSA not supported +PSA sgn hash int: ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign hash interruptible (no interrupt): deterministic ECDSA not supported +PSA sgn hash int (ops=inf): det ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign hash interruptible (max interrupt): deterministic ECDSA not supported +PSA sgn hash int (ops=min): det ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:1 @@ -4317,51 +4317,51 @@ PSA sign/verify hash: deterministic ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" -PSA sign / verify hash interruptible (no interrupt): randomized ECDSA SECP256R1 SHA-256 +PSA sgn/vrfy hash int (ops=inf): randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign / verify hash interruptible (max interrupt): randomized ECDSA SECP256R1 SHA-256 +PSA sgn/vrfy hash int (ops=min): randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 -PSA sign / verify hash interruptible (no interrupt): deterministic ECDSA SECP256R1 SHA-256 +PSA sgn/vrfy hash int (ops=inf): det ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign / verify hash interruptible (max interrupt): deterministic ECDSA SECP256R1 SHA-256 +PSA sgn/vrfy hash int (ops=min): det ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 -PSA sign / verify hash interruptible (no interrupt): randomized ECDSA SECP256R1 SHA-384 +PSA sgn/vrfy hash int (ops=inf): randomized ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign / verify hash interruptible (max interrupt): randomized ECDSA SECP256R1 SHA-384 +PSA sgn/vrfy hash int (ops=min): randomized ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":1 -PSA sign / verify hash interruptible (no interrupt): deterministic ECDSA SECP256R1 SHA-384 +PSA sgn/vrfy hash int (ops=inf): det ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign / verify hash interruptible (max interrupt): deterministic ECDSA SECP256R1 SHA-384 +PSA sgn/vrfy hash int (ops=min): det ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":1 -PSA sign / verify hash interruptible (no interrupt): randomized ECDSA SECP384R1 SHA-256 +PSA sgn/vrfy hash int (ops=inf): randomized ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign / verify hash interruptible (max interrupt): randomized ECDSA SECP384R1 SHA-256 +PSA sgn/vrfy hash int (ops=min): randomized ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 -PSA sign / verify hash interruptible (no interrupt): deterministic ECDSA SECP384R1 SHA-256 +PSA sgn/vrfy hash int (ops=inf): det ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sign / verify hash interruptible (max interrupt): deterministic ECDSA SECP384R1 SHA-256 +PSA sgn/vrfy hash int (ops=min): det ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 @@ -4485,11 +4485,11 @@ PSA verify hash with keypair: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" -PSA verify hash interruptible: ECDSA SECP256R1, good +PSA vrfy hash int: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA verify hash interruptible with keypair: ECDSA SECP256R1, good +PSA vrfy hash int w/keypair: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED @@ -4521,39 +4521,39 @@ PSA verify hash: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT -PSA verify hash interruptible: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) +PSA vrfy hash int: ECDSA SECP256R1, wrng sig size (correct but ASN1-encoded) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA verify hash interruptible (no interrupt): ECDSA SECP256R1, wrong signature of correct size +PSA vrfy hash int (ops=inf): ECDSA SECP256R1, wrng sig of correct size depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA verify hash interruptible (max interrupt): ECDSA SECP256R1, wrong signature of correct size +PSA vrfy hash int (ops=min): ECDSA SECP256R1, wrng sig of correct size depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:1 -PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (empty) +PSA vrfy hash int: ECDSA SECP256R1, wrng sig (empty) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (truncated) +PSA vrfy hash int: ECDSA SECP256R1, wrng sig (truncated) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (trailing junk) +PSA vrfy hash int: ECDSA SECP256R1, wrng sig (trailing junk) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA verify hash interruptible: ECDSA SECP256R1, wrong signature (leading junk) +PSA vrfy hash int: ECDSA SECP256R1, wrng sig (leading junk) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA verify hash interruptible: invalid algorithm for ECC key +PSA vrfy hash int: invld alg for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA interruptible hash state test: randomized ECDSA SECP256R1 SHA-256 +PSA int hash state test: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 hash_interruptible_state_test:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" From 84329464d51693574367baceeed567224e29dfeb Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 7 Feb 2023 17:32:04 +0000 Subject: [PATCH 121/440] Replace allocated hash buffer with array Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 4 ++-- library/psa_crypto.c | 18 ------------------ 2 files changed, 2 insertions(+), 20 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index ba3d25302..2ba913398 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -120,7 +120,7 @@ typedef struct { size_t MBEDTLS_PRIVATE(coordinate_bytes); psa_algorithm_t MBEDTLS_PRIVATE(alg); mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg); - uint8_t *MBEDTLS_PRIVATE(hash); + uint8_t MBEDTLS_PRIVATE(hash)[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; size_t MBEDTLS_PRIVATE(hash_length); #else @@ -150,7 +150,7 @@ typedef struct { mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx); mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx); - uint8_t *MBEDTLS_PRIVATE(hash); + uint8_t MBEDTLS_PRIVATE(hash)[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; size_t MBEDTLS_PRIVATE(hash_length); mbedtls_mpi MBEDTLS_PRIVATE(r); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 97edc15a4..ab52918cd 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3561,12 +3561,6 @@ psa_status_t mbedtls_psa_sign_hash_start( operation->md_alg = mbedtls_hash_info_md_from_psa(hash_alg); operation->alg = alg; - operation->hash = mbedtls_calloc(1, hash_length); - - if (operation->hash == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - memcpy(operation->hash, hash, hash_length); operation->hash_length = hash_length; @@ -3698,9 +3692,6 @@ psa_status_t mbedtls_psa_sign_hash_abort( operation->ctx = NULL; } - mbedtls_free(operation->hash); - operation->hash = NULL; - mbedtls_ecdsa_restart_free(&operation->restart_ctx); return PSA_SUCCESS; @@ -3789,12 +3780,6 @@ psa_status_t mbedtls_psa_verify_hash_start( mbedtls_ecdsa_restart_init(&operation->restart_ctx); - operation->hash = mbedtls_calloc(1, hash_length); - - if (operation->hash == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - memcpy(operation->hash, hash, hash_length); operation->hash_length = hash_length; @@ -3858,9 +3843,6 @@ psa_status_t mbedtls_psa_verify_hash_abort( operation->ctx = NULL; } - mbedtls_free(operation->hash); - operation->hash = NULL; - mbedtls_ecdsa_restart_free(&operation->restart_ctx); mbedtls_mpi_free(&operation->r); From 76d671ad731143b3e0f4187bf885c87a48ce9936 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 7 Feb 2023 17:45:18 +0000 Subject: [PATCH 122/440] Split state tests into two functions Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 8 ++- tests/suites/test_suite_psa_crypto.function | 57 +++++++++++++++++++-- 2 files changed, 60 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index b44fb2e6d..c1f4e4866 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4553,9 +4553,13 @@ PSA vrfy hash int: invld alg for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA int hash state test: randomized ECDSA SECP256R1 SHA-256 +PSA sgn/vrfy hash int state test: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -hash_interruptible_state_test:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +interruptible_signverify_hash_state_test:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" + +PSA sgn/vrfy hash int neg tests: randomized ECDSA SECP256R1 SHA-256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +interruptible_signverify_hash_negative_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign message: RSA PKCS#1 v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 7ad856924..471f42676 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7186,8 +7186,8 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ -void hash_interruptible_state_test(int key_type_arg, data_t *key_data, - int alg_arg, data_t *input_data) +void interruptible_signverify_hash_state_test(int key_type_arg, + data_t *key_data, int alg_arg, data_t *input_data) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; @@ -7197,7 +7197,6 @@ void hash_interruptible_state_test(int key_type_arg, data_t *key_data, size_t signature_size; size_t signature_length = 0xdeadbeef; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - uint8_t *input_buffer = NULL; psa_sign_hash_interruptible_operation_t sign_operation = psa_sign_hash_interruptible_operation_init(); psa_verify_hash_interruptible_operation_t verify_operation = @@ -7320,6 +7319,57 @@ void hash_interruptible_state_test(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes(&attributes); + + psa_destroy_key(key); + mbedtls_free(signature); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +void interruptible_signverify_hash_negative_tests(int key_type_arg, + data_t *key_data, int alg_arg, data_t *input_data) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + size_t key_bits; + unsigned char *signature = NULL; + size_t signature_size; + size_t signature_length = 0xdeadbeef; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + uint8_t *input_buffer = NULL; + psa_sign_hash_interruptible_operation_t sign_operation = + psa_sign_hash_interruptible_operation_init(); + psa_verify_hash_interruptible_operation_t verify_operation = + psa_verify_hash_interruptible_operation_init(); + + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + + PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, + &key)); + PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + key_bits = psa_get_key_bits(&attributes); + + /* Allocate a buffer which has the size advertised by the + * library. */ + signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, + key_bits, alg); + TEST_ASSERT(signature_size != 0); + TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); + ASSERT_ALLOC(signature, signature_size); + /* --- Ensure changing the max ops mid operation works (operation should * complete successfully after setting max ops to unlimited --- */ psa_interruptible_set_max_ops(1); @@ -7433,6 +7483,7 @@ exit: } /* END_CASE */ + /* BEGIN_CASE */ void sign_message_deterministic(int key_type_arg, data_t *key_data, From a4cb909fcd218639a5fa16fcb33d6a1096cbbece Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 7 Feb 2023 18:01:55 +0000 Subject: [PATCH 123/440] Add max ops tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 4 ++ tests/suites/test_suite_psa_crypto.function | 48 +++++++++++++++++++++ 2 files changed, 52 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c1f4e4866..9511d1f5c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4561,6 +4561,10 @@ PSA sgn/vrfy hash int neg tests: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 interruptible_signverify_hash_negative_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +PSA sgn/vrfy hash int max ops tests: randomized ECDSA SECP256R1 SHA-256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +interruptible_signverify_hash_maxops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" + PSA sign message: RSA PKCS#1 v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C sign_message_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 471f42676..5f6aa42d5 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7483,6 +7483,54 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +void interruptible_signverify_hash_maxops_tests(int key_type_arg, + data_t *key_data, int alg_arg, data_t *input_data) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = key_type_arg; + psa_algorithm_t alg = alg_arg; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_sign_hash_interruptible_operation_t sign_operation = + psa_sign_hash_interruptible_operation_init(); + + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH | + PSA_KEY_USAGE_VERIFY_HASH); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + + PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, + &key)); + + /* Check that default max ops gets set if we don't set it. */ + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + TEST_EQUAL(psa_interruptible_get_max_ops(), + PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + /* Check that max ops gets set properly. */ + + psa_interruptible_set_max_ops(0xbeef); + + TEST_EQUAL(psa_interruptible_get_max_ops(), + 0xbeef); + +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes(&attributes); + + psa_destroy_key(key); + PSA_DONE(); +} +/* END_CASE */ /* BEGIN_CASE */ void sign_message_deterministic(int key_type_arg, From c08112160a319d5e3ef9b85b370beb442df791b1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 7 Feb 2023 18:06:25 +0000 Subject: [PATCH 124/440] Add comment to explain lack of driver dispatch Signed-off-by: Paul Elliott --- .../driver_templates/psa_crypto_driver_wrappers.c.jinja | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index fba899033..a8a8991a2 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -435,11 +435,19 @@ psa_status_t psa_driver_wrapper_verify_hash( void psa_driver_wrapper_interruptible_set_max_ops( uint32_t max_ops ) { + /* TODO - dispatch to drivers dynamically registered for this + * service when registering is implemented. For now, fall + * through to internal implementation. */ + mbedtls_psa_interruptible_set_max_ops( max_ops ); } uint32_t psa_driver_wrapper_interruptible_get_max_ops( void ) { + /* TODO - dispatch to drivers dynamically registered for this + * service when registering is implemented. For now, fall + * through to internal implementation. */ + return mbedtls_psa_interruptible_get_max_ops( ); } From 724bd25f4b061713885afa1c2512dedd6bb7a9d4 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 8 Feb 2023 12:35:08 +0000 Subject: [PATCH 125/440] Fix missing mbedtls_mpi_free() on signing. After moving the MPIs used to output from the operation into the complete function, I failed to move the accompanying free as well. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index ab52918cd..6e0d06b36 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3617,10 +3617,10 @@ psa_status_t mbedtls_psa_sign_hash_complete( MBEDTLS_PSA_RANDOM_STATE, &operation->restart_ctx)); #else /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ - return PSA_ERROR_NOT_SUPPORTED; + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */ } else { - status = mbedtls_to_psa_error( mbedtls_ecdsa_sign_restartable(&operation->ctx->grp, &r, @@ -3635,9 +3635,7 @@ psa_status_t mbedtls_psa_sign_hash_complete( &operation->restart_ctx)); } - if (status != PSA_SUCCESS) { - return status; - } else { + if (status == PSA_SUCCESS) { status = mbedtls_to_psa_error( mbedtls_mpi_write_binary(&r, signature, @@ -3645,7 +3643,7 @@ psa_status_t mbedtls_psa_sign_hash_complete( ); if (status != PSA_SUCCESS) { - return status; + goto exit; } status = mbedtls_to_psa_error( @@ -3656,13 +3654,20 @@ psa_status_t mbedtls_psa_sign_hash_complete( ); if (status != PSA_SUCCESS) { - return status; + goto exit; } *signature_length = operation->coordinate_bytes * 2; - return PSA_SUCCESS; + status = PSA_SUCCESS; } + +exit: + + mbedtls_mpi_free(&r); + mbedtls_mpi_free(&s); + return status; + #else (void) operation; From 01885fa5e576d5e3f4cdf84aeb49f7d696d801cf Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 9 Feb 2023 12:07:30 +0000 Subject: [PATCH 126/440] Fix include guards on auxiliary test function. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5f6aa42d5..66f932b7e 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1220,9 +1220,7 @@ typedef enum { INJECT_ANTICIPATE_KEY_DERIVATION_2, } ecjpake_injected_failure_t; -#if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ - defined(MBEDTLS_ECP_RESTARTABLE) +#if defined(MBEDTLS_ECP_RESTARTABLE) static void interruptible_signverify_get_minmax_completes(uint32_t max_ops, psa_status_t expected_status, @@ -1248,9 +1246,7 @@ static void interruptible_signverify_get_minmax_completes(uint32_t max_ops, *max_completes = 1; } } -#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || - * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && - * defined( MBEDTLS_ECP_RESTARTABLE ) */ +#endif /* MBEDTLS_ECP_RESTARTABLE */ /* END_HEADER */ From 0290a76fc27cf365f79ac7bb1b7622c5c597ed30 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 9 Feb 2023 14:30:24 +0000 Subject: [PATCH 127/440] Fix buffer overflow with hashes larger than key size. Truncate input hashes to curve private key size as that is all that is required for the internal implementation. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 6e0d06b36..5013c5d92 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3524,6 +3524,7 @@ psa_status_t mbedtls_psa_sign_hash_start( const uint8_t *hash, size_t hash_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t required_hash_length; if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { return PSA_ERROR_NOT_SUPPORTED; @@ -3561,8 +3562,13 @@ psa_status_t mbedtls_psa_sign_hash_start( operation->md_alg = mbedtls_hash_info_md_from_psa(hash_alg); operation->alg = alg; - memcpy(operation->hash, hash, hash_length); - operation->hash_length = hash_length; + /* We only need to store the same length of hash as the private key size + * here, it would be truncated by the internal implementation anyway. */ + required_hash_length = (hash_length < operation->coordinate_bytes ? + hash_length : operation->coordinate_bytes); + + memcpy(operation->hash, hash, required_hash_length); + operation->hash_length = required_hash_length; return PSA_SUCCESS; @@ -3574,6 +3580,7 @@ psa_status_t mbedtls_psa_sign_hash_start( (void) hash; (void) hash_length; (void) status; + (void) required_hash_length; return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || @@ -3722,6 +3729,7 @@ psa_status_t mbedtls_psa_verify_hash_start( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t coordinate_bytes = 0; + size_t required_hash_length = 0; if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) { return PSA_ERROR_NOT_SUPPORTED; @@ -3785,8 +3793,13 @@ psa_status_t mbedtls_psa_verify_hash_start( mbedtls_ecdsa_restart_init(&operation->restart_ctx); - memcpy(operation->hash, hash, hash_length); - operation->hash_length = hash_length; + /* We only need to store the same length of hash as the private key size + * here, it would be truncated by the internal implementation anyway. */ + required_hash_length = (hash_length < coordinate_bytes ? hash_length : + coordinate_bytes); + + memcpy(operation->hash, hash, required_hash_length); + operation->hash_length = required_hash_length; return PSA_SUCCESS; #else @@ -3800,6 +3813,7 @@ psa_status_t mbedtls_psa_verify_hash_start( (void) signature_length; (void) status; (void) coordinate_bytes; + (void) required_hash_length; return PSA_ERROR_NOT_SUPPORTED; #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || From fe9e77ff7adc8ecc8e161b6dedd6c9e98edcb482 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 10 Feb 2023 11:04:27 +0000 Subject: [PATCH 128/440] Better formatting of include guard comments Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 2ba913398..b23199afc 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -127,9 +127,9 @@ typedef struct { /* Make the struct non-empty if algs not supported. */ unsigned MBEDTLS_PRIVATE(dummy); -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || - * MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA && - * MBEDTLS_ECP_RESTARTABLE */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && + * defined( MBEDTLS_ECP_RESTARTABLE ) */ } mbedtls_psa_sign_hash_interruptible_operation_t; #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ @@ -160,9 +160,9 @@ typedef struct { /* Make the struct non-empty if algs not supported. */ unsigned MBEDTLS_PRIVATE(dummy); -#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || - * MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA && - * MBEDTLS_ECP_RESTARTABLE */ +#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || + * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && + * defined( MBEDTLS_ECP_RESTARTABLE ) */ } mbedtls_psa_verify_hash_interruptible_operation_t; From 6d99f0c265305fddecf05b2f63c948163c380660 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 10 Feb 2023 12:58:09 +0000 Subject: [PATCH 129/440] Fix errors in psa_wipe_output_buffer() doc comment. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5013c5d92..2328e3590 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2684,7 +2684,7 @@ static psa_status_t psa_sign_verify_check_alg(int input_is_message, } /** - * \brief Fill the unused part of the output buffer(the + * \brief Fill the unused part of the output buffer (the * whole buffer on error, the trailing part on * success) with something that isn't a valid * signature (barring an attack on the signature @@ -2692,13 +2692,13 @@ static psa_status_t psa_sign_verify_check_alg(int input_is_message, * caller doesn't check the return status properly. * * \param output_buffer pointer to buffer to wipe. May not be NULL - * unless /p output_buffer_size is zero. + * unless \p output_buffer_size is zero. * \param status status of function called to generate * output_buffer originally - * \param output_buffer_size Size of output buffer. If zero, /p output_buffer + * \param output_buffer_size Size of output buffer. If zero, \p output_buffer * could be NULL * \param output_buffer_length Length of data written to output_buffer, must be - * less than /p output_buffer_size + * less than \p output_buffer_size */ static void psa_wipe_output_buffer(uint8_t *output_buffer, psa_status_t status, size_t output_buffer_size, size_t output_buffer_length) From c569fc268f9195fd19decbcd6cfe1954767a54cf Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 10 Feb 2023 13:02:54 +0000 Subject: [PATCH 130/440] Switch from nbits to pbits Correct coordinate size is grp.nbits, not grp.pbits. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2328e3590..776a9c858 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3556,7 +3556,7 @@ psa_status_t mbedtls_psa_sign_hash_start( mbedtls_ecdsa_restart_init(&operation->restart_ctx); operation->coordinate_bytes = PSA_BITS_TO_BYTES( - operation->ctx->grp.pbits); + operation->ctx->grp.nbits); psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg); operation->md_alg = mbedtls_hash_info_md_from_psa(hash_alg); @@ -3758,7 +3758,7 @@ psa_status_t mbedtls_psa_verify_hash_start( return status; } - coordinate_bytes = PSA_BITS_TO_BYTES(operation->ctx->grp.pbits); + coordinate_bytes = PSA_BITS_TO_BYTES(operation->ctx->grp.nbits); if (signature_length != 2 * coordinate_bytes) { return PSA_ERROR_INVALID_SIGNATURE; From 53bb3120544d23473370f8e75f6d2fe89241e880 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 10 Feb 2023 14:22:22 +0000 Subject: [PATCH 131/440] Wipe output buffer even when INCOMPLETE is returned. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 776a9c858..e10c34cc5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3292,10 +3292,10 @@ exit: /* Update ops count with work done. */ operation->num_ops = psa_driver_wrapper_sign_hash_get_num_ops(operation); - if (status != PSA_OPERATION_INCOMPLETE) { - psa_wipe_output_buffer(signature, status, signature_size, - *signature_length); + psa_wipe_output_buffer(signature, status, signature_size, + *signature_length); + if (status != PSA_OPERATION_INCOMPLETE) { if (status != PSA_SUCCESS) { operation->error_occurred = 1; } From ebe225cf7b3395de91290788031d6e84e9200169 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 10 Feb 2023 14:32:53 +0000 Subject: [PATCH 132/440] Move num ops update to only point where work can be done. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e10c34cc5..d458b0297 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3287,11 +3287,12 @@ psa_status_t psa_sign_hash_complete( status = psa_driver_wrapper_sign_hash_complete(operation, signature, signature_size, signature_length); -exit: /* Update ops count with work done. */ operation->num_ops = psa_driver_wrapper_sign_hash_get_num_ops(operation); +exit: + psa_wipe_output_buffer(signature, status, signature_size, *signature_length); @@ -3418,12 +3419,12 @@ psa_status_t psa_verify_hash_complete( status = psa_driver_wrapper_verify_hash_complete(operation); -exit: - /* Update ops count with work done. */ operation->num_ops = psa_driver_wrapper_verify_hash_get_num_ops( operation); +exit: + if (status != PSA_OPERATION_INCOMPLETE) { if (status != PSA_SUCCESS) { operation->error_occurred = 1; From a1c9409d88b838ffe3f5208a084bdd59257f4477 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Feb 2023 16:38:04 +0000 Subject: [PATCH 133/440] Move structure init calls as early as possible Signed-off-by: Paul Elliott --- library/psa_crypto.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d458b0297..927b9d45f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3539,6 +3539,8 @@ psa_status_t mbedtls_psa_sign_hash_start( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecdsa_restart_init(&operation->restart_ctx); + /* Ensure default is set even if * mbedtls_psa_interruptible_set_max_ops() has not been called. */ mbedtls_psa_interruptible_set_max_ops( @@ -3554,8 +3556,6 @@ psa_status_t mbedtls_psa_sign_hash_start( return status; } - mbedtls_ecdsa_restart_init(&operation->restart_ctx); - operation->coordinate_bytes = PSA_BITS_TO_BYTES( operation->ctx->grp.nbits); @@ -3594,22 +3594,22 @@ psa_status_t mbedtls_psa_sign_hash_complete( uint8_t *signature, size_t signature_size, size_t *signature_length) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_mpi r; mbedtls_mpi s; - if (signature_size < 2 * operation->coordinate_bytes) { - return PSA_ERROR_BUFFER_TOO_SMALL; - } - mbedtls_mpi_init(&r); mbedtls_mpi_init(&s); + if (signature_size < 2 * operation->coordinate_bytes) { + status = PSA_ERROR_BUFFER_TOO_SMALL; + goto exit; + } + if (PSA_ALG_ECDSA_IS_DETERMINISTIC(operation->alg)) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) @@ -3679,7 +3679,6 @@ exit: #else (void) operation; - (void) status; (void) signature; (void) signature_size; (void) signature_length; @@ -3744,6 +3743,10 @@ psa_status_t mbedtls_psa_verify_hash_start( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) + mbedtls_ecdsa_restart_init(&operation->restart_ctx); + mbedtls_mpi_init(&operation->r); + mbedtls_mpi_init(&operation->s); + /* Ensure default is set even if * mbedtls_psa_interruptible_set_max_ops() has not been called. */ mbedtls_psa_interruptible_set_max_ops( @@ -3765,7 +3768,6 @@ psa_status_t mbedtls_psa_verify_hash_start( return PSA_ERROR_INVALID_SIGNATURE; } - mbedtls_mpi_init(&operation->r); status = mbedtls_to_psa_error( mbedtls_mpi_read_binary(&operation->r, signature, @@ -3775,7 +3777,6 @@ psa_status_t mbedtls_psa_verify_hash_start( return status; } - mbedtls_mpi_init(&operation->s); status = mbedtls_to_psa_error( mbedtls_mpi_read_binary(&operation->s, signature + @@ -3792,8 +3793,6 @@ psa_status_t mbedtls_psa_verify_hash_start( return mbedtls_to_psa_error(ret); } - mbedtls_ecdsa_restart_init(&operation->restart_ctx); - /* We only need to store the same length of hash as the private key size * here, it would be truncated by the internal implementation anyway. */ required_hash_length = (hash_length < coordinate_bytes ? hash_length : From 7ef174b285b86c8c8e49d479bf6fe552b7eae3f5 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Feb 2023 16:45:20 +0000 Subject: [PATCH 134/440] Correct insufficient memory return documentation. Signed-off-by: Paul Elliott --- library/psa_crypto_core.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index a00728918..5648321b2 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -711,8 +711,7 @@ uint32_t mbedtls_psa_verify_hash_get_num_ops( * \retval #PSA_ERROR_NOT_SUPPORTED Either no internal interruptible operations * are currently supported, or the key type is currently unsupported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * There was insufficient memory either to load the key representation, - * or to store the hash. + * There was insufficient memory to load the key representation. */ psa_status_t mbedtls_psa_sign_hash_start( mbedtls_psa_sign_hash_interruptible_operation_t *operation, @@ -817,7 +816,7 @@ psa_status_t mbedtls_psa_sign_hash_abort( * or the key type is currently unsupported. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY * There was insufficient memory either to load the key representation, - * or to store the hash. + * or to prepare the operation. */ psa_status_t mbedtls_psa_verify_hash_start( mbedtls_psa_verify_hash_interruptible_operation_t *operation, From efebad0d67c63d3b734f898a5624b52be8fbf9e4 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Feb 2023 16:56:45 +0000 Subject: [PATCH 135/440] Run extra complete in failure tests regardless. We do not need to expect to fail, running another complete in either sign or verify after successful completion should also return BAD_STATE. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 66f932b7e..2f5b50db9 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6702,13 +6702,12 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, TEST_EQUAL(actual_status, expected_complete_status); - if (expected_complete_status != PSA_SUCCESS) { - actual_status = psa_sign_hash_complete(&operation, signature, - signature_size, - &signature_length); + /* Check that another complete returns BAD_STATE. */ + actual_status = psa_sign_hash_complete(&operation, signature, + signature_size, + &signature_length); - TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); - } + TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); PSA_ASSERT(psa_sign_hash_abort(&operation)); @@ -7160,11 +7159,9 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, TEST_EQUAL(actual_status, expected_complete_status); - if (expected_complete_status != PSA_SUCCESS) { - actual_status = psa_verify_hash_complete(&operation); - - TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); - } + /* Check that another complete returns BAD_STATE. */ + actual_status = psa_verify_hash_complete(&operation); + TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); TEST_LE_U(min_completes, num_completes); TEST_LE_U(num_completes, max_completes); From 2c9843f2a440be3fdaab73e0bdddba8d28845c8c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Feb 2023 17:32:42 +0000 Subject: [PATCH 136/440] Make mbedtls_sa_ecp_load_public_part return psa_status_t Signed-off-by: Paul Elliott --- library/psa_crypto.c | 6 +++--- library/psa_crypto_ecp.c | 38 +++++++++++++++++++++++--------------- library/psa_crypto_ecp.h | 4 ++-- 3 files changed, 28 insertions(+), 20 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 927b9d45f..2c6f108a1 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3787,10 +3787,10 @@ psa_status_t mbedtls_psa_verify_hash_start( return status; } - int ret = mbedtls_psa_ecp_load_public_part(operation->ctx); + status = mbedtls_psa_ecp_load_public_part(operation->ctx); - if (ret != 0) { - return mbedtls_to_psa_error(ret); + if (status != PSA_SUCCESS) { + return status; } /* We only need to store the same length of hash as the private key size diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c index cc80f2776..f70d804b0 100644 --- a/library/psa_crypto_ecp.c +++ b/library/psa_crypto_ecp.c @@ -404,7 +404,7 @@ cleanup: return mbedtls_to_psa_error(ret); } -int mbedtls_psa_ecp_load_public_part(mbedtls_ecp_keypair *ecp) +psa_status_t mbedtls_psa_ecp_load_public_part(mbedtls_ecp_keypair *ecp) { int ret = 0; @@ -416,7 +416,7 @@ int mbedtls_psa_ecp_load_public_part(mbedtls_ecp_keypair *ecp) MBEDTLS_PSA_RANDOM_STATE); } - return ret; + return mbedtls_to_psa_error(ret); } psa_status_t mbedtls_psa_ecdsa_verify_hash( @@ -427,7 +427,6 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; mbedtls_ecp_keypair *ecp = NULL; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t curve_bytes; mbedtls_mpi r, s; @@ -447,30 +446,39 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash( mbedtls_mpi_init(&s); if (signature_length != 2 * curve_bytes) { - ret = MBEDTLS_ERR_ECP_VERIFY_FAILED; + status = PSA_ERROR_INVALID_SIGNATURE; goto cleanup; } - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&r, - signature, - curve_bytes)); - MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&s, - signature + curve_bytes, - curve_bytes)); + status = mbedtls_to_psa_error(mbedtls_mpi_read_binary(&r, + signature, + curve_bytes)); + if (status != PSA_SUCCESS) { + goto cleanup; + } - MBEDTLS_MPI_CHK(mbedtls_psa_ecp_load_public_part(ecp)); + status = mbedtls_to_psa_error(mbedtls_mpi_read_binary(&s, + signature + curve_bytes, + curve_bytes)); + if (status != PSA_SUCCESS) { + goto cleanup; + } + status = mbedtls_psa_ecp_load_public_part(ecp); + if (status != PSA_SUCCESS) { + goto cleanup; + } - ret = mbedtls_ecdsa_verify(&ecp->grp, hash, hash_length, - &ecp->Q, &r, &s); - + status = mbedtls_to_psa_error(mbedtls_ecdsa_verify(&ecp->grp, hash, + hash_length, &ecp->Q, + &r, &s)); cleanup: mbedtls_mpi_free(&r); mbedtls_mpi_free(&s); mbedtls_ecp_keypair_free(ecp); mbedtls_free(ecp); - return mbedtls_to_psa_error(ret); + return status; } #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ diff --git a/library/psa_crypto_ecp.h b/library/psa_crypto_ecp.h index 8b567fe3b..c7ef534b1 100644 --- a/library/psa_crypto_ecp.h +++ b/library/psa_crypto_ecp.h @@ -52,10 +52,10 @@ psa_status_t mbedtls_psa_ecp_load_representation(psa_key_type_t type, * * \param ecp The ECP context to load the public part for. * - * \return 0 on success, otherwise an MPI error. + * \return PSA_SUCCESS on success, otherwise an MPI error. */ -int mbedtls_psa_ecp_load_public_part(mbedtls_ecp_keypair *ecp); +psa_status_t mbedtls_psa_ecp_load_public_part(mbedtls_ecp_keypair *ecp); /** Import an ECP key in binary format. * From c86d45e8a1aff38d1cea21b4be93cbe16b6b12d1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Feb 2023 17:38:05 +0000 Subject: [PATCH 137/440] Remove spurious incorrect comment Comment originated from original version of this code, and the newer comment which was added when it was pulled into a seperate function covers all cases. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 2f5b50db9..fd355de9a 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1233,7 +1233,7 @@ static void interruptible_signverify_get_minmax_completes(uint32_t max_ops, to complete, and likewise that with a max_ops of PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED, it should complete in one go. */ if (max_ops == 0 || max_ops == 1) { - /* Failure test cases will fail on the first op. */ + if (expected_status == PSA_SUCCESS) { *min_completes = 2; } else { From 751e76bb04727f5aeb55c8b85ac7df8f77fdfdf6 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 16 Feb 2023 10:48:15 +0800 Subject: [PATCH 138/440] Replace `crypto engine` with `crypto extension` Signed-off-by: Jerry Yu --- include/mbedtls/mbedtls_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 6cea05011..3dea18ca1 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2068,7 +2068,7 @@ /** * \def MBEDTLS_AESCE_C * - * Enable AES crypto engine support on Arm64. + * Enable AES crypto extension support on Arm64. * * Module: library/aesce.c * Caller: library/aes.c From 92fc538a22b94fa8e8ef47935ccc69be603a5bf7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 16 Feb 2023 11:17:11 +0800 Subject: [PATCH 139/440] Add attribute popup Signed-off-by: Jerry Yu --- library/sha256.c | 5 +++++ library/sha512.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/library/sha256.c b/library/sha256.c index 432176551..49a233d63 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -380,6 +380,11 @@ int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ctx, SHA256_BLOCK_SIZE) ? 0 : -1; } +#if defined(MBEDTLS_POP_TARGET_PRAGMA) +#pragma clang attribute pop +#undef MBEDTLS_POP_TARGET_PRAGMA +#endif + #endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */ diff --git a/library/sha512.c b/library/sha512.c index fec974a36..827c08f34 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -566,6 +566,11 @@ int mbedtls_internal_sha512_process_a64_crypto(mbedtls_sha512_context *ctx, SHA512_BLOCK_SIZE) ? 0 : -1; } +#if defined(MBEDTLS_POP_TARGET_PRAGMA) +#pragma clang attribute pop +#undef MBEDTLS_POP_TARGET_PRAGMA +#endif + #endif /* MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY */ From 2f2c04956dead5d508a4b9af808a1e6892dd225b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 16 Feb 2023 14:24:46 +0800 Subject: [PATCH 140/440] Add GCC options pop Reduce the scope of target pragma to meet behavior of clang. Signed-off-by: Jerry Yu --- library/sha256.c | 6 ++++++ library/sha512.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/library/sha256.c b/library/sha256.c index 49a233d63..81c011b33 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -57,7 +57,9 @@ # if __GNUC__ < 6 /* TODO: check sha256 compatible for GCC */ # error "A more recent GCC is required for MBEDTLS_SHA256_USE_A64_CRYPTO_*" # else +# pragma GCC push_options # pragma GCC target ("arch=armv8-a+crypto") +# define MBEDTLS_POP_TARGET_PRAGMA # endif # else # error "Only GCC and Clang supported for MBEDTLS_SHA256_USE_A64_CRYPTO_*" @@ -381,7 +383,11 @@ int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ctx, } #if defined(MBEDTLS_POP_TARGET_PRAGMA) +#if defined(__clang__) #pragma clang attribute pop +#elif defined(__GNUC__) +#pragma GCC pop_options +#endif #undef MBEDTLS_POP_TARGET_PRAGMA #endif diff --git a/library/sha512.c b/library/sha512.c index 827c08f34..df8c5a9c1 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -86,7 +86,9 @@ # if __GNUC__ < 8 # error "A more recent GCC is required for MBEDTLS_SHA512_USE_A64_CRYPTO_*" # else +# pragma GCC push_options # pragma GCC target ("arch=armv8.2-a+sha3") +# define MBEDTLS_POP_TARGET_PRAGMA # endif # else # error "Only GCC and Clang supported for MBEDTLS_SHA512_USE_A64_CRYPTO_*" @@ -567,7 +569,11 @@ int mbedtls_internal_sha512_process_a64_crypto(mbedtls_sha512_context *ctx, } #if defined(MBEDTLS_POP_TARGET_PRAGMA) +#if defined(__clang__) #pragma clang attribute pop +#elif defined(__GNUC__) +#pragma GCC pop_options +#endif #undef MBEDTLS_POP_TARGET_PRAGMA #endif From 8ae6a0193c04fa76759791c31d43f36313e43ce0 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 16 Feb 2023 15:16:20 +0800 Subject: [PATCH 141/440] Add comments about gcc-5 Signed-off-by: Jerry Yu --- library/sha256.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/sha256.c b/library/sha256.c index 81c011b33..bf9af6b5a 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -54,7 +54,10 @@ # pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) # define MBEDTLS_POP_TARGET_PRAGMA # elif defined(__GNUC__) -# if __GNUC__ < 6 /* TODO: check sha256 compatible for GCC */ + /* FIXME: GCC-5 annouce crypto extension, but some intrinsic are missed. + * Known miss intrinsic can be workaround. + */ +# if __GNUC__ < 6 # error "A more recent GCC is required for MBEDTLS_SHA256_USE_A64_CRYPTO_*" # else # pragma GCC push_options From 383cbf42a03f4aebf8184f3e340db5bb05748e0f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 16 Feb 2023 15:16:43 +0800 Subject: [PATCH 142/440] Add minimum version of sha256 for clang Signed-off-by: Jerry Yu --- library/sha256.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/sha256.c b/library/sha256.c index bf9af6b5a..d5be7aa19 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -40,7 +40,9 @@ /* *INDENT-OFF* */ # if !defined(__ARM_FEATURE_CRYPTO) # if defined(__clang__) -# if __clang_major__ < 18 +# if __clang_major__ < 4 +# error "A more recent Clang is required for MBEDTLS_SHA256_USE_A64_CRYPTO_*" +# elif __clang_major__ < 18 /* TODO: Re-consider above after https://reviews.llvm.org/D131064 * merged. * From 2c8e144ef6796cb0a7b20b89bae6a9d415a4204a Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 16 Feb 2023 10:25:08 +0100 Subject: [PATCH 143/440] Fix tests for 32bit Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/ecp.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index d436d0a35..6370d258a 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -81,7 +81,7 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon, """Test cases for ecp quasi_reduction().""" test_function = "ecp_mod_p521_raw" test_name = "ecp_mod_p521_raw" - input_style = "fixed" + input_style = "arch_split" arity = 1 moduli = [("01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" From a135deeece11aa23ce2002336c87a64405d6ef58 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 16 Feb 2023 16:56:22 +0800 Subject: [PATCH 144/440] Move clang bug workaround to the head of file Signed-off-by: Jerry Yu --- library/sha256.c | 34 +++++++++++++++++++++++----------- library/sha512.c | 37 ++++++++++++++++++++++++++----------- 2 files changed, 49 insertions(+), 22 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index d5be7aa19..c167dbe1a 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -22,8 +22,31 @@ * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ +#if defined(__aarch64__) && !defined(__ARM_FEATURE_CRYPTO) && \ + defined(__clang__) && __clang_major__ < 18 && __clang_major__ > 3 +/* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged. + * + * The intrinsic declaration are guarded with ACLE predefined macros in clang, + * and those macros are only enabled with command line. Define the macros can + * enable those declaration and avoid compile error on it. + */ +#define __ARM_FEATURE_CRYPTO 1 +#pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) +#define MBEDTLS_POP_TARGET_PRAGMA +#endif /* __aarch64__ && __clang__ && + !__ARM_FEATURE_CRYPTO && __clang_major__ < 18 && __clang_major__ > 3 */ + #include "common.h" +#if defined(MBEDTLS_POP_TARGET_PRAGMA) && \ + !(defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \ + defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)) +#if defined(__clang__) +#pragma clang attribute pop +#endif +#undef MBEDTLS_POP_TARGET_PRAGMA +#endif + #if defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA224_C) #include "mbedtls/sha256.h" @@ -42,16 +65,6 @@ # if defined(__clang__) # if __clang_major__ < 4 # error "A more recent Clang is required for MBEDTLS_SHA256_USE_A64_CRYPTO_*" -# elif __clang_major__ < 18 - /* TODO: Re-consider above after https://reviews.llvm.org/D131064 - * merged. - * - * The intrinsic declaration are guarded with ACLE predefined macros - * in clang, and those macros are only enabled with command line. - * Define the macros can enable those declaration and avoid compile - * error on it. - */ -# define __ARM_FEATURE_CRYPTO 1 # endif # pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) # define MBEDTLS_POP_TARGET_PRAGMA @@ -398,7 +411,6 @@ int mbedtls_internal_sha256_process_a64_crypto(mbedtls_sha256_context *ctx, #endif /* MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT || MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY */ - #if !defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) #define mbedtls_internal_sha256_process_many_c mbedtls_internal_sha256_process_many #define mbedtls_internal_sha256_process_c mbedtls_internal_sha256_process diff --git a/library/sha512.c b/library/sha512.c index df8c5a9c1..d0e6d47df 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -22,8 +22,34 @@ * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ +#if defined(__aarch64__) && !defined(__ARM_FEATURE_SHA512) && \ + defined(__clang__) && __clang_major__ < 18 && \ + __clang_major__ >= 13 && __clang_minor__ > 0 && __clang_patchlevel__ > 0 +/* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged. + * + * The intrinsic declaration are guarded with ACLE predefined macros in clang, + * and those macros are only enabled with command line. Define the macros can + * enable those declaration and avoid compile error on it. + */ +#define __ARM_FEATURE_SHA512 1 +#pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) +#define MBEDTLS_POP_TARGET_PRAGMA +#endif /* __aarch64__ && __clang__ && + !__ARM_FEATURE_SHA512 && __clang_major__ < 18 && + __clang_major__ >= 13 && __clang_minor__ > 0 && + __clang_patchlevel__ > 0 */ + #include "common.h" +#if defined(MBEDTLS_POP_TARGET_PRAGMA) && \ + !(defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \ + defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)) +#if defined(__clang__) +#pragma clang attribute pop +#endif +#undef MBEDTLS_POP_TARGET_PRAGMA +#endif + #if defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA384_C) #include "mbedtls/sha512.h" @@ -68,17 +94,6 @@ __clang_patchlevel__ == 0) /* We implement the intrinsics with inline assembler, so don't error */ # else -# if __clang_major__ < 18 - /* TODO: Re-consider above after https://reviews.llvm.org/D131064 - * merged. - * - * The intrinsic declaration are guarded with ACLE predefined macros - * in clang, and those macros are only enabled with command line. - * Define the macros can enable those declaration and avoid compile - * error on it. - */ -# define __ARM_FEATURE_SHA512 1 -# endif # pragma clang attribute push (__attribute__((target("sha3"))), apply_to=function) # define MBEDTLS_POP_TARGET_PRAGMA # endif From f7dccb303b0472ecc7a8071ec166b48fa70b2a39 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 16 Feb 2023 17:37:58 +0800 Subject: [PATCH 145/440] Remove limitation for sha256/512 arm64 accelerator Signed-off-by: Jerry Yu --- include/mbedtls/mbedtls_config.h | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 9ae51c964..244dcca53 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3087,9 +3087,6 @@ * \note If MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT is defined when building * for a non-Aarch64 build it will be silently ignored. * - * \note The code uses Neon intrinsics, so \c CFLAGS must be set to a minimum - * of \c -march=armv8-a+crypto. - * * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the * same time as MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. * @@ -3112,9 +3109,6 @@ * \note This allows builds with a smaller code size than with * MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT * - * \note The code uses Neon intrinsics, so \c CFLAGS must be set to a minimum - * of \c -march=armv8-a+crypto. - * * \warning MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY cannot be defined at the same * time as MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT. * @@ -3169,9 +3163,7 @@ * for a non-Aarch64 build it will be silently ignored. * * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or - * Clang >= 7, and \c CFLAGS must be set to a minimum of - * \c -march=armv8.2-a+sha3. An optimisation level of \c -O3 generates the - * fastest code. + * Clang >= 7. * * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT cannot be defined at the * same time as MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. @@ -3196,9 +3188,7 @@ * MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT * * \note The code uses the SHA-512 Neon intrinsics, so requires GCC >= 8 or - * Clang >= 7, and \c CFLAGS must be set to a minimum of - * \c -march=armv8.2-a+sha3. An optimisation level of \c -O3 generates the - * fastest code. + * Clang >= 7. * * \warning MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY cannot be defined at the same * time as MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT. From 93d9ca83ea6e91c7d24c8da980af832448a4151a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Feb 2023 18:14:21 +0000 Subject: [PATCH 146/440] Move num_ops ECP abstraction fully into internal implementation Signed-off-by: Paul Elliott --- include/psa/crypto_builtin_composites.h | 8 +++++-- library/psa_crypto.c | 24 +++++++++++++++---- library/psa_crypto_core.h | 22 ++++++++--------- library/psa_crypto_driver_wrappers.h | 4 ++-- .../psa_crypto_driver_wrappers.c.jinja | 20 ++++------------ 5 files changed, 42 insertions(+), 36 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index b23199afc..9f23551eb 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -117,6 +117,8 @@ typedef struct { mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx); mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx); + uint32_t MBEDTLS_PRIVATE(num_ops); + size_t MBEDTLS_PRIVATE(coordinate_bytes); psa_algorithm_t MBEDTLS_PRIVATE(alg); mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg); @@ -135,7 +137,7 @@ typedef struct { #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) -#define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, 0 } +#define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, 0, 0 } #else #define MBEDTLS_PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 } #endif @@ -150,6 +152,8 @@ typedef struct { mbedtls_ecdsa_context *MBEDTLS_PRIVATE(ctx); mbedtls_ecdsa_restart_ctx MBEDTLS_PRIVATE(restart_ctx); + uint32_t MBEDTLS_PRIVATE(num_ops); + uint8_t MBEDTLS_PRIVATE(hash)[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)]; size_t MBEDTLS_PRIVATE(hash_length); @@ -169,7 +173,7 @@ typedef struct { #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) -#define MBEDTLS_VERIFY_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, { 0 }, \ +#define MBEDTLS_VERIFY_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { { 0 }, { 0 }, 0, 0, 0, 0, { 0 }, \ { 0 } } #else #define MBEDTLS_VERIFY_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 } diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2c6f108a1..39da74b48 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3487,13 +3487,16 @@ uint32_t mbedtls_psa_interruptible_get_max_ops(void) } uint32_t mbedtls_psa_sign_hash_get_num_ops( - const mbedtls_psa_sign_hash_interruptible_operation_t *operation) + mbedtls_psa_sign_hash_interruptible_operation_t *operation) { #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) - return operation->restart_ctx.ecp.ops_done; + /* Hide the fact that the restart context only holds a delta of number of + * ops done during the last operation, not an absolute value. */ + operation->num_ops += operation->restart_ctx.ecp.ops_done; + return operation->num_ops; #else (void) operation; return 0; @@ -3503,13 +3506,16 @@ uint32_t mbedtls_psa_sign_hash_get_num_ops( } uint32_t mbedtls_psa_verify_hash_get_num_ops( - const mbedtls_psa_verify_hash_interruptible_operation_t *operation) + mbedtls_psa_verify_hash_interruptible_operation_t *operation) { #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) - return operation->restart_ctx.ecp.ops_done; + /* Hide the fact that the restart context only holds a delta of number of + * ops done during the last operation, not an absolute value. */ + operation->num_ops += operation->restart_ctx.ecp.ops_done; + return operation->num_ops; #else (void) operation; return 0; @@ -3541,6 +3547,9 @@ psa_status_t mbedtls_psa_sign_hash_start( mbedtls_ecdsa_restart_init(&operation->restart_ctx); + /* Ensure num_ops is zero'ed in case of context re-use. */ + operation->num_ops = 0; + /* Ensure default is set even if * mbedtls_psa_interruptible_set_max_ops() has not been called. */ mbedtls_psa_interruptible_set_max_ops( @@ -3706,6 +3715,8 @@ psa_status_t mbedtls_psa_sign_hash_abort( mbedtls_ecdsa_restart_free(&operation->restart_ctx); + operation->num_ops = 0; + return PSA_SUCCESS; #else @@ -3747,6 +3758,9 @@ psa_status_t mbedtls_psa_verify_hash_start( mbedtls_mpi_init(&operation->r); mbedtls_mpi_init(&operation->s); + /* Ensure num_ops is zero'ed in case of context re-use. */ + operation->num_ops = 0; + /* Ensure default is set even if * mbedtls_psa_interruptible_set_max_ops() has not been called. */ mbedtls_psa_interruptible_set_max_ops( @@ -3864,6 +3878,8 @@ psa_status_t mbedtls_psa_verify_hash_abort( mbedtls_ecdsa_restart_free(&operation->restart_ctx); + operation->num_ops = 0; + mbedtls_mpi_free(&operation->r); mbedtls_mpi_free(&operation->s); diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 5648321b2..0ef0131fa 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -643,12 +643,11 @@ uint32_t mbedtls_psa_interruptible_get_max_ops(void); * zero. * * \note The signature of this function is that of a PSA driver - * sign_get_num_ops entry point, however it differs in behaviour from the - * driver function in that this function returns a delta of work done in - * the last call rather than all of the ops done ever by the whole - * operation, due to internal implementation differences. + * sign_hash_get_num_ops entry point. This function behaves as an + * sign_hash_get_num_ops entry point as defined in the PSA driver + * interface specification for transparent drivers. * - * \param[in] operation The \c + * \param operation The \c * mbedtls_psa_sign_hash_interruptible_operation_t * to use. This must be initialized first. * @@ -657,7 +656,7 @@ uint32_t mbedtls_psa_interruptible_get_max_ops(void); * mbedtls_psa_sign_hash_complete(). */ uint32_t mbedtls_psa_sign_hash_get_num_ops( - const mbedtls_psa_sign_hash_interruptible_operation_t *operation); + mbedtls_psa_sign_hash_interruptible_operation_t *operation); /** * \brief Get the number of ops that a hash verification operation has taken for @@ -665,12 +664,11 @@ uint32_t mbedtls_psa_sign_hash_get_num_ops( * return zero. * * \note The signature of this function is that of a PSA driver - * verify_get_num_ops entry point however it differs in behaviour from the - * driver function in that this function returns a delta of work done in - * the last call rather than all of the ops done ever by the whole - * operation, due to internal implementation differences. + * verify_hash_get_num_ops entry point. This function behaves as an + * verify_hash_get_num_ops entry point as defined in the PSA driver + * interface specification for transparent drivers. * - * \param[in] operation The \c + * \param operation The \c * mbedtls_psa_verify_hash_interruptible_operation_t * to use. This must be initialized first. * @@ -679,7 +677,7 @@ uint32_t mbedtls_psa_sign_hash_get_num_ops( * mbedtls_psa_verify_hash_complete(). */ uint32_t mbedtls_psa_verify_hash_get_num_ops( - const mbedtls_psa_verify_hash_interruptible_operation_t *operation); + mbedtls_psa_verify_hash_interruptible_operation_t *operation); /** * \brief Start signing a hash or short message with a private key, in an diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 26df08835..e3edec791 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -75,10 +75,10 @@ void psa_driver_wrapper_interruptible_set_max_ops(uint32_t max_ops); uint32_t psa_driver_wrapper_interruptible_get_max_ops(void); uint32_t psa_driver_wrapper_sign_hash_get_num_ops( - const psa_sign_hash_interruptible_operation_t *operation); + psa_sign_hash_interruptible_operation_t *operation); uint32_t psa_driver_wrapper_verify_hash_get_num_ops( - const psa_verify_hash_interruptible_operation_t *operation); + psa_verify_hash_interruptible_operation_t *operation); psa_status_t psa_driver_wrapper_sign_hash_start( psa_sign_hash_interruptible_operation_t *operation, diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index a8a8991a2..b35e726a0 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -452,7 +452,7 @@ uint32_t psa_driver_wrapper_interruptible_get_max_ops( void ) } uint32_t psa_driver_wrapper_sign_hash_get_num_ops( - const psa_sign_hash_interruptible_operation_t *operation ) + psa_sign_hash_interruptible_operation_t *operation ) { switch( operation->id ) { @@ -461,13 +461,7 @@ uint32_t psa_driver_wrapper_sign_hash_get_num_ops( return 0; case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - /* Internal implementation returns a delta of ops completed in the - * last call to complete(), so need to add in ops already completed - * before this.*/ - return( operation->num_ops + - mbedtls_psa_sign_hash_get_num_ops( - &operation->ctx.mbedtls_ctx ) - ); + return(mbedtls_psa_sign_hash_get_num_ops(&operation->ctx.mbedtls_ctx)); #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -481,7 +475,7 @@ uint32_t psa_driver_wrapper_sign_hash_get_num_ops( } uint32_t psa_driver_wrapper_verify_hash_get_num_ops( - const psa_verify_hash_interruptible_operation_t *operation ) + psa_verify_hash_interruptible_operation_t *operation ) { switch( operation->id ) { @@ -490,13 +484,7 @@ uint32_t psa_driver_wrapper_verify_hash_get_num_ops( return 0; case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - /* Internal implementation returns a delta of ops completed in the - * last call to complete(), so need to add in ops already completed - * before this.*/ - return ( operation->num_ops + - mbedtls_psa_verify_hash_get_num_ops( - &operation->ctx.mbedtls_ctx ) - ); + return (mbedtls_psa_verify_hash_get_num_ops(&operation->ctx.mbedtls_ctx)); #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) From ba70ad49446e3e814cb3dc0413b3956ade0e3265 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Feb 2023 18:23:53 +0000 Subject: [PATCH 147/440] Add safety for keys larger than we currently support. Prevent buffer overflow with keys whos grp.nbits is greater than PSA_VENDOR_ECC_MAX_CURVE_BITS. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 39da74b48..36d48ad8f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3577,6 +3577,11 @@ psa_status_t mbedtls_psa_sign_hash_start( required_hash_length = (hash_length < operation->coordinate_bytes ? hash_length : operation->coordinate_bytes); + if (required_hash_length > sizeof(operation->hash)) { + /* Shouldn't happen, but better safe than sorry. */ + return PSA_ERROR_CORRUPTION_DETECTED; + } + memcpy(operation->hash, hash, required_hash_length); operation->hash_length = required_hash_length; @@ -3812,6 +3817,11 @@ psa_status_t mbedtls_psa_verify_hash_start( required_hash_length = (hash_length < coordinate_bytes ? hash_length : coordinate_bytes); + if (required_hash_length > sizeof(operation->hash)) { + /* Shouldn't happen, but better safe than sorry. */ + return PSA_ERROR_CORRUPTION_DETECTED; + } + memcpy(operation->hash, hash, required_hash_length); operation->hash_length = required_hash_length; From f1743e2440e7f5e3b702195aeaf846e2cec5e33b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Feb 2023 18:44:16 +0000 Subject: [PATCH 148/440] Add verify call to max ops tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 31 ++++++++++++++++++--- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index fd355de9a..5379eafd1 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7484,8 +7484,13 @@ void interruptible_signverify_hash_maxops_tests(int key_type_arg, psa_key_type_t key_type = key_type_arg; psa_algorithm_t alg = alg_arg; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + size_t key_bits; + unsigned char *signature = NULL; + size_t signature_size; psa_sign_hash_interruptible_operation_t sign_operation = psa_sign_hash_interruptible_operation_init(); + psa_verify_hash_interruptible_operation_t verify_operation = + psa_verify_hash_interruptible_operation_init(); PSA_ASSERT(psa_crypto_init()); @@ -7494,8 +7499,17 @@ void interruptible_signverify_hash_maxops_tests(int key_type_arg, psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); - PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, - &key)); + PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len, &key)); + PSA_ASSERT(psa_get_key_attributes(key, &attributes)); + key_bits = psa_get_key_bits(&attributes); + + /* Allocate a buffer which has the size advertised by the + * library. */ + signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg); + + TEST_ASSERT(signature_size != 0); + TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); + ASSERT_ALLOC(signature, signature_size); /* Check that default max ops gets set if we don't set it. */ PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, @@ -7506,12 +7520,20 @@ void interruptible_signverify_hash_maxops_tests(int key_type_arg, PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_size)); + + TEST_EQUAL(psa_interruptible_get_max_ops(), + PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + /* Check that max ops gets set properly. */ psa_interruptible_set_max_ops(0xbeef); - TEST_EQUAL(psa_interruptible_get_max_ops(), - 0xbeef); + TEST_EQUAL(psa_interruptible_get_max_ops(), 0xbeef); exit: /* @@ -7521,6 +7543,7 @@ exit: psa_reset_key_attributes(&attributes); psa_destroy_key(key); + mbedtls_free(signature); PSA_DONE(); } /* END_CASE */ From 21c395113983e621dd92a56b35e30d1daca4f33f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Feb 2023 19:47:39 +0000 Subject: [PATCH 149/440] Add reference to mbedtls_ecp_set_max_ops() to docs Signed-off-by: Paul Elliott --- include/psa/crypto.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index d371e1a1c..80bf5c969 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4165,6 +4165,12 @@ typedef struct psa_verify_hash_interruptible_operation_s psa_verify_hash_interru * or equals as regards to ops executed in a * single call is implementation defined. * + * \note For keys in local storage when no accelerator + * driver applies, please see also the + * documentation for \c mbedtls_ecp_set_max_ops(), + * which is the internal implementation in these + * cases. + * * \warning With implementations that interpret this number * as a hard limit, setting this number too small * may result in an infinite loop, whereby each From 5686533ba23aee02e21861e598e0b9119894f840 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Feb 2023 22:57:44 +0000 Subject: [PATCH 150/440] Add warning to mbedtls_ecp_set_max_ops() Using PSA interruptible interfaces will cause previously set values to be overwritten. Signed-off-by: Paul Elliott --- include/mbedtls/ecp.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 7a28a1957..1590ef21e 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -472,6 +472,12 @@ mbedtls_ecp_keypair; * only enabled for specific sides and key exchanges * (currently only for clients and ECDHE-ECDSA). * + * \warning Using the PSA interruptible interfaces with keys in local + * storage and no accelerator driver will also call this + * function to set the values specified via those interfaces, + * overwriting values previously set. Care should be taken if + * mixing these two interfaces. + * * \param max_ops Maximum number of basic operations done in a row. * Default: 0 (unlimited). * Lower (non-zero) values mean ECC functions will block for From 96b89b208a7f42d9b02c29b8be57925af4aba9a5 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Feb 2023 23:10:37 +0000 Subject: [PATCH 151/440] Add comment to indicate non-PSA spec assertion. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 5379eafd1..c79217fbe 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6539,6 +6539,10 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) { num_ops = psa_sign_hash_get_num_ops(&operation); + /* We are asserting here that every complete makes progress + * (completes some ops), which is true of the internal + * implementation and probably any implementation, however this is + * not mandated by the PSA specification. */ TEST_ASSERT(num_ops > num_ops_prior); num_ops_prior = num_ops; @@ -6694,6 +6698,10 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, if (actual_status == PSA_SUCCESS || actual_status == PSA_OPERATION_INCOMPLETE) { num_ops = psa_sign_hash_get_num_ops(&operation); + /* We are asserting here that every complete makes progress + * (completes some ops), which is true of the internal + * implementation and probably any implementation, however this is + * not mandated by the PSA specification. */ TEST_ASSERT(num_ops > num_ops_prior); num_ops_prior = num_ops; @@ -7022,6 +7030,10 @@ void verify_hash_interruptible(int key_type_arg, data_t *key_data, if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) { num_ops = psa_verify_hash_get_num_ops(&operation); + /* We are asserting here that every complete makes progress + * (completes some ops), which is true of the internal + * implementation and probably any implementation, however this is + * not mandated by the PSA specification. */ TEST_ASSERT(num_ops > num_ops_prior); num_ops_prior = num_ops; @@ -7151,6 +7163,10 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, if (actual_status == PSA_SUCCESS || actual_status == PSA_OPERATION_INCOMPLETE) { num_ops = psa_verify_hash_get_num_ops(&operation); + /* We are asserting here that every complete makes progress + * (completes some ops), which is true of the internal + * implementation and probably any implementation, however this is + * not mandated by the PSA specification. */ TEST_ASSERT(num_ops > num_ops_prior); num_ops_prior = num_ops; From 0af1b5367b362d3c33eb540ed3a58cfdb7ab742d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Feb 2023 23:25:54 +0000 Subject: [PATCH 152/440] Remove some abbrevations from test descriptions. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 74 ++++++++++++------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 9511d1f5c..697cdd7b7 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4145,19 +4145,19 @@ PSA sign hash: deterministic ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f" -PSA sgn hash int (ops=inf): det ECDSA SECP256R1 SHA-256 +PSA sign hash int (ops=inf): det ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn hash int (ops=min): det ECDSA SECP256R1 SHA-256 +PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":1 -PSA sgn hash int (ops=inf) det ECDSA SECP256R1 SHA-384 +PSA sign hash int (ops=inf) det ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn hash int (ops=min): det ECDSA SECP256R1 SHA-384 +PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":1 @@ -4233,47 +4233,47 @@ PSA sign hash: deterministic ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED -PSA Sgn hash int (ops=inf): det ECDSA SECP256R1 SHA-256, out buf too small +PSA sign hash int (ops=inf): det ECDSA SECP256R1 SHA-256, out buf too small depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn hash int (ops=min): det ECDSA SECP256R1 SHA-256, out buf too small +PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-256, out buf too small depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:1 -PSA sgn hash int(ops=inf): deterministic ECDSA SECP256R1 SHA-256, empty output buffer +PSA sign hash int (ops=inf): det ECDSA SECP256R1 SHA-256, empty out buf depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn hash int (ops=min): det ECDSA SECP256R1 SHA-256, empty out buf +PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-256, empty out buf depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:1 -PSA sgn hash int (ops=inf): det ECDSA SECP256R1, invld hash alg (0) +PSA sign hash int (ops=inf): det ECDSA SECP256R1, invld hash alg (0) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn hash int (ops=min): det ECDSA SECP256R1, invld hash alg (0) +PSA sign hash int (ops=min): det ECDSA SECP256R1, invld hash alg (0) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:1 -PSA sgn hash int: det ECDSA SECP256R1, invld hash alg (wildcard) +PSA sign hash int: det ECDSA SECP256R1, invld hash alg (wildcard) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn hash int: invld alg for ECC key +PSA sign hash int: invld alg for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn hash int: ECDSA not supported +PSA sign hash int: ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn hash int (ops=inf): det ECDSA not supported +PSA sign hash int (ops=inf): det ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn hash int (ops=min): det ECDSA not supported +PSA sign hash int (ops=min): det ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:1 @@ -4317,51 +4317,51 @@ PSA sign/verify hash: deterministic ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" -PSA sgn/vrfy hash int (ops=inf): randomized ECDSA SECP256R1 SHA-256 +PSA sign/vrfy hash int (ops=inf): rand ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn/vrfy hash int (ops=min): randomized ECDSA SECP256R1 SHA-256 +PSA sign/vrfy hash int (ops=min): rand ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 -PSA sgn/vrfy hash int (ops=inf): det ECDSA SECP256R1 SHA-256 +PSA sign/vrfy hash int (ops=inf): det ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn/vrfy hash int (ops=min): det ECDSA SECP256R1 SHA-256 +PSA sign/vrfy hash int (ops=min): det ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 -PSA sgn/vrfy hash int (ops=inf): randomized ECDSA SECP256R1 SHA-384 +PSA sign/vrfy hash int (ops=inf): rand ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn/vrfy hash int (ops=min): randomized ECDSA SECP256R1 SHA-384 +PSA sign/vrfy hash int (ops=min): rand ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":1 -PSA sgn/vrfy hash int (ops=inf): det ECDSA SECP256R1 SHA-384 +PSA sign/vrfy hash int (ops=inf): det ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn/vrfy hash int (ops=min): det ECDSA SECP256R1 SHA-384 +PSA sign/vrfy hash int (ops=min): det ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":1 -PSA sgn/vrfy hash int (ops=inf): randomized ECDSA SECP384R1 SHA-256 +PSA sign/vrfy hash int (ops=inf): rand ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn/vrfy hash int (ops=min): randomized ECDSA SECP384R1 SHA-256 +PSA sign/vrfy hash int (ops=min): rand ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 -PSA sgn/vrfy hash int (ops=inf): det ECDSA SECP384R1 SHA-256 +PSA sign/vrfy hash int (ops=inf): det ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn/vrfy hash int (ops=min): det ECDSA SECP384R1 SHA-256 +PSA sign/vrfy hash int (ops=min): det ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 @@ -4521,31 +4521,31 @@ PSA verify hash: invalid algorithm for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT -PSA vrfy hash int: ECDSA SECP256R1, wrng sig size (correct but ASN1-encoded) +PSA vrfy hash int: ECDSA SECP256R1, wrong sig size (correct but ASN1-encoded) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA vrfy hash int (ops=inf): ECDSA SECP256R1, wrng sig of correct size +PSA vrfy hash int (ops=inf): ECDSA SECP256R1, wrong sig of correct size depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA vrfy hash int (ops=min): ECDSA SECP256R1, wrng sig of correct size +PSA vrfy hash int (ops=min): ECDSA SECP256R1, wrong sig of correct size depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:1 -PSA vrfy hash int: ECDSA SECP256R1, wrng sig (empty) +PSA vrfy hash int: ECDSA SECP256R1, wrong sig (empty) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA vrfy hash int: ECDSA SECP256R1, wrng sig (truncated) +PSA vrfy hash int: ECDSA SECP256R1, wrong sig (truncated) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA vrfy hash int: ECDSA SECP256R1, wrng sig (trailing junk) +PSA vrfy hash int: ECDSA SECP256R1, wrong sig (trailing junk) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA vrfy hash int: ECDSA SECP256R1, wrng sig (leading junk) +PSA vrfy hash int: ECDSA SECP256R1, wrong sig (leading junk) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED @@ -4553,15 +4553,15 @@ PSA vrfy hash int: invld alg for ECC key depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED -PSA sgn/vrfy hash int state test: randomized ECDSA SECP256R1 SHA-256 +PSA sign/vrfy hash int state test: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 interruptible_signverify_hash_state_test:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" -PSA sgn/vrfy hash int neg tests: randomized ECDSA SECP256R1 SHA-256 +PSA sign/vrfy hash int neg tests: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 interruptible_signverify_hash_negative_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" -PSA sgn/vrfy hash int max ops tests: randomized ECDSA SECP256R1 SHA-256 +PSA sign/vrfy hash int max ops tests: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 interruptible_signverify_hash_maxops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" From c5874db5b079d491316b298724eff0702d10398c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 16 Feb 2023 16:14:46 +0000 Subject: [PATCH 153/440] Add test-case for signature over zero-length data Signed-off-by: Dave Rodgman --- tests/data_files/Makefile | 9 +++++++++ tests/data_files/pkcs7_zerolendata.bin | 0 tests/data_files/pkcs7_zerolendata_detached.der | Bin 0 -> 435 bytes tests/suites/test_suite_pkcs7.data | 4 ++++ tests/suites/test_suite_pkcs7.function | 3 ++- 5 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 tests/data_files/pkcs7_zerolendata.bin create mode 100644 tests/data_files/pkcs7_zerolendata_detached.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 070f538fe..6680bf944 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1205,6 +1205,10 @@ $(pkcs7_test_file): echo -e "Hello\xd" > $@ all_final += $(pkcs7_test_file) +pkcs7_zerolendata.bin: + printf '' > $@ +all_final += pkcs7_zerolendata.bin + pkcs7_data_1.bin: echo -e "2\xd" > $@ all_final += pkcs7_data_1.bin @@ -1238,6 +1242,11 @@ pkcs7-rsa-sha256-2.der: $(pkcs7_test_cert_2) $(OPENSSL) x509 -in pkcs7-rsa-sha256-2.crt -out $@ -outform DER all_final += pkcs7-rsa-sha256-2.der +# pkcs7 signature file over zero-len data +pkcs7_zerolendata_detached.der: pkcs7_zerolendata.bin pkcs7-rsa-sha256-1.key pkcs7-rsa-sha256-1.crt + $(OPENSSL) smime -sign -md sha256 -nocerts -noattr -in pkcs7_zerolendata.bin -inkey pkcs7-rsa-sha256-1.key -outform DER -binary -signer pkcs7-rsa-sha256-1.crt -out pkcs7_zerolendata_detached.der +all_final += pkcs7_zerolendata_detached.der + # pkcs7 signature file with CERT pkcs7_data_cert_signed_sha256.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@ diff --git a/tests/data_files/pkcs7_zerolendata.bin b/tests/data_files/pkcs7_zerolendata.bin new file mode 100644 index 000000000..e69de29bb diff --git a/tests/data_files/pkcs7_zerolendata_detached.der b/tests/data_files/pkcs7_zerolendata_detached.der new file mode 100644 index 0000000000000000000000000000000000000000..2a389ab484991c53322dc87f998c23666c7f40d8 GIT binary patch literal 435 zcmXqLVqDM0snzDu_MMlJooPW6;{t;w#yL!kjE4LMylk8aZ61uN%q&cdtPBR+2!)J> zO^oG0g~dRH20jKRhTI06Y|No7Y{E=_K8Ab-JRlAi4{Lz8bFjIgsDUtu&&B(8VOS!kJ#%#A}``N(1;c{&~>lHDkH?uEo%Mn-I)RcHtyiZfMa^p+ZsUNpi zPgR!4Nqe^XP|J(iZ9iYV4VC)5eD}1>LYA_Ut0%UoTPg6KocZ~>nDc7CFrFCCvQ4f5 z&!6=E=2F~OeeSW~iYJ$z8m>7r$$s(fnJ=H)XRc*m#@BnKV2R)M=?|hk7C)IVU>KY#=_d1=v@T Date: Thu, 16 Feb 2023 16:23:09 +0000 Subject: [PATCH 154/440] Adjust position of empty line Signed-off-by: Dave Rodgman --- library/pkcs7.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkcs7.c b/library/pkcs7.c index 60d117528..ba43f4971 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -684,8 +684,8 @@ static int mbedtls_pkcs7_data_or_hash_verify(mbedtls_pkcs7 *pkcs7, if (hash == NULL) { return MBEDTLS_ERR_PKCS7_ALLOC_FAILED; } - /* BEGIN must free hash before jumping out */ + /* BEGIN must free hash before jumping out */ if (is_data_hash) { if (datalen != mbedtls_md_get_size(md_info)) { ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; From d652dce9eacad8eba19b0f54abbcfd6cb8a5a64e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 16 Feb 2023 16:39:34 +0000 Subject: [PATCH 155/440] Add failing test case (invalid signature) for zero-length data Signed-off-by: Dave Rodgman --- tests/suites/test_suite_pkcs7.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index 70233ded7..9948537aa 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -42,6 +42,10 @@ PKCS7 Signed Data Verification Pass zero-len data depends_on:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C pkcs7_verify:"data_files/pkcs7_zerolendata_detached.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_zerolendata.bin":0:0 +PKCS7 Signed Data Verification Fail zero-len data +depends_on:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C +pkcs7_verify:"data_files/pkcs7_zerolendata_detached.der":"data_files/pkcs7-rsa-sha256-2.der":"data_files/pkcs7_zerolendata.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED + PKCS7 Signed Data Verification Pass SHA256 #9 depends_on:MBEDTLS_SHA256_C pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-sha256-1.der":"data_files/pkcs7_data.bin":0:0 From ba2412fd21c95c350b1cbdf361ede2ce9df4fe8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 16 Feb 2023 18:44:46 +0100 Subject: [PATCH 156/440] Remove internal function md_process() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It was already marked as internal use only, and no longer used internally. Also, it won't work when we dispatch to PSA. Remove it before the MD_LIGHT split to avoid a corner case: it's technically a hashing function, no HMAC or extra metadata, but we still don't want it in MD_LIGHT really. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 4 --- library/md.c | 40 ----------------------------- tests/suites/test_suite_md.data | 4 +-- tests/suites/test_suite_md.function | 17 +++--------- 4 files changed, 6 insertions(+), 59 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 1a92c5761..bcf56a549 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -471,10 +471,6 @@ int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, const unsigned char *input, size_t ilen, unsigned char *output); -/* Internal use */ -MBEDTLS_CHECK_RETURN_TYPICAL -int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data); - #ifdef __cplusplus } #endif diff --git a/library/md.c b/library/md.c index a72987899..dd5553aa9 100644 --- a/library/md.c +++ b/library/md.c @@ -774,46 +774,6 @@ cleanup: return ret; } -int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data) -{ - if (ctx == NULL || ctx->md_info == NULL) { - return MBEDTLS_ERR_MD_BAD_INPUT_DATA; - } - - switch (ctx->md_info->type) { -#if defined(MBEDTLS_MD5_C) - case MBEDTLS_MD_MD5: - return mbedtls_internal_md5_process(ctx->md_ctx, data); -#endif -#if defined(MBEDTLS_RIPEMD160_C) - case MBEDTLS_MD_RIPEMD160: - return mbedtls_internal_ripemd160_process(ctx->md_ctx, data); -#endif -#if defined(MBEDTLS_SHA1_C) - case MBEDTLS_MD_SHA1: - return mbedtls_internal_sha1_process(ctx->md_ctx, data); -#endif -#if defined(MBEDTLS_SHA224_C) - case MBEDTLS_MD_SHA224: - return mbedtls_internal_sha256_process(ctx->md_ctx, data); -#endif -#if defined(MBEDTLS_SHA256_C) - case MBEDTLS_MD_SHA256: - return mbedtls_internal_sha256_process(ctx->md_ctx, data); -#endif -#if defined(MBEDTLS_SHA384_C) - case MBEDTLS_MD_SHA384: - return mbedtls_internal_sha512_process(ctx->md_ctx, data); -#endif -#if defined(MBEDTLS_SHA512_C) - case MBEDTLS_MD_SHA512: - return mbedtls_internal_sha512_process(ctx->md_ctx, data); -#endif - default: - return MBEDTLS_ERR_MD_BAD_INPUT_DATA; - } -} - unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) { if (md_info == NULL) { diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index 5659ff431..79b837619 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -1,6 +1,6 @@ # Tests of the generic message digest interface -MD process -mbedtls_md_process: +MD list +mbedtls_md_list: MD NULL/uninitialised arguments md_null_args: diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 2f60c4e99..ac3a8baf4 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -8,30 +8,24 @@ */ /* BEGIN_CASE */ -void mbedtls_md_process() +void mbedtls_md_list() { const int *md_type_ptr; const mbedtls_md_info_t *info; mbedtls_md_context_t ctx; - unsigned char buf[150]; + unsigned char out[MBEDTLS_MD_MAX_SIZE] = { 0 }; mbedtls_md_init(&ctx); - memset(buf, 0, sizeof(buf)); /* - * Very minimal testing of mbedtls_md_process, just make sure the various - * xxx_process_wrap() function pointers are valid. (Testing that they - * indeed do the right thing would require messing with the internal - * state of the underlying mbedtls_md/sha context.) - * - * Also tests that mbedtls_md_list() only returns valid MDs. + * Test that mbedtls_md_list() only returns valid MDs. */ for (md_type_ptr = mbedtls_md_list(); *md_type_ptr != 0; md_type_ptr++) { info = mbedtls_md_info_from_type(*md_type_ptr); TEST_ASSERT(info != NULL); TEST_EQUAL(0, mbedtls_md_setup(&ctx, info, 0)); TEST_EQUAL(0, mbedtls_md_starts(&ctx)); - TEST_EQUAL(0, mbedtls_md_process(&ctx, buf)); + TEST_EQUAL(0, mbedtls_md_finish(&ctx, out)); mbedtls_md_free(&ctx); } @@ -94,9 +88,6 @@ void md_null_args() TEST_EQUAL(mbedtls_md_hmac(NULL, buf, 1, buf, 1, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); - TEST_EQUAL(mbedtls_md_process(NULL, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); - TEST_EQUAL(mbedtls_md_process(&ctx, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); - /* Ok, this is not NULL arg but NULL return... */ TEST_ASSERT(mbedtls_md_info_from_type(MBEDTLS_MD_NONE) == NULL); TEST_ASSERT(mbedtls_md_info_from_string("no such md") == NULL); From ac70ad657650580e4b3dbc7425f52d4360cf863c Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 16 Feb 2023 19:31:21 +0100 Subject: [PATCH 157/440] Fix coding style Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 85d634ab0..1a027d6aa 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5216,7 +5216,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) mbedtls_mpi_uint carry = 0; if (X_limbs != 2 * P521_WIDTH || X[2 * P521_WIDTH - 1] != 0) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } /* Step 1: Reduction to P521_WIDTH limbs */ From b9b630d6286be77df901d0c9a0371180460bd2e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 16 Feb 2023 19:07:31 +0100 Subject: [PATCH 158/440] Define "light" subset of MD MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See docs/architecture/psa-migration/md-cipher-dispatch.md Regarding testing, the no_md component was never very useful, as that's not something people are likely to want to do: it was mostly useful as executable documentation of what depends on MD. It's going to be even less useful when more and more modules auto-enable MD_LIGHT or even MD_C. So, recycle it to test the build with only MD_LIGHT, which is something that might happen in practice, and is necessary to ensure that the division is consistent. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/build_info.h | 7 ++++++ include/mbedtls/mbedtls_config.h | 21 +++++++++++++++- include/mbedtls/md.h | 22 ++++++++++++++--- library/md.c | 16 +++++++++---- tests/scripts/all.sh | 20 ++++++++++------ tests/suites/test_suite_md.function | 37 +++++++++++++++++++++++------ 6 files changed, 101 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index bbfd5d48d..bc94acf10 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -80,6 +80,13 @@ #include MBEDTLS_USER_CONFIG_FILE #endif +/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C. + * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C. + */ +#if defined(MBEDTLS_MD_C) +#define MBEDTLS_MD_LIGHT +#endif + /* The PK wrappers need pk_write functions to format RSA key objects * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO, * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 9ae51c964..41a007ea9 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2643,7 +2643,7 @@ /** * \def MBEDTLS_MD_C * - * Enable the generic message digest layer. + * Enable the generic layer for message digest (hashing) and HMAC. * * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, @@ -2672,6 +2672,25 @@ */ #define MBEDTLS_MD_C +/** + * \def MBEDTLS_MD_LIGHT + * + * Enable the "light" subset of MBEDTLS_MD_C: just hashing and basic + * meta-data. + * + * This is automatically enabled whenever MBEDTLS_MD_C is enabled, but it is + * possible to enable this with MBEDTLS_MD_C if support for HMAC or extra + * metadata functions is not needed. + * + * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, + * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, + * MBEDTLS_SHA512_C. + * Module: library/md.c + * + * Uncomment to enabled the "light" subsect of MD. + */ +#define MBEDTLS_MD_LIGHT + /** * \def MBEDTLS_MD5_C * diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index bcf56a549..f9349e1d8 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -1,7 +1,15 @@ /** * \file md.h * - * \brief This file contains the generic message-digest wrapper. + * \brief This file contains the generic functions for message-digest + * (hashing) and HMAC. + * + * Availability of function in this modules is controled by two + * feature macros: + * - MBEDTLS_MD_C enables the whole module; + * - MBEDTLS_MD_LIGHT enables only functions for hashing an accessing + * some hash metadata; is it automatically set whenever MBEDTLS_MD_C + * is set. * * \author Adriaan de Jong */ @@ -107,6 +115,7 @@ typedef struct mbedtls_md_context_t { void *MBEDTLS_PRIVATE(hmac_ctx); } mbedtls_md_context_t; +#if defined(MBEDTLS_MD_C) /** * \brief This function returns the list of digests supported by the * generic digest module. @@ -130,6 +139,7 @@ const int *mbedtls_md_list(void); * \return NULL if the associated message-digest information is not found. */ const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name); +#endif /* MBEDTLS_MD_C */ /** * \brief This function returns the message-digest information @@ -142,6 +152,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name); */ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type); +#if defined(MBEDTLS_MD_C) /** * \brief This function returns the message-digest information * from the given context. @@ -154,6 +165,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type); */ const mbedtls_md_info_t *mbedtls_md_info_from_ctx( const mbedtls_md_context_t *ctx); +#endif /* MBEDTLS_MD_C */ /** * \brief This function initializes a message-digest context without @@ -248,6 +260,7 @@ unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info); */ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info); +#if defined(MBEDTLS_MD_C) /** * \brief This function extracts the message-digest name from the * message-digest information structure. @@ -258,6 +271,7 @@ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info); * \return The name of the message digest. */ const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info); +#endif /* MBEDTLS_MD_C */ /** * \brief This function starts a message-digest computation. @@ -337,7 +351,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output); -#if defined(MBEDTLS_FS_IO) +#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_MD_C) /** * \brief This function calculates the message-digest checksum * result of the contents of the provided file. @@ -358,8 +372,9 @@ int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, siz MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output); -#endif /* MBEDTLS_FS_IO */ +#endif /* MBEDTLS_FS_IO && MBEDTLS_MD_C */ +#if defined(MBEDTLS_MD_C) /** * \brief This function sets the HMAC key and prepares to * authenticate a new message. @@ -470,6 +485,7 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output); +#endif /* MBEDTLS_MD_C */ #ifdef __cplusplus } diff --git a/library/md.c b/library/md.c index dd5553aa9..8aecd39f0 100644 --- a/library/md.c +++ b/library/md.c @@ -23,7 +23,7 @@ #include "common.h" -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_MD_LIGHT) #include "mbedtls/md.h" #include "md_wrap.h" @@ -110,6 +110,7 @@ const mbedtls_md_info_t mbedtls_sha512_info = { /* * Reminder: update profiles in x509_crt.c when adding a new hash! */ +#if defined(MBEDTLS_MD_C) static const int supported_digests[] = { #if defined(MBEDTLS_SHA512_C) @@ -191,6 +192,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) #endif return NULL; } +#endif /* MBEDTLS_MD_C */ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) { @@ -228,6 +230,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) } } +#if defined(MBEDTLS_MD_C) const mbedtls_md_info_t *mbedtls_md_info_from_ctx( const mbedtls_md_context_t *ctx) { @@ -237,6 +240,7 @@ const mbedtls_md_info_t *mbedtls_md_info_from_ctx( return ctx->MBEDTLS_PRIVATE(md_info); } +#endif /* MBEDTLS_MD_C */ void mbedtls_md_init(mbedtls_md_context_t *ctx) { @@ -586,7 +590,7 @@ int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, siz } } -#if defined(MBEDTLS_FS_IO) +#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_MD_C) int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -635,8 +639,9 @@ cleanup: return ret; } -#endif /* MBEDTLS_FS_IO */ +#endif /* MBEDTLS_FS_IO && MBEDTLS_MD_C */ +#if defined(MBEDTLS_MD_C) int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -773,6 +778,7 @@ cleanup: return ret; } +#endif /* MBEDTLS_MD_C */ unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) { @@ -792,6 +798,7 @@ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) return md_info->type; } +#if defined(MBEDTLS_MD_C) const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) { if (md_info == NULL) { @@ -800,5 +807,6 @@ const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) return md_info->name; } - #endif /* MBEDTLS_MD_C */ + +#endif /* MBEDTLS_MD_LIGHT */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7d91fa27d..c4a8fe652 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1219,19 +1219,25 @@ component_test_psa_external_rng_no_drbg_use_psa () { tests/ssl-opt.sh -f 'Default\|opaque' } -component_test_crypto_full_no_md () { - msg "build: crypto_full minus MD" +component_test_crypto_full_md_light_only () { + msg "build: crypto_full with only the light subset of MD" scripts/config.py crypto_full + # Disable MD scripts/config.py unset MBEDTLS_MD_C - # Direct dependencies + # Disable direct dependencies of MD scripts/config.py unset MBEDTLS_HKDF_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_PKCS7_C - # Indirect dependencies - scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC - make + # Disable indirect dependencies of MD + scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG + # Enable "light" subset of MD + scripts/config.py set MBEDTLS_MD_LIGHT + make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - msg "test: crypto_full minus MD" + # Make sure we don't have the HMAC functions + not grep mbedtls_md_hmac library/md.o + + msg "test: crypto_full with only the light subset of MD" make test } diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index ac3a8baf4..1e8622be0 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -3,11 +3,11 @@ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_MD_C + * depends_on:MBEDTLS_MD_LIGHT * END_DEPENDENCIES */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_C */ void mbedtls_md_list() { const int *md_type_ptr; @@ -38,21 +38,27 @@ exit: void md_null_args() { mbedtls_md_context_t ctx; +#if defined(MBEDTLS_MD_C) const mbedtls_md_info_t *info = mbedtls_md_info_from_type(*(mbedtls_md_list())); +#endif unsigned char buf[1] = { 0 }; mbedtls_md_init(&ctx); TEST_EQUAL(0, mbedtls_md_get_size(NULL)); +#if defined(MBEDTLS_MD_C) TEST_EQUAL(mbedtls_md_get_type(NULL), MBEDTLS_MD_NONE); TEST_ASSERT(mbedtls_md_get_name(NULL) == NULL); TEST_ASSERT(mbedtls_md_info_from_string(NULL) == NULL); TEST_ASSERT(mbedtls_md_info_from_ctx(NULL) == NULL); TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx) == NULL); +#endif /* MBEDTLS_MD_C */ TEST_EQUAL(mbedtls_md_setup(&ctx, NULL, 0), MBEDTLS_ERR_MD_BAD_INPUT_DATA); +#if defined(MBEDTLS_MD_C) TEST_EQUAL(mbedtls_md_setup(NULL, info, 0), MBEDTLS_ERR_MD_BAD_INPUT_DATA); +#endif TEST_EQUAL(mbedtls_md_starts(NULL), MBEDTLS_ERR_MD_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_md_starts(&ctx), MBEDTLS_ERR_MD_BAD_INPUT_DATA); @@ -65,6 +71,7 @@ void md_null_args() TEST_EQUAL(mbedtls_md(NULL, buf, 1, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); +#if defined(MBEDTLS_MD_C) #if defined(MBEDTLS_FS_IO) TEST_EQUAL(mbedtls_md_file(NULL, "", buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); #endif @@ -87,10 +94,13 @@ void md_null_args() TEST_EQUAL(mbedtls_md_hmac(NULL, buf, 1, buf, 1, buf), MBEDTLS_ERR_MD_BAD_INPUT_DATA); +#endif /* MBEDTLS_MD_C */ /* Ok, this is not NULL arg but NULL return... */ TEST_ASSERT(mbedtls_md_info_from_type(MBEDTLS_MD_NONE) == NULL); +#if defined(MBEDTLS_MD_C) TEST_ASSERT(mbedtls_md_info_from_string("no such md") == NULL); +#endif } /* END_CASE */ @@ -98,24 +108,31 @@ void md_null_args() void md_info(int md_type, char *md_name, int md_size) { const mbedtls_md_info_t *md_info; +#if defined(MBEDTLS_MD_C) const int *md_type_ptr; - int found; +#else + (void) md_name; +#endif md_info = mbedtls_md_info_from_type(md_type); TEST_ASSERT(md_info != NULL); +#if defined(MBEDTLS_MD_C) TEST_ASSERT(md_info == mbedtls_md_info_from_string(md_name)); +#endif TEST_EQUAL(mbedtls_md_get_type(md_info), (mbedtls_md_type_t) md_type); TEST_EQUAL(mbedtls_md_get_size(md_info), (unsigned char) md_size); +#if defined(MBEDTLS_MD_C) TEST_EQUAL(0, strcmp(mbedtls_md_get_name(md_info), md_name)); - found = 0; + int found = 0; for (md_type_ptr = mbedtls_md_list(); *md_type_ptr != 0; md_type_ptr++) { if (*md_type_ptr == md_type) { found = 1; } } TEST_EQUAL(found, 1); +#endif /* MBEDTLS_MD_C */ } /* END_CASE */ @@ -173,8 +190,10 @@ void md_text_multi(int md_type, char *text_src_string, TEST_ASSERT(md_info != NULL); TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 0)); TEST_EQUAL(0, mbedtls_md_setup(&ctx_copy, md_info, 0)); +#if defined(MBEDTLS_MD_C) TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx) == md_info); TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx_copy) == md_info); +#endif /* MBEDTLS_MD_C */ TEST_EQUAL(0, mbedtls_md_starts(&ctx)); TEST_ASSERT(ctx.md_ctx != NULL); @@ -213,8 +232,10 @@ void md_hex_multi(int md_type, data_t *src_str, data_t *hash) TEST_ASSERT(md_info != NULL); TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 0)); TEST_EQUAL(0, mbedtls_md_setup(&ctx_copy, md_info, 0)); +#if defined(MBEDTLS_MD_C) TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx) == md_info); TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx_copy) == md_info); +#endif /* MBEDTLS_MD_C */ halfway = src_str->len / 2; @@ -240,7 +261,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_C */ void mbedtls_md_hmac(int md_type, int trunc_size, data_t *key_str, data_t *src_str, data_t *hash) @@ -259,7 +280,7 @@ void mbedtls_md_hmac(int md_type, int trunc_size, } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_MD_C */ void md_hmac_multi(int md_type, int trunc_size, data_t *key_str, data_t *src_str, data_t *hash) { @@ -273,7 +294,9 @@ void md_hmac_multi(int md_type, int trunc_size, data_t *key_str, md_info = mbedtls_md_info_from_type(md_type); TEST_ASSERT(md_info != NULL); TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 1)); +#if defined(MBEDTLS_MD_C) TEST_ASSERT(mbedtls_md_info_from_ctx(&ctx) == md_info); +#endif halfway = src_str->len / 2; @@ -300,7 +323,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_MD_C */ void mbedtls_md_file(int md_type, char *filename, data_t *hash) { From 6d50173d9c651ec58fefac520de646d983d2ef99 Mon Sep 17 00:00:00 2001 From: oberon-sk Date: Mon, 13 Feb 2023 12:13:20 +0100 Subject: [PATCH 159/440] Handle Edwards curves similar to Montgomery curves wrt key export length. Signed-off-by: Stephan Koch --- tests/src/psa_exercise_key.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index ecd1ec4cd..6c04c3b54 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -778,6 +778,10 @@ int mbedtls_test_psa_exported_key_sanity_check( /* The representation of an ECC Montgomery public key is * the raw compressed point */ TEST_EQUAL(PSA_BITS_TO_BYTES(bits), exported_length); + } else if(PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_TWISTED_EDWARDS) { + /* The representation of an ECC Edwards public key is + * the raw compressed point */ + TEST_EQUAL(PSA_BITS_TO_BYTES(bits + 1), exported_length); } else { /* The representation of an ECC Weierstrass public key is: * - The byte 0x04; From f8e5b56ad8395f7da9d496c5a21b3334e40c8047 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 19 Feb 2023 18:43:45 +0000 Subject: [PATCH 160/440] Fix get_num_ops internal code. Previously calling get_num_ops more than once would have ended up with ops getting double counted, and not calling inbetween completes would have ended up with ops getting missed. Fix this by moving this to where the work is actually done, and add tests for double calls to get_num_ops(). Signed-off-by: Paul Elliott --- library/psa_crypto.c | 23 +++++++++++++-------- library/psa_crypto_core.h | 4 ++-- tests/suites/test_suite_psa_crypto.function | 12 +++++++++++ 3 files changed, 28 insertions(+), 11 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 36d48ad8f..3ec9273de 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3487,15 +3487,12 @@ uint32_t mbedtls_psa_interruptible_get_max_ops(void) } uint32_t mbedtls_psa_sign_hash_get_num_ops( - mbedtls_psa_sign_hash_interruptible_operation_t *operation) + const mbedtls_psa_sign_hash_interruptible_operation_t *operation) { #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) - /* Hide the fact that the restart context only holds a delta of number of - * ops done during the last operation, not an absolute value. */ - operation->num_ops += operation->restart_ctx.ecp.ops_done; return operation->num_ops; #else (void) operation; @@ -3506,15 +3503,12 @@ uint32_t mbedtls_psa_sign_hash_get_num_ops( } uint32_t mbedtls_psa_verify_hash_get_num_ops( - mbedtls_psa_verify_hash_interruptible_operation_t *operation) + const mbedtls_psa_verify_hash_interruptible_operation_t *operation) { #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) - /* Hide the fact that the restart context only holds a delta of number of - * ops done during the last operation, not an absolute value. */ - operation->num_ops += operation->restart_ctx.ecp.ops_done; return operation->num_ops; #else (void) operation; @@ -3657,6 +3651,10 @@ psa_status_t mbedtls_psa_sign_hash_complete( &operation->restart_ctx)); } + /* Hide the fact that the restart context only holds a delta of number of + * ops done during the last operation, not an absolute value. */ + operation->num_ops += operation->restart_ctx.ecp.ops_done; + if (status == PSA_SUCCESS) { status = mbedtls_to_psa_error( mbedtls_mpi_write_binary(&r, @@ -3853,7 +3851,9 @@ psa_status_t mbedtls_psa_verify_hash_complete( defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ defined(MBEDTLS_ECP_RESTARTABLE) - return mbedtls_to_psa_error( + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + status = mbedtls_to_psa_error( mbedtls_ecdsa_verify_restartable(&operation->ctx->grp, operation->hash, operation->hash_length, @@ -3862,6 +3862,11 @@ psa_status_t mbedtls_psa_verify_hash_complete( &operation->s, &operation->restart_ctx)); + /* Hide the fact that the restart context only holds a delta of number of + * ops done during the last operation, not an absolute value. */ + operation->num_ops += operation->restart_ctx.ecp.ops_done; + + return status; #else (void) operation; diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 0ef0131fa..b1817e2da 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -656,7 +656,7 @@ uint32_t mbedtls_psa_interruptible_get_max_ops(void); * mbedtls_psa_sign_hash_complete(). */ uint32_t mbedtls_psa_sign_hash_get_num_ops( - mbedtls_psa_sign_hash_interruptible_operation_t *operation); + const mbedtls_psa_sign_hash_interruptible_operation_t *operation); /** * \brief Get the number of ops that a hash verification operation has taken for @@ -677,7 +677,7 @@ uint32_t mbedtls_psa_sign_hash_get_num_ops( * mbedtls_psa_verify_hash_complete(). */ uint32_t mbedtls_psa_verify_hash_get_num_ops( - mbedtls_psa_verify_hash_interruptible_operation_t *operation); + const mbedtls_psa_verify_hash_interruptible_operation_t *operation); /** * \brief Start signing a hash or short message with a private key, in an diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index c79217fbe..20e43c6ac 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6546,6 +6546,12 @@ void sign_hash_interruptible(int key_type_arg, data_t *key_data, TEST_ASSERT(num_ops > num_ops_prior); num_ops_prior = num_ops; + + /* Ensure calling get_num_ops() twice still returns the same + * number of ops as previously reported. */ + num_ops = psa_sign_hash_get_num_ops(&operation); + + TEST_EQUAL(num_ops, num_ops_prior); } } while (status == PSA_OPERATION_INCOMPLETE); @@ -7037,6 +7043,12 @@ void verify_hash_interruptible(int key_type_arg, data_t *key_data, TEST_ASSERT(num_ops > num_ops_prior); num_ops_prior = num_ops; + + /* Ensure calling get_num_ops() twice still returns the same + * number of ops as previously reported. */ + num_ops = psa_verify_hash_get_num_ops(&operation); + + TEST_EQUAL(num_ops, num_ops_prior); } } while (status == PSA_OPERATION_INCOMPLETE); From 1c0e4c013a18ae03b7f76d3bee4c78aae75ba3fc Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 20 Feb 2023 18:05:21 +0800 Subject: [PATCH 161/440] compat.sh: skip static ECDH cases if unsupported in openssl This commit add support to detect if openssl used for testing supports static ECDH key exchange. Skip the ciphersutes if openssl doesn't support them. Signed-off-by: Pengyu Lv --- tests/compat.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/compat.sh b/tests/compat.sh index 8f7d72c7b..6c58a1bef 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -534,6 +534,15 @@ add_mbedtls_ciphersuites() esac } +# o_check_ciphersuite STANDARD_CIPHER_SUITE +o_check_ciphersuite() +{ + if [ "${1#*ECDH_ECDSA*}" != "$1" ] && \ + [ "X${O_SUPPORT_ECDH}" = "XNO" ]; then + SKIP_NEXT="YES" + fi +} + setup_arguments() { O_MODE="" @@ -603,6 +612,11 @@ setup_arguments() ;; esac + case $($OPENSSL ciphers ALL) in + *ECDH-ECDSA*) O_SUPPORT_ECDH="YES";; + *)O_SUPPORT_ECDH="NO";; + esac + if [ "X$VERIFY" = "XYES" ]; then M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required" @@ -1033,6 +1047,7 @@ for MODE in $MODES; do start_server "OpenSSL" translate_ciphers m $M_CIPHERS for i in $ciphers; do + o_check_ciphersuite "$i" run_client mbedTLS ${i%%=*} ${i#*=} done stop_server From 9e04b5bcfceaa0cb9fa10a33000d9a195fab9271 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 20 Feb 2023 12:40:51 +0100 Subject: [PATCH 162/440] Disable MD-light in accel_hash_use_psa MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c4a8fe652..ad5073574 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2351,10 +2351,10 @@ config_psa_crypto_hash_use_psa () { scripts/config.py unset MBEDTLS_ENTROPY_C scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED # depends on ENTROPY_C scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT # depends on former - # Also unset MD_C and things that depend on it; - # see component_test_crypto_full_no_md. + # Also unset MD_C and things that depend on it. if [ "$DRIVER_ONLY" -eq 1 ]; then scripts/config.py unset MBEDTLS_MD_C + scripts/config.py unset MBEDTLS_MD_LIGHT fi scripts/config.py unset MBEDTLS_HKDF_C # has independent PSA implementation scripts/config.py unset MBEDTLS_HMAC_DRBG_C From d2ca8023293c6f263c1cb08f578c90899a14e38e Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 3 Feb 2023 19:07:39 +0000 Subject: [PATCH 163/440] ecp_curves: Added `mbedtls_ecp_modulus_setup()`. This patch introduces a new static method, responsible for automatically initialising an modulus structure, based on the curve id and a modulus type selector. Signed-off-by: Minos Galanakis --- include/mbedtls/ecp.h | 8 ++ library/ecp_curves.c | 200 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 207 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 7a28a1957..20b663e79 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -141,6 +141,14 @@ typedef enum { MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x */ } mbedtls_ecp_curve_type; +/* + * Curve moduli types + */ +typedef enum { + MBEDTLS_ECP_MOD_COORDINATE = 0, + MBEDTLS_ECP_MOD_SCALAR +} mbedtls_ecp_modulus_type; + /** * Curve information, for use by other modules. * diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 1a027d6aa..d4d8c089e 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5534,6 +5534,204 @@ static int ecp_mod_p256k1(mbedtls_mpi *N) } #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ -#endif /* !MBEDTLS_ECP_ALT */ +#if defined(MBEDTLS_TEST_HOOKS) +/** Initialise a modulus with hard-coded const curve data. + * + * \param[out] N The address of the modulus structure to populate. + * Must be initialized. + * \param[in] id The mbedtls_ecp_group_id for which to initialise the modulus. + * \param[in] ctype The mbedtls_ecp_curve_type identifier for a coordinate modulus (P) + * or a scalar modulus (N). + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the given MPIs do not + * have the correct number of limbs. + * + * \note The caller is responsible for the \p N moduli lifecycle. + * + */ +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, + const mbedtls_ecp_group_id id, + const mbedtls_ecp_curve_type ctype) +{ + mbedtls_mpi_uint *p = NULL; + size_t p_limbs; + + if (!(ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE || \ + ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_SCALAR)) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + switch (id) { +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) + case MBEDTLS_ECP_DP_SECP192R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp192r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_p)); + } else { + p = (mbedtls_mpi_uint *) secp192r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp192r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) + case MBEDTLS_ECP_DP_SECP224R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp224r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_p)); + } else { + p = (mbedtls_mpi_uint *) secp224r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp224r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) + case MBEDTLS_ECP_DP_SECP256R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp256r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_p)); + } else { + p = (mbedtls_mpi_uint *) secp256r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp256r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + case MBEDTLS_ECP_DP_SECP384R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp384r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_p)); + } else { + p = (mbedtls_mpi_uint *) secp384r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp384r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) + case MBEDTLS_ECP_DP_SECP521R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp521r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_p)); + } else { + p = (mbedtls_mpi_uint *) secp521r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp521r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) + case MBEDTLS_ECP_DP_BP256R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) brainpoolP256r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_p)); + } else { + p = (mbedtls_mpi_uint *) brainpoolP256r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP256r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) + case MBEDTLS_ECP_DP_BP384R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) brainpoolP384r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_p)); + } else { + p = (mbedtls_mpi_uint *) brainpoolP384r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP384r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) + case MBEDTLS_ECP_DP_BP512R1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) brainpoolP512r1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_p)); + } else { + p = (mbedtls_mpi_uint *) brainpoolP512r1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(brainpoolP512r1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) + case MBEDTLS_ECP_DP_CURVE25519: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) curve25519_p; + p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_p)); + } else { + p = (mbedtls_mpi_uint *) curve25519_n; + p_limbs = CHARS_TO_LIMBS(sizeof(curve25519_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) + case MBEDTLS_ECP_DP_SECP192K1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp192k1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_p)); + } else { + p = (mbedtls_mpi_uint *) secp192k1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp192k1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) + case MBEDTLS_ECP_DP_SECP224K1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp224k1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_p)); + } else { + p = (mbedtls_mpi_uint *) secp224k1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp224k1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) + case MBEDTLS_ECP_DP_SECP256K1: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) secp256k1_p; + p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_p)); + } else { + p = (mbedtls_mpi_uint *) secp256k1_n; + p_limbs = CHARS_TO_LIMBS(sizeof(secp256k1_n)); + } + break; +#endif + +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) + case MBEDTLS_ECP_DP_CURVE448: + if (ctype == (mbedtls_ecp_curve_type) MBEDTLS_ECP_MOD_COORDINATE) { + p = (mbedtls_mpi_uint *) curve448_p; + p_limbs = CHARS_TO_LIMBS(sizeof(curve448_p)); + } else { + p = (mbedtls_mpi_uint *) curve448_n; + p_limbs = CHARS_TO_LIMBS(sizeof(curve448_n)); + } + break; +#endif + + default: + case MBEDTLS_ECP_DP_NONE: + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs, + MBEDTLS_MPI_MOD_REP_MONTGOMERY)) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + return 0; +} +#endif /* MBEDTLS_TEST_HOOKS */ +#endif /* !MBEDTLS_ECP_ALT */ #endif /* MBEDTLS_ECP_C */ From dd556921c9cbcec5ba053d85f8ee014cae8acac6 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 3 Feb 2023 19:12:21 +0000 Subject: [PATCH 164/440] ecp_curves: Exposed `mbedtls_ecp_modulus_setup()` through `ecp_invasive.h` Signed-off-by: Minos Galanakis --- library/ecp_invasive.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 3d1321c52..10aa34bb1 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -28,6 +28,7 @@ #include "common.h" #include "mbedtls/bignum.h" +#include "bignum_mod.h" #include "mbedtls/ecp.h" #if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ECP_C) @@ -117,6 +118,11 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +MBEDTLS_STATIC_TESTABLE +int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, + const mbedtls_ecp_group_id id, + const mbedtls_ecp_curve_type ctype); + #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_ECP_C */ #endif /* MBEDTLS_ECP_INVASIVE_H */ From 9a1d02d738243c3b01b0bdd0351adce1722d9e84 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Fri, 3 Feb 2023 19:14:56 +0000 Subject: [PATCH 165/440] test_suite_ecp: Added test for `mbedtls_ecp_modulus_setup()` Signed-off-by: Minos Galanakis --- tests/suites/test_suite_ecp.function | 41 ++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 4e74d9b8e..96537c2b3 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1,5 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/ecp.h" +#include "ecp_invasive.h" #include "mbedtls/ecdsa.h" #include "mbedtls/ecdh.h" @@ -1387,3 +1388,43 @@ exit: mbedtls_free(N); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +void ecp_mod_setup(char *input_A, int id, int ctype, int iret) +{ + int ret; + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_modulus_init(&m); + mbedtls_mpi_uint *p = NULL; + size_t p_limbs; + size_t bytes; + + TEST_EQUAL(mbedtls_test_read_mpi_core(&p, &p_limbs, input_A), 0); + + ret = mbedtls_ecp_modulus_setup(&m, id, ctype); + TEST_EQUAL(ret, iret); + + if (ret == 0) { + + /* Test for limb sizes */ + TEST_EQUAL(m.limbs, p_limbs); + bytes = p_limbs * sizeof(mbedtls_mpi_uint); + + /* Test for validity of moduli by the presence of Montgomery consts */ + + TEST_ASSERT(m.rep.mont.mm != 0); + TEST_ASSERT(m.rep.mont.rr != NULL); + + + /* Compare output byte-by-byte */ + ASSERT_COMPARE(p, bytes, m.p, bytes); + + /* Test for user free-ing allocated memory */ + mbedtls_mpi_mod_modulus_free(&m); + } + +exit: + mbedtls_mpi_mod_modulus_free(&m); + mbedtls_free(p); +} +/* END_CASE */ From 36f7c0e69bb6e7e19603e4c144f3c553c4690dd5 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 13 Feb 2023 16:25:17 +0000 Subject: [PATCH 166/440] test_suite_ecp: Added .data for `ecp_setup_test()` Signed-off-by: Minos Galanakis --- tests/suites/test_suite_ecp.data | 112 +++++++++++++++++++++++++++++++ 1 file changed, 112 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 9a1379389..8d838984b 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1038,3 +1038,115 @@ ecp_check_order:MBEDTLS_ECP_DP_SECP256K1:"fffffffffffffffffffffffffffffffebaaedc ECP check order for CURVE448 depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_check_order:MBEDTLS_ECP_DP_CURVE448:"3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3" + +ecp_setup #1 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_setup:"fffffffffffffffffffffffffffffffeffffffffffffffff":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #2 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_setup:"00000000ffffffffffffffffffffffffffffffff000000000000000000000001":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #3 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_setup:"ffffffff00000001000000000000000000000000ffffffffffffffffffffffff":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #4 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_setup:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #5 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_setup:"1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #6 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_setup:"a9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #7 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_setup:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #8 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_setup:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #9 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_setup:"7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #10 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_setup:"fffffffffffffffffffffffffffffffffffffffeffffee37":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #11 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_setup:"fffffffffffffffffffffffffffffffffffffffffffffffeffffe56d":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #12 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_setup:"fffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #13 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_setup:"000000000000000fffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffff":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #14 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192R1) +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecp_mod_setup:"ffffffffffffffffffffffff99def836146bc9b1b4d22831":MBEDTLS_ECP_DP_SECP192R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_setup #15 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224R1) +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecp_mod_setup:"ffffffffffffffffffffffffffff16a2e0b8f03e13dd29455c5c2a3d":MBEDTLS_ECP_DP_SECP224R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_setup #16 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256R1) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_mod_setup:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":MBEDTLS_ECP_DP_SECP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_setup #17 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP384R1) +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecp_mod_setup:"ffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973":MBEDTLS_ECP_DP_SECP384R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_setup #18 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP521R1) +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecp_mod_setup:"1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409":MBEDTLS_ECP_DP_SECP521R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_setup #19 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP256R1) +depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecp_mod_setup:"a9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7":MBEDTLS_ECP_DP_BP256R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_setup #20 MBEDTLS_ECP_MOD_COORDINATE(MBEDTLS_ECP_DP_BP384R1) +depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED +ecp_mod_setup:"8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53":MBEDTLS_ECP_DP_BP384R1:MBEDTLS_ECP_MOD_COORDINATE:0 + +ecp_setup #21 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_BP512R1) +depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED +ecp_mod_setup:"aadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069":MBEDTLS_ECP_DP_BP512R1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_setup #22 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE25519) +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_mod_setup:"1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed":MBEDTLS_ECP_DP_CURVE25519:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_setup #23 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP192K1) +depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED +ecp_mod_setup:"fffffffffffffffffffffffe26f2fc170f69466a74defd8d":MBEDTLS_ECP_DP_SECP192K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_setup #24 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP224K1) +depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED +ecp_mod_setup:"000000010000000000000000000000000001dce8d2ec6184caf0a971769fb1f7":MBEDTLS_ECP_DP_SECP224K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_setup #25 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_SECP256K1) +depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED +ecp_mod_setup:"fffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141":MBEDTLS_ECP_DP_SECP256K1:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_setup #26 MBEDTLS_ECP_MOD_SCALAR(MBEDTLS_ECP_DP_CURVE448) +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_setup:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR:0 + +ecp_setup_negative_test #27 Invalid Moduli Type +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_setup:"fffffffffffffffffffffffe26f2fc17f69466a74defd8d":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR+1:MBEDTLS_ERR_ECP_BAD_INPUT_DATA + +ecp_setup_negative_test #28 Invalid Curve Type +depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED +ecp_mod_setup:"fffffffffffffffffffffffe26f2fc17f69466a74defd8d":MBEDTLS_ECP_DP_CURVE448+1:MBEDTLS_ECP_MOD_SCALAR:MBEDTLS_ERR_ECP_BAD_INPUT_DATA From a30afe2216748997a1f184e16ddd1faf66f802b5 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Wed, 15 Feb 2023 15:36:29 +0000 Subject: [PATCH 167/440] ecp_curves: Minor refactoring. This patch introduces the following changes: * Documentation for `mbedtls_ecp_modulus_setup()` moved to `ecp_invasive.h`. * Added invalid modulus selector `MBEDTLS_ECP_MOD_NONE`. * Adjusted negative tests to use invalid selectors. * Reworded documentation. Signed-off-by: Minos Galanakis --- include/mbedtls/ecp.h | 5 +++-- library/ecp_curves.c | 18 +----------------- library/ecp_invasive.h | 17 +++++++++++++++++ tests/suites/test_suite_ecp.data | 4 ++-- 4 files changed, 23 insertions(+), 21 deletions(-) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 20b663e79..83d5b6ae6 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -142,10 +142,11 @@ typedef enum { } mbedtls_ecp_curve_type; /* - * Curve moduli types + * Curve modulus types */ typedef enum { - MBEDTLS_ECP_MOD_COORDINATE = 0, + MBEDTLS_ECP_MOD_NONE = 0, + MBEDTLS_ECP_MOD_COORDINATE, MBEDTLS_ECP_MOD_SCALAR } mbedtls_ecp_modulus_type; diff --git a/library/ecp_curves.c b/library/ecp_curves.c index d4d8c089e..b352e7633 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5535,22 +5535,6 @@ static int ecp_mod_p256k1(mbedtls_mpi *N) #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ #if defined(MBEDTLS_TEST_HOOKS) - -/** Initialise a modulus with hard-coded const curve data. - * - * \param[out] N The address of the modulus structure to populate. - * Must be initialized. - * \param[in] id The mbedtls_ecp_group_id for which to initialise the modulus. - * \param[in] ctype The mbedtls_ecp_curve_type identifier for a coordinate modulus (P) - * or a scalar modulus (N). - * - * \return \c 0 if successful. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the given MPIs do not - * have the correct number of limbs. - * - * \note The caller is responsible for the \p N moduli lifecycle. - * - */ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_ecp_group_id id, @@ -5728,7 +5712,7 @@ int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, if (mbedtls_mpi_mod_modulus_setup(N, p, p_limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY)) { - return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } return 0; } diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 10aa34bb1..aba7cca1c 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -118,6 +118,23 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ +/** Initialise a modulus with hard-coded const curve data. + * + * \note The caller is responsible for the \p N modulus' memory. + * mbedtls_mpi_mod_modulus_free(&N) should be invoked at the + * end of its lifecycle. + * + * \param[in,out] N The address of the modulus structure to populate. + * Must be initialized. + * \param[in] id The mbedtls_ecp_group_id for which to initialise the modulus. + * \param[in] ctype The mbedtls_ecp_curve_type identifier for a coordinate modulus (P) + * or a scalar modulus (N). + * + * \return \c 0 if successful. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the given MPIs do not + * have the correct number of limbs. + * + */ MBEDTLS_STATIC_TESTABLE int mbedtls_ecp_modulus_setup(mbedtls_mpi_mod_modulus *N, const mbedtls_ecp_group_id id, diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 8d838984b..3fbad92a5 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -1145,8 +1145,8 @@ ecp_mod_setup:"0000000000000003fffffffffffffffffffffffffffffffffffffffffffffffff ecp_setup_negative_test #27 Invalid Moduli Type depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED -ecp_mod_setup:"fffffffffffffffffffffffe26f2fc17f69466a74defd8d":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_SCALAR+1:MBEDTLS_ERR_ECP_BAD_INPUT_DATA +ecp_mod_setup:"fffffffffffffffffffffffe26f2fc17f69466a74defd8d":MBEDTLS_ECP_DP_CURVE448:MBEDTLS_ECP_MOD_NONE:MBEDTLS_ERR_ECP_BAD_INPUT_DATA ecp_setup_negative_test #28 Invalid Curve Type depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED -ecp_mod_setup:"fffffffffffffffffffffffe26f2fc17f69466a74defd8d":MBEDTLS_ECP_DP_CURVE448+1:MBEDTLS_ECP_MOD_SCALAR:MBEDTLS_ERR_ECP_BAD_INPUT_DATA +ecp_mod_setup:"fffffffffffffffffffffffe26f2fc17f69466a74defd8d":MBEDTLS_ECP_DP_NONE:MBEDTLS_ECP_MOD_SCALAR:MBEDTLS_ERR_ECP_BAD_INPUT_DATA From ecee12f04fc118cff187a896d43ff4648a21b2d3 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 9 Feb 2023 14:43:49 +0100 Subject: [PATCH 168/440] Add parsing of SAN: rfc822Name Signed-off-by: Przemek Stekiel --- include/mbedtls/x509.h | 4 ++-- library/x509.c | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 9f92ed6ac..bd1947e46 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -294,7 +294,7 @@ typedef struct mbedtls_x509_subject_alternative_name { int type; /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */ union { mbedtls_x509_san_other_name other_name; /**< The otherName supported type. */ - mbedtls_x509_buf unstructured_name; /**< The buffer for the unconstructed types. Only dnsName and uniformResourceIdentifier are currently supported */ + mbedtls_x509_buf unstructured_name; /**< The buffer for the unconstructed types. Only rfc822Name, dnsName and uniformResourceIdentifier are currently supported */ } san; /**< A union of the supported SAN types */ } @@ -386,7 +386,7 @@ int mbedtls_x509_time_is_future(const mbedtls_x509_time *from); * of the subject alternative name encoded in \p san_raw. * * \note Supported GeneralName types, as defined in RFC 5280: - * "dnsName", "uniformResourceIdentifier" and "hardware_module_name" + * "rfc822Name", "dnsName", "uniformResourceIdentifier" and "hardware_module_name" * of type "otherName", as defined in RFC 4108. * * \note This function should be called on a single raw data of diff --git a/library/x509.c b/library/x509.c index b859df9d3..07a118f26 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1421,7 +1421,17 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf, memcpy(&san->san.unstructured_name, san_buf, sizeof(*san_buf)); + } + break; + /* + * RFC822 Name + */ + case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_RFC822_NAME): + { + memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name)); + san->type = MBEDTLS_X509_SAN_RFC822_NAME; + memcpy(&san->san.unstructured_name, san_buf, sizeof(*san_buf)); } break; From 608e3efc477c02f30e2717feaa904b62212b59bd Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 9 Feb 2023 14:47:50 +0100 Subject: [PATCH 169/440] Add test for parsing SAN: rfc822Name Signed-off-by: Przemek Stekiel --- tests/data_files/Makefile | 3 +++ tests/data_files/test-ca.opensslconf | 3 +++ tests/data_files/test_cert_rfc822name.crt.der | Bin 0 -> 677 bytes tests/suites/test_suite_x509parse.data | 4 ++++ tests/suites/test_suite_x509parse.function | 13 ++++++++++++- 5 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 tests/data_files/test_cert_rfc822name.crt.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 7f39d318d..01b46f13b 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -140,6 +140,9 @@ test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der: te test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der: test_csr_v3_all.csr.der (hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3050300B0603551D0F04/" | xxd -r -p ) > $@ +test_cert_rfc822name.crt.der: cert_example_multi.csr + $(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -outform DER -extensions rfc822name_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@ + $(test_ca_key_file_rsa_alt):test-ca.opensslconf $(OPENSSL) genrsa -out $@ 2048 test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file) diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf index bd127609e..8f8385a48 100644 --- a/tests/data_files/test-ca.opensslconf +++ b/tests/data_files/test-ca.opensslconf @@ -24,6 +24,9 @@ subjectAltName=otherName:1.2.3.4;UTF8:some other identifier [dns_alt_names] subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org +[rfc822name_names] +subjectAltName=email:my@other.address,email:second@other.address + [alt_names] DNS.1=example.com otherName.1=1.3.6.1.5.5.7.8.4;SEQ:hw_module_name diff --git a/tests/data_files/test_cert_rfc822name.crt.der b/tests/data_files/test_cert_rfc822name.crt.der new file mode 100644 index 0000000000000000000000000000000000000000..cdc8189d024239e5e5eaf931eb2b9922e62fd54c GIT binary patch literal 677 zcmXqLVp?d>#MrrjnTe5!iBZsimyJ`a&7|-ctAPy2@<`IAiDTJgJmnb+p8pw(B8W|fH8CV(`n;02eMv3zp zBXbR`2pTS7AOYW;3>rI`8XFmoTTD87 z_)CERNA?e4(>I?PWx7=Pr#6|%t&*E26e_jmM|G(&cR{%EoSRcW`uez-pV)U~f&G&d zo6Db1GCA8Gu8HoeT*cY4u1VOOYkzCzUM5yNN zky@men37VIT3p;HQk%O>dvw!pJ_z=eP zMVgPD=5bB^8rSslWlW$|$8L_dyO!^4EQx%R%_kG%UvSyt3ZLcz?(NwOEcFR*W9D<8 zcaT5w_IT+bMu}q=BUMtbOV2w|S(%~vQjBL?=)C)%1A4T3=G_0(Yv*HYUK_A?;gjnY z$&;cFoU3y7sOq|!;(>n=}tsdHiBg(rR;6I1l`_fGRSTC?1NRqNp&-8TCZ0QQ>vN&o-= literal 0 HcmV?d00001 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 961b25ac1..48c4fceed 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -206,6 +206,10 @@ X509 SAN parsing, unsupported otherName name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_parse_san:"data_files/server5-unsupported_othername.crt":"" +X509 SAN parsing rfc822Name +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA +x509_parse_san:"data_files/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name \: my@other.address\ntype \: 1\nrfc822Name \: second@other.address\n" + X509 CRL information #1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 3454da352..f6e4a0625 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -279,7 +279,18 @@ int verify_parse_san(mbedtls_x509_subject_alternative_name *san, *p++ = san->san.unstructured_name.p[i]; } break;/* MBEDTLS_X509_SAN_DNS_NAME */ - + case (MBEDTLS_X509_SAN_RFC822_NAME): + ret = mbedtls_snprintf(p, n, "\nrfc822Name : "); + MBEDTLS_X509_SAFE_SNPRINTF; + if (san->san.unstructured_name.len >= n) { + *p = '\0'; + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + } + n -= san->san.unstructured_name.len; + for (i = 0; i < san->san.unstructured_name.len; i++) { + *p++ = san->san.unstructured_name.p[i]; + } + break;/* MBEDTLS_X509_SAN_RFC822_NAME */ default: /* * Should not happen. From d7820b70261f22ea45151fe4bca3e94b63823ff1 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 9 Feb 2023 15:14:27 +0100 Subject: [PATCH 170/440] Add change log entry: SAN rfc822Name Signed-off-by: Przemek Stekiel --- ChangeLog.d/san_rfc822Name.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/san_rfc822Name.txt diff --git a/ChangeLog.d/san_rfc822Name.txt b/ChangeLog.d/san_rfc822Name.txt new file mode 100644 index 000000000..9720e5275 --- /dev/null +++ b/ChangeLog.d/san_rfc822Name.txt @@ -0,0 +1,3 @@ +Features + * Add parsing of rfc822Name subtype for subjectAltName + extension in x509 certificates. From 5b9e4168cfc51d18530c490f803f13ef5abe7708 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 15 Feb 2023 12:56:37 +0100 Subject: [PATCH 171/440] Add rfc822Name support in mbedtls_x509_info_subject_alt_name + adapt test Signed-off-by: Przemek Stekiel --- library/x509.c | 8 +++++++- tests/suites/test_suite_x509parse.data | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/library/x509.c b/library/x509.c index 07a118f26..ab4f68e29 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1530,10 +1530,16 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, break; /* * dNSName + * RFC822 Name */ case MBEDTLS_X509_SAN_DNS_NAME: + case MBEDTLS_X509_SAN_RFC822_NAME: { - ret = mbedtls_snprintf(p, n, "\n%s dNSName : ", prefix); + char * dns_name = "dNSName"; + char * rfc822_name = "rfc822Name"; + + ret = mbedtls_snprintf(p, n, "\n%s %s : ", prefix, + san.type == MBEDTLS_X509_SAN_DNS_NAME ? dns_name : rfc822_name); MBEDTLS_X509_SAFE_SNPRINTF; if (san.san.unstructured_name.len >= n) { *p = '\0'; diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 48c4fceed..9b6e29831 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -176,7 +176,7 @@ x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number X509 CRT information Bitstring in subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA -x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n \next key usage \: TLS Web Client Authentication\n" +x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n" X509 CRT information Non-ASCII string in issuer name and subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA From 82d250d8b071cbc31accc9b0961352b3ddf920cd Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 15 Feb 2023 15:00:50 +0100 Subject: [PATCH 172/440] Use const char for names and adapt style Signed-off-by: Przemek Stekiel --- library/x509.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/library/x509.c b/library/x509.c index ab4f68e29..fc13b9213 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1535,11 +1535,14 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, case MBEDTLS_X509_SAN_DNS_NAME: case MBEDTLS_X509_SAN_RFC822_NAME: { - char * dns_name = "dNSName"; - char * rfc822_name = "rfc822Name"; + const char *dns_name = "dNSName"; + const char *rfc822_name = "rfc822Name"; - ret = mbedtls_snprintf(p, n, "\n%s %s : ", prefix, - san.type == MBEDTLS_X509_SAN_DNS_NAME ? dns_name : rfc822_name); + ret = mbedtls_snprintf(p, n, + "\n%s %s : ", + prefix, + san.type == + MBEDTLS_X509_SAN_DNS_NAME ? dns_name : rfc822_name); MBEDTLS_X509_SAFE_SNPRINTF; if (san.san.unstructured_name.len >= n) { *p = '\0'; From 5b5a0b618c21b372f3db800991181a6f41e12e1f Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 20 Feb 2023 14:21:23 +0000 Subject: [PATCH 173/440] Change error codes to more appropriate codes The more precise error codes are borrowed from the ASN1 module. Signed-off-by: David Horstmann --- library/oid.c | 10 +++++----- tests/suites/test_suite_oid.data | 12 ++++++------ 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/library/oid.c b/library/oid.c index acea12585..86214b23a 100644 --- a/library/oid.c +++ b/library/oid.c @@ -839,13 +839,13 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, value = 0; if ((oid->p[0]) == 0x80) { /* Overlong encoding is not allowed */ - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return MBEDTLS_ERR_ASN1_INVALID_DATA; } while (i < oid->len && ((oid->p[i] & 0x80) != 0)) { /* Prevent overflow in value. */ if (value > (UINT_MAX >> 7)) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return MBEDTLS_ERR_ASN1_INVALID_DATA; } value |= oid->p[i] & 0x7F; @@ -853,7 +853,7 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, i++; } if (i >= oid->len) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; } /* Last byte of first subidentifier */ value |= oid->p[i] & 0x7F; @@ -874,11 +874,11 @@ int mbedtls_oid_get_numeric_string(char *buf, size_t size, for (; i < oid->len; i++) { /* Prevent overflow in value. */ if (value > (UINT_MAX >> 7)) { - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return MBEDTLS_ERR_ASN1_INVALID_DATA; } if ((value == 0) && ((oid->p[i]) == 0x80)) { /* Overlong encoding is not allowed */ - return MBEDTLS_ERR_OID_BUF_TOO_SMALL; + return MBEDTLS_ERR_ASN1_INVALID_DATA; } value <<= 7; diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index f4801c426..b9fa6543d 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -102,20 +102,20 @@ OID get numeric string - multi-byte first subidentifier oid_get_numeric_string:"8837":0:"2.999" OID get numeric string - empty oid buffer -oid_get_numeric_string:"":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" +oid_get_numeric_string:"":MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" OID get numeric string - no final / all bytes have top bit set -oid_get_numeric_string:"818181":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" +oid_get_numeric_string:"818181":MBEDTLS_ERR_ASN1_OUT_OF_DATA:"" # Encodes the number 0x0400000000 as a subidentifier which overflows 32-bits OID get numeric string - 32-bit overflow -oid_get_numeric_string:"C080808000":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" +oid_get_numeric_string:"C080808000":MBEDTLS_ERR_ASN1_INVALID_DATA:"" OID get numeric string - 32-bit overflow, second subidentifier -oid_get_numeric_string:"2BC080808000":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" +oid_get_numeric_string:"2BC080808000":MBEDTLS_ERR_ASN1_INVALID_DATA:"" OID get numeric string - overlong encoding -oid_get_numeric_string:"8001":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" +oid_get_numeric_string:"8001":MBEDTLS_ERR_ASN1_INVALID_DATA:"" OID get numeric string - overlong encoding, second subidentifier -oid_get_numeric_string:"2B8001":MBEDTLS_ERR_OID_BUF_TOO_SMALL:"" +oid_get_numeric_string:"2B8001":MBEDTLS_ERR_ASN1_INVALID_DATA:"" From a1b2bfff467d114365d5b9cd17a798de9201651e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 20 Feb 2023 14:45:09 +0000 Subject: [PATCH 174/440] Add clarifying comments Signed-off-by: Dave Rodgman --- library/pkcs7.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/pkcs7.c b/library/pkcs7.c index ba43f4971..010d7066e 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -607,13 +607,16 @@ int mbedtls_pkcs7_parse_der(mbedtls_pkcs7 *pkcs7, const unsigned char *buf, } if (MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_SIGNED_DATA, p, len)) { + /* OID is not MBEDTLS_OID_PKCS7_SIGNED_DATA, which is the only supported feature */ if (!MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_DATA, p, len) || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_ENCRYPTED_DATA, p, len) || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_ENVELOPED_DATA, p, len) || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_SIGNED_AND_ENVELOPED_DATA, p, len) || !MBEDTLS_OID_CMP_RAW(MBEDTLS_OID_PKCS7_DIGESTED_DATA, p, len)) { + /* OID is valid according to the spec, but unsupported */ ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE; } else { + /* OID is invalid according to the spec */ ret = MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA; } goto out; From 716163e82445dadc39ecb77ff8f4064b7e1a7846 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 20 Feb 2023 14:46:51 +0000 Subject: [PATCH 175/440] Improve allocation bounds in testing Signed-off-by: Dave Rodgman --- tests/suites/test_suite_pkcs7.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index 9dce25e04..91fe47b89 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -125,8 +125,8 @@ void pkcs7_verify(char *pkcs7_file, TEST_ASSERT(file != NULL); datalen = st.st_size; - /* Add 1 so that data is non-NULL for zero length input */ - ASSERT_ALLOC(data, datalen + 1); + /* Special-case for zero-length input so that data will be non-NULL */ + ASSERT_ALLOC(data, datalen == 0 ? 1 : datalen); buflen = fread((void *) data, sizeof(unsigned char), datalen, file); TEST_EQUAL(buflen, datalen); From a4fad2ba6742699ba6daa9a82f9c461b3cda7f66 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 20 Feb 2023 14:57:47 +0000 Subject: [PATCH 176/440] Correct error code in test_suite_x509parse.data Signed-off-by: David Horstmann --- tests/suites/test_suite_x509parse.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 01da08b54..048e4f74c 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2550,7 +2550,7 @@ X509 OID numstring #4 (larger number) x509_oid_numstr:"2a864886f70d":"1.2.840.113549":15:14 X509 OID numstring #5 (arithmetic overflow) -x509_oid_numstr:"2a8648f9f8f7f6f5f4f3f2f1f001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL +x509_oid_numstr:"2a8648f9f8f7f6f5f4f3f2f1f001":"":100:MBEDTLS_ERR_ASN1_INVALID_DATA X509 CRT keyUsage #1 (no extension, expected KU) depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA From 5e780df3e38043e035f698de2cc3ece164395648 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 21 Feb 2023 14:19:27 +0800 Subject: [PATCH 177/440] Only use standard cipher name Signed-off-by: Pengyu Lv --- tests/compat.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/compat.sh b/tests/compat.sh index 6c58a1bef..ae7c6829f 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -1047,7 +1047,7 @@ for MODE in $MODES; do start_server "OpenSSL" translate_ciphers m $M_CIPHERS for i in $ciphers; do - o_check_ciphersuite "$i" + o_check_ciphersuite "${i%%=*}" run_client mbedTLS ${i%%=*} ${i#*=} done stop_server From c8bcdc8b91244200f306809217ad917f053c8c0b Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Feb 2023 14:49:02 +0800 Subject: [PATCH 178/440] fix various issues - Improve some function names - Improve comments - improve readability Signed-off-by: Jerry Yu --- include/mbedtls/mbedtls_config.h | 2 +- library/aesce.c | 51 ++++++++++++++++++++++---------- library/aesce.h | 4 +-- 3 files changed, 38 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 3dea18ca1..5f7aed26c 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2080,7 +2080,7 @@ * * \warning `MBEDTLS_SHA512_USE_A64_CRYPTO_*` should be disabled when enabled * - * This modules adds support for the AES crypto instructions on Arm64 + * This module adds support for the AES crypto instructions on Arm64 */ #define MBEDTLS_AESCE_C diff --git a/library/aesce.c b/library/aesce.c index 18322a62a..29a4ce018 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -1,5 +1,5 @@ /* - * Arm64 crypto engine support functions + * Arm64 crypto extension support functions * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 @@ -70,15 +70,18 @@ static uint8x16_t aesce_encrypt_block(uint8x16_t block, int rounds) { for (int i = 0; i < rounds - 1; i++) { + /* AES AddRoundKey, SubBytes, ShiftRows (in this order). + * AddRoundKey adds the round key for the previous round. */ block = vaeseq_u8(block, vld1q_u8(keys + i * 16)); /* AES mix columns */ block = vaesmcq_u8(block); } - /* AES single round encryption */ + /* AES AddRoundKey for the previous round. + * SubBytes, ShiftRows for the final round. */ block = vaeseq_u8(block, vld1q_u8(keys + (rounds -1) * 16)); - /* Final Add (bitwise Xor) */ + /* Final round: no MixColumns */ block = veorq_u8(block, vld1q_u8(keys + rounds * 16)); return block; @@ -90,15 +93,28 @@ static uint8x16_t aesce_decrypt_block(uint8x16_t block, { for (int i = 0; i < rounds - 1; i++) { + /* AES AddRoundKey, SubBytes, ShiftRows */ block = vaesdq_u8(block, vld1q_u8(keys + i * 16)); - /* AES inverse mix columns */ + /* AES inverse MixColumns for the next round. + * + * This means that we switch the order of the inverse AddRoundKey and + * inverse MixColumns operations. We have to do this as AddRoundKey is + * done in an atomic instruction together with the inverses of SubBytes + * and ShiftRows. + * + * It works because MixColumns is a linear operation over GF(2^8) and + * AddRoundKey is an exclusive or, which is equivalent to addition over + * GF(2^8). (The inverse of MixColumns needs to be applied to the + * affected round keys separately which has been done when the + * decryption round keys were calculated.) */ block = vaesimcq_u8(block); } - /* AES single round encryption */ + /* The inverses of AES AddRoundKey, SubBytes, ShiftRows finishing up the + * last full round. */ block = vaesdq_u8(block, vld1q_u8(keys + (rounds - 1) * 16)); - /* Final Add (bitwise Xor) */ + /* Inverse AddRoundKey for inverting the initial round key addition. */ block = veorq_u8(block, vld1q_u8(keys + rounds * 16)); return block; @@ -147,18 +163,20 @@ void mbedtls_aesce_inverse_key(unsigned char *invkey, static uint8_t const rcon[] = { 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36 }; -static inline uint32_t ror32_8(uint32_t word) +static inline uint32_t aes_rot_word(uint32_t word) { return (word << (32 - 8)) | (word >> 8); } -static inline uint32_t aes_sub(uint32_t in) +static inline uint32_t aes_sub_word(uint32_t in) { - uint32x4_t _in = vdupq_n_u32(in); - uint32x4_t v; + uint8x16_t v = vreinterpretq_u8_u32(vdupq_n_u32(in)); uint8x16_t zero = vdupq_n_u8(0); - v = vreinterpretq_u32_u8(vaeseq_u8(zero, vreinterpretq_u8_u32(_in))); - return vgetq_lane_u32(v, 0); + + /* vaeseq_u8 does both SubBytes and ShiftRows. Taking the first row yields + * the correct result as ShiftRows doesn't change the first row. */ + v = vaeseq_u8(zero, v); + return vgetq_lane_u32(vreinterpretq_u32_u8(v), 0); } /* @@ -170,12 +188,13 @@ static void aesce_setkey_enc_128(unsigned char *rk, uint32_t *rki; uint32_t *rko; uint32_t *rk_u32 = (uint32_t *) rk; + memcpy(rk, key, (128 / 8)); for (size_t i = 0; i < sizeof(rcon); i++) { rki = rk_u32 + i * (128 / 32); rko = rki + (128 / 32); - rko[0] = ror32_8(aes_sub(rki[(128 / 32) - 1])) ^ rcon[i] ^ rki[0]; + rko[0] = aes_rot_word(aes_sub_word(rki[(128 / 32) - 1])) ^ rcon[i] ^ rki[0]; rko[1] = rko[0] ^ rki[1]; rko[2] = rko[1] ^ rki[2]; rko[3] = rko[2] ^ rki[3]; @@ -196,7 +215,7 @@ static void aesce_setkey_enc_192(unsigned char *rk, for (size_t i = 0; i < 8; i++) { rki = rk_u32 + i * (192 / 32); rko = rki + (192 / 32); - rko[0] = ror32_8(aes_sub(rki[(192 / 32) - 1])) ^ rcon[i] ^ rki[0]; + rko[0] = aes_rot_word(aes_sub_word(rki[(192 / 32) - 1])) ^ rcon[i] ^ rki[0]; rko[1] = rko[0] ^ rki[1]; rko[2] = rko[1] ^ rki[2]; rko[3] = rko[2] ^ rki[3]; @@ -221,12 +240,12 @@ static void aesce_setkey_enc_256(unsigned char *rk, for (size_t i = 0; i < 7; i++) { rki = rk_u32 + i * (256 / 32); rko = rki + (256 / 32); - rko[0] = ror32_8(aes_sub(rki[(256 / 32) - 1])) ^ rcon[i] ^ rki[0]; + rko[0] = aes_rot_word(aes_sub_word(rki[(256 / 32) - 1])) ^ rcon[i] ^ rki[0]; rko[1] = rko[0] ^ rki[1]; rko[2] = rko[1] ^ rki[2]; rko[3] = rko[2] ^ rki[3]; if (i < 6) { - rko[4] = aes_sub(rko[3]) ^ rki[4]; + rko[4] = aes_sub_word(rko[3]) ^ rki[4]; rko[5] = rko[4] ^ rki[5]; rko[6] = rko[5] ^ rki[6]; rko[7] = rko[6] ^ rki[7]; diff --git a/library/aesce.h b/library/aesce.h index 741519cfe..0d6d09e50 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -2,7 +2,7 @@ * \file aesce.h * * \brief AES-CE for hardware AES acceleration on ARMv8 processors with crypto - * engine. + * extension. * * \warning These functions are only for internal use by other library * functions; you must not call them directly. @@ -43,7 +43,7 @@ extern "C" { #endif /** - * \brief Internal function to detect the crypto engine in CPUs. + * \brief Internal function to detect the crypto extension in CPUs. * * \return 1 if CPU has support for the feature, 0 otherwise */ From 330e6ae11152b23ecf1bb4a8d0b290e72aee9ea6 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Feb 2023 14:51:38 +0800 Subject: [PATCH 179/440] Add document about runtime detection of AESCE Signed-off-by: Jerry Yu --- include/mbedtls/mbedtls_config.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 5f7aed26c..cba133c4f 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2080,6 +2080,9 @@ * * \warning `MBEDTLS_SHA512_USE_A64_CRYPTO_*` should be disabled when enabled * + * \warning Runtime detection only works on linux. For non-linux operation + * system, crypto extension MUST be supported by CPU. + * * This module adds support for the AES crypto instructions on Arm64 */ #define MBEDTLS_AESCE_C From 97b31d8ca304d97bbc2c4e7435e4ce621ff1fc7d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Feb 2023 14:52:33 +0800 Subject: [PATCH 180/440] Revert "Disable clang tests" This reverts commit e908c57f95d05cac83bb9532ba50a82e925e3df1. Signed-off-by: Jerry Yu --- .travis.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index a97a3c2ef..3d735bb5c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -112,7 +112,7 @@ jobs: addons: apt: packages: - - gcc + - clang - gnutls-bin script: # See above @@ -122,7 +122,7 @@ jobs: - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY - make generated_files - - make CFLAGS='-march=armv8-a+crypto -O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all' + - make CC=clang CFLAGS='-march=armv8-a+crypto -O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all' # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it. - tests/compat.sh -p GnuTLS -e 'CAMELLIA' - tests/scripts/travis-log-failure.sh From baae4012bf9a175bd8d2bf202db493f387e3f1b3 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Feb 2023 15:26:13 +0800 Subject: [PATCH 181/440] merge setkey_enc* functions Signed-off-by: Jerry Yu --- library/aesce.c | 100 +++++++++++++++++------------------------------- 1 file changed, 35 insertions(+), 65 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index 29a4ce018..b4ebdadc0 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -160,9 +160,6 @@ void mbedtls_aesce_inverse_key(unsigned char *invkey, } -static uint8_t const rcon[] = { 0x01, 0x02, 0x04, 0x08, 0x10, - 0x20, 0x40, 0x80, 0x1b, 0x36 }; - static inline uint32_t aes_rot_word(uint32_t word) { return (word << (32 - 8)) | (word >> 8); @@ -180,75 +177,47 @@ static inline uint32_t aes_sub_word(uint32_t in) } /* - * Key expansion, 128-bit case + * Key expansion function */ -static void aesce_setkey_enc_128(unsigned char *rk, - const unsigned char *key) +static void aesce_setkey_enc(unsigned char *rk, + const unsigned char *key, + const size_t key_bit_length) { uint32_t *rki; uint32_t *rko; uint32_t *rk_u32 = (uint32_t *) rk; + const uint32_t key_len_in_words = key_bit_length / 32; + const uint32_t key_len_in_bytes = key_bit_length / 8; + static uint8_t const rcon[] = { 0x01, 0x02, 0x04, 0x08, 0x10, + 0x20, 0x40, 0x80, 0x1b, 0x36 }; + const uint32_t rounds = + key_bit_length == 128 ? sizeof(rcon) : key_bit_length == 192 ? 8 : 7; - memcpy(rk, key, (128 / 8)); + memcpy(rk, key, key_len_in_bytes); - for (size_t i = 0; i < sizeof(rcon); i++) { - rki = rk_u32 + i * (128 / 32); - rko = rki + (128 / 32); - rko[0] = aes_rot_word(aes_sub_word(rki[(128 / 32) - 1])) ^ rcon[i] ^ rki[0]; + for (size_t i = 0; i < rounds; i++) { + rki = rk_u32 + i * key_len_in_words; + rko = rki + key_len_in_words; + rko[0] = aes_rot_word(aes_sub_word(rki[key_len_in_words - 1])); + rko[0] ^= rcon[i] ^ rki[0]; rko[1] = rko[0] ^ rki[1]; rko[2] = rko[1] ^ rki[2]; rko[3] = rko[2] ^ rki[3]; - } -} - -/* - * Key expansion, 192-bit case - */ -static void aesce_setkey_enc_192(unsigned char *rk, - const unsigned char *key) -{ - uint32_t *rki; - uint32_t *rko; - uint32_t *rk_u32 = (uint32_t *) rk; - memcpy(rk, key, (192 / 8)); - - for (size_t i = 0; i < 8; i++) { - rki = rk_u32 + i * (192 / 32); - rko = rki + (192 / 32); - rko[0] = aes_rot_word(aes_sub_word(rki[(192 / 32) - 1])) ^ rcon[i] ^ rki[0]; - rko[1] = rko[0] ^ rki[1]; - rko[2] = rko[1] ^ rki[2]; - rko[3] = rko[2] ^ rki[3]; - if (i < 7) { - rko[4] = rko[3] ^ rki[4]; - rko[5] = rko[4] ^ rki[5]; - } - } -} - -/* - * Key expansion, 256-bit case - */ -static void aesce_setkey_enc_256(unsigned char *rk, - const unsigned char *key) -{ - uint32_t *rki; - uint32_t *rko; - uint32_t *rk_u32 = (uint32_t *) rk; - memcpy(rk, key, (256 / 8)); - - for (size_t i = 0; i < 7; i++) { - rki = rk_u32 + i * (256 / 32); - rko = rki + (256 / 32); - rko[0] = aes_rot_word(aes_sub_word(rki[(256 / 32) - 1])) ^ rcon[i] ^ rki[0]; - rko[1] = rko[0] ^ rki[1]; - rko[2] = rko[1] ^ rki[2]; - rko[3] = rko[2] ^ rki[3]; - if (i < 6) { - rko[4] = aes_sub_word(rko[3]) ^ rki[4]; - rko[5] = rko[4] ^ rki[5]; - rko[6] = rko[5] ^ rki[6]; - rko[7] = rko[6] ^ rki[7]; + switch (key_bit_length) { + case 192: + if (i < 7) { + rko[4] = rko[3] ^ rki[4]; + rko[5] = rko[4] ^ rki[5]; + } + break; + case 256: + if (i < 6) { + rko[4] = aes_sub_word(rko[3]) ^ rki[4]; + rko[5] = rko[4] ^ rki[5]; + rko[6] = rko[5] ^ rki[6]; + rko[7] = rko[6] ^ rki[7]; + } + break; } } } @@ -261,9 +230,10 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk, size_t bits) { switch (bits) { - case 128: aesce_setkey_enc_128(rk, key); break; - case 192: aesce_setkey_enc_192(rk, key); break; - case 256: aesce_setkey_enc_256(rk, key); break; + case 128: + case 192: + case 256: + aesce_setkey_enc(rk, key, bits); break; default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; } From ba4ec24c79289fcc82609e02ceb9a4da180a5550 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 21 Feb 2023 15:59:13 +0800 Subject: [PATCH 182/440] fix code style failure Signed-off-by: Jerry Yu --- library/sha256.c | 4 ++-- library/sha512.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index c167dbe1a..8c2e6f9e0 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -34,13 +34,13 @@ #pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) #define MBEDTLS_POP_TARGET_PRAGMA #endif /* __aarch64__ && __clang__ && - !__ARM_FEATURE_CRYPTO && __clang_major__ < 18 && __clang_major__ > 3 */ + !__ARM_FEATURE_CRYPTO && __clang_major__ < 18 && __clang_major__ > 3 */ #include "common.h" #if defined(MBEDTLS_POP_TARGET_PRAGMA) && \ !(defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \ - defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)) + defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)) #if defined(__clang__) #pragma clang attribute pop #endif diff --git a/library/sha512.c b/library/sha512.c index d0e6d47df..26b46318d 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -35,15 +35,15 @@ #pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) #define MBEDTLS_POP_TARGET_PRAGMA #endif /* __aarch64__ && __clang__ && - !__ARM_FEATURE_SHA512 && __clang_major__ < 18 && - __clang_major__ >= 13 && __clang_minor__ > 0 && - __clang_patchlevel__ > 0 */ + !__ARM_FEATURE_SHA512 && __clang_major__ < 18 && + __clang_major__ >= 13 && __clang_minor__ > 0 && + __clang_patchlevel__ > 0 */ #include "common.h" #if defined(MBEDTLS_POP_TARGET_PRAGMA) && \ !(defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \ - defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)) + defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)) #if defined(__clang__) #pragma clang attribute pop #endif From 787f7c8d10b43ce25f648de47a879c264bb2eb24 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 21 Feb 2023 10:21:12 +0100 Subject: [PATCH 183/440] Improve documentation of documentation workaround Signed-off-by: Gilles Peskine --- doxygen/mbedtls.doxyfile | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 7e8d19611..1077f86db 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -32,10 +32,13 @@ DOT_TRANSPARENT = YES # but clang -Wdocumentation doesn't (since Clang 15, for \retval). # https://github.com/Mbed-TLS/mbedtls/issues/6960 # https://github.com/llvm/llvm-project/issues/60315 -# As a workaround, when documenting the status codes that a function can -# return, if you don't have anything to say beyond the status code's -# description, you can write something like -# \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription +# We often use \retval declarations with just a constant name to +# document which error codes a function can return. If the documentation +# of the error code is enough to explain the error, then an empty +# description on the \retval statement is ok. However, the source code +# of the description needs to be made non-empty to pacify Clang. +# In such cases, you can write something like +# \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription # This does not change the documentation generated by Doxygen, but # it pacifies clang -Wdocumentation. ALIASES += emptydescription="" From 66f88a9d22db7928df8edccab710ce2487491fa9 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 8 Feb 2023 17:11:13 +0100 Subject: [PATCH 184/440] Extract Secp224r1 from the prototype Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 195 +++++++++++++++++++++++---- library/ecp_invasive.h | 3 +- tests/suites/test_suite_ecp.function | 3 +- 3 files changed, 174 insertions(+), 27 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 1a027d6aa..d42f093cf 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4575,6 +4575,7 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); #endif #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) static int ecp_mod_p224(mbedtls_mpi *); +static int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn); #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) static int ecp_mod_p256(mbedtls_mpi *); @@ -4951,6 +4952,176 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn) #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) + +/* + * The reader is advised to first understand ecp_mod_p192() since the same + * general structure is used here, but with additional complications: + * (1) chunks of 32 bits, and (2) subtractions. + */ + +/* + * For these primes, we need to handle data in chunks of 32 bits. + * This makes it more complicated if we use 64 bits limbs in MPI, + * which prevents us from using a uniform access method as for p192. + * + * So, we define a mini abstraction layer to access 32 bit chunks, + * load them in 'cur' for work, and store them back from 'cur' when done. + * + * While at it, also define the size of N in terms of 32-bit chunks. + */ +#define LOAD32 cur = A(i); + +#if defined(MBEDTLS_HAVE_INT32) /* 32 bit */ + +#define MAX32 Nn +#define A(j) Np[j] +#define STORE32 Np[i] = cur; +#define STORE0 Np[i] = 0; + +#else /* 64 bit */ + +#define MAX32 Nn * 2 +#define A(j) (j) % 2 ? (uint32_t) (Np[(j) / 2] >> 32) : \ + (uint32_t) (Np[(j) / 2]) +#define STORE32 \ + if (i % 2) { \ + Np[i/2] &= 0x00000000FFFFFFFF; \ + Np[i/2] |= (uint64_t) (cur) << 32; \ + } else { \ + Np[i/2] &= 0xFFFFFFFF00000000; \ + Np[i/2] |= (uint32_t) cur; \ + } + +#define STORE0 \ + if (i % 2) { \ + Np[i/2] &= 0x00000000FFFFFFFF; \ + } else { \ + Np[i/2] &= 0xFFFFFFFF00000000; \ + } + +#endif + +static inline int8_t extract_carry(int64_t cur) +{ + return (int8_t) (cur >> 32); +} + +#define ADD(j) cur += A(j) +#define SUB(j) cur -= A(j) + +#define ADD_CARRY(cc) cur += (cc) +#define SUB_CARRY(cc) cur -= (cc) + +#define ADD_LAST ADD_CARRY(last_c) +#define SUB_LAST SUB_CARRY(last_c) + +/* + * Helpers for the main 'loop' + */ +#define INIT(b) \ + int8_t c = 0, last_c; \ + int64_t cur; \ + size_t i = 0; \ + LOAD32; + +#define NEXT \ + c = extract_carry(cur); \ + STORE32; i++; LOAD32; \ + ADD_CARRY(c); + +#define RESET \ + c = extract_carry(cur); \ + last_c = c; \ + STORE32; i = 0; LOAD32; \ + c = 0; \ + +#define LAST \ + c = extract_carry(cur); \ + STORE32; i++; \ + if (c != 0) \ + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; \ + while (i < MAX32) { STORE0; i++; } + +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) + +/* + * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2) + */ +static int ecp_mod_p224(mbedtls_mpi *N) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + size_t expected_width = 2 * ((224 + biL - 1) / biL); + MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); + ret = ecp_mod_p224_raw(N->p, expected_width); +cleanup: + return ret; +} + +static int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn) +{ + if (Nn != 2 * ((224 + biL - 1) / biL)) { + return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; + } + + INIT(224); + + SUB( 7); SUB(11); NEXT; // A0 += -A7 - A11 + SUB( 8); SUB(12); NEXT; // A1 += -A8 - A12 + SUB( 9); SUB(13); NEXT; // A2 += -A9 - A13 + SUB(10); ADD( 7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 + SUB(11); ADD( 8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 + SUB(12); ADD( 9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 + SUB(13); ADD(10); // A6 += -A13 + A10 + + RESET; + + SUB_LAST; NEXT; // A0 + NEXT; // A1 + NEXT; // A2 + ADD_LAST; NEXT; // A3 + NEXT; // A4 + NEXT; // A5 + // A6 + + RESET; + + SUB_LAST; NEXT; // A0 + NEXT; // A1 + NEXT; // A2 + ADD_LAST; NEXT; // A3 + NEXT; // A4 + NEXT; // A5 + // A6 + + LAST; + + return 0; +} + +#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ + +#undef LOAD32 +#undef MAX32 +#undef A +#undef STORE32 +#undef STORE0 +#undef ADD +#undef SUB +#undef ADD_CARRY +#undef SUB_CARRY +#undef ADD_LAST +#undef SUB_LAST +#undef INIT +#undef NEXT +#undef RESET +#undef LAST + +#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED || + MBEDTLS_ECP_DP_SECP256R1_ENABLED || + MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ + defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) /* * The reader is advised to first understand ecp_mod_p192() since the same * general structure is used here, but with additional complications: @@ -5071,27 +5242,6 @@ void mbedtls_ecp_fix_negative(mbedtls_mpi *N, signed char c, size_t bits) N->p[bits / 8 / sizeof(mbedtls_mpi_uint)] += msw; } -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) -/* - * Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2) - */ -static int ecp_mod_p224(mbedtls_mpi *N) -{ - INIT(224); - - SUB(7); SUB(11); NEXT; // A0 += -A7 - A11 - SUB(8); SUB(12); NEXT; // A1 += -A8 - A12 - SUB(9); SUB(13); NEXT; // A2 += -A9 - A13 - SUB(10); ADD(7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 - SUB(11); ADD(8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 - SUB(12); ADD(9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 - SUB(13); ADD(10); LAST; // A6 += -A13 + A10 - -cleanup: - return ret; -} -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ - #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) /* * Fast quasi-reduction modulo p256 (FIPS 186-3 D.2.3) @@ -5186,8 +5336,7 @@ cleanup: #undef NEXT #undef LAST -#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED || - MBEDTLS_ECP_DP_SECP256R1_ENABLED || +#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED || MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 3d1321c52..19d516f9b 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -32,8 +32,7 @@ #if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ECP_C) -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) /* Preconditions: * - bits is a multiple of 64 or is 224 diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 4e74d9b8e..a38720c34 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -8,8 +8,7 @@ #include "bignum_mod_raw_invasive.h" #if defined(MBEDTLS_TEST_HOOKS) && \ - (defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \ - defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ + (defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)) #define HAVE_FIX_NEGATIVE #endif From e14b5bdba71e49002b71d2644b8e98e7b1cf6737 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 8 Feb 2023 17:23:03 +0100 Subject: [PATCH 185/440] Change the ecp_mod_p224_raw to be testable Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 6 ++++-- library/ecp_invasive.h | 7 +++++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index d42f093cf..a4b49ae20 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4575,7 +4575,8 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); #endif #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) static int ecp_mod_p224(mbedtls_mpi *); -static int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn); +MBEDTLS_STATIC_TESTABLE +int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn); #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) static int ecp_mod_p256(mbedtls_mpi *); @@ -5057,7 +5058,8 @@ cleanup: return ret; } -static int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn) +MBEDTLS_STATIC_TESTABLE +int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn) { if (Nn != 2 * ((224 + biL - 1) / biL)) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 19d516f9b..2669aec42 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -94,6 +94,13 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) + +MBEDTLS_STATIC_TESTABLE +int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn); + +#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ + #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) /** Fast quasi-reduction modulo p521 = 2^521 - 1 (FIPS 186-3 D.2.5) From aef0f2de9ffc8629151f6a011abe98482b2c7670 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 14 Feb 2023 18:18:37 +0100 Subject: [PATCH 186/440] Fix limb size calculation Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index a4b49ae20..e1e3537e7 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5051,7 +5051,7 @@ static inline int8_t extract_carry(int64_t cur) static int ecp_mod_p224(mbedtls_mpi *N) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t expected_width = 2 * ((224 + biL - 1) / biL); + size_t expected_width = 2 * 224 / biL; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); ret = ecp_mod_p224_raw(N->p, expected_width); cleanup: @@ -5061,7 +5061,7 @@ cleanup: MBEDTLS_STATIC_TESTABLE int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn) { - if (Nn != 2 * ((224 + biL - 1) / biL)) { + if (Nn != 2 * 224 / biL) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } From 7c8d706f4e3d3433fe87f671ffd3b65e41575726 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 14 Feb 2023 18:25:23 +0100 Subject: [PATCH 187/440] Use a common function to calculate the number of hex digits Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/bignum_common.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/bignum_common.py b/scripts/mbedtls_dev/bignum_common.py index 242217554..5319ec68b 100644 --- a/scripts/mbedtls_dev/bignum_common.py +++ b/scripts/mbedtls_dev/bignum_common.py @@ -74,6 +74,10 @@ def combination_pairs(values: List[T]) -> List[Tuple[T, T]]: """Return all pair combinations from input values.""" return [(x, y) for x in values for y in values] +def hex_digits_for_limb(limbs: int, bits_in_limb: int) -> int: + """ Retrun the hex digits need for a number of limbs. """ + return 2 * (limbs * bits_in_limb // 8) + class OperationCommon(test_data_generation.BaseTest): """Common features for bignum binary operations. @@ -138,7 +142,7 @@ class OperationCommon(test_data_generation.BaseTest): @property def hex_digits(self) -> int: - return 2 * (self.limbs * self.bits_in_limb // 8) + return hex_digits_for_limb(self.limbs, self.bits_in_limb) def format_arg(self, val: str) -> str: if self.input_style not in self.input_styles: From f65a059a642f024bf7c61d553455f72b5d488a7c Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 14 Feb 2023 18:26:36 +0100 Subject: [PATCH 188/440] Add test generation for ecp_mod_p224_raw Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/ecp.py | 49 ++++++++++++++++++++++++++++ tests/suites/test_suite_ecp.function | 43 ++++++++++++++++++++++++ 2 files changed, 92 insertions(+) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 6370d258a..da0ae3741 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -76,6 +76,55 @@ class EcpP192R1Raw(bignum_common.ModOperationCommon, def is_valid(self) -> bool: return True +class EcpP224R1Raw(bignum_common.ModOperationCommon, + EcpTarget): + """Test cases for ecp quasi_reduction().""" + symbol = "-" + test_function = "ecp_mod_p224_raw" + test_name = "ecp_mod_p224_raw" + input_style = "arch_split" + arity = 1 + + moduli = ["ffffffffffffffffffffffffffffffff000000000000000000000001"] # type: List[str] + + input_values = [ + "0", "1", + + # First 8 number generated by random.getrandbits(448) - seed(2,2) + ("da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337" + "15ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), + ("cdbd47d364be8049a372db8f6e405d93ffed9235288bc781ae662675" + "94c9c9500925e4749b575bd13653f8dd9b1f282e4067c3584ee207f8"), + ("defc044a09325626e6b58de744ab6cce80877b6f71e1f6d2ef8acd12" + "8b4f2fc15f3f57ebf30b94fa82523e86feac7eb7dc38f519b91751da"), + ("2d6c797f8f7d9b782a1be9cd8697bbd0e2520e33e44c50556c71c4a6" + "6148a86fe8624fab5186ee32ee8d7ee9770348a05d300cb90706a045"), + ("8f54f8ceacaab39e83844b40ffa9b9f15c14bc4a829e07b0829a48d4" + "22fe99a22c70501e533c91352d3d854e061b90303b08c6e33c729578"), + ("97eeab64ca2ce6bc5d3fd983c34c769fe89204e2e8168561867e5e15" + "bc01bfce6a27e0dfcbf8754472154e76e4c11ab2fec3f6b32e8d4b8a"), + ("a7a83ee0761ebfd2bd143fa9b714210c665d7435c1066932f4767f26" + "294365b2721dea3bf63f23d0dbe53fcafb2147df5ca495fa5a91c89b"), + ("74667bffe202849da9643a295a9ac6decbd4d3e2d4dec9ef83f0be4e" + "80371eb97f81375eecc1cb6347733e847d718d733ff98ff387c56473"), + + # Next 2 number generated by random.getrandbits(224) + "eb9ac688b9d39cca91551e8259cc60b17604e4b4e73695c3e652c71a", + "f0caeef038c89b38a8acb5137c9260dc74e088a9b9492f258ebdbfe3" + ] + + @property + def arg_a(self) -> str: + hex_digits = bignum_common.hex_digits_for_limb(448 // self.bits_in_limb, self.bits_in_limb) + return super().format_arg('{:x}'.format(self.int_a)).zfill(hex_digits) + + def result(self) -> List[str]: + result = self.int_a % self.int_n + return [self.format_result(result)] + + @property + def is_valid(self) -> bool: + return True class EcpP521R1Raw(bignum_common.ModOperationCommon, EcpTarget): """Test cases for ecp quasi_reduction().""" diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index a38720c34..40bcd1793 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1344,6 +1344,49 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ +void ecp_mod_p224_raw(char *input_N, + char *input_X, + char *result) +{ + mbedtls_mpi_uint *X = NULL; + mbedtls_mpi_uint *N = NULL; + mbedtls_mpi_uint *res = NULL; + size_t limbs_X; + size_t limbs_N; + size_t limbs_res; + + mbedtls_mpi_mod_modulus m; + mbedtls_mpi_mod_modulus_init(&m); + + TEST_EQUAL(mbedtls_test_read_mpi_core(&X, &limbs_X, input_X), 0); + TEST_EQUAL(mbedtls_test_read_mpi_core(&N, &limbs_N, input_N), 0); + TEST_EQUAL(mbedtls_test_read_mpi_core(&res, &limbs_res, result), 0); + + size_t limbs = limbs_N; + size_t bytes = limbs * sizeof(mbedtls_mpi_uint); + + TEST_EQUAL(limbs_X, 448 / biL); + TEST_EQUAL(limbs_res, limbs); + + TEST_EQUAL(mbedtls_mpi_mod_modulus_setup( + &m, N, limbs, + MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); + + TEST_EQUAL(ecp_mod_p224_raw(X, limbs_X), 0); + TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), 224); + mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); + ASSERT_COMPARE(X, bytes, res, bytes); + +exit: + mbedtls_free(X); + mbedtls_free(res); + + mbedtls_mpi_mod_modulus_free(&m); + mbedtls_free(N); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ void ecp_mod_p521_raw(char *input_N, char *input_X, From e3095e7cb022ba92ed47a62761d97affac2e5607 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 28 Dec 2022 10:09:53 +0100 Subject: [PATCH 189/440] Add comments to accel_ecdh component MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7d91fa27d..484bf809d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2063,8 +2063,8 @@ component_test_psa_crypto_config_accel_ecdsa () { loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" - # Configure and build the test driver library - # ------------------------------------------- + # Configure and build the main libraries + # -------------------------------------- # Start from default config (no USE_PSA) + driver support + TLS 1.3 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS @@ -2082,7 +2082,7 @@ component_test_psa_crypto_config_accel_ecdsa () { loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - # Make sure ECDSA was not re-enabled by accident (additive config) + # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o # Run the tests @@ -2183,31 +2183,47 @@ component_test_psa_crypto_config_reference_ecdsa_use_psa () { component_test_psa_crypto_config_accel_ecdh () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH" + # Algorithms and key types to accelerate + loc_accel_list="ALG_ECDH KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" + + # Configure and build the test driver library + # ------------------------------------------- + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having # partial support for cipher operations in the driver test library. scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING - loc_accel_list="ALG_ECDH KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + # Configure and build the main libraries + # -------------------------------------- + + # Start from default config (no USE_PSA or TLS 1.3) + driver support scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + + # Disable the module that's accelerated scripts/config.py unset MBEDTLS_ECDH_C + + # Disable things that depend on it scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + # Build the library loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + # Make sure this was not re-enabled by accident (additive config) not grep mbedtls_ecdh_ library/ecdh.o + # Run the tests + # ------------- + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH" make test } From 59a2b8fd57413ddfbb5b8f23938f20743bee11e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Feb 2023 12:42:31 +0100 Subject: [PATCH 190/440] Add component accel_ecdh_use_psa MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 60 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 484bf809d..2cedb2142 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2092,7 +2092,7 @@ component_test_psa_crypto_config_accel_ecdsa () { make test } -# Auxiliary function to build config for hashes with and without drivers +# Auxiliary function to build config for ECDSA with and without drivers config_psa_crypto_config_ecdsa_use_psa () { DRIVER_ONLY="$1" # start with config full for maximum coverage (also enables USE_PSA) @@ -2228,6 +2228,64 @@ component_test_psa_crypto_config_accel_ecdh () { make test } +component_test_psa_crypto_config_accel_ecdh_use_psa () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" + + # Algorithms and key types to accelerate + loc_accel_list="ALG_ECDH KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY" + + # Configure and build the test driver library + # ------------------------------------------- + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + # Configure and build the main libraries + # -------------------------------------- + + # Start from full config (USE_PSA and TLS 1.3) + driver support + scripts/config.py full + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + # Disable the module that's accelerated + scripts/config.py unset MBEDTLS_ECDH_C + + # Disable things that depend on it + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED + scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED + # Note: the above two lines should be enough, but currently there's a bug + # that prevents tests from passing TLS 1.3 with only PSK (no ephemeral) + # when TLS 1.2 is also enabled, see #6848. + # So, as a temporary measure disable all of TLS 1.3. + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + + # Build the library + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + # Make sure this was not re-enabled by accident (additive config) + not grep mbedtls_ecdh_ library/ecdh.o + + # Run the tests + # ------------- + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH" + make test + + # ssl-opt.sh later (probably doesn't pass right now) +} + component_test_psa_crypto_config_accel_rsa_signature () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" From e91bcf31b630b1c44c1defe7952ce5845febe49d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Feb 2023 13:07:19 +0100 Subject: [PATCH 191/440] Add comparison of accel_ecdh_use_psa against ref MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit With temporary exclusions to be lifted as follow-ups. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 76 ++++++++++++++++++++++--------- tests/scripts/analyze_outcomes.py | 17 +++++++ 2 files changed, 72 insertions(+), 21 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2cedb2142..f90c27ea2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2228,6 +2228,40 @@ component_test_psa_crypto_config_accel_ecdh () { make test } +# Auxiliary function to build config for ECDH with and without drivers +config_psa_crypto_config_ecdh_use_psa () { + DRIVER_ONLY="$1" + # start with config full for maximum coverage (also enables USE_PSA) + scripts/config.py full + # enable support for drivers and configuring PSA-only algorithms + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + if [ "$DRIVER_ONLY" -eq 1 ]; then + # Disable the module that's accelerated + scripts/config.py unset MBEDTLS_ECDH_C + fi + # Disable things that depend on it + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED + + scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED + scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED + # Note: the above two lines should be enough, but currently there's a bug + # that prevents tests from passing TLS 1.3 with only PSK (no ephemeral) + # when TLS 1.2 is also enabled, see #6848. + # So, as a temporary measure disable all of TLS 1.3. + scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + + # Restartable feature is not yet supported by PSA. Once it will in + # the future, the following line could be removed (see issues + # 6061, 6332 and following ones) + scripts/config.py unset MBEDTLS_ECP_RESTARTABLE +} + +# Keep in sync with component_test_psa_crypto_config_reference_ecdh_use_psa component_test_psa_crypto_config_accel_ecdh_use_psa () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" @@ -2248,27 +2282,8 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # Configure and build the main libraries # -------------------------------------- - # Start from full config (USE_PSA and TLS 1.3) + driver support - scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - - # Disable the module that's accelerated - scripts/config.py unset MBEDTLS_ECDH_C - - # Disable things that depend on it - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED - scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED - # Note: the above two lines should be enough, but currently there's a bug - # that prevents tests from passing TLS 1.3 with only PSK (no ephemeral) - # when TLS 1.2 is also enabled, see #6848. - # So, as a temporary measure disable all of TLS 1.3. - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 + # Use the same config as reference, only without built-in ECDH + config_psa_crypto_config_ecdh_use_psa 1 # Build the library loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" @@ -2286,6 +2301,25 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # ssl-opt.sh later (probably doesn't pass right now) } +# Keep in sync with component_test_psa_crypto_config_accel_ecdh_use_psa. +# Used by tests/scripts/analyze_outcomes.py for comparison purposes. +component_test_psa_crypto_config_reference_ecdh_use_psa () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" + + # To be aligned with the accel component that needs this + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + config_psa_crypto_config_ecdh_use_psa 0 + + make + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" + make test + + # ssl-opt.sh later when the accel component is ready +} + component_test_psa_crypto_config_accel_rsa_signature () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated RSA signature" diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 44c62f71f..7501ec383 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -183,6 +183,23 @@ TASKS = { } } }, + 'analyze_driver_vs_reference_ecdh': { + 'test_function': do_analyze_driver_vs_reference, + 'args': { + 'component_ref': 'test_psa_crypto_config_reference_ecdh_use_psa', + 'component_driver': 'test_psa_crypto_config_accel_ecdh_use_psa', + 'ignored_suites': [ + 'ecdh', # the software implementation that's excluded + ], + 'ignored_tests': { + # temporary + 'test_suite_psa_crypto': [ + 'PSA key agreement setup: ECDH, unknown KDF', + 'PSA key policy: raw agreement, key permits raw agreement, but algorithm is not raw', + ], + } + } + }, } def main(): From a006f8c17ba8f46634e4fe8e837241cd4eb1d474 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 21 Feb 2023 13:36:56 +0100 Subject: [PATCH 192/440] Adapt dependencies for parsing rfc822Name test Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_x509parse.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 9b6e29831..c6dbad786 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -207,7 +207,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R x509_parse_san:"data_files/server5-unsupported_othername.crt":"" X509 SAN parsing rfc822Name -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA x509_parse_san:"data_files/test_cert_rfc822name.crt.der":"type \: 1\nrfc822Name \: my@other.address\ntype \: 1\nrfc822Name \: second@other.address\n" X509 CRL information #1 From d1c001aff7139b0daecfebcf23ea80dd8a639082 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Feb 2023 13:12:30 +0100 Subject: [PATCH 193/440] Fix some dependencies in test_suite_psa_crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/analyze_outcomes.py | 5 ----- tests/suites/test_suite_psa_crypto.data | 4 ++-- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 7501ec383..3fd24e98d 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -192,11 +192,6 @@ TASKS = { 'ecdh', # the software implementation that's excluded ], 'ignored_tests': { - # temporary - 'test_suite_psa_crypto': [ - 'PSA key agreement setup: ECDH, unknown KDF', - 'PSA key policy: raw agreement, key permits raw agreement, but algorithm is not raw', - ], } } }, diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index c3561420b..d4a24b127 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1061,7 +1061,7 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MB raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH:PSA_ERROR_NOT_PERMITTED PSA key policy: raw agreement, key permits raw agreement, but algorithm is not raw -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECDH_C +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED PSA key policy: raw agreement, key specifies KDF @@ -6232,7 +6232,7 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH, unknown KDF -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_ECDH_C +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED PSA key agreement setup: bad key agreement algorithm From 226aa15702b204cda49adc31662f62522391bc2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sun, 5 Feb 2023 09:46:59 +0100 Subject: [PATCH 194/440] Make handshake hashing functions return int MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There are three family of functions: update_checksum, calc_verify, calc_finished, that perform hashing operations and were returning void so far. This is not correct, as hashing functions can return errors (for example, on hardware failure when accelerated). Change them to return int. This commit just changes the types: for now the functions always return 0, and their return value is not checked; this will be fixed in the next few commits. There is a related function in TLS 1.3, mbedtls_ssl_reset_transcript_for_hrr, which also handles hashes, and already returns int but does not correctly check for errors from hashing functions so far, it will also be handled in the next few commits. There's a special case with handshake_params_init: _init functions should return void, so we'll need to split out the part that can return errors, see the next commit. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_misc.h | 8 +++--- library/ssl_tls.c | 64 +++++++++++++++++++++++++--------------------- 2 files changed, 39 insertions(+), 33 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2668a05b6..bffbef2cf 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -705,9 +705,9 @@ struct mbedtls_ssl_handshake_params { mbedtls_ssl_ciphersuite_t const *ciphersuite_info; - void (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); - void (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *); - void (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); + int (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); + int (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *); + int (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); mbedtls_ssl_tls_prf_cb *tls_prf; /* @@ -1317,7 +1317,7 @@ static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl); -void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl); +int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) MBEDTLS_CHECK_RETURN_CRITICAL diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 86f5c0b55..319628529 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -418,8 +418,8 @@ static int tls_prf_sha256(const unsigned char *secret, size_t slen, const char *label, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen); -static void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *, unsigned char *, size_t *); -static void ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *, int); +static int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *, unsigned char *, size_t *); +static int ssl_calc_finished_tls_sha256(mbedtls_ssl_context *, unsigned char *, int); #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/ @@ -430,8 +430,8 @@ static int tls_prf_sha384(const unsigned char *secret, size_t slen, const unsigned char *random, size_t rlen, unsigned char *dstbuf, size_t dlen); -static void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *); -static void ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int); +static int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *, unsigned char *, size_t *); +static int ssl_calc_finished_tls_sha384(mbedtls_ssl_context *, unsigned char *, int); #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/ static size_t ssl_tls12_session_save(const mbedtls_ssl_session *session, @@ -444,14 +444,14 @@ static int ssl_tls12_session_load(mbedtls_ssl_session *session, size_t len); #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ -static void ssl_update_checksum_start(mbedtls_ssl_context *, const unsigned char *, size_t); +static int ssl_update_checksum_start(mbedtls_ssl_context *, const unsigned char *, size_t); #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) -static void ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t); +static int ssl_update_checksum_sha256(mbedtls_ssl_context *, const unsigned char *, size_t); #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/ #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) -static void ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t); +static int ssl_update_checksum_sha384(mbedtls_ssl_context *, const unsigned char *, size_t); #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/ int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf, @@ -812,7 +812,7 @@ void mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, ssl->handshake->update_checksum(ssl, msg, msg_len); } -void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) +int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) { ((void) ssl); #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) @@ -831,9 +831,10 @@ void mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1); #endif #endif + return 0; } -static void ssl_update_checksum_start(mbedtls_ssl_context *ssl, +static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) @@ -856,10 +857,11 @@ static void ssl_update_checksum_start(mbedtls_ssl_context *ssl, (void) buf; (void) len; #endif + return 0; } #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) -static void ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, +static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -867,11 +869,12 @@ static void ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, #else mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); #endif + return 0; } #endif #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) -static void ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, +static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -879,6 +882,7 @@ static void ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, #else mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); #endif + return 0; } #endif @@ -6513,9 +6517,9 @@ int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md) } #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) -void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen) +int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, + unsigned char *hash, + size_t *hlen) { #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_size; @@ -6526,13 +6530,13 @@ void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa); if (status != PSA_SUCCESS) { MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); - return; + return 0; } status = psa_hash_finish(&sha256_psa, hash, 32, &hash_size); if (status != PSA_SUCCESS) { MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); - return; + return 0; } *hlen = 32; @@ -6555,14 +6559,14 @@ void ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, mbedtls_sha256_free(&sha256); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return; + return 0; } #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) -void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, - unsigned char *hash, - size_t *hlen) +int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, + unsigned char *hash, + size_t *hlen) { #if defined(MBEDTLS_USE_PSA_CRYPTO) size_t hash_size; @@ -6573,13 +6577,13 @@ void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa); if (status != PSA_SUCCESS) { MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); - return; + return 0; } status = psa_hash_finish(&sha384_psa, hash, 48, &hash_size); if (status != PSA_SUCCESS) { MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); - return; + return 0; } *hlen = 48; @@ -6602,7 +6606,7 @@ void ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, mbedtls_sha512_free(&sha512); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return; + return 0; } #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ @@ -7545,7 +7549,7 @@ exit: #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) -static void ssl_calc_finished_tls_sha256( +static int ssl_calc_finished_tls_sha256( mbedtls_ssl_context *ssl, unsigned char *buf, int from) { int len = 12; @@ -7576,13 +7580,13 @@ static void ssl_calc_finished_tls_sha256( status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa); if (status != PSA_SUCCESS) { MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); - return; + return 0; } status = psa_hash_finish(&sha256_psa, padbuf, sizeof(padbuf), &hash_size); if (status != PSA_SUCCESS) { MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); - return; + return 0; } MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 32); #else @@ -7616,12 +7620,13 @@ static void ssl_calc_finished_tls_sha256( mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); + return 0; } #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/ #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) -static void ssl_calc_finished_tls_sha384( +static int ssl_calc_finished_tls_sha384( mbedtls_ssl_context *ssl, unsigned char *buf, int from) { int len = 12; @@ -7652,13 +7657,13 @@ static void ssl_calc_finished_tls_sha384( status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa); if (status != PSA_SUCCESS) { MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); - return; + return 0; } status = psa_hash_finish(&sha384_psa, padbuf, sizeof(padbuf), &hash_size); if (status != PSA_SUCCESS) { MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); - return; + return 0; } MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48); #else @@ -7691,6 +7696,7 @@ static void ssl_calc_finished_tls_sha384( mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); + return 0; } #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/ From 537f231fd92e6b9c8946892dfc280fe44336a0ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sun, 5 Feb 2023 10:17:45 +0100 Subject: [PATCH 195/440] Split hash start out of handshake_params_init MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This part can fail, so it shouldn't be intermixed with the part that can't fail and is there to ensure all structures are in a clean state, should any error happen. Fortunately, the part that should be split out already had a function doing it: reset_checksum. Also, handshake_params_init had only one calling site to update. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 319628529..c881872c9 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -893,19 +893,15 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha256_psa = psa_hash_operation_init(); - psa_hash_setup(&handshake->fin_sha256_psa, PSA_ALG_SHA_256); #else mbedtls_sha256_init(&handshake->fin_sha256); - mbedtls_sha256_starts(&handshake->fin_sha256, 0); #endif #endif #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha384_psa = psa_hash_operation_init(); - psa_hash_setup(&handshake->fin_sha384_psa, PSA_ALG_SHA_384); #else mbedtls_sha512_init(&handshake->fin_sha384); - mbedtls_sha512_starts(&handshake->fin_sha384, 1); #endif #endif @@ -1042,6 +1038,9 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) mbedtls_ssl_transform_init(ssl->transform_negotiate); #endif + /* Setup handshake checksums */ + mbedtls_ssl_reset_checksum(ssl); + #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ defined(MBEDTLS_SSL_SRV_C) && \ defined(MBEDTLS_SSL_SESSION_TICKETS) From d7a7a23308e8725f00b847bfd6a169299610a3fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sun, 5 Feb 2023 10:26:49 +0100 Subject: [PATCH 196/440] Use reset_checksum in reset_transcript_for_hrr MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This function was manually resetting just the hash that would be used; it's simpler to just call the function that resets all hashes. This also avoids calling low-level code from TLS 1.3. While at it, remove the guards about SHA-256 || SHA-384 that were around update_checksum, as they are redundant: update_checksum already has appropriate guards (and TLS 1.3 already depends on one of those tow hashes being present anyway). Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls13_generic.c | 32 ++------------------------------ 1 file changed, 2 insertions(+), 30 deletions(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 4fb73f91b..214f3ffb5 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1399,37 +1399,9 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) hash_len += 4; -#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) - if (ciphersuite_info->mac == MBEDTLS_MD_SHA256) { - MBEDTLS_SSL_DEBUG_BUF(4, "Truncated SHA-256 handshake transcript", - hash_transcript, hash_len); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort(&ssl->handshake->fin_sha256_psa); - psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); -#else - mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0); -#endif - } -#endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ -#if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) - if (ciphersuite_info->mac == MBEDTLS_MD_SHA384) { - MBEDTLS_SSL_DEBUG_BUF(4, "Truncated SHA-384 handshake transcript", - hash_transcript, hash_len); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort(&ssl->handshake->fin_sha384_psa); - psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384); -#else - mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1); -#endif - } -#endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ -#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \ - defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) + /* Reset running hash and replace it with a hash of the transcript */ + mbedtls_ssl_reset_checksum(ssl); ssl->handshake->update_checksum(ssl, hash_transcript, hash_len); -#endif \ - /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA || MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ return ret; } From b8b07aa24a34618a35743f21088358c627a5d12c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Feb 2023 00:34:21 +0100 Subject: [PATCH 197/440] Handle errors from functions that now return int MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A few functions were changed from returning void to returning int three commits ago. Make sure their callers check the return values. This commits was basically a matter of declaring newly-int-returning functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting warnings. A few functions had to be made int in the process; they were applied the same process as well. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_client.c | 21 ++++++++++--- library/ssl_misc.h | 13 ++++++-- library/ssl_msg.c | 23 +++++++++++--- library/ssl_tls.c | 36 ++++++++++++++++------ library/ssl_tls12_client.c | 13 ++++++-- library/ssl_tls12_server.c | 18 +++++++++-- library/ssl_tls13_client.c | 17 ++++++----- library/ssl_tls13_generic.c | 37 ++++++++++++++--------- library/ssl_tls13_server.c | 60 ++++++++++++++++++++++++------------- 9 files changed, 171 insertions(+), 67 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 963f8bb7c..42ff6748c 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -945,16 +945,29 @@ int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_SSL_PROTO_DTLS */ { - mbedtls_ssl_add_hs_hdr_to_checksum(ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, - msg_len); - ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len); + ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, + MBEDTLS_SSL_HS_CLIENT_HELLO, + msg_len); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_add_hs_hdr_to_checksum", ret); + return ret; + } + ret = ssl->handshake->update_checksum(ssl, buf, msg_len - binders_len); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); + return ret; + } #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) if (binders_len > 0) { MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( ssl, buf + msg_len - binders_len, buf + msg_len)); - ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len, + ret = ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len, binders_len); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); + return ret; + } } #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ diff --git a/library/ssl_misc.h b/library/ssl_misc.h index bffbef2cf..6dd7cb07b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -705,8 +705,11 @@ struct mbedtls_ssl_handshake_params { mbedtls_ssl_ciphersuite_t const *ciphersuite_info; + MBEDTLS_CHECK_RETURN_CRITICAL int (*update_checksum)(mbedtls_ssl_context *, const unsigned char *, size_t); + MBEDTLS_CHECK_RETURN_CRITICAL int (*calc_verify)(const mbedtls_ssl_context *, unsigned char *, size_t *); + MBEDTLS_CHECK_RETURN_CRITICAL int (*calc_finished)(mbedtls_ssl_context *, unsigned char *, int); mbedtls_ssl_tls_prf_cb *tls_prf; @@ -1317,6 +1320,7 @@ static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl, MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl); +MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl); #if defined(MBEDTLS_SSL_PROTO_TLS1_2) @@ -1328,7 +1332,8 @@ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_handle_message_type(mbedtls_ssl_context *ssl); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl); -void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl); +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl); /** * \brief Update record layer @@ -1461,12 +1466,14 @@ void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, /* * Update checksum of handshake messages. */ -void mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, unsigned hs_type, unsigned char const *msg, size_t msg_len); -void mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, +MBEDTLS_CHECK_RETURN_CRITICAL +int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, unsigned hs_type, size_t total_hs_len); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 9bedc2546..d26d95086 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -2639,7 +2639,12 @@ int mbedtls_ssl_write_handshake_msg_ext(mbedtls_ssl_context *ssl, /* Update running hashes of handshake messages seen */ if (hs_type != MBEDTLS_SSL_HS_HELLO_REQUEST && update_checksum != 0) { - ssl->handshake->update_checksum(ssl, ssl->out_msg, ssl->out_msglen); + ret = ssl->handshake->update_checksum(ssl, ssl->out_msg, + ssl->out_msglen); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); + return ret; + } } } @@ -3067,12 +3072,17 @@ int mbedtls_ssl_prepare_handshake_record(mbedtls_ssl_context *ssl) return 0; } -void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl) +int mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ssl_handshake_params * const hs = ssl->handshake; if (mbedtls_ssl_is_handshake_over(ssl) == 0 && hs != NULL) { - ssl->handshake->update_checksum(ssl, ssl->in_msg, ssl->in_hslen); + ret = ssl->handshake->update_checksum(ssl, ssl->in_msg, ssl->in_hslen); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); + return ret; + } } /* Handshake message is complete, increment counter */ @@ -3103,6 +3113,7 @@ void mbedtls_ssl_update_handshake_status(mbedtls_ssl_context *ssl) memset(hs_buf, 0, sizeof(mbedtls_ssl_hs_buffer)); } #endif + return 0; } /* @@ -3928,7 +3939,11 @@ int mbedtls_ssl_read_record(mbedtls_ssl_context *ssl, if (ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE && update_hs_digest == 1) { - mbedtls_ssl_update_handshake_status(ssl); + ret = mbedtls_ssl_update_handshake_status(ssl); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret); + return ret; + } } } else { MBEDTLS_SSL_DEBUG_MSG(2, ("reuse previously read message")); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c881872c9..cbc60ec96 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -788,7 +788,7 @@ void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, } } -void mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, +int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, unsigned hs_type, size_t total_hs_len) { @@ -800,16 +800,19 @@ void mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, hs_hdr[2] = MBEDTLS_BYTE_1(total_hs_len); hs_hdr[3] = MBEDTLS_BYTE_0(total_hs_len); - ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr)); + return ssl->handshake->update_checksum(ssl, hs_hdr, sizeof(hs_hdr)); } -void mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, +int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, unsigned hs_type, unsigned char const *msg, size_t msg_len) { - mbedtls_ssl_add_hs_hdr_to_checksum(ssl, hs_type, msg_len); - ssl->handshake->update_checksum(ssl, msg, msg_len); + int ret; + ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, hs_type, msg_len); + if (ret != 0) + return ret; + return ssl->handshake->update_checksum(ssl, msg, msg_len); } int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) @@ -971,6 +974,8 @@ void mbedtls_ssl_session_init(mbedtls_ssl_session *session) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_handshake_init(mbedtls_ssl_context *ssl) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + /* Clear old handshake information if present */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if (ssl->transform_negotiate) { @@ -1039,7 +1044,11 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) #endif /* Setup handshake checksums */ - mbedtls_ssl_reset_checksum(ssl); + ret = mbedtls_ssl_reset_checksum(ssl); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_checksum", ret); + return ret; + } #if defined(MBEDTLS_SSL_PROTO_TLS1_3) && \ defined(MBEDTLS_SSL_SRV_C) && \ @@ -6288,7 +6297,10 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake, if (handshake->extended_ms == MBEDTLS_SSL_EXTENDED_MS_ENABLED) { lbl = "extended master secret"; seed = session_hash; - handshake->calc_verify(ssl, session_hash, &seed_len); + ret = handshake->calc_verify(ssl, session_hash, &seed_len); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "calc_verify", ret); + } MBEDTLS_SSL_DEBUG_BUF(3, "session hash for extended master secret", session_hash, seed_len); @@ -7792,7 +7804,10 @@ int mbedtls_ssl_write_finished(mbedtls_ssl_context *ssl) mbedtls_ssl_update_out_pointers(ssl, ssl->transform_negotiate); - ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint); + ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret); + } /* * RFC 5246 7.4.9 (Page 63) says 12 is the default length and ciphersuites @@ -7902,7 +7917,10 @@ int mbedtls_ssl_parse_finished(mbedtls_ssl_context *ssl) MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse finished")); - ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1); + ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret); + } if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret); diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index b427ae944..fc99fdebe 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -1090,6 +1090,7 @@ static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl) { + int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; const unsigned char *p = ssl->in_msg + mbedtls_ssl_hs_hdr_len(ssl); uint16_t dtls_legacy_version; @@ -1160,7 +1161,11 @@ static int ssl_parse_hello_verify_request(mbedtls_ssl_context *ssl) /* Start over at ClientHello */ ssl->state = MBEDTLS_SSL_CLIENT_HELLO; - mbedtls_ssl_reset_checksum(ssl); + ret = mbedtls_ssl_reset_checksum(ssl); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_reset_checksum"), ret); + return ret; + } mbedtls_ssl_recv_flight_completed(ssl); @@ -3283,7 +3288,11 @@ static int ssl_write_certificate_verify(mbedtls_ssl_context *ssl) sign: #endif - ssl->handshake->calc_verify(ssl, hash, &hashlen); + ret = ssl->handshake->calc_verify(ssl, hash, &hashlen); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("calc_verify"), ret); + return ret; + } /* * digitally-signed struct { diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 929829249..d5c8b7ce4 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1020,7 +1020,11 @@ read_record_header: MBEDTLS_SSL_DEBUG_BUF(4, "record contents", buf, msg_len); - ssl->handshake->update_checksum(ssl, buf, msg_len); + ret = ssl->handshake->update_checksum(ssl, buf, msg_len); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); + return ret; + } /* * Handshake layer: @@ -4129,7 +4133,11 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) /* Calculate hash and verify signature */ { size_t dummy_hlen; - ssl->handshake->calc_verify(ssl, hash, &dummy_hlen); + ret = ssl->handshake->calc_verify(ssl, hash, &dummy_hlen); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("calc_verify"), ret); + return ret; + } } if ((ret = mbedtls_pk_verify(peer_pk, @@ -4139,7 +4147,11 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl) return ret; } - mbedtls_ssl_update_handshake_status(ssl); + ret = mbedtls_ssl_update_handshake_status(ssl); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_update_handshake_status"), ret); + return ret; + } MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate verify")); diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 1e79afab8..7948753e3 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1489,8 +1489,9 @@ static int ssl_tls13_preprocess_server_hello(mbedtls_ssl_context *ssl, ssl->keep_current_message = 1; ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; - mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_SERVER_HELLO, - buf, (size_t) (end - buf)); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, + MBEDTLS_SSL_HS_SERVER_HELLO, + buf, (size_t) (end - buf))); if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) { ret = ssl_tls13_reset_key_share(ssl); @@ -2056,8 +2057,8 @@ static int ssl_tls13_process_server_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_reset_transcript_for_hrr(ssl)); } - mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_SERVER_HELLO, - buf, buf_len); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, + MBEDTLS_SSL_HS_SERVER_HELLO, buf, buf_len)); if (is_hrr) { MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_hrr(ssl)); @@ -2214,8 +2215,8 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) } #endif - mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, - buf, buf_len); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, + MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, buf_len)); #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { @@ -2458,8 +2459,8 @@ static int ssl_tls13_process_certificate_request(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_certificate_request(ssl, buf, buf + buf_len)); - mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, - buf, buf_len); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, + MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, buf_len)); } else if (ret == SSL_CERTIFICATE_REQUEST_SKIP) { ret = 0; } else { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 214f3ffb5..f81979a7f 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -322,8 +322,9 @@ int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl) buf + buf_len, verify_buffer, verify_buffer_len)); - mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, - buf, buf_len); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, + MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, + buf, buf_len)); cleanup: @@ -752,8 +753,8 @@ int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl) /* Validate the certificate chain and set the verification results. */ MBEDTLS_SSL_PROC_CHK(ssl_tls13_validate_certificate(ssl)); - mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE, - buf, buf_len); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, + MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len)); cleanup: #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ @@ -868,8 +869,8 @@ int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl) buf + buf_len, &msg_len)); - mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE, - buf, msg_len); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, + MBEDTLS_SSL_HS_CERTIFICATE, buf, msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len)); @@ -1070,8 +1071,8 @@ int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_verify_body( ssl, buf, buf + buf_len, &msg_len)); - mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, - buf, msg_len); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, + MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len)); @@ -1171,8 +1172,8 @@ int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_finished_message(ssl, buf, buf + buf_len)); - mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_FINISHED, - buf, buf_len); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, + MBEDTLS_SSL_HS_FINISHED, buf, buf_len)); cleanup: @@ -1248,8 +1249,8 @@ int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_finished_message_body( ssl, buf, buf + buf_len, &msg_len)); - mbedtls_ssl_add_hs_msg_to_checksum(ssl, MBEDTLS_SSL_HS_FINISHED, - buf, msg_len); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, + MBEDTLS_SSL_HS_FINISHED, buf, msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len)); @@ -1400,8 +1401,16 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) hash_len += 4; /* Reset running hash and replace it with a hash of the transcript */ - mbedtls_ssl_reset_checksum(ssl); - ssl->handshake->update_checksum(ssl, hash_transcript, hash_len); + ret = mbedtls_ssl_reset_checksum(ssl); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_reset_checksum", ret); + return ret; + } + ret = ssl->handshake->update_checksum(ssl, hash_transcript, hash_len); + if (ret != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); + return ret; + } return ret; } diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 81c289aee..047b97a65 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -486,6 +486,7 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl, const unsigned char *ciphersuites, const unsigned char *ciphersuites_end) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const unsigned char *identities = pre_shared_key_ext; const unsigned char *p_identity_len; size_t identities_len; @@ -521,8 +522,12 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl, MBEDTLS_SSL_CHK_BUF_READ_PTR(p_binder_len, pre_shared_key_ext_end, binders_len); binders_end = p_binder_len + binders_len; - ssl->handshake->update_checksum(ssl, pre_shared_key_ext, - identities_end - pre_shared_key_ext); + ret = ssl->handshake->update_checksum(ssl, pre_shared_key_ext, + identities_end - pre_shared_key_ext); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); + return ret; + } while (p_identity_len < identities_end && p_binder_len < binders_end) { const unsigned char *identity; @@ -530,7 +535,6 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl, uint32_t obfuscated_ticket_age; const unsigned char *binder; size_t binder_len; - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int psk_type; uint16_t cipher_suite; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -642,9 +646,13 @@ static int ssl_tls13_parse_pre_shared_key_ext(mbedtls_ssl_context *ssl, } /* Update the handshake transcript with the binder list. */ - ssl->handshake->update_checksum(ssl, - identities_end, - (size_t) (binders_end - identities_end)); + ret = ssl->handshake->update_checksum(ssl, + identities_end, + (size_t) (binders_end - identities_end)); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); + return ret; + } if (matched_identity == -1) { MBEDTLS_SSL_DEBUG_MSG(3, ("No matched PSK or ticket.")); return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY; @@ -1590,9 +1598,13 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, MBEDTLS_SSL_PRINT_EXTS(3, MBEDTLS_SSL_HS_CLIENT_HELLO, handshake->received_extensions); - mbedtls_ssl_add_hs_hdr_to_checksum(ssl, - MBEDTLS_SSL_HS_CLIENT_HELLO, - p - buf); + ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, + MBEDTLS_SSL_HS_CLIENT_HELLO, + p - buf); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_add_hs_hdr_to_checksum"), ret); + return ret; + } #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED) /* Update checksum with either @@ -1603,8 +1615,12 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, if (mbedtls_ssl_tls13_some_psk_enabled(ssl) && mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) && (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY))) { - handshake->update_checksum(ssl, buf, - pre_shared_key_ext - buf); + ret = handshake->update_checksum(ssl, buf, + pre_shared_key_ext - buf); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); + return ret; + } ret = ssl_tls13_parse_pre_shared_key_ext(ssl, pre_shared_key_ext, pre_shared_key_ext_end, @@ -1620,7 +1636,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl, } else #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */ { - handshake->update_checksum(ssl, buf, p - buf); + ret = handshake->update_checksum(ssl, buf, p - buf); + if (0 != ret) { + MBEDTLS_SSL_DEBUG_RET(1, ("update_checksum"), ret); + return ret; + } } ret = ssl_tls13_determine_key_exchange_mode(ssl); @@ -2134,8 +2154,8 @@ static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl) &msg_len, 0)); - mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( + ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len)); @@ -2207,8 +2227,8 @@ static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl) buf + buf_len, &msg_len, 1)); - mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( + ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len, @@ -2306,8 +2326,8 @@ static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_encrypted_extensions_body( ssl, buf, buf + buf_len, &msg_len)); - mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( + ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len)); @@ -2439,8 +2459,8 @@ static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(ssl_tls13_write_certificate_request_body( ssl, buf, buf + buf_len, &msg_len)); - mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( + ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len)); From b72ff498c95a937a1d0eebb5769ceda15a7d4395 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Feb 2023 09:54:49 +0100 Subject: [PATCH 198/440] Handle hash errors in reset_checksum MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index cbc60ec96..afcec4671 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -817,21 +817,44 @@ int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; +#else + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#endif ((void) ssl); #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort(&ssl->handshake->fin_sha256_psa); - psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); + status = psa_hash_abort(&ssl->handshake->fin_sha256_psa); + if (status != PSA_SUCCESS) { + return mbedtls_md_error_from_psa(status); + } + status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); + if (status != PSA_SUCCESS) { + return mbedtls_md_error_from_psa(status); + } #else - mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0); + ret = mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0); + if (ret != 0) { + return ret; + } #endif #endif #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_abort(&ssl->handshake->fin_sha384_psa); - psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384); + status = psa_hash_abort(&ssl->handshake->fin_sha384_psa); + if (status != PSA_SUCCESS) { + return mbedtls_md_error_from_psa(status); + } + status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384); + if (status != PSA_SUCCESS) { + return mbedtls_md_error_from_psa(status); + } #else - mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1); + ret = mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1); + if (ret != 0) { + return ret; + } #endif #endif return 0; From df94901566f73e64ecce239cd54c8a12a7b08c7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Feb 2023 10:00:52 +0100 Subject: [PATCH 199/440] Handle hash errors in update_checksum MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index afcec4671..ccea3bbd0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -863,18 +863,35 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_status_t status; +#else + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; +#endif #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); + status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); + if (status != PSA_SUCCESS) { + return mbedtls_md_error_from_psa(status); + } #else - mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); + ret = mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); + if (ret != 0) { + return ret; + } #endif #endif #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); + status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); + if (status != PSA_SUCCESS) { + return mbedtls_md_error_from_psa(status); + } #else - mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); + ret = mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); + if (ret != 0) { + return ret; + } #endif #endif #if !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \ @@ -891,11 +908,11 @@ static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); + return mbedtls_md_error_from_psa(psa_hash_update( + &ssl->handshake->fin_sha256_psa, buf, len)); #else - mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); + return mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); #endif - return 0; } #endif @@ -904,11 +921,11 @@ static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); + return mbedtls_md_error_from_psa(psa_hash_update( + &ssl->handshake->fin_sha384_psa, buf, len)); #else - mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); + return mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); #endif - return 0; } #endif From b9b564e64b12b8a1537a7d7f0f5d0ff25845024f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Feb 2023 10:06:04 +0100 Subject: [PATCH 200/440] Handle hash errors in calc_verify MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On top on some calls not being checked, the PSA path was missing a call to abort() on errors. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 38 +++++++++++++++++++++++++++----------- 1 file changed, 27 insertions(+), 11 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ccea3bbd0..d072ddb1b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6580,20 +6580,23 @@ int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha256")); status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa); if (status != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); - return 0; + goto exit; } status = psa_hash_finish(&sha256_psa, hash, 32, &hash_size); if (status != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); - return 0; + goto exit; } *hlen = 32; MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen); MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify")); + +exit: + psa_hash_abort(&sha256_psa); + return mbedtls_md_error_from_psa(status); #else + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha256_context sha256; mbedtls_sha256_init(&sha256); @@ -6601,13 +6604,18 @@ int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha256")); mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); - mbedtls_sha256_finish(&sha256, hash); + + ret = mbedtls_sha256_finish(&sha256, hash); + if (ret != 0) { + goto exit; + } *hlen = 32; MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen); MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); +exit: mbedtls_sha256_free(&sha256); #endif /* MBEDTLS_USE_PSA_CRYPTO */ return 0; @@ -6627,20 +6635,23 @@ int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("=> PSA calc verify sha384")); status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa); if (status != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); - return 0; + goto exit; } status = psa_hash_finish(&sha384_psa, hash, 48, &hash_size); if (status != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); - return 0; + goto exit; } *hlen = 48; MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated verify result", hash, *hlen); MBEDTLS_SSL_DEBUG_MSG(2, ("<= PSA calc verify")); + +exit: + psa_hash_abort(&sha384_psa); + return mbedtls_md_error_from_psa(status); #else + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha512_context sha512; mbedtls_sha512_init(&sha512); @@ -6648,16 +6659,21 @@ int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha384")); mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384); - mbedtls_sha512_finish(&sha512, hash); + + ret = mbedtls_sha512_finish(&sha512, hash); + if (ret != 0) { + goto exit; + } *hlen = 48; MBEDTLS_SSL_DEBUG_BUF(3, "calculated verify result", hash, *hlen); MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); +exit: mbedtls_sha512_free(&sha512); + return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return 0; } #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ From e1a4caa9342a0c469169d061b85fd9502821da27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Feb 2023 10:14:25 +0100 Subject: [PATCH 201/440] Handle hash errors in calc_finished MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit That's the last family of functions. All calls to mbedtls_sha* and psa_hash_* in library/ssl_tls.c are now checked for errors. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 47 ++++++++++++++++++++++++++++++++--------------- 1 file changed, 32 insertions(+), 15 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index d072ddb1b..1a00baaf6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7627,6 +7627,7 @@ static int ssl_calc_finished_tls_sha256( psa_hash_operation_t sha256_psa = PSA_HASH_OPERATION_INIT; psa_status_t status; #else + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha256_context sha256; #endif @@ -7646,14 +7647,12 @@ static int ssl_calc_finished_tls_sha256( status = psa_hash_clone(&ssl->handshake->fin_sha256_psa, &sha256_psa); if (status != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); - return 0; + goto exit; } status = psa_hash_finish(&sha256_psa, padbuf, sizeof(padbuf), &hash_size); if (status != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); - return 0; + goto exit; } MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 32); #else @@ -7675,8 +7674,10 @@ static int ssl_calc_finished_tls_sha256( sha256.state, sizeof(sha256.state)); #endif - mbedtls_sha256_finish(&sha256, padbuf); - mbedtls_sha256_free(&sha256); + ret = mbedtls_sha256_finish(&sha256, padbuf); + if (ret != 0) { + goto exit; + } #endif /* MBEDTLS_USE_PSA_CRYPTO */ ssl->handshake->tls_prf(session->master, 48, sender, @@ -7687,7 +7688,15 @@ static int ssl_calc_finished_tls_sha256( mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); - return 0; + +exit: +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_abort(&sha256_psa); + return mbedtls_md_error_from_psa(status); +#else + mbedtls_sha256_free(&sha256); + return ret; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/ @@ -7704,6 +7713,7 @@ static int ssl_calc_finished_tls_sha384( psa_hash_operation_t sha384_psa = PSA_HASH_OPERATION_INIT; psa_status_t status; #else + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha512_context sha512; #endif @@ -7723,14 +7733,12 @@ static int ssl_calc_finished_tls_sha384( status = psa_hash_clone(&ssl->handshake->fin_sha384_psa, &sha384_psa); if (status != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash clone failed")); - return 0; + goto exit; } status = psa_hash_finish(&sha384_psa, padbuf, sizeof(padbuf), &hash_size); if (status != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_MSG(2, ("PSA hash finish failed")); - return 0; + goto exit; } MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48); #else @@ -7750,9 +7758,10 @@ static int ssl_calc_finished_tls_sha384( MBEDTLS_SSL_DEBUG_BUF(4, "finished sha512 state", (unsigned char *) sha512.state, sizeof(sha512.state)); #endif - mbedtls_sha512_finish(&sha512, padbuf); - - mbedtls_sha512_free(&sha512); + ret = mbedtls_sha512_finish(&sha512, padbuf); + if (ret != 0) { + goto exit; + } #endif ssl->handshake->tls_prf(session->master, 48, sender, @@ -7763,7 +7772,15 @@ static int ssl_calc_finished_tls_sha384( mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); - return 0; + +exit: +#if defined(MBEDTLS_USE_PSA_CRYPTO) + psa_hash_abort(&sha384_psa); + return mbedtls_md_error_from_psa(status); +#else + mbedtls_sha512_free(&sha512); + return ret; +#endif /* MBEDTLS_USE_PSA_CRYPTO */ } #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/ From 43cc127d3aa9ccff30c0210fa246144142d2e0e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Feb 2023 11:48:19 +0100 Subject: [PATCH 202/440] Fix code style MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_client.c | 2 +- library/ssl_misc.h | 10 +++++----- library/ssl_tls.c | 23 ++++++++++++----------- library/ssl_tls13_client.c | 13 ++++++++----- library/ssl_tls13_generic.c | 17 ++++++++++------- library/ssl_tls13_server.c | 8 ++++---- 6 files changed, 40 insertions(+), 33 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 42ff6748c..ea64b216e 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -963,7 +963,7 @@ int mbedtls_ssl_write_client_hello(mbedtls_ssl_context *ssl) mbedtls_ssl_tls13_write_binders_of_pre_shared_key_ext( ssl, buf + msg_len - binders_len, buf + msg_len)); ret = ssl->handshake->update_checksum(ssl, buf + msg_len - binders_len, - binders_len); + binders_len); if (ret != 0) { MBEDTLS_SSL_DEBUG_RET(1, "update_checksum", ret); return ret; diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 6dd7cb07b..7385c6ee3 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -1468,14 +1468,14 @@ void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, */ MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char const *msg, - size_t msg_len); + unsigned hs_type, + unsigned char const *msg, + size_t msg_len); MBEDTLS_CHECK_RETURN_CRITICAL int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, - unsigned hs_type, - size_t total_hs_len); + unsigned hs_type, + size_t total_hs_len); #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) #if !defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 1a00baaf6..55c6c3d3c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -789,8 +789,8 @@ void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl, } int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, - unsigned hs_type, - size_t total_hs_len) + unsigned hs_type, + size_t total_hs_len) { unsigned char hs_hdr[4]; @@ -804,14 +804,15 @@ int mbedtls_ssl_add_hs_hdr_to_checksum(mbedtls_ssl_context *ssl, } int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, - unsigned hs_type, - unsigned char const *msg, - size_t msg_len) + unsigned hs_type, + unsigned char const *msg, + size_t msg_len) { int ret; ret = mbedtls_ssl_add_hs_hdr_to_checksum(ssl, hs_type, msg_len); - if (ret != 0) + if (ret != 0) { return ret; + } return ssl->handshake->update_checksum(ssl, msg, msg_len); } @@ -861,7 +862,7 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) } static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) + const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; @@ -905,11 +906,11 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) + const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) return mbedtls_md_error_from_psa(psa_hash_update( - &ssl->handshake->fin_sha256_psa, buf, len)); + &ssl->handshake->fin_sha256_psa, buf, len)); #else return mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); #endif @@ -918,11 +919,11 @@ static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, - const unsigned char *buf, size_t len) + const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) return mbedtls_md_error_from_psa(psa_hash_update( - &ssl->handshake->fin_sha384_psa, buf, len)); + &ssl->handshake->fin_sha384_psa, buf, len)); #else return mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); #endif diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 7948753e3..8dea1c47a 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1490,8 +1490,8 @@ static int ssl_tls13_preprocess_server_hello(mbedtls_ssl_context *ssl, ssl->keep_current_message = 1; ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2; MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, - MBEDTLS_SSL_HS_SERVER_HELLO, - buf, (size_t) (end - buf))); + MBEDTLS_SSL_HS_SERVER_HELLO, + buf, (size_t) (end - buf))); if (mbedtls_ssl_conf_tls13_some_ephemeral_enabled(ssl)) { ret = ssl_tls13_reset_key_share(ssl); @@ -2058,7 +2058,8 @@ static int ssl_tls13_process_server_hello(mbedtls_ssl_context *ssl) } MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, - MBEDTLS_SSL_HS_SERVER_HELLO, buf, buf_len)); + MBEDTLS_SSL_HS_SERVER_HELLO, buf, + buf_len)); if (is_hrr) { MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_hrr(ssl)); @@ -2216,7 +2217,8 @@ static int ssl_tls13_process_encrypted_extensions(mbedtls_ssl_context *ssl) #endif MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, - MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, buf_len)); + MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, + buf, buf_len)); #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) if (mbedtls_ssl_tls13_key_exchange_mode_with_psk(ssl)) { @@ -2460,7 +2462,8 @@ static int ssl_tls13_process_certificate_request(mbedtls_ssl_context *ssl) buf, buf + buf_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, - MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, buf_len)); + MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, + buf, buf_len)); } else if (ret == SSL_CERTIFICATE_REQUEST_SKIP) { ret = 0; } else { diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f81979a7f..db2e2e3fe 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -323,8 +323,8 @@ int mbedtls_ssl_tls13_process_certificate_verify(mbedtls_ssl_context *ssl) verify_buffer_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, - MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, - buf, buf_len)); + MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, + buf, buf_len)); cleanup: @@ -754,7 +754,8 @@ int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(ssl_tls13_validate_certificate(ssl)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, - MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len)); + MBEDTLS_SSL_HS_CERTIFICATE, buf, + buf_len)); cleanup: #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ @@ -870,7 +871,8 @@ int mbedtls_ssl_tls13_write_certificate(mbedtls_ssl_context *ssl) &msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, - MBEDTLS_SSL_HS_CERTIFICATE, buf, msg_len)); + MBEDTLS_SSL_HS_CERTIFICATE, buf, + msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len)); @@ -1072,7 +1074,8 @@ int mbedtls_ssl_tls13_write_certificate_verify(mbedtls_ssl_context *ssl) ssl, buf, buf + buf_len, &msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, - MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, msg_len)); + MBEDTLS_SSL_HS_CERTIFICATE_VERIFY, buf, + msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len)); @@ -1173,7 +1176,7 @@ int mbedtls_ssl_tls13_process_finished_message(mbedtls_ssl_context *ssl) MBEDTLS_SSL_PROC_CHK(ssl_tls13_parse_finished_message(ssl, buf, buf + buf_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, - MBEDTLS_SSL_HS_FINISHED, buf, buf_len)); + MBEDTLS_SSL_HS_FINISHED, buf, buf_len)); cleanup: @@ -1250,7 +1253,7 @@ int mbedtls_ssl_tls13_write_finished_message(mbedtls_ssl_context *ssl) ssl, buf, buf + buf_len, &msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum(ssl, - MBEDTLS_SSL_HS_FINISHED, buf, msg_len)); + MBEDTLS_SSL_HS_FINISHED, buf, msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len)); diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index 047b97a65..6b1c4c5e6 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -2155,7 +2155,7 @@ static int ssl_tls13_write_server_hello(mbedtls_ssl_context *ssl) 0)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); + ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len)); @@ -2228,7 +2228,7 @@ static int ssl_tls13_write_hello_retry_request(mbedtls_ssl_context *ssl) &msg_len, 1)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); + ssl, MBEDTLS_SSL_HS_SERVER_HELLO, buf, msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg(ssl, buf_len, @@ -2327,7 +2327,7 @@ static int ssl_tls13_write_encrypted_extensions(mbedtls_ssl_context *ssl) ssl, buf, buf + buf_len, &msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len)); + ssl, MBEDTLS_SSL_HS_ENCRYPTED_EXTENSIONS, buf, msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len)); @@ -2460,7 +2460,7 @@ static int ssl_tls13_write_certificate_request(mbedtls_ssl_context *ssl) ssl, buf, buf + buf_len, &msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_msg_to_checksum( - ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len)); + ssl, MBEDTLS_SSL_HS_CERTIFICATE_REQUEST, buf, msg_len)); MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_finish_handshake_msg( ssl, buf_len, msg_len)); From 626aaed213a52a4cebcdfcb813b8c69065e2d6d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Feb 2023 22:03:06 +0100 Subject: [PATCH 203/440] Fix unused variable warnings in some builds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Found by depends.py MBEDTLS_SHA512_C In principle, the case where neither SHA-256 nor SHA-384 are available should never occur, as both TLS 1.2 and TLS 1.3 depend on one of those being defined. However for now dependencies for TLS 1.2 are not as tight as they should be; this will be fixed later and is tracked as #6441. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 55c6c3d3c..480273270 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -818,12 +818,16 @@ int mbedtls_ssl_add_hs_msg_to_checksum(mbedtls_ssl_context *ssl, int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) { +#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \ + defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #endif +#else /* SHA-256 or SHA-384 */ ((void) ssl); +#endif /* SHA-256 or SHA-384 */ #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_abort(&ssl->handshake->fin_sha256_psa); @@ -864,11 +868,18 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { +#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) || \ + defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #endif +#else /* SHA-256 or SHA-384 */ + ((void) ssl); + (void) buf; + (void) len; +#endif /* SHA-256 or SHA-384 */ #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); @@ -894,12 +905,6 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, return ret; } #endif -#endif -#if !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \ - !defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) - (void) ssl; - (void) buf; - (void) len; #endif return 0; } From 8e176f747c2278ef540d2863d2cfaec411dc4084 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 9 Feb 2023 10:33:54 +0100 Subject: [PATCH 204/440] Fix wrong return statement MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 480273270..441089f16 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6623,8 +6623,8 @@ exit: exit: mbedtls_sha256_free(&sha256); + return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ - return 0; } #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ From da7979bb91b9cd36a330ccd909f0c799c94f98fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Feb 2023 09:31:10 +0100 Subject: [PATCH 205/440] Restore debug message removed by mistake MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also while at it, fix debug level for existing DEBUG_RET: errors should always be level 1. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls13_generic.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index db2e2e3fe..f607e364c 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -1392,7 +1392,7 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) PSA_HASH_MAX_SIZE, &hash_len); if (ret != 0) { - MBEDTLS_SSL_DEBUG_RET(4, "mbedtls_ssl_get_handshake_transcript", ret); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_get_handshake_transcript", ret); return ret; } @@ -1403,6 +1403,9 @@ int mbedtls_ssl_reset_transcript_for_hrr(mbedtls_ssl_context *ssl) hash_len += 4; + MBEDTLS_SSL_DEBUG_BUF(4, "Truncated handshake transcript", + hash_transcript, hash_len); + /* Reset running hash and replace it with a hash of the transcript */ ret = mbedtls_ssl_reset_checksum(ssl); if (ret != 0) { From 48c591cb5654937de75ac53c8760caafd4cd6ceb Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 13 Feb 2023 18:15:30 +0000 Subject: [PATCH 206/440] Fix warning with GCC 12 Fix warning about variable being used uninitialised. Signed-off-by: Paul Elliott --- tests/suites/test_suite_constant_time.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function index 14dc8ae5c..a2bf3967f 100644 --- a/tests/suites/test_suite_constant_time.function +++ b/tests/suites/test_suite_constant_time.function @@ -18,7 +18,7 @@ /* BEGIN_CASE */ void mbedtls_ct_memcmp_null() { - uint32_t x; + uint32_t x = 0; TEST_ASSERT(mbedtls_ct_memcmp(&x, NULL, 0) == 0); TEST_ASSERT(mbedtls_ct_memcmp(NULL, &x, 0) == 0); TEST_ASSERT(mbedtls_ct_memcmp(NULL, NULL, 0) == 0); From a64c277588b070a93f88be3fcce68bbf2d986dc9 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 22 Feb 2023 09:30:20 +0800 Subject: [PATCH 207/440] compat.sh: Skip all *ECDH_* ciphersuites Signed-off-by: Pengyu Lv --- tests/compat.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index ae7c6829f..c6653f872 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -537,9 +537,10 @@ add_mbedtls_ciphersuites() # o_check_ciphersuite STANDARD_CIPHER_SUITE o_check_ciphersuite() { - if [ "${1#*ECDH_ECDSA*}" != "$1" ] && \ - [ "X${O_SUPPORT_ECDH}" = "XNO" ]; then - SKIP_NEXT="YES" + if [ "${O_SUPPORT_ECDH}" = "NO" ]; then + case "$1" in + *ECDH_*) SKIP_NEXT="YES" + esac fi } @@ -614,7 +615,7 @@ setup_arguments() case $($OPENSSL ciphers ALL) in *ECDH-ECDSA*) O_SUPPORT_ECDH="YES";; - *)O_SUPPORT_ECDH="NO";; + *) O_SUPPORT_ECDH="NO";; esac if [ "X$VERIFY" = "XYES" ]; From f01ac3af0ea35cdce95f577cf569e7684328642f Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 22 Feb 2023 10:07:16 +0800 Subject: [PATCH 208/440] Remove explicit ECDH exclusion for Travis CI Signed-off-by: Pengyu Lv --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 54df77606..39b742d41 100644 --- a/.travis.yml +++ b/.travis.yml @@ -53,7 +53,7 @@ jobs: - tests/scripts/test_psa_constant_names.py - tests/ssl-opt.sh # Modern OpenSSL does not support fixed ECDH or null ciphers. - - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH_' + - tests/compat.sh -p OpenSSL -e 'NULL' - tests/scripts/travis-log-failure.sh # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it. - tests/compat.sh -p GnuTLS -e 'CAMELLIA' From 4d786a732bbff893d1ce6abf8b30c6d5fecf3588 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Feb 2023 11:01:07 +0800 Subject: [PATCH 209/440] Fix regression issue for clang workaround. Signed-off-by: Jerry Yu --- library/sha256.c | 17 +++++------------ library/sha512.c | 8 +++++--- 2 files changed, 10 insertions(+), 15 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 8c2e6f9e0..d18f22848 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -29,24 +29,17 @@ * The intrinsic declaration are guarded with ACLE predefined macros in clang, * and those macros are only enabled with command line. Define the macros can * enable those declaration and avoid compile error on it. + * + * `arm_neon.h` might be included in any head files. On the top of this file, we + * can guarantee this workaround always work. */ #define __ARM_FEATURE_CRYPTO 1 -#pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) -#define MBEDTLS_POP_TARGET_PRAGMA +#define NEED_TARGET_OPTIONS #endif /* __aarch64__ && __clang__ && !__ARM_FEATURE_CRYPTO && __clang_major__ < 18 && __clang_major__ > 3 */ #include "common.h" -#if defined(MBEDTLS_POP_TARGET_PRAGMA) && \ - !(defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \ - defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)) -#if defined(__clang__) -#pragma clang attribute pop -#endif -#undef MBEDTLS_POP_TARGET_PRAGMA -#endif - #if defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA224_C) #include "mbedtls/sha256.h" @@ -61,7 +54,7 @@ # if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) || \ defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY) /* *INDENT-OFF* */ -# if !defined(__ARM_FEATURE_CRYPTO) +# if !defined(__ARM_FEATURE_CRYPTO) || defined(NEED_TARGET_OPTIONS) # if defined(__clang__) # if __clang_major__ < 4 # error "A more recent Clang is required for MBEDTLS_SHA256_USE_A64_CRYPTO_*" diff --git a/library/sha512.c b/library/sha512.c index 26b46318d..919cf2041 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -30,10 +30,12 @@ * The intrinsic declaration are guarded with ACLE predefined macros in clang, * and those macros are only enabled with command line. Define the macros can * enable those declaration and avoid compile error on it. + * + * `arm_neon.h` might be included in any head files. On the top of this file, we + * can guarantee this workaround always work. */ #define __ARM_FEATURE_SHA512 1 -#pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) -#define MBEDTLS_POP_TARGET_PRAGMA +#define NEED_TARGET_OPTIONS #endif /* __aarch64__ && __clang__ && !__ARM_FEATURE_SHA512 && __clang_major__ < 18 && __clang_major__ >= 13 && __clang_minor__ > 0 && @@ -84,7 +86,7 @@ * Clang == 13.0.0 same as clang 12 (only seen on macOS) * Clang >= 13.0.1 has __ARM_FEATURE_SHA512 and intrinsics */ -# if !defined(__ARM_FEATURE_SHA512) +# if !defined(__ARM_FEATURE_SHA512) || defined(NEED_TARGET_OPTIONS) /* Test Clang first, as it defines __GNUC__ */ # if defined(__clang__) # if __clang_major__ < 7 From 07d5085fcfd11ff460342268437838b64e336727 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Wed, 22 Feb 2023 12:17:26 +0800 Subject: [PATCH 210/440] Skip ECDH ciphersuites for O->m pair The mechanism of detecting unsupported ciphersuites for OpenSSL client doesn't work on a modern OpenSSL. At least, it fails on Travis CI which is installed with OpenSSL 1.1.1f. So we need to skip ECDH cipher- suites for O->m. Signed-off-by: Pengyu Lv --- tests/compat.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/compat.sh b/tests/compat.sh index c6653f872..5ad48b2e8 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -1058,6 +1058,7 @@ for MODE in $MODES; do start_server "mbedTLS" translate_ciphers o $O_CIPHERS for i in $ciphers; do + o_check_ciphersuite "${i%%=*}" run_client OpenSSL ${i%%=*} ${i#*=} done stop_server From 3304c204bab34d823da7f125d233c1f3ab3388da Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Wed, 22 Feb 2023 14:37:11 +0800 Subject: [PATCH 211/440] Improve readabilities - Add more comments - Adjust setkey_enc Signed-off-by: Jerry Yu --- library/aesce.c | 49 +++++++++++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 20 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index b4ebdadc0..64811227c 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -82,6 +82,8 @@ static uint8x16_t aesce_encrypt_block(uint8x16_t block, block = vaeseq_u8(block, vld1q_u8(keys + (rounds -1) * 16)); /* Final round: no MixColumns */ + + /* Final AddRoundKey */ block = veorq_u8(block, vld1q_u8(keys + rounds * 16)); return block; @@ -183,40 +185,47 @@ static void aesce_setkey_enc(unsigned char *rk, const unsigned char *key, const size_t key_bit_length) { - uint32_t *rki; - uint32_t *rko; - uint32_t *rk_u32 = (uint32_t *) rk; + const uint32_t key_len_in_words = key_bit_length / 32; - const uint32_t key_len_in_bytes = key_bit_length / 8; + const size_t round_key_len_in_words = 4; static uint8_t const rcon[] = { 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36 }; - const uint32_t rounds = - key_bit_length == 128 ? sizeof(rcon) : key_bit_length == 192 ? 8 : 7; + /* Require max(key_len_in_words, round_key_len_len_in_words) + 7 */ + const size_t round_keys_needed = key_len_in_words + 7; + const size_t key_expansion_size_in_words = + round_keys_needed * round_key_len_in_words; + const uint32_t *rko_end = (uint32_t *) rk + key_expansion_size_in_words; - memcpy(rk, key, key_len_in_bytes); + memcpy(rk, key, key_len_in_words * 4); - for (size_t i = 0; i < rounds; i++) { - rki = rk_u32 + i * key_len_in_words; + for (uint32_t *rki = (uint32_t *) rk; + rki + key_len_in_words < rko_end; + rki += key_len_in_words) { + + size_t iteration = (rki- (uint32_t *) rk)/key_len_in_words; + uint32_t *rko; rko = rki + key_len_in_words; rko[0] = aes_rot_word(aes_sub_word(rki[key_len_in_words - 1])); - rko[0] ^= rcon[i] ^ rki[0]; + rko[0] ^= rcon[iteration] ^ rki[0]; rko[1] = rko[0] ^ rki[1]; rko[2] = rko[1] ^ rki[2]; rko[3] = rko[2] ^ rki[3]; + if (rko+key_len_in_words > rko_end) { + /* Do not write overflow words.*/ + continue; + } switch (key_bit_length) { + case 128: + break; case 192: - if (i < 7) { - rko[4] = rko[3] ^ rki[4]; - rko[5] = rko[4] ^ rki[5]; - } + rko[4] = rko[3] ^ rki[4]; + rko[5] = rko[4] ^ rki[5]; break; case 256: - if (i < 6) { - rko[4] = aes_sub_word(rko[3]) ^ rki[4]; - rko[5] = rko[4] ^ rki[5]; - rko[6] = rko[5] ^ rki[6]; - rko[7] = rko[6] ^ rki[7]; - } + rko[4] = aes_sub_word(rko[3]) ^ rki[4]; + rko[5] = rko[4] ^ rki[5]; + rko[6] = rko[5] ^ rki[6]; + rko[7] = rko[6] ^ rki[7]; break; } } From 63e33dd175471af9d7d5e39df1d95addca162b65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 21 Feb 2023 15:45:15 +0100 Subject: [PATCH 212/440] Fix unchecked return value MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls13_client.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 8dea1c47a..0dd762ef3 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -2262,8 +2262,8 @@ static int ssl_tls13_write_end_of_early_data(mbedtls_ssl_context *ssl) ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, &buf, &buf_len)); - mbedtls_ssl_add_hs_hdr_to_checksum( - ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, 0); + MBEDTLS_SSL_PROC_CHK(mbedtls_ssl_add_hs_hdr_to_checksum( + ssl, MBEDTLS_SSL_HS_END_OF_EARLY_DATA, 0)); MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_finish_handshake_msg(ssl, buf_len, 0)); From 56b8d23ca1f93be731b9211d541c877eb7e853dd Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 1 Jun 2022 18:05:57 +0200 Subject: [PATCH 213/440] Add mbedtls_ prefix to PSA PAKE over MbedTLS implementation Signed-off-by: Neil Armstrong --- library/psa_crypto_pake.c | 58 ++--- library/psa_crypto_pake.h | 475 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 505 insertions(+), 28 deletions(-) create mode 100644 library/psa_crypto_pake.h diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 1f9a8cb33..7171f7566 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -24,6 +24,7 @@ #include #include "psa_crypto_core.h" +#include "psa_crypto_pake.h" #include "psa_crypto_slot_management.h" #include @@ -190,8 +191,8 @@ static psa_status_t mbedtls_ecjpake_to_psa_error(int ret) #endif #if defined(MBEDTLS_PSA_BUILTIN_PAKE) -psa_status_t psa_pake_setup(psa_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite) +psa_status_t mbedtls_psa_pake_setup(psa_pake_operation_t *operation, + const psa_pake_cipher_suite_t *cipher_suite) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -243,8 +244,8 @@ error: return status; } -psa_status_t psa_pake_set_password_key(psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password) +psa_status_t mbedtls_psa_pake_set_password_key(psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_attributes_t attributes = psa_key_attributes_init(); @@ -310,9 +311,9 @@ error: return status; } -psa_status_t psa_pake_set_user(psa_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len) +psa_status_t mbedtls_psa_pake_set_user(psa_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -334,9 +335,9 @@ error: return status; } -psa_status_t psa_pake_set_peer(psa_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len) +psa_status_t mbedtls_psa_pake_set_peer(psa_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -358,8 +359,8 @@ error: return status; } -psa_status_t psa_pake_set_role(psa_pake_operation_t *operation, - psa_pake_role_t role) +psa_status_t mbedtls_psa_pake_set_role(psa_pake_operation_t *operation, + psa_pake_role_t role) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -437,7 +438,7 @@ static psa_status_t psa_pake_ecjpake_setup(psa_pake_operation_t *operation) } #endif -static psa_status_t psa_pake_output_internal( +static psa_status_t mbedtls_psa_pake_output_internal( psa_pake_operation_t *operation, psa_pake_step_t step, uint8_t *output, @@ -626,13 +627,13 @@ static psa_status_t psa_pake_output_internal( return PSA_ERROR_NOT_SUPPORTED; } -psa_status_t psa_pake_output(psa_pake_operation_t *operation, - psa_pake_step_t step, - uint8_t *output, - size_t output_size, - size_t *output_length) +psa_status_t mbedtls_psa_pake_output(psa_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length) { - psa_status_t status = psa_pake_output_internal( + psa_status_t status = mbedtls_psa_pake_output_internal( operation, step, output, output_size, output_length); if (status != PSA_SUCCESS) { @@ -642,7 +643,7 @@ psa_status_t psa_pake_output(psa_pake_operation_t *operation, return status; } -static psa_status_t psa_pake_input_internal( +static psa_status_t mbedtls_psa_pake_input_internal( psa_pake_operation_t *operation, psa_pake_step_t step, const uint8_t *input, @@ -824,12 +825,12 @@ static psa_status_t psa_pake_input_internal( return PSA_ERROR_NOT_SUPPORTED; } -psa_status_t psa_pake_input(psa_pake_operation_t *operation, - psa_pake_step_t step, - const uint8_t *input, - size_t input_length) +psa_status_t mbedtls_psa_pake_input(psa_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length) { - psa_status_t status = psa_pake_input_internal( + psa_status_t status = mbedtls_psa_pake_input_internal( operation, step, input, input_length); if (status != PSA_SUCCESS) { @@ -839,8 +840,9 @@ psa_status_t psa_pake_input(psa_pake_operation_t *operation, return status; } -psa_status_t psa_pake_get_implicit_key(psa_pake_operation_t *operation, - psa_key_derivation_operation_t *output) +psa_status_t mbedtls_psa_pake_get_implicit_key( + psa_pake_operation_t *operation, + psa_key_derivation_operation_t *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -887,7 +889,7 @@ error: return status; } -psa_status_t psa_pake_abort(psa_pake_operation_t *operation) +psa_status_t mbedtls_psa_pake_abort(psa_pake_operation_t *operation) { if (operation->alg == PSA_ALG_NONE) { return PSA_SUCCESS; diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h new file mode 100644 index 000000000..b61ddde10 --- /dev/null +++ b/library/psa_crypto_pake.h @@ -0,0 +1,475 @@ +/* + * PSA PAKE layer on top of Mbed TLS software crypto + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_PAKE_H +#define PSA_CRYPTO_PAKE_H + +#include + +/** Set the session information for a password-authenticated key exchange. + * + * The sequence of operations to set up a password-authenticated key exchange + * is as follows: + * -# Allocate an operation object which will be passed to all the functions + * listed here. + * -# Initialize the operation object with one of the methods described in the + * documentation for #psa_pake_operation_t, e.g. + * #PSA_PAKE_OPERATION_INIT. + * -# Call psa_pake_setup() to specify the cipher suite. + * -# Call \c psa_pake_set_xxx() functions on the operation to complete the + * setup. The exact sequence of \c psa_pake_set_xxx() functions that needs + * to be called depends on the algorithm in use. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * A typical sequence of calls to perform a password-authenticated key + * exchange: + * -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the + * key share that needs to be sent to the peer. + * -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide + * the key share that was received from the peer. + * -# Depending on the algorithm additional calls to psa_pake_output() and + * psa_pake_input() might be necessary. + * -# Call psa_pake_get_implicit_key() for accessing the shared secret. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * If an error occurs at any step after a call to psa_pake_setup(), + * the operation will need to be reset by a call to psa_pake_abort(). The + * application may call psa_pake_abort() at any time after the operation + * has been initialized. + * + * After a successful call to psa_pake_setup(), the application must + * eventually terminate the operation. The following events terminate an + * operation: + * - A call to psa_pake_abort(). + * - A successful call to psa_pake_get_implicit_key(). + * + * \param[in,out] operation The operation object to set up. It must have + * been initialized but not set up yet. + * \param[in] cipher_suite The cipher suite to use. (A cipher suite fully + * characterizes a PAKE algorithm and determines + * the algorithm as well.) + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The algorithm in \p cipher_suite is not a PAKE algorithm, or the + * PAKE primitive in \p cipher_suite is not compatible with the + * PAKE algorithm, or the hash algorithm in \p cipher_suite is invalid + * or not compatible with the PAKE algorithm and primitive. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The algorithm in \p cipher_suite is not a supported PAKE algorithm, + * or the PAKE primitive in \p cipher_suite is not supported or not + * compatible with the PAKE algorithm, or the hash algorithm in + * \p cipher_suite is not supported or not compatible with the PAKE + * algorithm and primitive. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid, or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_pake_setup(psa_pake_operation_t *operation, + const psa_pake_cipher_suite_t *cipher_suite); + +/** Set the password for a password-authenticated key exchange from key ID. + * + * Call this function when the password, or a value derived from the password, + * is already present in the key store. + * + * \param[in,out] operation The operation object to set the password for. It + * must have been set up by psa_pake_setup() and + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the password hasn't + * been set yet (psa_pake_set_password_key() + * hasn't been called yet). + * \param password Identifier of the key holding the password or a + * value derived from the password (eg. by a + * memory-hard function). It must remain valid + * until the operation terminates. It must be of + * type #PSA_KEY_TYPE_PASSWORD or + * #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow + * the usage #PSA_KEY_USAGE_DERIVE. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_HANDLE + * \p password is not a valid key identifier. + * \retval #PSA_ERROR_NOT_PERMITTED + * The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not + * permit the \p operation's algorithm. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The key type for \p password is not #PSA_KEY_TYPE_PASSWORD or + * #PSA_KEY_TYPE_PASSWORD_HASH, or \p password is not compatible with + * the \p operation's cipher suite. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The key type or key size of \p password is not supported with the + * \p operation's cipher suite. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must have been set up.), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_pake_set_password_key( + psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password); + +/** Set the user ID for a password-authenticated key exchange. + * + * Call this function to set the user ID. For PAKE algorithms that associate a + * user identifier with each side of the session you need to call + * psa_pake_set_peer() as well. For PAKE algorithms that associate a single + * user identifier with the session, call psa_pake_set_user() only. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param[in,out] operation The operation object to set the user ID for. It + * must have been set up by psa_pake_setup() and + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the user ID hasn't + * been set (psa_pake_set_user() hasn't been + * called yet). + * \param[in] user_id The user ID to authenticate with. + * \param user_id_len Size of the \p user_id buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p user_id is not valid for the \p operation's algorithm and cipher + * suite. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The value of \p user_id is not supported by the implementation. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid, or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_pake_set_user(psa_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len); + +/** Set the peer ID for a password-authenticated key exchange. + * + * Call this function in addition to psa_pake_set_user() for PAKE algorithms + * that associate a user identifier with each side of the session. For PAKE + * algorithms that associate a single user identifier with the session, call + * psa_pake_set_user() only. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param[in,out] operation The operation object to set the peer ID for. It + * must have been set up by psa_pake_setup() and + * not yet in use (neither psa_pake_output() nor + * psa_pake_input() has been called yet). It must + * be on operation for which the peer ID hasn't + * been set (psa_pake_set_peer() hasn't been + * called yet). + * \param[in] peer_id The peer's ID to authenticate. + * \param peer_id_len Size of the \p peer_id buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p user_id is not valid for the \p operation's algorithm and cipher + * suite. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The algorithm doesn't associate a second identity with the session. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * Calling psa_pake_set_peer() is invalid with the \p operation's + * algorithm, the operation state is not valid, or the library has not + * been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_pake_set_peer(psa_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len); + +/** Set the application role for a password-authenticated key exchange. + * + * Not all PAKE algorithms need to differentiate the communicating entities. + * It is optional to call this function for PAKEs that don't require a role + * to be specified. For such PAKEs the application role parameter is ignored, + * or #PSA_PAKE_ROLE_NONE can be passed as \c role. + * + * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` + * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) + * for more information. + * + * \param[in,out] operation The operation object to specify the + * application's role for. It must have been set up + * by psa_pake_setup() and not yet in use (neither + * psa_pake_output() nor psa_pake_input() has been + * called yet). It must be on operation for which + * the application's role hasn't been specified + * (psa_pake_set_role() hasn't been called yet). + * \param role A value of type ::psa_pake_role_t indicating the + * application's role in the PAKE the algorithm + * that is being set up. For more information see + * the documentation of \c PSA_PAKE_ROLE_XXX + * constants. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The \p role is not a valid PAKE role in the \p operation’s algorithm. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The \p role for this algorithm is not supported or is not valid. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid, or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_pake_set_role(psa_pake_operation_t *operation, + psa_pake_role_t role); + +/** Get output for a step of a password-authenticated key exchange. + * + * Depending on the algorithm being executed, you might need to call this + * function several times or you might not need to call this at all. + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the algorithm in use. Refer to the documentation of + * individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_pake_abort(). + * + * \param[in,out] operation Active PAKE operation. + * \param step The step of the algorithm for which the output is + * requested. + * \param[out] output Buffer where the output is to be written in the + * format appropriate for this \p step. Refer to + * the documentation of the individual + * \c PSA_PAKE_STEP_XXX constants for more + * information. + * \param output_size Size of the \p output buffer in bytes. This must + * be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \p + * primitive, \p step) where \p alg and + * \p primitive are the PAKE algorithm and primitive + * in the operation's cipher suite, and \p step is + * the output step. + * + * \param[out] output_length On success, the number of bytes of the returned + * output. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * The size of the \p output buffer is too small. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p step is not compatible with the operation's algorithm. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p step is not supported with the operation's algorithm. + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, and fully set + * up, and this call must conform to the algorithm's requirements + * for ordering of input and output steps), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_pake_output(psa_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length); + +/** Provide input for a step of a password-authenticated key exchange. + * + * Depending on the algorithm being executed, you might need to call this + * function several times or you might not need to call this at all. + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the algorithm in use. Refer to the documentation of + * individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * If this function returns an error status, the operation enters an error + * state and must be aborted by calling psa_pake_abort(). + * + * \param[in,out] operation Active PAKE operation. + * \param step The step for which the input is provided. + * \param[in] input Buffer containing the input in the format + * appropriate for this \p step. Refer to the + * documentation of the individual + * \c PSA_PAKE_STEP_XXX constants for more + * information. + * \param input_length Size of the \p input buffer in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The verification fails for a #PSA_PAKE_STEP_ZK_PROOF input step. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * \p is not compatible with the \p operation’s algorithm, or the + * \p input is not valid for the \p operation's algorithm, cipher suite + * or \p step. + * \retval #PSA_ERROR_NOT_SUPPORTED + * \p step p is not supported with the \p operation's algorithm, or the + * \p input is not supported for the \p operation's algorithm, cipher + * suite or \p step. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_BAD_STATE + * The operation state is not valid (it must be active, and fully set + * up, and this call must conform to the algorithm's requirements + * for ordering of input and output steps), or + * the library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_pake_input(psa_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length); + +/** Get implicitly confirmed shared secret from a PAKE. + * + * At this point there is a cryptographic guarantee that only the authenticated + * party who used the same password is able to compute the key. But there is no + * guarantee that the peer is the party it claims to be and was able to do so. + * + * That is, the authentication is only implicit. Since the peer is not + * authenticated yet, no action should be taken yet that assumes that the peer + * is who it claims to be. For example, do not access restricted files on the + * peer's behalf until an explicit authentication has succeeded. + * + * This function can be called after the key exchange phase of the operation + * has completed. It imports the shared secret output of the PAKE into the + * provided derivation operation. The input step + * #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key + * material in the key derivation operation. + * + * The exact sequence of calls to perform a password-authenticated key + * exchange depends on the algorithm in use. Refer to the documentation of + * individual PAKE algorithm types (`PSA_ALG_XXX` values of type + * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more + * information. + * + * When this function returns successfully, \p operation becomes inactive. + * If this function returns an error status, both \p operation + * and \p key_derivation operations enter an error state and must be aborted by + * calling psa_pake_abort() and psa_key_derivation_abort() respectively. + * + * \param[in,out] operation Active PAKE operation. + * \param[out] output A key derivation operation that is ready + * for an input step of type + * #PSA_KEY_DERIVATION_INPUT_SECRET. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the + * algorithm in the \p output key derivation operation. + * \retval #PSA_ERROR_NOT_SUPPORTED + * Input from a PAKE is not supported by the algorithm in the \p output + * key derivation operation. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_STORAGE_FAILURE + * \retval #PSA_ERROR_DATA_CORRUPT + * \retval #PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_BAD_STATE + * The PAKE operation state is not valid (it must be active, but beyond + * that validity is specific to the algorithm), or + * the library has not been previously initialized by psa_crypto_init(), + * or the state of \p output is not valid for + * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the + * step is out of order or the application has done this step already + * and it may not be repeated. + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_pake_get_implicit_key( + psa_pake_operation_t *operation, + psa_key_derivation_operation_t *output); + +/** Abort a PAKE operation. + * + * Aborting an operation frees all associated resources except for the \c + * operation structure itself. Once aborted, the operation object can be reused + * for another operation by calling psa_pake_setup() again. + * + * This function may be called at any time after the operation + * object has been initialized as described in #psa_pake_operation_t. + * + * In particular, calling psa_pake_abort() after the operation has been + * terminated by a call to psa_pake_abort() or psa_pake_get_implicit_key() + * is safe and has no effect. + * + * \param[in,out] operation The operation to abort. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_COMMUNICATION_FAILURE + * \retval #PSA_ERROR_CORRUPTION_DETECTED + * \retval #PSA_ERROR_BAD_STATE + * The library has not been previously initialized by psa_crypto_init(). + * It is implementation-dependent whether a failure to initialize + * results in this error code. + */ +psa_status_t mbedtls_psa_pake_abort(psa_pake_operation_t *operation); + +#endif /* PSA_CRYPTO_PAKE_H */ From 7da8c56b8447ce46a161dfdf47fa3fb3fdb41b45 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 1 Jun 2022 18:17:22 +0200 Subject: [PATCH 214/440] Add PSA PAKE wrappers Signed-off-by: Neil Armstrong --- library/psa_crypto_driver_wrappers.h | 45 ++++++++++++ .../psa_crypto_driver_wrappers.c.jinja | 73 +++++++++++++++++++ 2 files changed, 118 insertions(+) diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index e3edec791..e011594be 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -412,6 +412,51 @@ psa_status_t psa_driver_wrapper_key_agreement( size_t shared_secret_size, size_t *shared_secret_length); +/* + * PAKE functions. + */ +psa_status_t psa_driver_wrapper_pake_setup( + psa_pake_operation_t *operation, + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t psa_driver_wrapper_pake_set_password_key( + psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password); + +psa_status_t psa_driver_wrapper_pake_set_user( + psa_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len); + +psa_status_t psa_driver_wrapper_pake_set_peer( + psa_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len); + +psa_status_t psa_driver_wrapper_pake_set_role( + psa_pake_operation_t *operation, + psa_pake_role_t role); + +psa_status_t psa_driver_wrapper_pake_output( + psa_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length); + +psa_status_t psa_driver_wrapper_pake_input( + psa_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length); + +psa_status_t psa_driver_wrapper_pake_get_implicit_key( + psa_pake_operation_t *operation, + psa_key_derivation_operation_t *output); + +psa_status_t psa_driver_wrapper_pake_abort( + psa_pake_operation_t *operation); + #endif /* PSA_CRYPTO_DRIVER_WRAPPERS_H */ /* End of automatically generated file. */ diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index b35e726a0..8f9ff73b8 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -28,6 +28,7 @@ #include "psa_crypto_driver_wrappers.h" #include "psa_crypto_hash.h" #include "psa_crypto_mac.h" +#include "psa_crypto_pake.h" #include "psa_crypto_rsa.h" #include "mbedtls/platform.h" @@ -2808,4 +2809,76 @@ psa_status_t psa_driver_wrapper_key_agreement( } } +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) +psa_status_t psa_driver_wrapper_pake_setup( + psa_pake_operation_t *operation, + const psa_pake_cipher_suite_t *cipher_suite ) +{ + return( mbedtls_psa_pake_setup( operation, cipher_suite ) ); +} + +psa_status_t psa_driver_wrapper_pake_set_password_key( + psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password ) +{ + return( mbedtls_psa_pake_set_password_key( operation, password ) ); +} + +psa_status_t psa_driver_wrapper_pake_set_user( + psa_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len ) +{ + return( mbedtls_psa_pake_set_user( operation, user_id, user_id_len ) ); +} + +psa_status_t psa_driver_wrapper_pake_set_peer( + psa_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len ) +{ + return( mbedtls_psa_pake_set_peer( operation, peer_id, peer_id_len ) ); +} + +psa_status_t psa_driver_wrapper_pake_set_role( + psa_pake_operation_t *operation, + psa_pake_role_t role ) +{ + return( mbedtls_psa_pake_set_role( operation, role ) ); +} + +psa_status_t psa_driver_wrapper_pake_output( + psa_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length ) +{ + return( mbedtls_psa_pake_output( operation, step, output, + output_size, output_length ) ); +} + +psa_status_t psa_driver_wrapper_pake_input( + psa_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length ) +{ + return( mbedtls_psa_pake_input( operation, step, input, input_length ) ); +} + +psa_status_t psa_driver_wrapper_pake_get_implicit_key( + psa_pake_operation_t *operation, + psa_key_derivation_operation_t *output ) +{ + return( mbedtls_psa_pake_get_implicit_key( operation, output ) ); +} + +psa_status_t psa_driver_wrapper_pake_abort( + psa_pake_operation_t * operation ) +{ + return( mbedtls_psa_pake_abort( operation ) ); +} +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + #endif /* MBEDTLS_PSA_CRYPTO_C */ From a7d08c3009330f06d349fc151a77d75fb37338ff Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Wed, 1 Jun 2022 18:21:20 +0200 Subject: [PATCH 215/440] Add PSA PAKE api calling the PAKE wrappers Signed-off-by: Neil Armstrong --- library/psa_crypto.c | 75 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3ec9273de..2cd4ee7ae 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7163,4 +7163,79 @@ exit: return status; } +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) +psa_status_t psa_pake_setup( + psa_pake_operation_t *operation, + const psa_pake_cipher_suite_t *cipher_suite) +{ + return psa_driver_wrapper_pake_setup(operation, cipher_suite); +} + +psa_status_t psa_pake_set_password_key( + psa_pake_operation_t *operation, + mbedtls_svc_key_id_t password) +{ + return psa_driver_wrapper_pake_set_password_key(operation, password); +} + +psa_status_t psa_pake_set_user( + psa_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len) +{ + return psa_driver_wrapper_pake_set_user(operation, user_id, + user_id_len); +} + +psa_status_t psa_pake_set_peer( + psa_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len) +{ + return psa_driver_wrapper_pake_set_peer(operation, peer_id, + peer_id_len); +} + +psa_status_t psa_pake_set_role( + psa_pake_operation_t *operation, + psa_pake_role_t role) +{ + return psa_driver_wrapper_pake_set_role(operation, role); +} + +psa_status_t psa_pake_output( + psa_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + return psa_driver_wrapper_pake_output(operation, step, output, + output_size, output_length); +} + +psa_status_t psa_pake_input( + psa_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length) +{ + return psa_driver_wrapper_pake_input(operation, step, input, + input_length); +} + +psa_status_t psa_pake_get_implicit_key( + psa_pake_operation_t *operation, + psa_key_derivation_operation_t *output) +{ + return psa_driver_wrapper_pake_get_implicit_key(operation, output); +} + +psa_status_t psa_pake_abort( + psa_pake_operation_t *operation) +{ + return psa_driver_wrapper_pake_abort(operation); +} +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + #endif /* MBEDTLS_PSA_CRYPTO_C */ From 5ae609631e768b1c229d7168c53b622016ae0f84 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Thu, 15 Sep 2022 11:29:46 +0200 Subject: [PATCH 216/440] Move the common parameters check code out of the wrapper Signed-off-by: Neil Armstrong --- library/psa_crypto.c | 93 ++++++++++++++++++++++++++++++++ library/psa_crypto_pake.c | 110 +++++++++++++------------------------- 2 files changed, 129 insertions(+), 74 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2cd4ee7ae..3494ae730 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7168,6 +7168,19 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) { + /* A context must be freshly initialized before it can be set up. */ + if (operation->alg != PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + if (cipher_suite == NULL || + PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 || + (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC && + cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH) || + PSA_ALG_IS_HASH(cipher_suite->hash) == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + return psa_driver_wrapper_pake_setup(operation, cipher_suite); } @@ -7175,6 +7188,34 @@ psa_status_t psa_pake_set_password_key( psa_pake_operation_t *operation, mbedtls_svc_key_id_t password) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_attributes_t attributes = psa_key_attributes_init(); + psa_key_type_t type; + psa_key_usage_t usage; + + if (operation->alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + status = psa_get_key_attributes(password, &attributes); + if (status != PSA_SUCCESS) { + return status; + } + + type = psa_get_key_type(&attributes); + usage = psa_get_key_usage_flags(&attributes); + + psa_reset_key_attributes(&attributes); + + if (type != PSA_KEY_TYPE_PASSWORD && + type != PSA_KEY_TYPE_PASSWORD_HASH) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if ((usage & PSA_KEY_USAGE_DERIVE) == 0) { + return PSA_ERROR_NOT_PERMITTED; + } + return psa_driver_wrapper_pake_set_password_key(operation, password); } @@ -7183,6 +7224,14 @@ psa_status_t psa_pake_set_user( const uint8_t *user_id, size_t user_id_len) { + if (operation->alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + if (user_id_len == 0 || user_id == NULL) { + return PSA_ERROR_INVALID_ARGUMENT; + } + return psa_driver_wrapper_pake_set_user(operation, user_id, user_id_len); } @@ -7192,6 +7241,14 @@ psa_status_t psa_pake_set_peer( const uint8_t *peer_id, size_t peer_id_len) { + if (operation->alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + if (peer_id_len == 0 || peer_id == NULL) { + return PSA_ERROR_INVALID_ARGUMENT; + } + return psa_driver_wrapper_pake_set_peer(operation, peer_id, peer_id_len); } @@ -7200,6 +7257,18 @@ psa_status_t psa_pake_set_role( psa_pake_operation_t *operation, psa_pake_role_t role) { + if (operation->alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + if (role != PSA_PAKE_ROLE_NONE && + role != PSA_PAKE_ROLE_FIRST && + role != PSA_PAKE_ROLE_SECOND && + role != PSA_PAKE_ROLE_CLIENT && + role != PSA_PAKE_ROLE_SERVER) { + return PSA_ERROR_INVALID_ARGUMENT; + } + return psa_driver_wrapper_pake_set_role(operation, role); } @@ -7210,6 +7279,14 @@ psa_status_t psa_pake_output( size_t output_size, size_t *output_length) { + if (operation->alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + if (output == NULL || output_size == 0 || output_length == NULL) { + return PSA_ERROR_INVALID_ARGUMENT; + } + return psa_driver_wrapper_pake_output(operation, step, output, output_size, output_length); } @@ -7220,6 +7297,14 @@ psa_status_t psa_pake_input( const uint8_t *input, size_t input_length) { + if (operation->alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + if (input == NULL || input_length == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + return psa_driver_wrapper_pake_input(operation, step, input, input_length); } @@ -7228,12 +7313,20 @@ psa_status_t psa_pake_get_implicit_key( psa_pake_operation_t *operation, psa_key_derivation_operation_t *output) { + if (operation->alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + return psa_driver_wrapper_pake_get_implicit_key(operation, output); } psa_status_t psa_pake_abort( psa_pake_operation_t *operation) { + if (operation->alg == PSA_ALG_NONE) { + return PSA_SUCCESS; + } + return psa_driver_wrapper_pake_abort(operation); } #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 7171f7566..0dafe786d 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -194,23 +194,6 @@ static psa_status_t mbedtls_ecjpake_to_psa_error(int ret) psa_status_t mbedtls_psa_pake_setup(psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - /* A context must be freshly initialized before it can be set up. */ - if (operation->alg != PSA_ALG_NONE) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - if (cipher_suite == NULL || - PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 || - (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC && - cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH) || - PSA_ALG_IS_HASH(cipher_suite->hash) == 0) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto error; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (cipher_suite->algorithm == PSA_ALG_JPAKE) { if (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC || @@ -236,11 +219,14 @@ psa_status_t mbedtls_psa_pake_setup(psa_pake_operation_t *operation, return PSA_SUCCESS; } else +#else + (void) operation; + (void) cipher_suite; #endif - status = PSA_ERROR_NOT_SUPPORTED; + { status = PSA_ERROR_NOT_SUPPORTED; } error: - psa_pake_abort(operation); + mbedtls_psa_pake_abort(operation); return status; } @@ -315,23 +301,18 @@ psa_status_t mbedtls_psa_pake_set_user(psa_pake_operation_t *operation, const uint8_t *user_id, size_t user_id_len) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + (void) user_id; + (void) user_id_len; - if (operation->alg == PSA_ALG_NONE || - operation->state != PSA_PAKE_STATE_SETUP) { + if (operation->state != PSA_PAKE_STATE_SETUP) { status = PSA_ERROR_BAD_STATE; goto error; } - if (user_id_len == 0 || user_id == NULL) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto error; - } - status = PSA_ERROR_NOT_SUPPORTED; error: - psa_pake_abort(operation); + mbedtls_psa_pake_abort(operation); return status; } @@ -339,46 +320,29 @@ psa_status_t mbedtls_psa_pake_set_peer(psa_pake_operation_t *operation, const uint8_t *peer_id, size_t peer_id_len) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + (void) peer_id; + (void) peer_id_len; - if (operation->alg == PSA_ALG_NONE || - operation->state != PSA_PAKE_STATE_SETUP) { + if (operation->state != PSA_PAKE_STATE_SETUP) { status = PSA_ERROR_BAD_STATE; goto error; } - if (peer_id_len == 0 || peer_id == NULL) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto error; - } - status = PSA_ERROR_NOT_SUPPORTED; error: - psa_pake_abort(operation); + mbedtls_psa_pake_abort(operation); return status; } psa_status_t mbedtls_psa_pake_set_role(psa_pake_operation_t *operation, psa_pake_role_t role) { - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - if (operation->alg == PSA_ALG_NONE || - operation->state != PSA_PAKE_STATE_SETUP) { + if (operation->state != PSA_PAKE_STATE_SETUP) { status = PSA_ERROR_BAD_STATE; goto error; } - if (role != PSA_PAKE_ROLE_NONE && - role != PSA_PAKE_ROLE_FIRST && - role != PSA_PAKE_ROLE_SECOND && - role != PSA_PAKE_ROLE_CLIENT && - role != PSA_PAKE_ROLE_SERVER) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto error; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { if (role != PSA_PAKE_ROLE_CLIENT && @@ -390,11 +354,14 @@ psa_status_t mbedtls_psa_pake_set_role(psa_pake_operation_t *operation, return PSA_SUCCESS; } else +#else + (void) role; #endif - status = PSA_ERROR_NOT_SUPPORTED; + + { status = PSA_ERROR_NOT_SUPPORTED; } error: - psa_pake_abort(operation); + mbedtls_psa_pake_abort(operation); return status; } @@ -449,15 +416,10 @@ static psa_status_t mbedtls_psa_pake_output_internal( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t length; - if (operation->alg == PSA_ALG_NONE || - operation->state == PSA_PAKE_STATE_INVALID) { + if (operation->state == PSA_PAKE_STATE_INVALID) { return PSA_ERROR_BAD_STATE; } - if (output == NULL || output_size == 0 || output_length == NULL) { - return PSA_ERROR_INVALID_ARGUMENT; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) /* * The PSA CRYPTO PAKE and MbedTLS JPAKE API have a different @@ -623,8 +585,13 @@ static psa_status_t mbedtls_psa_pake_output_internal( return PSA_SUCCESS; } else +#else + (void) step; + (void) output; + (void) output_size; + (void) output_length; #endif - return PSA_ERROR_NOT_SUPPORTED; + { return PSA_ERROR_NOT_SUPPORTED; } } psa_status_t mbedtls_psa_pake_output(psa_pake_operation_t *operation, @@ -652,15 +619,10 @@ static psa_status_t mbedtls_psa_pake_input_internal( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (operation->alg == PSA_ALG_NONE || - operation->state == PSA_PAKE_STATE_INVALID) { + if (operation->state == PSA_PAKE_STATE_INVALID) { return PSA_ERROR_BAD_STATE; } - if (input == NULL || input_length == 0) { - return PSA_ERROR_INVALID_ARGUMENT; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) /* * The PSA CRYPTO PAKE and MbedTLS JPAKE API have a different @@ -821,8 +783,12 @@ static psa_status_t mbedtls_psa_pake_input_internal( return PSA_SUCCESS; } else +#else + (void) step; + (void) input; + (void) input_length; #endif - return PSA_ERROR_NOT_SUPPORTED; + { return PSA_ERROR_NOT_SUPPORTED; } } psa_status_t mbedtls_psa_pake_input(psa_pake_operation_t *operation, @@ -847,9 +813,7 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (operation->alg == PSA_ALG_NONE || - operation->state != PSA_PAKE_STATE_READY || - operation->input_step != PSA_PAKE_STEP_DERIVE || + if (operation->input_step != PSA_PAKE_STEP_DERIVE || operation->output_step != PSA_PAKE_STEP_DERIVE) { status = PSA_ERROR_BAD_STATE; goto error; @@ -879,8 +843,10 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( return status; } else +#else + (void) output; #endif - status = PSA_ERROR_NOT_SUPPORTED; + { status = PSA_ERROR_NOT_SUPPORTED; } error: psa_key_derivation_abort(output); @@ -891,10 +857,6 @@ error: psa_status_t mbedtls_psa_pake_abort(psa_pake_operation_t *operation) { - if (operation->alg == PSA_ALG_NONE) { - return PSA_SUCCESS; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { operation->input_step = PSA_PAKE_STEP_INVALID; From 2e73649f9c9bcbf1a6cfe39097f6fca2f27aba8b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 22 Nov 2022 13:50:22 +0100 Subject: [PATCH 217/440] Add pake psa crypto driver wrappers implementation Signed-off-by: Przemek Stekiel --- library/psa_crypto_driver_wrappers.h | 4 +- .../psa_crypto_driver_wrappers.c.jinja | 270 +++++++++++++++++- 2 files changed, 261 insertions(+), 13 deletions(-) diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index e011594be..a3755d3a4 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -420,8 +420,10 @@ psa_status_t psa_driver_wrapper_pake_setup( const psa_pake_cipher_suite_t *cipher_suite); psa_status_t psa_driver_wrapper_pake_set_password_key( + const psa_key_attributes_t *attributes, psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password); + uint8_t *key_buffer, + size_t key_size); psa_status_t psa_driver_wrapper_pake_set_user( psa_pake_operation_t *operation, diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 8f9ff73b8..802722f97 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2814,14 +2814,100 @@ psa_status_t psa_driver_wrapper_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite ) { - return( mbedtls_psa_pake_setup( operation, cipher_suite ) ); + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + /* Try setup on accelerators first */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = mbedtls_test_transparent_pake_setup( + &operation->ctx.transparent_test_driver_ctx, + (const psa_pake_cipher_suite_t*) cipher_suite ); + if( status == PSA_SUCCESS ) + operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + /* If software fallback is compiled in, try fallback */ +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + status = mbedtls_psa_pake_setup( &operation->ctx.mbedtls_ctx, cipher_suite ); + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = mbedtls_test_opaque_pake_setup( + &operation->ctx.opaque_test_driver_ctx, + (const psa_pake_cipher_suite_t*) cipher_suite ); + if( status == PSA_SUCCESS ) + operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; + + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + /* Nothing left to try if we fall through here */ + (void) status; + (void) operation; + (void) cipher_suite; + return( PSA_ERROR_NOT_SUPPORTED ); } psa_status_t psa_driver_wrapper_pake_set_password_key( + const psa_key_attributes_t *attributes, psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password ) + uint8_t *key_buffer, + size_t key_size ) { - return( mbedtls_psa_pake_set_password_key( operation, password ) ); + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_location_t location = + PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + + switch( location ) + { + case PSA_KEY_LOCATION_LOCAL_STORAGE: + /* Key is stored in the slot in export representation, so + * cycle through all known transparent accelerators */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + status = mbedtls_test_transparent_set_password_key( + attributes, + &operation->ctx.transparent_test_driver_ctx, + key_buffer, key_size ); + /* Declared with fallback == true */ + if( status != PSA_ERROR_NOT_SUPPORTED ) + return( status ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + return( mbedtls_psa_pake_set_password_key( + attributes, &operation->ctx.mbedtls_ctx, + key_buffer, key_size ) ); + /* Add cases for opaque driver here */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case PSA_CRYPTO_TEST_DRIVER_LOCATION: + return( mbedtls_test_opaque_set_password_key( + attributes, + &operation->ctx.opaque_test_driver_ctx, + key_buffer, key_size ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + + default: + /* Key is declared with a lifetime not known to us */ + (void)status; + (void)key_buffer; + (void)key_size; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_set_user( @@ -2829,7 +2915,31 @@ psa_status_t psa_driver_wrapper_pake_set_user( const uint8_t *user_id, size_t user_id_len ) { - return( mbedtls_psa_pake_set_user( operation, user_id, user_id_len ) ); + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_set_user( &operation->ctx.mbedtls_ctx, + user_id, user_id_len ) ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_set_user( + &operation->ctx.transparent_test_driver_ctx, + user_id, user_id_len ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_set_user( + &operation->ctx.opaque_test_driver_ctx, + user_id, user_id_len ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) user_id; + (void) user_id_len; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_set_peer( @@ -2837,14 +2947,60 @@ psa_status_t psa_driver_wrapper_pake_set_peer( const uint8_t *peer_id, size_t peer_id_len ) { - return( mbedtls_psa_pake_set_peer( operation, peer_id, peer_id_len ) ); + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_set_peer( &operation->ctx.mbedtls_ctx, + peer_id, peer_id_len ) ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_set_peer( + &operation->ctx.transparent_test_driver_ctx, + peer_id, peer_id_len ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_set_peer( + &operation->ctx.opaque_test_driver_ctx, + peer_id, peer_id_len ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) peer_id; + (void) peer_id_len; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_set_role( psa_pake_operation_t *operation, psa_pake_role_t role ) { - return( mbedtls_psa_pake_set_role( operation, role ) ); + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_set_role( &operation->ctx.mbedtls_ctx, role ) ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_set_role( + &operation->ctx.transparent_test_driver_ctx, + role ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_set_role( + &operation->ctx.opaque_test_driver_ctx, + role ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) role; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_output( @@ -2854,8 +3010,33 @@ psa_status_t psa_driver_wrapper_pake_output( size_t output_size, size_t *output_length ) { - return( mbedtls_psa_pake_output( operation, step, output, - output_size, output_length ) ); + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_output( &operation->ctx.mbedtls_ctx, step, output, + output_size, output_length ) ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_output( + &operation->ctx.transparent_test_driver_ctx, + step, output, output_size, output_length ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_output( + &operation->ctx.opaque_test_driver_ctx, + step, output, output_size, output_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) step; + (void) output; + (void) output_size; + (void) output_length; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_input( @@ -2864,21 +3045,86 @@ psa_status_t psa_driver_wrapper_pake_input( const uint8_t *input, size_t input_length ) { - return( mbedtls_psa_pake_input( operation, step, input, input_length ) ); + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_input( &operation->ctx.mbedtls_ctx, + step, input, input_length ) ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_input( + &operation->ctx.transparent_test_driver_ctx, + step, input, input_length ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_input( + &operation->ctx.opaque_test_driver_ctx, + step, input, input_length ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) step; + (void) input; + (void) input_length; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_get_implicit_key( psa_pake_operation_t *operation, psa_key_derivation_operation_t *output ) { - return( mbedtls_psa_pake_get_implicit_key( operation, output ) ); + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_get_implicit_key( &operation->ctx.mbedtls_ctx, output ) ); +#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ + +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_get_implicit_key( + &operation->ctx.transparent_test_driver_ctx, + (psa_key_derivation_operation_t*) output ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_get_implicit_key( + &operation->ctx.opaque_test_driver_ctx, + (psa_key_derivation_operation_t*) output ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + (void) output; + return( PSA_ERROR_INVALID_ARGUMENT ); + } } psa_status_t psa_driver_wrapper_pake_abort( psa_pake_operation_t * operation ) { - return( mbedtls_psa_pake_abort( operation ) ); -} + switch( operation->id ) + { +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + case PSA_CRYPTO_MBED_TLS_DRIVER_ID: + return( mbedtls_psa_pake_abort( &operation->ctx.mbedtls_ctx ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ +#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) +#if defined(PSA_CRYPTO_DRIVER_TEST) + case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: + return( mbedtls_test_transparent_pake_abort( + &operation->ctx.transparent_test_driver_ctx ) ); + case MBEDTLS_TEST_OPAQUE_DRIVER_ID: + return( mbedtls_test_opaque_pake_abort( + &operation->ctx.opaque_test_driver_ctx ) ); +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ + default: + return( PSA_ERROR_INVALID_ARGUMENT ); + } +} + #endif /* MBEDTLS_PSA_CRYPTO_C */ From d3da040f34c0a0107e30edc372804768ff7284dd Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 22 Nov 2022 13:53:26 +0100 Subject: [PATCH 218/440] Add test driver impl for pake Signed-off-by: Przemek Stekiel --- tests/include/test/drivers/pake.h | 140 +++++++++ tests/src/drivers/test_driver_pake.c | 428 +++++++++++++++++++++++++++ 2 files changed, 568 insertions(+) create mode 100644 tests/include/test/drivers/pake.h create mode 100644 tests/src/drivers/test_driver_pake.c diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h new file mode 100644 index 000000000..81e87113b --- /dev/null +++ b/tests/include/test/drivers/pake.h @@ -0,0 +1,140 @@ +/* + * Test driver for PAKE driver entry points. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H +#define PSA_CRYPTO_TEST_DRIVERS_PAKE_H + +#include "mbedtls/build_info.h" + +#if defined(PSA_CRYPTO_DRIVER_TEST) +#include + +typedef struct { + /* If not PSA_SUCCESS, return this error code instead of processing the + * function call. */ + psa_status_t forced_status; + /* Count the amount of times PAKE driver functions are called. */ + unsigned long hits; + /* Status returned by the last PAKE driver function call. */ + psa_status_t driver_status; + /* Output returned by pake_output */ + void *forced_output; + size_t forced_output_length; +} mbedtls_test_driver_pake_hooks_t; + +#define MBEDTLS_TEST_DRIVER_PAKE_INIT { 0, 0, 0, NULL, 0 } +static inline mbedtls_test_driver_pake_hooks_t +mbedtls_test_driver_pake_hooks_init(void) +{ + const mbedtls_test_driver_pake_hooks_t v = MBEDTLS_TEST_DRIVER_PAKE_INIT; + return v; +} + +extern mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks; + +psa_status_t mbedtls_test_transparent_pake_setup( + mbedtls_transparent_test_driver_pake_operation_t *operation, + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t mbedtls_test_transparent_set_password_key( + const psa_key_attributes_t *attributes, + mbedtls_transparent_test_driver_pake_operation_t *operation, + uint8_t *key_buffer, + size_t key_size); + +psa_status_t mbedtls_test_transparent_pake_set_user( + mbedtls_transparent_test_driver_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len); + +psa_status_t mbedtls_test_transparent_pake_set_peer( + mbedtls_transparent_test_driver_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len); + +psa_status_t mbedtls_test_transparent_pake_set_role( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_pake_role_t role); + +psa_status_t mbedtls_test_transparent_pake_output( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length); + +psa_status_t mbedtls_test_transparent_pake_input( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length); + +psa_status_t mbedtls_test_transparent_pake_get_implicit_key( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_key_derivation_operation_t *output); + +psa_status_t mbedtls_test_transparent_pake_abort( + mbedtls_transparent_test_driver_pake_operation_t *operation); + +psa_status_t mbedtls_test_opaque_pake_setup( + mbedtls_opaque_test_driver_pake_operation_t *operation, + const psa_pake_cipher_suite_t *cipher_suite); + +psa_status_t mbedtls_test_opaque_set_password_key( + const psa_key_attributes_t *attributes, + mbedtls_opaque_test_driver_pake_operation_t *operation, + uint8_t *key_buffer, + size_t key_size); + +psa_status_t mbedtls_test_opaque_pake_set_user( + mbedtls_opaque_test_driver_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len); + +psa_status_t mbedtls_test_opaque_pake_set_peer( + mbedtls_opaque_test_driver_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len); + +psa_status_t mbedtls_test_opaque_pake_set_role( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_pake_role_t role); + +psa_status_t mbedtls_test_opaque_pake_output( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length); + +psa_status_t mbedtls_test_opaque_pake_input( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length); + +psa_status_t mbedtls_test_opaque_pake_get_implicit_key( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_key_derivation_operation_t *output); + +psa_status_t mbedtls_test_opaque_pake_abort( + mbedtls_opaque_test_driver_pake_operation_t *operation); + +#endif /* PSA_CRYPTO_DRIVER_TEST */ +#endif /* PSA_CRYPTO_TEST_DRIVERS_PAKE_H */ diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c new file mode 100644 index 000000000..1ced55936 --- /dev/null +++ b/tests/src/drivers/test_driver_pake.c @@ -0,0 +1,428 @@ +/* + * Test driver for MAC entry points. + */ +/* Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST) +#include "psa_crypto_pake.h" + +#include "test/drivers/pake.h" +#include "string.h" + +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#include "libtestdriver1/library/psa_crypto_pake.h" +#endif + +mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks = + MBEDTLS_TEST_DRIVER_PAKE_INIT; + + +psa_status_t mbedtls_test_transparent_pake_setup( + mbedtls_transparent_test_driver_pake_operation_t *operation, + const psa_pake_cipher_suite_t *cipher_suite) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_setup( + operation, (const libtestdriver1_psa_pake_cipher_suite_t *) cipher_suite); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_setup( + operation, cipher_suite); +#else + (void) operation; + (void) cipher_suite; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_set_password_key( + const psa_key_attributes_t *attributes, + mbedtls_transparent_test_driver_pake_operation_t *operation, + uint8_t *key_buffer, + size_t key_size) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_set_password_key( + (const libtestdriver1_psa_key_attributes_t *) attributes, + operation, key_buffer, key_size); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_set_password_key( + attributes, operation, key_buffer, key_size); +#else + (void) operation; + (void) key_buffer, + (void) key_size; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_pake_set_user( + mbedtls_transparent_test_driver_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_set_user( + operation, user_id, user_id_len); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_set_user( + operation, user_id, user_id_len); +#else + (void) operation; + (void) user_id; + (void) user_id_len; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + + +psa_status_t mbedtls_test_transparent_pake_set_peer( + mbedtls_transparent_test_driver_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_set_peer( + operation, peer_id, peer_id_len); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_set_peer( + operation, peer_id, peer_id_len); +#else + (void) operation; + (void) peer_id; + (void) peer_id_len; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_pake_set_role( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_pake_role_t role) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_set_role( + operation, role); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_set_role( + operation, role); +#else + (void) operation; + (void) role; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_pake_output( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_output != NULL) { + if (output_size < mbedtls_test_driver_pake_hooks.forced_output_length) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + memcpy(output, + mbedtls_test_driver_pake_hooks.forced_output, + mbedtls_test_driver_pake_hooks.forced_output_length); + *output_length = mbedtls_test_driver_pake_hooks.forced_output_length; + + return mbedtls_test_driver_pake_hooks.forced_status; + } + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_output( + operation, step, output, output_size, output_length); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_output( + operation, step, output, output_size, output_length); +#else + (void) operation; + (void) step; + (void) output; + (void) output_size; + (void) output_length; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_pake_input( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_input( + operation, step, input, input_length); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_input( + operation, step, input, input_length); +#else + (void) operation; + (void) step; + (void) input; + (void) input_length; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_pake_get_implicit_key( + mbedtls_transparent_test_driver_pake_operation_t *operation, + psa_key_derivation_operation_t *output) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_get_implicit_key( + operation, (libtestdriver1_psa_key_derivation_operation_t *) output); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_get_implicit_key( + operation, output); +#else + (void) operation; + (void) output; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +psa_status_t mbedtls_test_transparent_pake_abort( + mbedtls_transparent_test_driver_pake_operation_t *operation) +{ + mbedtls_test_driver_pake_hooks.hits++; + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; + } else { +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_abort( + operation); +#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_abort( + operation); +#else + (void) operation; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; +#endif + } + + return mbedtls_test_driver_pake_hooks.driver_status; +} + +/* + * opaque versions, to do + */ +psa_status_t mbedtls_test_opaque_pake_setup( + mbedtls_opaque_test_driver_pake_operation_t *operation, + const psa_pake_cipher_suite_t *cipher_suite) +{ + (void) operation; + (void) cipher_suite; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_set_password_key( + const psa_key_attributes_t *attributes, + mbedtls_opaque_test_driver_pake_operation_t *operation, + uint8_t *key_buffer, + size_t key_size) +{ + (void) attributes; + (void) operation; + (void) key_buffer; + (void) key_size; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_set_user( + mbedtls_opaque_test_driver_pake_operation_t *operation, + const uint8_t *user_id, + size_t user_id_len) +{ + (void) operation; + (void) user_id; + (void) user_id_len; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_set_peer( + mbedtls_opaque_test_driver_pake_operation_t *operation, + const uint8_t *peer_id, + size_t peer_id_len) +{ + (void) operation; + (void) peer_id; + (void) peer_id_len; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_set_role( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_pake_role_t role) +{ + (void) operation; + (void) role; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_output( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + uint8_t *output, + size_t output_size, + size_t *output_length) +{ + (void) operation; + (void) step; + (void) output; + (void) output_size; + (void) output_length; + + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_input( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_pake_step_t step, + const uint8_t *input, + size_t input_length) +{ + (void) operation; + (void) step; + (void) input; + (void) input_length; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_get_implicit_key( + mbedtls_opaque_test_driver_pake_operation_t *operation, + psa_key_derivation_operation_t *output) +{ + (void) operation; + (void) output; + return PSA_ERROR_NOT_SUPPORTED; +} + +psa_status_t mbedtls_test_opaque_pake_abort( + mbedtls_opaque_test_driver_pake_operation_t *operation) +{ + (void) operation; + return PSA_ERROR_NOT_SUPPORTED; +} + +#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 03790029a6c6628a9a712d976281ccd2f46d04b4 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 22 Nov 2022 13:54:44 +0100 Subject: [PATCH 219/440] Add test components to test accelerated pake and fallback Signed-off-by: Przemek Stekiel --- tests/scripts/all.sh | 61 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7d91fa27d..e75767475 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2493,6 +2493,67 @@ component_test_psa_crypto_config_accel_aead () { make test } +component_test_psa_crypto_config_accel_pake () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" + + # Start with full + scripts/config.py full + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_list="ALG_JPAKE" + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + scripts/config.py unset MBEDTLS_ECJPAKE_C + + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" + tests/ssl-opt.sh -f "ECJPAKE" + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" + make test +} + +component_test_psa_crypto_config_accel_pake_no_fallback () { + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" + + # Start with full + scripts/config.py full + + # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having + # partial support for cipher operations in the driver test library. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING + + loc_accel_list="ALG_JPAKE" + loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + + scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS + scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG + + scripts/config.py unset MBEDTLS_ECJPAKE_C + + # Make build-in fallback not available + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_JPAKE + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" + make test +} + component_test_psa_crypto_config_no_driver() { # full plus MBEDTLS_PSA_CRYPTO_CONFIG msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS" From d91bcb76737dc4efc65cc3db6154524532b1f5bd Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 22 Nov 2022 14:00:51 +0100 Subject: [PATCH 220/440] Refactor structures for pake driver support Signed-off-by: Przemek Stekiel --- include/psa/crypto_builtin_primitives.h | 38 ++++++++++++++++ .../psa/crypto_driver_contexts_primitives.h | 37 +++++++++++++++ include/psa/crypto_extra.h | 45 ++++--------------- 3 files changed, 84 insertions(+), 36 deletions(-) diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index c76bc7814..2830b61e6 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -111,4 +111,42 @@ typedef struct { #define MBEDTLS_PSA_CIPHER_OPERATION_INIT { 0, 0, 0, { 0 } } + +/* EC-JPAKE operation definitions */ + +#include "mbedtls/ecjpake.h" + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#define MBEDTLS_PSA_BUILTIN_PAKE 1 +#endif + +/* Note: the format for mbedtls_ecjpake_read/write function has an extra + * length byte for each step, plus an extra 3 bytes for ECParameters in the + * server's 2nd round. */ +#define MBEDTLS_PSA_PAKE_BUFFER_SIZE ((3 + 1 + 65 + 1 + 65 + 1 + 32) * 2) + +typedef struct { + psa_algorithm_t MBEDTLS_PRIVATE(alg); + unsigned int MBEDTLS_PRIVATE(state); + unsigned int MBEDTLS_PRIVATE(sequence); +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + unsigned int MBEDTLS_PRIVATE(input_step); + unsigned int MBEDTLS_PRIVATE(output_step); + uint8_t *MBEDTLS_PRIVATE(password); + size_t MBEDTLS_PRIVATE(password_len); + uint8_t MBEDTLS_PRIVATE(role); + uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_PAKE_BUFFER_SIZE]); + size_t MBEDTLS_PRIVATE(buffer_length); + size_t MBEDTLS_PRIVATE(buffer_offset); +#endif + /* Context structure for the Mbed TLS EC-JPAKE implementation. */ + union { + unsigned int MBEDTLS_PRIVATE(dummy); + mbedtls_ecjpake_context MBEDTLS_PRIVATE(pake); + } MBEDTLS_PRIVATE(ctx); + +} mbedtls_psa_pake_operation_t; + +#define MBEDTLS_PSA_PAKE_OPERATION_INIT { { 0 } } + #endif /* PSA_CRYPTO_BUILTIN_PRIMITIVES_H */ diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h index 620a4b3a7..7d096208b 100644 --- a/include/psa/crypto_driver_contexts_primitives.h +++ b/include/psa/crypto_driver_contexts_primitives.h @@ -45,6 +45,8 @@ #include #endif +#include "mbedtls/ecjpake.h" + #if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ @@ -87,6 +89,32 @@ typedef struct { #define MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT \ { 0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT } +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + +typedef libtestdriver1_mbedtls_psa_pake_operation_t + mbedtls_transparent_test_driver_pake_operation_t; +typedef libtestdriver1_psa_pake_operation_t + mbedtls_opaque_test_driver_pake_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_PAKE_OPERATION_INIT \ + LIBTESTDRIVER1_MBEDTLS_PSA_PAKE_OPERATION_INIT +#define MBEDTLS_OPAQUE_TEST_DRIVER_PAKE_OPERATION_INIT \ + LIBTESTDRIVER1_MBEDTLS_PSA_PAKE_OPERATION_INIT + +#else +typedef mbedtls_psa_pake_operation_t + mbedtls_transparent_test_driver_pake_operation_t; +typedef mbedtls_psa_pake_operation_t + mbedtls_opaque_test_driver_pake_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_PAKE_OPERATION_INIT \ + MBEDTLS_PSA_PAKE_OPERATION_INIT +#define MBEDTLS_OPAQUE_TEST_DRIVER_PAKE_OPERATION_INIT \ + MBEDTLS_PSA_PAKE_OPERATION_INIT + +#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 && LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Define the context to be used for an operation that is executed through the @@ -113,5 +141,14 @@ typedef union { #endif } psa_driver_cipher_context_t; +typedef union { + unsigned dummy; /* Make sure this union is always non-empty */ + mbedtls_psa_pake_operation_t mbedtls_ctx; +#if defined(PSA_CRYPTO_DRIVER_TEST) + mbedtls_transparent_test_driver_pake_operation_t transparent_test_driver_ctx; + mbedtls_opaque_test_driver_pake_operation_t opaque_test_driver_ctx; +#endif +} psa_driver_pake_context_t; + #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */ /* End of automatically generated file. */ diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index bd1b5af56..da74bed17 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1826,14 +1826,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); /** Returns a suitable initializer for a PAKE operation object of type * psa_pake_operation_t. */ -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) -#define PSA_PAKE_OPERATION_INIT { PSA_ALG_NONE, 0, 0, 0, 0, \ - NULL, 0, \ - PSA_PAKE_ROLE_NONE, { 0 }, 0, 0, \ - { .dummy = 0 } } -#else -#define PSA_PAKE_OPERATION_INIT { PSA_ALG_NONE, 0, 0, { 0 } } -#endif +#define PSA_PAKE_OPERATION_INIT { 0, { .dummy = 0 } } struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; @@ -1904,35 +1897,15 @@ static inline void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite, } } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) -#include -/* Note: the format for mbedtls_ecjpake_read/write function has an extra - * length byte for each step, plus an extra 3 bytes for ECParameters in the - * server's 2nd round. */ -#define MBEDTLS_PSA_PAKE_BUFFER_SIZE ((3 + 1 + 65 + 1 + 65 + 1 + 32) * 2) -#endif - struct psa_pake_operation_s { - psa_algorithm_t MBEDTLS_PRIVATE(alg); - unsigned int MBEDTLS_PRIVATE(state); - unsigned int MBEDTLS_PRIVATE(sequence); -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) - unsigned int MBEDTLS_PRIVATE(input_step); - unsigned int MBEDTLS_PRIVATE(output_step); - uint8_t *MBEDTLS_PRIVATE(password); - size_t MBEDTLS_PRIVATE(password_len); - psa_pake_role_t MBEDTLS_PRIVATE(role); - uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_PAKE_BUFFER_SIZE]); - size_t MBEDTLS_PRIVATE(buffer_length); - size_t MBEDTLS_PRIVATE(buffer_offset); -#endif - union { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) - mbedtls_ecjpake_context ecjpake; -#endif - /* Make the union non-empty even with no supported algorithms. */ - uint8_t dummy; - } MBEDTLS_PRIVATE(ctx); + /** Unique ID indicating which driver got assigned to do the + * operation. Since driver contexts are driver-specific, swapping + * drivers halfway through the operation is not supported. + * ID values are auto-generated in psa_crypto_driver_wrappers.h + * ID value zero means the context is not valid or not assigned to + * any driver (i.e. none of the driver contexts are active). */ + unsigned int MBEDTLS_PRIVATE(id); + psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); }; static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void) From 6c7644150ac411b3ebc5fe94d9de064de6fee363 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 22 Nov 2022 14:05:12 +0100 Subject: [PATCH 221/440] Adapt pake impl for driver dispatch Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 64 ++++++--------- library/psa_crypto_pake.c | 162 +++++++++++++++++++++++--------------- library/psa_crypto_pake.h | 34 ++++---- 3 files changed, 138 insertions(+), 122 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3494ae730..8dc1a21fc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -5072,13 +5072,13 @@ psa_status_t psa_key_derivation_abort(psa_key_derivation_operation_t *operation) operation->ctx.tls12_prf.label_length); mbedtls_free(operation->ctx.tls12_prf.label); } - +#if defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) if (operation->ctx.tls12_prf.other_secret != NULL) { mbedtls_platform_zeroize(operation->ctx.tls12_prf.other_secret, operation->ctx.tls12_prf.other_secret_length); mbedtls_free(operation->ctx.tls12_prf.other_secret); } - +#endif /* MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS */ status = PSA_SUCCESS; /* We leave the fields Ai and output_block to be erased safely by the @@ -7163,24 +7163,10 @@ exit: return status; } -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) { - /* A context must be freshly initialized before it can be set up. */ - if (operation->alg != PSA_ALG_NONE) { - return PSA_ERROR_BAD_STATE; - } - - if (cipher_suite == NULL || - PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 || - (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC && - cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH) || - PSA_ALG_IS_HASH(cipher_suite->hash) == 0) { - return PSA_ERROR_INVALID_ARGUMENT; - } - return psa_driver_wrapper_pake_setup(operation, cipher_suite); } @@ -7189,34 +7175,30 @@ psa_status_t psa_pake_set_password_key( mbedtls_svc_key_id_t password) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes = psa_key_attributes_init(); - psa_key_type_t type; - psa_key_usage_t usage; + psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_key_slot_t *slot = NULL; - if (operation->alg == PSA_ALG_NONE) { + if (operation->id == 0) { return PSA_ERROR_BAD_STATE; } - status = psa_get_key_attributes(password, &attributes); + status = psa_get_and_lock_key_slot_with_policy(password, &slot, + PSA_KEY_USAGE_DERIVE, + PSA_ALG_JPAKE); if (status != PSA_SUCCESS) { return status; } - type = psa_get_key_type(&attributes); - usage = psa_get_key_usage_flags(&attributes); + psa_key_attributes_t attributes = { + .core = slot->attr + }; - psa_reset_key_attributes(&attributes); + status = psa_driver_wrapper_pake_set_password_key(&attributes, operation, + slot->key.data, slot->key.bytes); - if (type != PSA_KEY_TYPE_PASSWORD && - type != PSA_KEY_TYPE_PASSWORD_HASH) { - return PSA_ERROR_INVALID_ARGUMENT; - } + unlock_status = psa_unlock_key_slot(slot); - if ((usage & PSA_KEY_USAGE_DERIVE) == 0) { - return PSA_ERROR_NOT_PERMITTED; - } - - return psa_driver_wrapper_pake_set_password_key(operation, password); + return (status == PSA_SUCCESS) ? unlock_status : status; } psa_status_t psa_pake_set_user( @@ -7224,7 +7206,7 @@ psa_status_t psa_pake_set_user( const uint8_t *user_id, size_t user_id_len) { - if (operation->alg == PSA_ALG_NONE) { + if (operation->id == 0) { return PSA_ERROR_BAD_STATE; } @@ -7241,7 +7223,7 @@ psa_status_t psa_pake_set_peer( const uint8_t *peer_id, size_t peer_id_len) { - if (operation->alg == PSA_ALG_NONE) { + if (operation->id == 0) { return PSA_ERROR_BAD_STATE; } @@ -7257,7 +7239,7 @@ psa_status_t psa_pake_set_role( psa_pake_operation_t *operation, psa_pake_role_t role) { - if (operation->alg == PSA_ALG_NONE) { + if (operation->id == 0) { return PSA_ERROR_BAD_STATE; } @@ -7279,7 +7261,7 @@ psa_status_t psa_pake_output( size_t output_size, size_t *output_length) { - if (operation->alg == PSA_ALG_NONE) { + if (operation->id == 0) { return PSA_ERROR_BAD_STATE; } @@ -7297,7 +7279,7 @@ psa_status_t psa_pake_input( const uint8_t *input, size_t input_length) { - if (operation->alg == PSA_ALG_NONE) { + if (operation->id == 0) { return PSA_ERROR_BAD_STATE; } @@ -7313,7 +7295,7 @@ psa_status_t psa_pake_get_implicit_key( psa_pake_operation_t *operation, psa_key_derivation_operation_t *output) { - if (operation->alg == PSA_ALG_NONE) { + if (operation->id == 0) { return PSA_ERROR_BAD_STATE; } @@ -7323,12 +7305,12 @@ psa_status_t psa_pake_get_implicit_key( psa_status_t psa_pake_abort( psa_pake_operation_t *operation) { - if (operation->alg == PSA_ALG_NONE) { + /* Aborting a non-active operation is allowed */ + if (operation->id == 0) { return PSA_SUCCESS; } return psa_driver_wrapper_pake_abort(operation); } -#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 0dafe786d..6c4db6f2d 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -191,9 +191,26 @@ static psa_status_t mbedtls_ecjpake_to_psa_error(int ret) #endif #if defined(MBEDTLS_PSA_BUILTIN_PAKE) -psa_status_t mbedtls_psa_pake_setup(psa_pake_operation_t *operation, +psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + /* A context must be freshly initialized before it can be set up. */ + if (operation->alg != PSA_ALG_NONE) { + status = PSA_ERROR_BAD_STATE; + goto error; + } + + if (cipher_suite == NULL || + PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 || + (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC && + cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH) || + PSA_ALG_IS_HASH(cipher_suite->hash) == 0) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto error; + } + #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (cipher_suite->algorithm == PSA_ALG_JPAKE) { if (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC || @@ -206,12 +223,14 @@ psa_status_t mbedtls_psa_pake_setup(psa_pake_operation_t *operation, operation->alg = cipher_suite->algorithm; - mbedtls_ecjpake_init(&operation->ctx.ecjpake); + mbedtls_ecjpake_init(&operation->ctx.pake); operation->state = PSA_PAKE_STATE_SETUP; operation->sequence = PSA_PAKE_SEQ_INVALID; operation->input_step = PSA_PAKE_STEP_X1_X2; operation->output_step = PSA_PAKE_STEP_X1_X2; + operation->password_len = 0; + operation->password = NULL; mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); operation->buffer_length = 0; @@ -230,30 +249,14 @@ error: return status; } -psa_status_t mbedtls_psa_pake_set_password_key(psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password) +psa_status_t mbedtls_psa_pake_set_password_key(const psa_key_attributes_t *attributes, + mbedtls_psa_pake_operation_t *operation, + uint8_t *password, + size_t password_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_attributes_t attributes = psa_key_attributes_init(); - psa_key_type_t type; - psa_key_usage_t usage; - psa_key_slot_t *slot = NULL; - - if (operation->alg == PSA_ALG_NONE || - operation->state != PSA_PAKE_STATE_SETUP) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - status = psa_get_key_attributes(password, &attributes); - if (status != PSA_SUCCESS) { - goto error; - } - - type = psa_get_key_type(&attributes); - usage = psa_get_key_usage_flags(&attributes); - - psa_reset_key_attributes(&attributes); + psa_key_type_t type = psa_get_key_type(attributes); + psa_key_usage_t usage = psa_get_key_usage_flags(attributes); if (type != PSA_KEY_TYPE_PASSWORD && type != PSA_KEY_TYPE_PASSWORD_HASH) { @@ -266,44 +269,48 @@ psa_status_t mbedtls_psa_pake_set_password_key(psa_pake_operation_t *operation, goto error; } + if (operation->alg == PSA_ALG_NONE) { + status = PSA_ERROR_BAD_STATE; + goto error; + } + + if (operation->state != PSA_PAKE_STATE_SETUP) { + status = PSA_ERROR_BAD_STATE; + goto error; + } + if (operation->password != NULL) { - return PSA_ERROR_BAD_STATE; + status = PSA_ERROR_BAD_STATE; + goto error; } - status = psa_get_and_lock_key_slot_with_policy(password, &slot, - PSA_KEY_USAGE_DERIVE, - PSA_ALG_JPAKE); - if (status != PSA_SUCCESS) { - return status; - } - - operation->password = mbedtls_calloc(1, slot->key.bytes); + operation->password = mbedtls_calloc(1, password_len); if (operation->password == NULL) { - psa_unlock_key_slot(slot); return PSA_ERROR_INSUFFICIENT_MEMORY; } - memcpy(operation->password, slot->key.data, slot->key.bytes); - operation->password_len = slot->key.bytes; - status = psa_unlock_key_slot(slot); - if (status != PSA_SUCCESS) { - return status; - } + memcpy(operation->password, password, password_len); + operation->password_len = password_len; return PSA_SUCCESS; error: - psa_pake_abort(operation); + mbedtls_psa_pake_abort(operation); return status; } -psa_status_t mbedtls_psa_pake_set_user(psa_pake_operation_t *operation, +psa_status_t mbedtls_psa_pake_set_user(mbedtls_psa_pake_operation_t *operation, const uint8_t *user_id, size_t user_id_len) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; (void) user_id; (void) user_id_len; + if (operation->alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + if (operation->state != PSA_PAKE_STATE_SETUP) { status = PSA_ERROR_BAD_STATE; goto error; @@ -316,13 +323,19 @@ error: return status; } -psa_status_t mbedtls_psa_pake_set_peer(psa_pake_operation_t *operation, +psa_status_t mbedtls_psa_pake_set_peer(mbedtls_psa_pake_operation_t *operation, const uint8_t *peer_id, size_t peer_id_len) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; (void) peer_id; (void) peer_id_len; + if (operation->alg == PSA_ALG_NONE) { + status = PSA_ERROR_BAD_STATE; + goto error; + } + if (operation->state != PSA_PAKE_STATE_SETUP) { status = PSA_ERROR_BAD_STATE; goto error; @@ -335,9 +348,15 @@ error: return status; } -psa_status_t mbedtls_psa_pake_set_role(psa_pake_operation_t *operation, +psa_status_t mbedtls_psa_pake_set_role(mbedtls_psa_pake_operation_t *operation, psa_pake_role_t role) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + if (operation->alg == PSA_ALG_NONE) { + status = PSA_ERROR_BAD_STATE; + goto error; + } + if (operation->state != PSA_PAKE_STATE_SETUP) { status = PSA_ERROR_BAD_STATE; goto error; @@ -366,7 +385,7 @@ error: } #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) -static psa_status_t psa_pake_ecjpake_setup(psa_pake_operation_t *operation) +static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operation) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecjpake_role role; @@ -383,7 +402,7 @@ static psa_status_t psa_pake_ecjpake_setup(psa_pake_operation_t *operation) return PSA_ERROR_BAD_STATE; } - ret = mbedtls_ecjpake_setup(&operation->ctx.ecjpake, + ret = mbedtls_ecjpake_setup(&operation->ctx.pake, role, MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, @@ -406,7 +425,7 @@ static psa_status_t psa_pake_ecjpake_setup(psa_pake_operation_t *operation) #endif static psa_status_t mbedtls_psa_pake_output_internal( - psa_pake_operation_t *operation, + mbedtls_psa_pake_operation_t *operation, psa_pake_step_t step, uint8_t *output, size_t output_size, @@ -416,6 +435,10 @@ static psa_status_t mbedtls_psa_pake_output_internal( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t length; + if (operation->alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + if (operation->state == PSA_PAKE_STATE_INVALID) { return PSA_ERROR_BAD_STATE; } @@ -504,7 +527,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( /* Initialize & write round on KEY_SHARE sequences */ if (operation->state == PSA_PAKE_OUTPUT_X1_X2 && operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE) { - ret = mbedtls_ecjpake_write_round_one(&operation->ctx.ecjpake, + ret = mbedtls_ecjpake_write_round_one(&operation->ctx.pake, operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE, &operation->buffer_length, @@ -517,7 +540,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( operation->buffer_offset = 0; } else if (operation->state == PSA_PAKE_OUTPUT_X2S && operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE) { - ret = mbedtls_ecjpake_write_round_two(&operation->ctx.ecjpake, + ret = mbedtls_ecjpake_write_round_two(&operation->ctx.pake, operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE, &operation->buffer_length, @@ -594,7 +617,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( { return PSA_ERROR_NOT_SUPPORTED; } } -psa_status_t mbedtls_psa_pake_output(psa_pake_operation_t *operation, +psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, psa_pake_step_t step, uint8_t *output, size_t output_size, @@ -604,14 +627,14 @@ psa_status_t mbedtls_psa_pake_output(psa_pake_operation_t *operation, operation, step, output, output_size, output_length); if (status != PSA_SUCCESS) { - psa_pake_abort(operation); + mbedtls_psa_pake_abort(operation); } return status; } static psa_status_t mbedtls_psa_pake_input_internal( - psa_pake_operation_t *operation, + mbedtls_psa_pake_operation_t *operation, psa_pake_step_t step, const uint8_t *input, size_t input_length) @@ -619,6 +642,10 @@ static psa_status_t mbedtls_psa_pake_input_internal( int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + if (operation->alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + if (operation->state == PSA_PAKE_STATE_INVALID) { return PSA_ERROR_BAD_STATE; } @@ -746,7 +773,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( /* Load buffer at each last round ZK_PROOF */ if (operation->state == PSA_PAKE_INPUT_X1_X2 && operation->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) { - ret = mbedtls_ecjpake_read_round_one(&operation->ctx.ecjpake, + ret = mbedtls_ecjpake_read_round_one(&operation->ctx.pake, operation->buffer, operation->buffer_length); @@ -758,7 +785,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( } } else if (operation->state == PSA_PAKE_INPUT_X4S && operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF) { - ret = mbedtls_ecjpake_read_round_two(&operation->ctx.ecjpake, + ret = mbedtls_ecjpake_read_round_two(&operation->ctx.pake, operation->buffer, operation->buffer_length); @@ -791,7 +818,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( { return PSA_ERROR_NOT_SUPPORTED; } } -psa_status_t mbedtls_psa_pake_input(psa_pake_operation_t *operation, +psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, psa_pake_step_t step, const uint8_t *input, size_t input_length) @@ -800,19 +827,23 @@ psa_status_t mbedtls_psa_pake_input(psa_pake_operation_t *operation, operation, step, input, input_length); if (status != PSA_SUCCESS) { - psa_pake_abort(operation); + mbedtls_psa_pake_abort(operation); } return status; } psa_status_t mbedtls_psa_pake_get_implicit_key( - psa_pake_operation_t *operation, + mbedtls_psa_pake_operation_t *operation, psa_key_derivation_operation_t *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + if (operation->alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + if (operation->input_step != PSA_PAKE_STEP_DERIVE || operation->output_step != PSA_PAKE_STEP_DERIVE) { status = PSA_ERROR_BAD_STATE; @@ -821,14 +852,14 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { - ret = mbedtls_ecjpake_write_shared_key(&operation->ctx.ecjpake, + ret = mbedtls_ecjpake_write_shared_key(&operation->ctx.pake, operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE, &operation->buffer_length, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); if (ret != 0) { - psa_pake_abort(operation); + mbedtls_psa_pake_abort(operation); return mbedtls_ecjpake_to_psa_error(ret); } @@ -839,7 +870,7 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); - psa_pake_abort(operation); + mbedtls_psa_pake_abort(operation); return status; } else @@ -850,14 +881,19 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( error: psa_key_derivation_abort(output); - psa_pake_abort(operation); + mbedtls_psa_pake_abort(operation); return status; } -psa_status_t mbedtls_psa_pake_abort(psa_pake_operation_t *operation) +psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation) { + if (operation->alg == PSA_ALG_NONE) { + return PSA_SUCCESS; + } + #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) + if (operation->alg == PSA_ALG_JPAKE) { operation->input_step = PSA_PAKE_STEP_INVALID; operation->output_step = PSA_PAKE_STEP_INVALID; @@ -871,7 +907,7 @@ psa_status_t mbedtls_psa_pake_abort(psa_pake_operation_t *operation) mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); operation->buffer_length = 0; operation->buffer_offset = 0; - mbedtls_ecjpake_free(&operation->ctx.ecjpake); + mbedtls_ecjpake_free(&operation->ctx.pake); } #endif diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index b61ddde10..c7bf270a5 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -93,14 +93,15 @@ * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_pake_setup(psa_pake_operation_t *operation, +psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite); /** Set the password for a password-authenticated key exchange from key ID. * * Call this function when the password, or a value derived from the password, * is already present in the key store. - * + * \param[in] attributes The attributes of the key to use for the + * operation. * \param[in,out] operation The operation object to set the password for. It * must have been set up by psa_pake_setup() and * not yet in use (neither psa_pake_output() nor @@ -108,13 +109,8 @@ psa_status_t mbedtls_psa_pake_setup(psa_pake_operation_t *operation, * be on operation for which the password hasn't * been set yet (psa_pake_set_password_key() * hasn't been called yet). - * \param password Identifier of the key holding the password or a - * value derived from the password (eg. by a - * memory-hard function). It must remain valid - * until the operation terminates. It must be of - * type #PSA_KEY_TYPE_PASSWORD or - * #PSA_KEY_TYPE_PASSWORD_HASH. It has to allow - * the usage #PSA_KEY_USAGE_DERIVE. + * \param password Buffer holding the password + * \param password_len Password buffer size * * \retval #PSA_SUCCESS * Success. @@ -142,8 +138,10 @@ psa_status_t mbedtls_psa_pake_setup(psa_pake_operation_t *operation, * results in this error code. */ psa_status_t mbedtls_psa_pake_set_password_key( - psa_pake_operation_t *operation, - mbedtls_svc_key_id_t password); + const psa_key_attributes_t *attributes, + mbedtls_psa_pake_operation_t *operation, + uint8_t *password, + size_t password_len); /** Set the user ID for a password-authenticated key exchange. * @@ -182,7 +180,7 @@ psa_status_t mbedtls_psa_pake_set_password_key( * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_pake_set_user(psa_pake_operation_t *operation, +psa_status_t mbedtls_psa_pake_set_user(mbedtls_psa_pake_operation_t *operation, const uint8_t *user_id, size_t user_id_len); @@ -224,7 +222,7 @@ psa_status_t mbedtls_psa_pake_set_user(psa_pake_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_pake_set_peer(psa_pake_operation_t *operation, +psa_status_t mbedtls_psa_pake_set_peer(mbedtls_psa_pake_operation_t *operation, const uint8_t *peer_id, size_t peer_id_len); @@ -266,7 +264,7 @@ psa_status_t mbedtls_psa_pake_set_peer(psa_pake_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_pake_set_role(psa_pake_operation_t *operation, +psa_status_t mbedtls_psa_pake_set_role(mbedtls_psa_pake_operation_t *operation, psa_pake_role_t role); /** Get output for a step of a password-authenticated key exchange. @@ -324,7 +322,7 @@ psa_status_t mbedtls_psa_pake_set_role(psa_pake_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_pake_output(psa_pake_operation_t *operation, +psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, psa_pake_step_t step, uint8_t *output, size_t output_size, @@ -379,7 +377,7 @@ psa_status_t mbedtls_psa_pake_output(psa_pake_operation_t *operation, * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_pake_input(psa_pake_operation_t *operation, +psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, psa_pake_step_t step, const uint8_t *input, size_t input_length); @@ -443,7 +441,7 @@ psa_status_t mbedtls_psa_pake_input(psa_pake_operation_t *operation, * results in this error code. */ psa_status_t mbedtls_psa_pake_get_implicit_key( - psa_pake_operation_t *operation, + mbedtls_psa_pake_operation_t *operation, psa_key_derivation_operation_t *output); /** Abort a PAKE operation. @@ -470,6 +468,6 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( * It is implementation-dependent whether a failure to initialize * results in this error code. */ -psa_status_t mbedtls_psa_pake_abort(psa_pake_operation_t *operation); +psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation); #endif /* PSA_CRYPTO_PAKE_H */ From 6a9785f061fc6c712c93e932533ef1a641fcaa5e Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 22 Nov 2022 14:11:31 +0100 Subject: [PATCH 222/440] Add pake.h to test driver header Signed-off-by: Przemek Stekiel --- tests/include/test/drivers/test_driver.h | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h index 0a65b40bf..541ee03d0 100644 --- a/tests/include/test/drivers/test_driver.h +++ b/tests/include/test/drivers/test_driver.h @@ -38,6 +38,7 @@ #include "test/drivers/signature.h" #include "test/drivers/asymmetric_encryption.h" #include "test/drivers/key_agreement.h" +#include "test/drivers/pake.h" #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVER_H */ From 061a016c65ff5768297e7b4fee346603ee1dc24d Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 22 Nov 2022 14:16:36 +0100 Subject: [PATCH 223/440] Add ALG_TLS12_PRF, TLS12_PSK_TO_MS, LG_TLS12_ECJPAKE_TO_PMS support to test driver extensions Signed-off-by: Przemek Stekiel --- .../crypto_config_test_driver_extension.h | 26 +++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index fbfe8da7a..393d6326e 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -206,6 +206,30 @@ #endif #endif +#if defined(PSA_WANT_ALG_TLS12_PRF) +#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) +#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF +#else +#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) +#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS) +#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS +#else +#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) +#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS) +#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS +#else +#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS 1 +#endif +#endif + #define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1 #define MBEDTLS_PSA_ACCEL_ALG_CCM 1 #define MBEDTLS_PSA_ACCEL_ALG_CMAC 1 @@ -218,8 +242,6 @@ #define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1 #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1 #define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1 -#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF 1 -#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1 #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) #if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) From 7658a0768bb87e8d7bdbee960dd8233cbb5de65a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 22 Nov 2022 14:35:44 +0100 Subject: [PATCH 224/440] Add pake driver wrapper tests Signed-off-by: Przemek Stekiel Signed-off-by: Przemek Stekiel --- ...test_suite_psa_crypto_driver_wrappers.data | 36 + ..._suite_psa_crypto_driver_wrappers.function | 793 ++++++++++++++++++ 2 files changed, 829 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 6069a696c..73c569d39 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -820,3 +820,39 @@ aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_G PSA AEAD decrypt setup, AES-GCM, 144 bytes #1, insufficient memory depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY + +PSA PAKE setup transparent driver: in-driver success +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +pake_setup:"abcd":PSA_SUCCESS:PSA_SUCCESS + +PSA PAKE setup transparent driver: in-driver forced error +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +pake_setup:"abcd":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY + +PSA PAKE setup transparent driver: fallback +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_PAKE +pake_setup:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS + +PSA PAKE setup transparent driver: fallback not available +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_PSA_BUILTIN_PAKE +pake_setup:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED + +PSA PAKE operations transparent driver: in-driver success +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +pake_operations:"abcd":PSA_SUCCESS:"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_BAD_STATE + +PSA PAKE operations transparent driver: in-driver forced status +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +pake_operations:"abcd":PSA_SUCCESS:"1234":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY + +PSA PAKE operations transparent driver: fallback +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_PAKE +pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_BAD_STATE + +PSA PAKE: ecjpake rounds transparent driver: in-driver +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:1 + +PSA PAKE: ecjpake rounds transparent driver: fallback +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:MBEDTLS_PSA_BUILTIN_PAKE +ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:0 diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 8bb3e35f6..cfbcccb34 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -1,6 +1,411 @@ /* BEGIN_HEADER */ #include "test/drivers/test_driver.h" +/* Auxiliary variables for pake tests. + Global to silent the compiler when unused. */ +size_t pake_expected_hit_count; +int pake_in_driver; + +#if defined(PSA_WANT_ALG_JPAKE) +static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, + psa_pake_operation_t *server, + psa_pake_operation_t *client, + int client_input_first, + int round) +{ + unsigned char *buffer0 = NULL, *buffer1 = NULL; + size_t buffer_length = ( + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE) + + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC) + + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF)) * 2; + /* The output should be exactly this size according to the spec */ + const size_t expected_size_key_share = + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); + /* The output should be exactly this size according to the spec */ + const size_t expected_size_zk_public = + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PUBLIC); + /* The output can be smaller: the spec allows stripping leading zeroes */ + const size_t max_expected_size_zk_proof = + PSA_PAKE_OUTPUT_SIZE(alg, primitive, PSA_PAKE_STEP_ZK_PROOF); + size_t buffer0_off = 0; + size_t buffer1_off = 0; + size_t s_g1_len, s_g2_len, s_a_len; + size_t s_g1_off, s_g2_off, s_a_off; + size_t s_x1_pk_len, s_x2_pk_len, s_x2s_pk_len; + size_t s_x1_pk_off, s_x2_pk_off, s_x2s_pk_off; + size_t s_x1_pr_len, s_x2_pr_len, s_x2s_pr_len; + size_t s_x1_pr_off, s_x2_pr_off, s_x2s_pr_off; + size_t c_g1_len, c_g2_len, c_a_len; + size_t c_g1_off, c_g2_off, c_a_off; + size_t c_x1_pk_len, c_x2_pk_len, c_x2s_pk_len; + size_t c_x1_pk_off, c_x2_pk_off, c_x2s_pk_off; + size_t c_x1_pr_len, c_x2_pr_len, c_x2s_pr_len; + size_t c_x1_pr_off, c_x2_pr_off, c_x2s_pr_off; + psa_status_t status; + + ASSERT_ALLOC(buffer0, buffer_length); + ASSERT_ALLOC(buffer1, buffer_length); + + switch (round) { + case 1: + /* Server first round Output */ + PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_g1_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(s_g1_len, expected_size_key_share); + s_g1_off = buffer0_off; + buffer0_off += s_g1_len; + PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x1_pk_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(s_x1_pk_len, expected_size_zk_public); + s_x1_pk_off = buffer0_off; + buffer0_off += s_x1_pk_len; + PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x1_pr_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof); + s_x1_pr_off = buffer0_off; + buffer0_off += s_x1_pr_len; + PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_g2_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(s_g2_len, expected_size_key_share); + s_g2_off = buffer0_off; + buffer0_off += s_g2_len; + PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x2_pk_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(s_x2_pk_len, expected_size_zk_public); + s_x2_pk_off = buffer0_off; + buffer0_off += s_x2_pk_len; + PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x2_pr_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof); + s_x2_pr_off = buffer0_off; + buffer0_off += s_x2_pr_len; + + if (client_input_first == 1) { + /* Client first round Input */ + status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g1_off, s_g1_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x1_pk_off, + s_x1_pk_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x1_pr_off, + s_x1_pr_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g2_off, + s_g2_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x2_pk_off, + s_x2_pk_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x2_pr_off, + s_x2_pr_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + } + + /* Client first round Output */ + PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_g1_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(c_g1_len, expected_size_key_share); + c_g1_off = buffer1_off; + buffer1_off += c_g1_len; + PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x1_pk_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(c_x1_pk_len, expected_size_zk_public); + c_x1_pk_off = buffer1_off; + buffer1_off += c_x1_pk_len; + PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x1_pr_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof); + c_x1_pr_off = buffer1_off; + buffer1_off += c_x1_pr_len; + PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_g2_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(c_g2_len, expected_size_key_share); + c_g2_off = buffer1_off; + buffer1_off += c_g2_len; + PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x2_pk_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(c_x2_pk_len, expected_size_zk_public); + c_x2_pk_off = buffer1_off; + buffer1_off += c_x2_pk_len; + PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x2_pr_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof); + c_x2_pr_off = buffer1_off; + buffer1_off += c_x2_pr_len; + + if (client_input_first == 0) { + /* Client first round Input */ + status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g1_off, s_g1_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x1_pk_off, + s_x1_pk_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x1_pr_off, + s_x1_pr_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_g2_off, + s_g2_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x2_pk_off, + s_x2_pk_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x2_pr_off, + s_x2_pr_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + } + + /* Server first round Input */ + status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + c_g1_off, c_g1_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + c_x1_pk_off, c_x1_pk_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + c_x1_pr_off, c_x1_pr_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + c_g2_off, c_g2_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + c_x2_pk_off, c_x2_pk_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + c_x2_pr_off, c_x2_pr_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + break; + + case 2: + /* Server second round Output */ + buffer0_off = 0; + + PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_a_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(s_a_len, expected_size_key_share); + s_a_off = buffer0_off; + buffer0_off += s_a_len; + PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x2s_pk_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public); + s_x2s_pk_off = buffer0_off; + buffer0_off += s_x2s_pk_len; + PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + buffer0_off, + 512 - buffer0_off, &s_x2s_pr_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof); + s_x2s_pr_off = buffer0_off; + buffer0_off += s_x2s_pr_len; + + if (client_input_first == 1) { + /* Client second round Input */ + status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_a_off, s_a_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x2s_pk_off, + s_x2s_pk_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x2s_pr_off, + s_x2s_pr_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + } + + /* Client second round Output */ + buffer1_off = 0; + + PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_a_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(c_a_len, expected_size_key_share); + c_a_off = buffer1_off; + buffer1_off += c_a_len; + PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x2s_pk_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public); + c_x2s_pk_off = buffer1_off; + buffer1_off += c_x2s_pk_len; + PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + buffer1_off, + 512 - buffer1_off, &c_x2s_pr_len)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof); + c_x2s_pr_off = buffer1_off; + buffer1_off += c_x2s_pr_len; + + if (client_input_first == 0) { + /* Client second round Input */ + status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, + buffer0 + s_a_off, s_a_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, + buffer0 + s_x2s_pk_off, + s_x2s_pk_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, + buffer0 + s_x2s_pr_off, + s_x2s_pr_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + } + + /* Server second round Input */ + status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, + buffer1 + c_a_off, c_a_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, + buffer1 + c_x2s_pk_off, c_x2s_pk_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, + buffer1 + c_x2s_pr_off, c_x2s_pr_len); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(status, PSA_SUCCESS); + + break; + } + +exit: + mbedtls_free(buffer0); + mbedtls_free(buffer1); +} +#endif /* PSA_WANT_ALG_JPAKE */ + #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) /* Sanity checks on the output of RSA encryption. * @@ -2567,3 +2972,391 @@ exit: PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE */ +void pake_setup(data_t *pw_data, int forced_status_arg, int expected_status_arg) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_status_t forced_status = forced_status_arg; + psa_status_t expected_status = expected_status_arg; + psa_pake_operation_t operation = psa_pake_operation_init(); + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_key_type_t key_type_pw = PSA_KEY_TYPE_PASSWORD; + psa_key_usage_t key_usage_pw = PSA_KEY_USAGE_DERIVE; + psa_algorithm_t alg = PSA_ALG_JPAKE; + psa_algorithm_t hash_alg = PSA_ALG_SHA_256; + psa_pake_primitive_t primitive_arg = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, + PSA_ECC_FAMILY_SECP_R1, 256); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); + + PSA_INIT(); + + if (pw_data->len > 0) { + psa_set_key_usage_flags(&attributes, key_usage_pw); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type_pw); + PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, + &key)); + } + + psa_pake_cs_set_algorithm(&cipher_suite, alg); + psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); + psa_pake_cs_set_hash(&cipher_suite, hash_alg); + + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + + TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), + expected_status); + + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 1); +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes(&attributes); + psa_destroy_key(key); + mbedtls_test_driver_pake_hooks = + mbedtls_test_driver_pake_hooks_init(); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void pake_operations(data_t *pw_data, int forced_status_setup_arg, data_t *forced_output, + int forced_status_arg, int expected_status_set_user_arg, + int expected_status_set_role_arg, int expected_status_set_peer_arg, + int expected_status_set_password_arg, int expected_status_input_arg, + int expected_status_abort_arg, int expected_status_output_arg, + int expected_status_get_key_arg) +{ + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_status_t forced_status = forced_status_arg; + psa_status_t forced_status_setup = forced_status_setup_arg; + psa_status_t expected_status_set_user = expected_status_set_user_arg; + psa_status_t expected_status_set_role = expected_status_set_role_arg; + psa_status_t expected_status_set_peer = expected_status_set_peer_arg; + psa_status_t expected_status_set_password = expected_status_set_password_arg; + psa_status_t expected_status_input = expected_status_input_arg; + psa_status_t expected_status_abort = expected_status_abort_arg; + psa_status_t expected_status_output = expected_status_output_arg; + psa_status_t expected_status_get_key = expected_status_get_key_arg; + psa_pake_operation_t operation = psa_pake_operation_init(); + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_key_type_t key_type_pw = PSA_KEY_TYPE_PASSWORD; + psa_key_usage_t key_usage_pw = PSA_KEY_USAGE_DERIVE; + psa_algorithm_t alg = PSA_ALG_JPAKE; + psa_algorithm_t hash_alg = PSA_ALG_SHA_256; + psa_key_derivation_operation_t implicit_key = + PSA_KEY_DERIVATION_OPERATION_INIT; + psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, + PSA_ECC_FAMILY_SECP_R1, 256); + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); + const unsigned char *user = (const unsigned char *) "user"; + const uint8_t peer[] = "abcd"; + uint32_t expected_hits = 1; + unsigned char *input_buffer = NULL; + const size_t size_key_share = PSA_PAKE_INPUT_SIZE(alg, primitive, + PSA_PAKE_STEP_KEY_SHARE); + unsigned char *output_buffer = NULL; + size_t output_len = 0; + size_t output_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive, + PSA_PAKE_STEP_KEY_SHARE); + + ASSERT_ALLOC(input_buffer, + PSA_PAKE_INPUT_SIZE(alg, primitive, + PSA_PAKE_STEP_KEY_SHARE)); + memset(input_buffer, 0xAA, size_key_share); + + ASSERT_ALLOC(output_buffer, + PSA_PAKE_INPUT_SIZE(alg, primitive, + PSA_PAKE_STEP_KEY_SHARE)); + memset(output_buffer, 0x55, output_size); + + /* Transparent driver is not available (fallback). */ + if (forced_status_setup == PSA_ERROR_NOT_SUPPORTED) { + expected_hits = 0; + } + + PSA_INIT(); + + if (pw_data->len > 0) { + psa_set_key_usage_flags(&attributes, key_usage_pw); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type_pw); + PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, + &key)); + } + + psa_pake_cs_set_algorithm(&cipher_suite, alg); + psa_pake_cs_set_primitive(&cipher_suite, primitive); + psa_pake_cs_set_hash(&cipher_suite, hash_alg); + + mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; + TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), + PSA_SUCCESS); + + /* --- psa_pake_set_user --- */ + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + mbedtls_test_driver_pake_hooks.hits = 0; + + TEST_EQUAL(psa_pake_set_user(&operation, user, 4), + expected_status_set_user); + + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); + + /* psa_pake_set_user is unsupported (after this call operation is aborted) + we need to reinitialize object. */ + if (mbedtls_test_driver_pake_hooks.forced_status == PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; + TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), + PSA_SUCCESS); + } + + /* --- psa_pake_set_peer --- */ + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + mbedtls_test_driver_pake_hooks.hits = 0; + + TEST_EQUAL(psa_pake_set_peer(&operation, peer, 4), + expected_status_set_peer); + + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); + + /* psa_pake_set_user is unsupported (after this call operation is aborted) + we need to reinitialize object. */ + if (mbedtls_test_driver_pake_hooks.forced_status == PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; + TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), + PSA_SUCCESS); + } + + /* --- psa_pake_set_role --- */ + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + mbedtls_test_driver_pake_hooks.hits = 0; + + TEST_EQUAL(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER), + expected_status_set_role); + + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); + + /* --- psa_pake_set_password_key --- */ + /* psa_pake_set_password_key is dispatched by location and other + functions are dispatched by operation id (set during setup). + In case of dispatching by location fallback is performed when + transparent accelerators are not supported. */ + if (forced_status_setup == PSA_ERROR_NOT_SUPPORTED) { + mbedtls_test_driver_pake_hooks.forced_status = PSA_ERROR_NOT_SUPPORTED; + expected_hits = 1; + } else { + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + } + mbedtls_test_driver_pake_hooks.hits = 0; + + TEST_EQUAL(psa_pake_set_password_key(&operation, key), + expected_status_set_password); + + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); + + /* Restore expected_hits for next tests. */ + if (forced_status_setup == PSA_ERROR_NOT_SUPPORTED) { + expected_hits = 0; + } + + /* --- psa_pake_input --- */ + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + mbedtls_test_driver_pake_hooks.hits = 0; + + TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, + input_buffer, size_key_share), + expected_status_input); + + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); + + /* --- psa_pake_abort --- */ + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + mbedtls_test_driver_pake_hooks.hits = 0; + + TEST_EQUAL(psa_pake_abort(&operation), expected_status_abort); + + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); + + /* --- psa_pake_output --- */ + /* We need to setup pake again */ + mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; + TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS); + + mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; + TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), + PSA_SUCCESS); + + TEST_EQUAL(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER), + PSA_SUCCESS); + + TEST_EQUAL(psa_pake_set_password_key(&operation, key), + PSA_SUCCESS); + + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + mbedtls_test_driver_pake_hooks.hits = 0; + + if (forced_output->len > 0) { + mbedtls_test_driver_pake_hooks.forced_output = forced_output->x; + mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len; + } + + TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, + output_buffer, output_size, &output_len), + expected_status_output); + + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); + + if (forced_output->len > 0) { + TEST_EQUAL(output_len, forced_output->len); + TEST_EQUAL(memcmp(output_buffer, forced_output->x, output_len), 0); + } + + /* --- psa_pake_get_implicit_key --- */ + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + mbedtls_test_driver_pake_hooks.hits = 0; + + TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key), + expected_status_get_key); + + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); + + /* Clean up */ + mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; + TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS); +exit: + /* + * Key attributes may have been returned by psa_get_key_attributes() + * thus reset them as required. + */ + psa_reset_key_attributes(&attributes); + mbedtls_free(input_buffer); + mbedtls_free(output_buffer); + psa_destroy_key(key); + mbedtls_test_driver_pake_hooks = + mbedtls_test_driver_pake_hooks_init(); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, + int derive_alg_arg, data_t *pw_data, + int client_input_first, int in_driver) +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t server = psa_pake_operation_init(); + psa_pake_operation_t client = psa_pake_operation_init(); + psa_algorithm_t alg = alg_arg; + psa_algorithm_t hash_alg = hash_arg; + psa_algorithm_t derive_alg = derive_alg_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_key_derivation_operation_t server_derive = + PSA_KEY_DERIVATION_OPERATION_INIT; + psa_key_derivation_operation_t client_derive = + PSA_KEY_DERIVATION_OPERATION_INIT; + pake_in_driver = in_driver; + mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; + mbedtls_test_driver_pake_hooks.hits = 0; + pake_expected_hit_count = 1; + + PSA_INIT(); + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); + PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, + &key)); + + psa_pake_cs_set_algorithm(&cipher_suite, alg); + psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); + psa_pake_cs_set_hash(&cipher_suite, hash_alg); + + /* Get shared key */ + PSA_ASSERT(psa_key_derivation_setup(&server_derive, derive_alg)); + PSA_ASSERT(psa_key_derivation_setup(&client_derive, derive_alg)); + + if (PSA_ALG_IS_TLS12_PSK_TO_MS(derive_alg)) { + PSA_ASSERT(psa_key_derivation_input_bytes(&server_derive, + PSA_KEY_DERIVATION_INPUT_SEED, + (const uint8_t *) "", 0)); + PSA_ASSERT(psa_key_derivation_input_bytes(&client_derive, + PSA_KEY_DERIVATION_INPUT_SEED, + (const uint8_t *) "", 0)); + } + + if (!pake_in_driver) { + mbedtls_test_driver_pake_hooks.forced_status = PSA_ERROR_NOT_SUPPORTED; + } + + PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, pake_expected_hit_count++); + PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, pake_expected_hit_count++); + + /* Restore forced status and adjust pake_expected_hit_count */ + mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; + if (!pake_in_driver) { + pake_expected_hit_count--; + } + + PSA_ASSERT(psa_pake_set_role(&server, PSA_PAKE_ROLE_SERVER)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + PSA_ASSERT(psa_pake_set_role(&client, PSA_PAKE_ROLE_CLIENT)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + + /* psa_pake_set_password_key is dispatched by location and other + functions are dispatched by operation id (set during setup). + In case of dispatching by location fallback is performed when + transparent accelerators are not supported. We need to also adjust + expected hit counter. */ + if (!pake_in_driver) { + mbedtls_test_driver_pake_hooks.forced_status = PSA_ERROR_NOT_SUPPORTED; + pake_expected_hit_count++; + } + + PSA_ASSERT(psa_pake_set_password_key(&server, key)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_expected_hit_count++); + PSA_ASSERT(psa_pake_set_password_key(&client, key)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_expected_hit_count++); + + /* Restore forced status and adjust pake_expected_hit_count */ + mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; + if (!pake_in_driver) { + pake_expected_hit_count--; + } + + /* First round */ + ecjpake_do_round(alg, primitive_arg, &server, &client, + client_input_first, 1); + + /* Second round */ + ecjpake_do_round(alg, primitive_arg, &server, &client, + client_input_first, 2); + + PSA_ASSERT(psa_pake_get_implicit_key(&server, &server_derive)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + PSA_ASSERT(psa_pake_get_implicit_key(&client, &client_derive)); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); +exit: + psa_key_derivation_abort(&server_derive); + psa_key_derivation_abort(&client_derive); + psa_destroy_key(key); + psa_pake_abort(&server); + psa_pake_abort(&client); + PSA_DONE(); +} +/* END_CASE */ From 4f0035be299bf84d2456b4b3cf364c076acff743 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 23 Nov 2022 23:19:22 +0100 Subject: [PATCH 225/440] Add guards for buildin pake set_password function Signed-off-by: Przemek Stekiel --- .../driver_templates/psa_crypto_driver_wrappers.c.jinja | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 802722f97..b3e40f0cf 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2887,9 +2887,12 @@ psa_status_t psa_driver_wrapper_pake_set_password_key( return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) return( mbedtls_psa_pake_set_password_key( attributes, &operation->ctx.mbedtls_ctx, key_buffer, key_size ) ); +#endif + return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) @@ -2903,6 +2906,7 @@ psa_status_t psa_driver_wrapper_pake_set_password_key( default: /* Key is declared with a lifetime not known to us */ + (void)operation; (void)status; (void)key_buffer; (void)key_size; From 0c78180ee548568c513696b72268aa37cdd6d97d Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 29 Nov 2022 14:53:13 +0100 Subject: [PATCH 226/440] mbedtls_psa_pake_get_implicit_key: move psa_key_derivation_input_bytes call to upper layer Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 25 ++++++++++++++++++- library/psa_crypto_driver_wrappers.h | 2 +- library/psa_crypto_pake.c | 11 +++----- library/psa_crypto_pake.h | 2 +- .../psa_crypto_driver_wrappers.c.jinja | 9 ++++--- tests/include/test/drivers/pake.h | 4 +-- tests/src/drivers/test_driver_pake.c | 9 ++++--- 7 files changed, 42 insertions(+), 20 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8dc1a21fc..4e0f5f51f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7295,11 +7295,34 @@ psa_status_t psa_pake_get_implicit_key( psa_pake_operation_t *operation, psa_key_derivation_operation_t *output) { + psa_status_t status = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + uint8_t shared_key[MBEDTLS_PSA_PAKE_BUFFER_SIZE]; + size_t shared_key_len = 0; + if (operation->id == 0) { return PSA_ERROR_BAD_STATE; } - return psa_driver_wrapper_pake_get_implicit_key(operation, output); + status = psa_driver_wrapper_pake_get_implicit_key(operation, + shared_key, + &shared_key_len); + + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_key_derivation_input_bytes(output, + PSA_KEY_DERIVATION_INPUT_SECRET, + shared_key, + shared_key_len); + + if (status != PSA_SUCCESS) { + psa_key_derivation_abort(output); + } + + mbedtls_platform_zeroize(shared_key, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + + return status; } psa_status_t psa_pake_abort( diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index a3755d3a4..78f2f9a28 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -454,7 +454,7 @@ psa_status_t psa_driver_wrapper_pake_input( psa_status_t psa_driver_wrapper_pake_get_implicit_key( psa_pake_operation_t *operation, - psa_key_derivation_operation_t *output); + uint8_t *output, size_t *output_size); psa_status_t psa_driver_wrapper_pake_abort( psa_pake_operation_t *operation); diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 6c4db6f2d..1e5dca4e6 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -835,7 +835,7 @@ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, psa_status_t mbedtls_psa_pake_get_implicit_key( mbedtls_psa_pake_operation_t *operation, - psa_key_derivation_operation_t *output) + uint8_t *output, size_t *output_size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; @@ -863,16 +863,14 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( return mbedtls_ecjpake_to_psa_error(ret); } - status = psa_key_derivation_input_bytes(output, - PSA_KEY_DERIVATION_INPUT_SECRET, - operation->buffer, - operation->buffer_length); + memcpy(output, operation->buffer, operation->buffer_length); + *output_size = operation->buffer_length; mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); mbedtls_psa_pake_abort(operation); - return status; + return PSA_SUCCESS; } else #else (void) output; @@ -880,7 +878,6 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( { status = PSA_ERROR_NOT_SUPPORTED; } error: - psa_key_derivation_abort(output); mbedtls_psa_pake_abort(operation); return status; diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index c7bf270a5..9256f5a14 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -442,7 +442,7 @@ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, */ psa_status_t mbedtls_psa_pake_get_implicit_key( mbedtls_psa_pake_operation_t *operation, - psa_key_derivation_operation_t *output); + uint8_t *output, size_t *output_size); /** Abort a PAKE operation. * diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index b3e40f0cf..cea7948b7 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -3079,13 +3079,13 @@ psa_status_t psa_driver_wrapper_pake_input( psa_status_t psa_driver_wrapper_pake_get_implicit_key( psa_pake_operation_t *operation, - psa_key_derivation_operation_t *output ) + uint8_t *output, size_t *output_size ) { switch( operation->id ) { #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_get_implicit_key( &operation->ctx.mbedtls_ctx, output ) ); + return( mbedtls_psa_pake_get_implicit_key( &operation->ctx.mbedtls_ctx, output, output_size ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -3093,15 +3093,16 @@ psa_status_t psa_driver_wrapper_pake_get_implicit_key( case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_get_implicit_key( &operation->ctx.transparent_test_driver_ctx, - (psa_key_derivation_operation_t*) output ) ); + output, output_size ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_get_implicit_key( &operation->ctx.opaque_test_driver_ctx, - (psa_key_derivation_operation_t*) output ) ); + output, output_size ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) output; + (void) output_size; return( PSA_ERROR_INVALID_ARGUMENT ); } } diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index 81e87113b..5ee401b7d 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -87,7 +87,7 @@ psa_status_t mbedtls_test_transparent_pake_input( psa_status_t mbedtls_test_transparent_pake_get_implicit_key( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_key_derivation_operation_t *output); + uint8_t *output, size_t *output_size); psa_status_t mbedtls_test_transparent_pake_abort( mbedtls_transparent_test_driver_pake_operation_t *operation); @@ -131,7 +131,7 @@ psa_status_t mbedtls_test_opaque_pake_input( psa_status_t mbedtls_test_opaque_pake_get_implicit_key( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_key_derivation_operation_t *output); + uint8_t *output, size_t *output_size); psa_status_t mbedtls_test_opaque_pake_abort( mbedtls_opaque_test_driver_pake_operation_t *operation); diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 1ced55936..3495705d6 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -270,7 +270,7 @@ psa_status_t mbedtls_test_transparent_pake_input( psa_status_t mbedtls_test_transparent_pake_get_implicit_key( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_key_derivation_operation_t *output) + uint8_t *output, size_t *output_size) { mbedtls_test_driver_pake_hooks.hits++; @@ -282,11 +282,11 @@ psa_status_t mbedtls_test_transparent_pake_get_implicit_key( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_get_implicit_key( - operation, (libtestdriver1_psa_key_derivation_operation_t *) output); + operation, output, output_size); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_get_implicit_key( - operation, output); + operation, output, output_size); #else (void) operation; (void) output; @@ -411,10 +411,11 @@ psa_status_t mbedtls_test_opaque_pake_input( psa_status_t mbedtls_test_opaque_pake_get_implicit_key( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_key_derivation_operation_t *output) + uint8_t *output, size_t *output_size) { (void) operation; (void) output; + (void) output_size; return PSA_ERROR_NOT_SUPPORTED; } From 061f6949fd4704852ea08ebcc55c8c1361f1c2b9 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 30 Nov 2022 10:51:35 +0100 Subject: [PATCH 227/440] Make psa_get_and_lock_key_slot_with_policy() static function psa_get_and_lock_key_slot_with_policy() becomes public temporarily as part of: https://github.com/Mbed-TLS/mbedtls/pull/6608 Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 15 ++++++++++++++- library/psa_crypto_core.h | 18 ------------------ 2 files changed, 14 insertions(+), 19 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4e0f5f51f..18aa18ba8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -878,7 +878,20 @@ static psa_status_t psa_restrict_key_policy( return PSA_SUCCESS; } -psa_status_t psa_get_and_lock_key_slot_with_policy( +/** Get the description of a key given its identifier and policy constraints + * and lock it. + * + * The key must have allow all the usage flags set in \p usage. If \p alg is + * nonzero, the key must allow operations with this algorithm. If \p alg is + * zero, the algorithm is not checked. + * + * In case of a persistent key, the function loads the description of the key + * into a key slot if not already done. + * + * On success, the returned key slot is locked. It is the responsibility of + * the caller to unlock the key slot when it does not access it anymore. + */ +static psa_status_t psa_get_and_lock_key_slot_with_policy( mbedtls_svc_key_id_t key, psa_key_slot_t **p_slot, psa_key_usage_t usage, diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index b1817e2da..84c218c13 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -182,24 +182,6 @@ static inline psa_key_slot_number_t psa_key_slot_get_slot_number( } #endif -/** Get the description of a key given its identifier and policy constraints - * and lock it. - * - * The key must have allow all the usage flags set in \p usage. If \p alg is - * nonzero, the key must allow operations with this algorithm. If \p alg is - * zero, the algorithm is not checked. - * - * In case of a persistent key, the function loads the description of the key - * into a key slot if not already done. - * - * On success, the returned key slot is locked. It is the responsibility of - * the caller to unlock the key slot when it does not access it anymore. - */ -psa_status_t psa_get_and_lock_key_slot_with_policy(mbedtls_svc_key_id_t key, - psa_key_slot_t **p_slot, - psa_key_usage_t usage, - psa_algorithm_t alg); - /** Completely wipe a slot in memory, including its policy. * * Persistent storage is not affected. From e5e41eb14cab251727ddae5cfbba4282b8119920 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 1 Dec 2022 15:55:29 +0100 Subject: [PATCH 228/440] Remove redundant line (fix rebase error) Signed-off-by: Przemek Stekiel --- .../driver_templates/psa_crypto_driver_wrappers.c.jinja | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index cea7948b7..9a7b64547 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2809,7 +2809,6 @@ psa_status_t psa_driver_wrapper_key_agreement( } } -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) psa_status_t psa_driver_wrapper_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite ) From 51eac53b935a738e7db3e69d36b1b9ce1d59efdb Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 7 Dec 2022 11:04:51 +0100 Subject: [PATCH 229/440] Divide pake operation into two phases collecting inputs and computation. Functions that only set inputs do not have driver entry points. Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 27 ++- library/psa_crypto.c | 144 ++++++++++-- library/psa_crypto_driver_wrappers.h | 22 +- library/psa_crypto_pake.c | 179 ++------------- library/psa_crypto_pake.h | 172 +-------------- .../psa_crypto_driver_wrappers.c.jinja | 205 +++--------------- tests/include/test/drivers/pake.h | 24 +- tests/src/drivers/test_driver_pake.c | 137 +----------- 8 files changed, 215 insertions(+), 695 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index da74bed17..4fa273d31 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -429,6 +429,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, */ #define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e) +/** EC-JPAKE operation stages. */ +#define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 0 +#define PSA_PAKE_OPERATION_STAGE_COMPUTATION 1 /** * \brief Set domain parameters for a key. @@ -1286,6 +1289,9 @@ static void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite, * Implementation details can change in future versions without notice. */ typedef struct psa_pake_operation_s psa_pake_operation_t; +/** The type of input values for PAKE operations. */ +typedef struct psa_crypto_driver_pake_inputs_s psa_crypto_driver_pake_inputs_t; + /** Return an initial value for a PAKE operation object. */ static psa_pake_operation_t psa_pake_operation_init(void); @@ -1826,7 +1832,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); /** Returns a suitable initializer for a PAKE operation object of type * psa_pake_operation_t. */ -#define PSA_PAKE_OPERATION_INIT { 0, { .dummy = 0 } } +#define PSA_PAKE_OPERATION_INIT { 0, PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS, { 0 } } struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; @@ -1897,6 +1903,15 @@ static inline void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite, } } +struct psa_crypto_driver_pake_inputs_s { + psa_algorithm_t MBEDTLS_PRIVATE(alg); + uint8_t *MBEDTLS_PRIVATE(password); + size_t MBEDTLS_PRIVATE(password_len); + psa_pake_role_t MBEDTLS_PRIVATE(role); + psa_key_lifetime_t MBEDTLS_PRIVATE(key_lifetime); + psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite); +}; + struct psa_pake_operation_s { /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping @@ -1905,7 +1920,15 @@ struct psa_pake_operation_s { * ID value zero means the context is not valid or not assigned to * any driver (i.e. none of the driver contexts are active). */ unsigned int MBEDTLS_PRIVATE(id); - psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); + /* Based on stage (collecting inputs/computation) we select active structure of data union. + * While switching stage (when driver setup is called) collected inputs + are copied to the corresponding operation context. */ + uint8_t MBEDTLS_PRIVATE(stage); + union { + unsigned dummy; + psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs); + psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); + } MBEDTLS_PRIVATE(data); }; static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 18aa18ba8..4742c3cae 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7180,7 +7180,29 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) { - return psa_driver_wrapper_pake_setup(operation, cipher_suite); + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + return PSA_ERROR_BAD_STATE; + } + + if (operation->data.inputs.alg != PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + if (cipher_suite == NULL || + PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 || + (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC && + cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH) || + PSA_ALG_IS_HASH(cipher_suite->hash) == 0) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + ; + memset(&operation->data.inputs, 0, sizeof(operation->data.inputs)); + + operation->data.inputs.alg = cipher_suite->algorithm; + operation->data.inputs.cipher_suite = *cipher_suite; + + return PSA_SUCCESS; } psa_status_t psa_pake_set_password_key( @@ -7191,7 +7213,11 @@ psa_status_t psa_pake_set_password_key( psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; - if (operation->id == 0) { + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + return PSA_ERROR_BAD_STATE; + } + + if (operation->data.inputs.alg == PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } @@ -7206,9 +7232,29 @@ psa_status_t psa_pake_set_password_key( .core = slot->attr }; - status = psa_driver_wrapper_pake_set_password_key(&attributes, operation, - slot->key.data, slot->key.bytes); + psa_key_type_t type = psa_get_key_type(&attributes); + psa_key_usage_t usage = psa_get_key_usage_flags(&attributes); + if (type != PSA_KEY_TYPE_PASSWORD && + type != PSA_KEY_TYPE_PASSWORD_HASH) { + status = PSA_ERROR_INVALID_ARGUMENT; + goto error; + } + + if ((usage & PSA_KEY_USAGE_DERIVE) == 0) { + status = PSA_ERROR_NOT_PERMITTED; + goto error; + } + + operation->data.inputs.password = mbedtls_calloc(1, slot->key.bytes); + if (operation->data.inputs.password == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes); + operation->data.inputs.password_len = slot->key.bytes; + operation->data.inputs.key_lifetime = attributes.core.lifetime; +error: unlock_status = psa_unlock_key_slot(slot); return (status == PSA_SUCCESS) ? unlock_status : status; @@ -7219,16 +7265,21 @@ psa_status_t psa_pake_set_user( const uint8_t *user_id, size_t user_id_len) { - if (operation->id == 0) { + (void) user_id; + + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { return PSA_ERROR_BAD_STATE; } - if (user_id_len == 0 || user_id == NULL) { + if (operation->data.inputs.alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + if (user_id_len == 0) { return PSA_ERROR_INVALID_ARGUMENT; } - return psa_driver_wrapper_pake_set_user(operation, user_id, - user_id_len); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t psa_pake_set_peer( @@ -7236,23 +7287,32 @@ psa_status_t psa_pake_set_peer( const uint8_t *peer_id, size_t peer_id_len) { - if (operation->id == 0) { + (void) peer_id; + + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { return PSA_ERROR_BAD_STATE; } - if (peer_id_len == 0 || peer_id == NULL) { + if (operation->data.inputs.alg == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + if (peer_id_len == 0) { return PSA_ERROR_INVALID_ARGUMENT; } - return psa_driver_wrapper_pake_set_peer(operation, peer_id, - peer_id_len); + return PSA_ERROR_NOT_SUPPORTED; } psa_status_t psa_pake_set_role( psa_pake_operation_t *operation, psa_pake_role_t role) { - if (operation->id == 0) { + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + return PSA_ERROR_BAD_STATE; + } + + if (operation->data.inputs.alg == PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } @@ -7264,7 +7324,9 @@ psa_status_t psa_pake_set_role( return PSA_ERROR_INVALID_ARGUMENT; } - return psa_driver_wrapper_pake_set_role(operation, role); + operation->data.inputs.role = role; + + return PSA_SUCCESS; } psa_status_t psa_pake_output( @@ -7274,11 +7336,34 @@ psa_status_t psa_pake_output( size_t output_size, size_t *output_length) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + if (operation->data.inputs.alg == PSA_ALG_NONE || + operation->data.inputs.password_len == 0 || + operation->data.inputs.role == PSA_PAKE_ROLE_NONE) { + return PSA_ERROR_BAD_STATE; + } + + status = psa_driver_wrapper_pake_setup(operation, + &operation->data.inputs); + + if (status == PSA_SUCCESS) { + operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; + } else { + return status; + } + } + + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) { + return PSA_ERROR_BAD_STATE; + } + if (operation->id == 0) { return PSA_ERROR_BAD_STATE; } - if (output == NULL || output_size == 0 || output_length == NULL) { + if (output == NULL || output_size == 0) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -7292,6 +7377,29 @@ psa_status_t psa_pake_input( const uint8_t *input, size_t input_length) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + if (operation->data.inputs.alg == PSA_ALG_NONE || + operation->data.inputs.password_len == 0 || + operation->data.inputs.role == PSA_PAKE_ROLE_NONE) { + return PSA_ERROR_BAD_STATE; + } + + status = psa_driver_wrapper_pake_setup(operation, + &operation->data.inputs); + + if (status == PSA_SUCCESS) { + operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; + } else { + return status; + } + } + + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) { + return PSA_ERROR_BAD_STATE; + } + if (operation->id == 0) { return PSA_ERROR_BAD_STATE; } @@ -7341,8 +7449,10 @@ psa_status_t psa_pake_get_implicit_key( psa_status_t psa_pake_abort( psa_pake_operation_t *operation) { - /* Aborting a non-active operation is allowed */ - if (operation->id == 0) { + /* If we are in collecting inputs stage clear inputs. */ + if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { + mbedtls_free(operation->data.inputs.password); + memset(&operation->data.inputs, 0, sizeof(psa_crypto_driver_pake_inputs_t)); return PSA_SUCCESS; } diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 78f2f9a28..abaabb544 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -417,27 +417,7 @@ psa_status_t psa_driver_wrapper_key_agreement( */ psa_status_t psa_driver_wrapper_pake_setup( psa_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite); - -psa_status_t psa_driver_wrapper_pake_set_password_key( - const psa_key_attributes_t *attributes, - psa_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size); - -psa_status_t psa_driver_wrapper_pake_set_user( - psa_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len); - -psa_status_t psa_driver_wrapper_pake_set_peer( - psa_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len); - -psa_status_t psa_driver_wrapper_pake_set_role( - psa_pake_operation_t *operation, - psa_pake_role_t role); + const psa_crypto_driver_pake_inputs_t *inputs); psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 1e5dca4e6..3a710dc60 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -192,36 +192,32 @@ static psa_status_t mbedtls_ecjpake_to_psa_error(int ret) #if defined(MBEDTLS_PSA_BUILTIN_PAKE) psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite) + const psa_crypto_driver_pake_inputs_t *inputs) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - /* A context must be freshly initialized before it can be set up. */ - if (operation->alg != PSA_ALG_NONE) { - status = PSA_ERROR_BAD_STATE; - goto error; - } + uint8_t *password = inputs->password; + size_t password_len = inputs->password_len; + psa_pake_role_t role = inputs->role; + psa_pake_cipher_suite_t cipher_suite = inputs->cipher_suite; - if (cipher_suite == NULL || - PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 || - (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC && - cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH) || - PSA_ALG_IS_HASH(cipher_suite->hash) == 0) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto error; - } + memset(operation, 0, sizeof(mbedtls_psa_pake_operation_t)); #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) - if (cipher_suite->algorithm == PSA_ALG_JPAKE) { - if (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC || - cipher_suite->family != PSA_ECC_FAMILY_SECP_R1 || - cipher_suite->bits != 256 || - cipher_suite->hash != PSA_ALG_SHA_256) { + if (cipher_suite.algorithm == PSA_ALG_JPAKE) { + if (cipher_suite.type != PSA_PAKE_PRIMITIVE_TYPE_ECC || + cipher_suite.family != PSA_ECC_FAMILY_SECP_R1 || + cipher_suite.bits != 256 || + cipher_suite.hash != PSA_ALG_SHA_256) { status = PSA_ERROR_NOT_SUPPORTED; goto error; } - operation->alg = cipher_suite->algorithm; + if (role != PSA_PAKE_ROLE_CLIENT && + role != PSA_PAKE_ROLE_SERVER) { + status = PSA_ERROR_NOT_SUPPORTED; + goto error; + } mbedtls_ecjpake_init(&operation->ctx.pake); @@ -229,8 +225,10 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, operation->sequence = PSA_PAKE_SEQ_INVALID; operation->input_step = PSA_PAKE_STEP_X1_X2; operation->output_step = PSA_PAKE_STEP_X1_X2; - operation->password_len = 0; - operation->password = NULL; + operation->password_len = password_len; + operation->password = password; + operation->role = role; + operation->alg = cipher_suite.algorithm; mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); operation->buffer_length = 0; @@ -240,149 +238,16 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, } else #else (void) operation; - (void) cipher_suite; + (void) inputs; #endif { status = PSA_ERROR_NOT_SUPPORTED; } error: + mbedtls_free(password); mbedtls_psa_pake_abort(operation); return status; } -psa_status_t mbedtls_psa_pake_set_password_key(const psa_key_attributes_t *attributes, - mbedtls_psa_pake_operation_t *operation, - uint8_t *password, - size_t password_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_type_t type = psa_get_key_type(attributes); - psa_key_usage_t usage = psa_get_key_usage_flags(attributes); - - if (type != PSA_KEY_TYPE_PASSWORD && - type != PSA_KEY_TYPE_PASSWORD_HASH) { - status = PSA_ERROR_INVALID_ARGUMENT; - goto error; - } - - if ((usage & PSA_KEY_USAGE_DERIVE) == 0) { - status = PSA_ERROR_NOT_PERMITTED; - goto error; - } - - if (operation->alg == PSA_ALG_NONE) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - if (operation->state != PSA_PAKE_STATE_SETUP) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - if (operation->password != NULL) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - operation->password = mbedtls_calloc(1, password_len); - if (operation->password == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - memcpy(operation->password, password, password_len); - operation->password_len = password_len; - - return PSA_SUCCESS; - -error: - mbedtls_psa_pake_abort(operation); - return status; -} - -psa_status_t mbedtls_psa_pake_set_user(mbedtls_psa_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - (void) user_id; - (void) user_id_len; - - if (operation->alg == PSA_ALG_NONE) { - return PSA_ERROR_BAD_STATE; - } - - if (operation->state != PSA_PAKE_STATE_SETUP) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - status = PSA_ERROR_NOT_SUPPORTED; - -error: - mbedtls_psa_pake_abort(operation); - return status; -} - -psa_status_t mbedtls_psa_pake_set_peer(mbedtls_psa_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - (void) peer_id; - (void) peer_id_len; - - if (operation->alg == PSA_ALG_NONE) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - if (operation->state != PSA_PAKE_STATE_SETUP) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - status = PSA_ERROR_NOT_SUPPORTED; - -error: - mbedtls_psa_pake_abort(operation); - return status; -} - -psa_status_t mbedtls_psa_pake_set_role(mbedtls_psa_pake_operation_t *operation, - psa_pake_role_t role) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - if (operation->alg == PSA_ALG_NONE) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - - if (operation->state != PSA_PAKE_STATE_SETUP) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) - if (operation->alg == PSA_ALG_JPAKE) { - if (role != PSA_PAKE_ROLE_CLIENT && - role != PSA_PAKE_ROLE_SERVER) { - return PSA_ERROR_NOT_SUPPORTED; - } - - operation->role = role; - - return PSA_SUCCESS; - } else -#else - (void) role; -#endif - - { status = PSA_ERROR_NOT_SUPPORTED; } - -error: - mbedtls_psa_pake_abort(operation); - return status; -} #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operation) diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index 9256f5a14..4768cee11 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -94,178 +94,8 @@ * results in this error code. */ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite); + const psa_crypto_driver_pake_inputs_t *inputs); -/** Set the password for a password-authenticated key exchange from key ID. - * - * Call this function when the password, or a value derived from the password, - * is already present in the key store. - * \param[in] attributes The attributes of the key to use for the - * operation. - * \param[in,out] operation The operation object to set the password for. It - * must have been set up by psa_pake_setup() and - * not yet in use (neither psa_pake_output() nor - * psa_pake_input() has been called yet). It must - * be on operation for which the password hasn't - * been set yet (psa_pake_set_password_key() - * hasn't been called yet). - * \param password Buffer holding the password - * \param password_len Password buffer size - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_HANDLE - * \p password is not a valid key identifier. - * \retval #PSA_ERROR_NOT_PERMITTED - * The key does not have the #PSA_KEY_USAGE_DERIVE flag, or it does not - * permit the \p operation's algorithm. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The key type for \p password is not #PSA_KEY_TYPE_PASSWORD or - * #PSA_KEY_TYPE_PASSWORD_HASH, or \p password is not compatible with - * the \p operation's cipher suite. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The key type or key size of \p password is not supported with the - * \p operation's cipher suite. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must have been set up.), or - * the library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t mbedtls_psa_pake_set_password_key( - const psa_key_attributes_t *attributes, - mbedtls_psa_pake_operation_t *operation, - uint8_t *password, - size_t password_len); - -/** Set the user ID for a password-authenticated key exchange. - * - * Call this function to set the user ID. For PAKE algorithms that associate a - * user identifier with each side of the session you need to call - * psa_pake_set_peer() as well. For PAKE algorithms that associate a single - * user identifier with the session, call psa_pake_set_user() only. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * \param[in,out] operation The operation object to set the user ID for. It - * must have been set up by psa_pake_setup() and - * not yet in use (neither psa_pake_output() nor - * psa_pake_input() has been called yet). It must - * be on operation for which the user ID hasn't - * been set (psa_pake_set_user() hasn't been - * called yet). - * \param[in] user_id The user ID to authenticate with. - * \param user_id_len Size of the \p user_id buffer in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p user_id is not valid for the \p operation's algorithm and cipher - * suite. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The value of \p user_id is not supported by the implementation. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid, or - * the library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t mbedtls_psa_pake_set_user(mbedtls_psa_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len); - -/** Set the peer ID for a password-authenticated key exchange. - * - * Call this function in addition to psa_pake_set_user() for PAKE algorithms - * that associate a user identifier with each side of the session. For PAKE - * algorithms that associate a single user identifier with the session, call - * psa_pake_set_user() only. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * \param[in,out] operation The operation object to set the peer ID for. It - * must have been set up by psa_pake_setup() and - * not yet in use (neither psa_pake_output() nor - * psa_pake_input() has been called yet). It must - * be on operation for which the peer ID hasn't - * been set (psa_pake_set_peer() hasn't been - * called yet). - * \param[in] peer_id The peer's ID to authenticate. - * \param peer_id_len Size of the \p peer_id buffer in bytes. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p user_id is not valid for the \p operation's algorithm and cipher - * suite. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The algorithm doesn't associate a second identity with the session. - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * Calling psa_pake_set_peer() is invalid with the \p operation's - * algorithm, the operation state is not valid, or the library has not - * been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t mbedtls_psa_pake_set_peer(mbedtls_psa_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len); - -/** Set the application role for a password-authenticated key exchange. - * - * Not all PAKE algorithms need to differentiate the communicating entities. - * It is optional to call this function for PAKEs that don't require a role - * to be specified. For such PAKEs the application role parameter is ignored, - * or #PSA_PAKE_ROLE_NONE can be passed as \c role. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * \param[in,out] operation The operation object to specify the - * application's role for. It must have been set up - * by psa_pake_setup() and not yet in use (neither - * psa_pake_output() nor psa_pake_input() has been - * called yet). It must be on operation for which - * the application's role hasn't been specified - * (psa_pake_set_role() hasn't been called yet). - * \param role A value of type ::psa_pake_role_t indicating the - * application's role in the PAKE the algorithm - * that is being set up. For more information see - * the documentation of \c PSA_PAKE_ROLE_XXX - * constants. - * - * \retval #PSA_SUCCESS - * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The \p role is not a valid PAKE role in the \p operation’s algorithm. - * \retval #PSA_ERROR_NOT_SUPPORTED - * The \p role for this algorithm is not supported or is not valid. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid, or - * the library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. - */ -psa_status_t mbedtls_psa_pake_set_role(mbedtls_psa_pake_operation_t *operation, - psa_pake_role_t role); /** Get output for a step of a password-authenticated key exchange. * diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 9a7b64547..21a3b5f91 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2811,64 +2811,12 @@ psa_status_t psa_driver_wrapper_key_agreement( psa_status_t psa_driver_wrapper_pake_setup( psa_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite ) + const psa_crypto_driver_pake_inputs_t *inputs ) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - /* Try setup on accelerators first */ -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - status = mbedtls_test_transparent_pake_setup( - &operation->ctx.transparent_test_driver_ctx, - (const psa_pake_cipher_suite_t*) cipher_suite ); - if( status == PSA_SUCCESS ) - operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; - - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - - /* If software fallback is compiled in, try fallback */ -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) - status = mbedtls_psa_pake_setup( &operation->ctx.mbedtls_ctx, cipher_suite ); - if( status == PSA_SUCCESS ) - operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; - - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); -#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ - - /* Add cases for opaque driver here */ -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - status = mbedtls_test_opaque_pake_setup( - &operation->ctx.opaque_test_driver_ctx, - (const psa_pake_cipher_suite_t*) cipher_suite ); - if( status == PSA_SUCCESS ) - operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; - - if( status != PSA_ERROR_NOT_SUPPORTED ) - return( status ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - - /* Nothing left to try if we fall through here */ - (void) status; - (void) operation; - (void) cipher_suite; - return( PSA_ERROR_NOT_SUPPORTED ); -} - -psa_status_t psa_driver_wrapper_pake_set_password_key( - const psa_key_attributes_t *attributes, - psa_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size ) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( inputs->key_lifetime ); switch( location ) { @@ -2877,135 +2825,44 @@ psa_status_t psa_driver_wrapper_pake_set_password_key( * cycle through all known transparent accelerators */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) - status = mbedtls_test_transparent_set_password_key( - attributes, - &operation->ctx.transparent_test_driver_ctx, - key_buffer, key_size ); + status = mbedtls_test_transparent_pake_setup( + &operation->data.ctx.transparent_test_driver_ctx, + inputs ); + if( status == PSA_SUCCESS ) + operation->id = MBEDTLS_TEST_TRANSPARENT_DRIVER_ID; /* Declared with fallback == true */ if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ #if defined(MBEDTLS_PSA_BUILTIN_PAKE) - return( mbedtls_psa_pake_set_password_key( - attributes, &operation->ctx.mbedtls_ctx, - key_buffer, key_size ) ); + status = mbedtls_psa_pake_setup( &operation->data.ctx.mbedtls_ctx, + inputs ); + if( status == PSA_SUCCESS ) + operation->id = PSA_CRYPTO_MBED_TLS_DRIVER_ID; + return status; #endif return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case PSA_CRYPTO_TEST_DRIVER_LOCATION: - return( mbedtls_test_opaque_set_password_key( - attributes, - &operation->ctx.opaque_test_driver_ctx, - key_buffer, key_size ) ); + status = mbedtls_test_opaque_pake_setup( + &operation->data.ctx.opaque_test_driver_ctx, + inputs ); + if( status == PSA_SUCCESS ) + operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; + return status; #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - default: /* Key is declared with a lifetime not known to us */ (void)operation; + (void)inputs; (void)status; - (void)key_buffer; - (void)key_size; return( PSA_ERROR_INVALID_ARGUMENT ); } } - -psa_status_t psa_driver_wrapper_pake_set_user( - psa_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len ) -{ - switch( operation->id ) - { -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) - case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_set_user( &operation->ctx.mbedtls_ctx, - user_id, user_id_len ) ); -#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ - -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: - return( mbedtls_test_transparent_pake_set_user( - &operation->ctx.transparent_test_driver_ctx, - user_id, user_id_len ) ); - case MBEDTLS_TEST_OPAQUE_DRIVER_ID: - return( mbedtls_test_opaque_pake_set_user( - &operation->ctx.opaque_test_driver_ctx, - user_id, user_id_len ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - default: - (void) user_id; - (void) user_id_len; - return( PSA_ERROR_INVALID_ARGUMENT ); - } -} - -psa_status_t psa_driver_wrapper_pake_set_peer( - psa_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len ) -{ - switch( operation->id ) - { -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) - case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_set_peer( &operation->ctx.mbedtls_ctx, - peer_id, peer_id_len ) ); -#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ - -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: - return( mbedtls_test_transparent_pake_set_peer( - &operation->ctx.transparent_test_driver_ctx, - peer_id, peer_id_len ) ); - case MBEDTLS_TEST_OPAQUE_DRIVER_ID: - return( mbedtls_test_opaque_pake_set_peer( - &operation->ctx.opaque_test_driver_ctx, - peer_id, peer_id_len ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - default: - (void) peer_id; - (void) peer_id_len; - return( PSA_ERROR_INVALID_ARGUMENT ); - } -} - -psa_status_t psa_driver_wrapper_pake_set_role( - psa_pake_operation_t *operation, - psa_pake_role_t role ) -{ - switch( operation->id ) - { -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) - case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_set_role( &operation->ctx.mbedtls_ctx, role ) ); -#endif /* MBEDTLS_PSA_BUILTIN_PAKE */ - -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: - return( mbedtls_test_transparent_pake_set_role( - &operation->ctx.transparent_test_driver_ctx, - role ) ); - case MBEDTLS_TEST_OPAQUE_DRIVER_ID: - return( mbedtls_test_opaque_pake_set_role( - &operation->ctx.opaque_test_driver_ctx, - role ) ); -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ - default: - (void) role; - return( PSA_ERROR_INVALID_ARGUMENT ); - } -} - psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, psa_pake_step_t step, @@ -3017,7 +2874,7 @@ psa_status_t psa_driver_wrapper_pake_output( { #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_output( &operation->ctx.mbedtls_ctx, step, output, + return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step, output, output_size, output_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ @@ -3025,11 +2882,11 @@ psa_status_t psa_driver_wrapper_pake_output( #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_output( - &operation->ctx.transparent_test_driver_ctx, + &operation->data.ctx.transparent_test_driver_ctx, step, output, output_size, output_length ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_output( - &operation->ctx.opaque_test_driver_ctx, + &operation->data.ctx.opaque_test_driver_ctx, step, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -3052,7 +2909,7 @@ psa_status_t psa_driver_wrapper_pake_input( { #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_input( &operation->ctx.mbedtls_ctx, + return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx, step, input, input_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ @@ -3060,11 +2917,11 @@ psa_status_t psa_driver_wrapper_pake_input( #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_input( - &operation->ctx.transparent_test_driver_ctx, + &operation->data.ctx.transparent_test_driver_ctx, step, input, input_length ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_input( - &operation->ctx.opaque_test_driver_ctx, + &operation->data.ctx.opaque_test_driver_ctx, step, input, input_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -3084,18 +2941,18 @@ psa_status_t psa_driver_wrapper_pake_get_implicit_key( { #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_get_implicit_key( &operation->ctx.mbedtls_ctx, output, output_size ) ); + return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx, output, output_size ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_get_implicit_key( - &operation->ctx.transparent_test_driver_ctx, + &operation->data.ctx.transparent_test_driver_ctx, output, output_size ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_get_implicit_key( - &operation->ctx.opaque_test_driver_ctx, + &operation->data.ctx.opaque_test_driver_ctx, output, output_size ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -3113,17 +2970,17 @@ psa_status_t psa_driver_wrapper_pake_abort( { #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_abort( &operation->ctx.mbedtls_ctx ) ); + return( mbedtls_psa_pake_abort( &operation->data.ctx.mbedtls_ctx ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) #if defined(PSA_CRYPTO_DRIVER_TEST) case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_abort( - &operation->ctx.transparent_test_driver_ctx ) ); + &operation->data.ctx.transparent_test_driver_ctx ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_abort( - &operation->ctx.opaque_test_driver_ctx ) ); + &operation->data.ctx.opaque_test_driver_ctx ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index 5ee401b7d..b1d3d4474 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -50,27 +50,7 @@ extern mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks; psa_status_t mbedtls_test_transparent_pake_setup( mbedtls_transparent_test_driver_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite); - -psa_status_t mbedtls_test_transparent_set_password_key( - const psa_key_attributes_t *attributes, - mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size); - -psa_status_t mbedtls_test_transparent_pake_set_user( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len); - -psa_status_t mbedtls_test_transparent_pake_set_peer( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len); - -psa_status_t mbedtls_test_transparent_pake_set_role( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_role_t role); + const psa_crypto_driver_pake_inputs_t *inputs); psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, @@ -94,7 +74,7 @@ psa_status_t mbedtls_test_transparent_pake_abort( psa_status_t mbedtls_test_opaque_pake_setup( mbedtls_opaque_test_driver_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite); + const psa_crypto_driver_pake_inputs_t *inputs); psa_status_t mbedtls_test_opaque_set_password_key( const psa_key_attributes_t *attributes, diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 3495705d6..06168a142 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -35,7 +35,7 @@ mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks = psa_status_t mbedtls_test_transparent_pake_setup( mbedtls_transparent_test_driver_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite) + const psa_crypto_driver_pake_inputs_t *inputs) { mbedtls_test_driver_pake_hooks.hits++; @@ -47,139 +47,14 @@ psa_status_t mbedtls_test_transparent_pake_setup( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_setup( - operation, (const libtestdriver1_psa_pake_cipher_suite_t *) cipher_suite); + operation, (const libtestdriver1_psa_crypto_driver_pake_inputs_t *) inputs); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_setup( - operation, cipher_suite); + operation, inputs); #else (void) operation; - (void) cipher_suite; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_set_password_key( - const psa_key_attributes_t *attributes, - mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size) -{ - mbedtls_test_driver_pake_hooks.hits++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_set_password_key( - (const libtestdriver1_psa_key_attributes_t *) attributes, - operation, key_buffer, key_size); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_set_password_key( - attributes, operation, key_buffer, key_size); -#else - (void) operation; - (void) key_buffer, - (void) key_size; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_set_user( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len) -{ - mbedtls_test_driver_pake_hooks.hits++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_set_user( - operation, user_id, user_id_len); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_set_user( - operation, user_id, user_id_len); -#else - (void) operation; - (void) user_id; - (void) user_id_len; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - - -psa_status_t mbedtls_test_transparent_pake_set_peer( - mbedtls_transparent_test_driver_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len) -{ - mbedtls_test_driver_pake_hooks.hits++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_set_peer( - operation, peer_id, peer_id_len); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_set_peer( - operation, peer_id, peer_id_len); -#else - (void) operation; - (void) peer_id; - (void) peer_id_len; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; -#endif - } - - return mbedtls_test_driver_pake_hooks.driver_status; -} - -psa_status_t mbedtls_test_transparent_pake_set_role( - mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_role_t role) -{ - mbedtls_test_driver_pake_hooks.hits++; - - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_set_role( - operation, role); -#elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_set_role( - operation, role); -#else - (void) operation; - (void) role; + (void) inputs; mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; #endif } @@ -329,10 +204,10 @@ psa_status_t mbedtls_test_transparent_pake_abort( */ psa_status_t mbedtls_test_opaque_pake_setup( mbedtls_opaque_test_driver_pake_operation_t *operation, - const psa_pake_cipher_suite_t *cipher_suite) + const psa_crypto_driver_pake_inputs_t *inputs) { (void) operation; - (void) cipher_suite; + (void) inputs; return PSA_ERROR_NOT_SUPPORTED; } From 96ae8b939d6e64868225de84636adf5f46f22b52 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 7 Dec 2022 11:52:08 +0100 Subject: [PATCH 230/440] Move pake definitions to headers for composite algorithms Signed-off-by: Przemek Stekiel --- include/psa/crypto_builtin_composites.h | 36 ++++++++++++++++++ include/psa/crypto_builtin_primitives.h | 38 ------------------- .../psa/crypto_driver_contexts_composites.h | 35 +++++++++++++++++ .../psa/crypto_driver_contexts_primitives.h | 35 ----------------- 4 files changed, 71 insertions(+), 73 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 9f23551eb..295452c8c 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -180,5 +180,41 @@ typedef struct { #endif +/* EC-JPAKE operation definitions */ + +#include "mbedtls/ecjpake.h" + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#define MBEDTLS_PSA_BUILTIN_PAKE 1 +#endif + +/* Note: the format for mbedtls_ecjpake_read/write function has an extra + * length byte for each step, plus an extra 3 bytes for ECParameters in the + * server's 2nd round. */ +#define MBEDTLS_PSA_PAKE_BUFFER_SIZE ((3 + 1 + 65 + 1 + 65 + 1 + 32) * 2) + +typedef struct { + psa_algorithm_t MBEDTLS_PRIVATE(alg); + unsigned int MBEDTLS_PRIVATE(state); + unsigned int MBEDTLS_PRIVATE(sequence); +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) + unsigned int MBEDTLS_PRIVATE(input_step); + unsigned int MBEDTLS_PRIVATE(output_step); + uint8_t *MBEDTLS_PRIVATE(password); + size_t MBEDTLS_PRIVATE(password_len); + uint8_t MBEDTLS_PRIVATE(role); + uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_PAKE_BUFFER_SIZE]); + size_t MBEDTLS_PRIVATE(buffer_length); + size_t MBEDTLS_PRIVATE(buffer_offset); +#endif + /* Context structure for the Mbed TLS EC-JPAKE implementation. */ + union { + unsigned int MBEDTLS_PRIVATE(dummy); + mbedtls_ecjpake_context MBEDTLS_PRIVATE(pake); + } MBEDTLS_PRIVATE(ctx); + +} mbedtls_psa_pake_operation_t; + +#define MBEDTLS_PSA_PAKE_OPERATION_INIT { { 0 } } #endif /* PSA_CRYPTO_BUILTIN_COMPOSITES_H */ diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index 2830b61e6..c76bc7814 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -111,42 +111,4 @@ typedef struct { #define MBEDTLS_PSA_CIPHER_OPERATION_INIT { 0, 0, 0, { 0 } } - -/* EC-JPAKE operation definitions */ - -#include "mbedtls/ecjpake.h" - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) -#define MBEDTLS_PSA_BUILTIN_PAKE 1 -#endif - -/* Note: the format for mbedtls_ecjpake_read/write function has an extra - * length byte for each step, plus an extra 3 bytes for ECParameters in the - * server's 2nd round. */ -#define MBEDTLS_PSA_PAKE_BUFFER_SIZE ((3 + 1 + 65 + 1 + 65 + 1 + 32) * 2) - -typedef struct { - psa_algorithm_t MBEDTLS_PRIVATE(alg); - unsigned int MBEDTLS_PRIVATE(state); - unsigned int MBEDTLS_PRIVATE(sequence); -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) - unsigned int MBEDTLS_PRIVATE(input_step); - unsigned int MBEDTLS_PRIVATE(output_step); - uint8_t *MBEDTLS_PRIVATE(password); - size_t MBEDTLS_PRIVATE(password_len); - uint8_t MBEDTLS_PRIVATE(role); - uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_PAKE_BUFFER_SIZE]); - size_t MBEDTLS_PRIVATE(buffer_length); - size_t MBEDTLS_PRIVATE(buffer_offset); -#endif - /* Context structure for the Mbed TLS EC-JPAKE implementation. */ - union { - unsigned int MBEDTLS_PRIVATE(dummy); - mbedtls_ecjpake_context MBEDTLS_PRIVATE(pake); - } MBEDTLS_PRIVATE(ctx); - -} mbedtls_psa_pake_operation_t; - -#define MBEDTLS_PSA_PAKE_OPERATION_INIT { { 0 } } - #endif /* PSA_CRYPTO_BUILTIN_PRIMITIVES_H */ diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h index 1b95814f9..4d0e9848d 100644 --- a/include/psa/crypto_driver_contexts_composites.h +++ b/include/psa/crypto_driver_contexts_composites.h @@ -88,6 +88,32 @@ typedef mbedtls_psa_aead_operation_t #endif /* MBEDTLS_TEST_LIBTESTDRIVER1 && LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD */ +#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + +typedef libtestdriver1_mbedtls_psa_pake_operation_t + mbedtls_transparent_test_driver_pake_operation_t; +typedef libtestdriver1_psa_pake_operation_t + mbedtls_opaque_test_driver_pake_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_PAKE_OPERATION_INIT \ + LIBTESTDRIVER1_MBEDTLS_PSA_PAKE_OPERATION_INIT +#define MBEDTLS_OPAQUE_TEST_DRIVER_PAKE_OPERATION_INIT \ + LIBTESTDRIVER1_MBEDTLS_PSA_PAKE_OPERATION_INIT + +#else +typedef mbedtls_psa_pake_operation_t + mbedtls_transparent_test_driver_pake_operation_t; +typedef mbedtls_psa_pake_operation_t + mbedtls_opaque_test_driver_pake_operation_t; + +#define MBEDTLS_TRANSPARENT_TEST_DRIVER_PAKE_OPERATION_INIT \ + MBEDTLS_PSA_PAKE_OPERATION_INIT +#define MBEDTLS_OPAQUE_TEST_DRIVER_PAKE_OPERATION_INIT \ + MBEDTLS_PSA_PAKE_OPERATION_INIT + +#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 && LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE */ + #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Define the context to be used for an operation that is executed through the @@ -124,5 +150,14 @@ typedef union { mbedtls_psa_verify_hash_interruptible_operation_t mbedtls_ctx; } psa_driver_verify_hash_interruptible_context_t; +typedef union { + unsigned dummy; /* Make sure this union is always non-empty */ + mbedtls_psa_pake_operation_t mbedtls_ctx; +#if defined(PSA_CRYPTO_DRIVER_TEST) + mbedtls_transparent_test_driver_pake_operation_t transparent_test_driver_ctx; + mbedtls_opaque_test_driver_pake_operation_t opaque_test_driver_ctx; +#endif +} psa_driver_pake_context_t; + #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_COMPOSITES_H */ /* End of automatically generated file. */ diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h index 7d096208b..f1463f34d 100644 --- a/include/psa/crypto_driver_contexts_primitives.h +++ b/include/psa/crypto_driver_contexts_primitives.h @@ -89,32 +89,6 @@ typedef struct { #define MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT \ { 0, MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT } -#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - -typedef libtestdriver1_mbedtls_psa_pake_operation_t - mbedtls_transparent_test_driver_pake_operation_t; -typedef libtestdriver1_psa_pake_operation_t - mbedtls_opaque_test_driver_pake_operation_t; - -#define MBEDTLS_TRANSPARENT_TEST_DRIVER_PAKE_OPERATION_INIT \ - LIBTESTDRIVER1_MBEDTLS_PSA_PAKE_OPERATION_INIT -#define MBEDTLS_OPAQUE_TEST_DRIVER_PAKE_OPERATION_INIT \ - LIBTESTDRIVER1_MBEDTLS_PSA_PAKE_OPERATION_INIT - -#else -typedef mbedtls_psa_pake_operation_t - mbedtls_transparent_test_driver_pake_operation_t; -typedef mbedtls_psa_pake_operation_t - mbedtls_opaque_test_driver_pake_operation_t; - -#define MBEDTLS_TRANSPARENT_TEST_DRIVER_PAKE_OPERATION_INIT \ - MBEDTLS_PSA_PAKE_OPERATION_INIT -#define MBEDTLS_OPAQUE_TEST_DRIVER_PAKE_OPERATION_INIT \ - MBEDTLS_PSA_PAKE_OPERATION_INIT - -#endif /* MBEDTLS_TEST_LIBTESTDRIVER1 && LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE */ - #endif /* PSA_CRYPTO_DRIVER_TEST */ /* Define the context to be used for an operation that is executed through the @@ -141,14 +115,5 @@ typedef union { #endif } psa_driver_cipher_context_t; -typedef union { - unsigned dummy; /* Make sure this union is always non-empty */ - mbedtls_psa_pake_operation_t mbedtls_ctx; -#if defined(PSA_CRYPTO_DRIVER_TEST) - mbedtls_transparent_test_driver_pake_operation_t transparent_test_driver_ctx; - mbedtls_opaque_test_driver_pake_operation_t opaque_test_driver_ctx; -#endif -} psa_driver_pake_context_t; - #endif /* PSA_CRYPTO_DRIVER_CONTEXTS_PRIMITIVES_H */ /* End of automatically generated file. */ From ca67483b1568d2150a6ba25d2a02a73f7b008428 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 7 Dec 2022 14:47:34 +0100 Subject: [PATCH 231/440] psa_crypto_pake.h: adapt function descriptions Signed-off-by: Przemek Stekiel --- library/psa_crypto_pake.h | 154 +++++++------------------------------- 1 file changed, 28 insertions(+), 126 deletions(-) diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index 4768cee11..608d76aed 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -25,73 +25,24 @@ /** Set the session information for a password-authenticated key exchange. * - * The sequence of operations to set up a password-authenticated key exchange - * is as follows: - * -# Allocate an operation object which will be passed to all the functions - * listed here. - * -# Initialize the operation object with one of the methods described in the - * documentation for #psa_pake_operation_t, e.g. - * #PSA_PAKE_OPERATION_INIT. - * -# Call psa_pake_setup() to specify the cipher suite. - * -# Call \c psa_pake_set_xxx() functions on the operation to complete the - * setup. The exact sequence of \c psa_pake_set_xxx() functions that needs - * to be called depends on the algorithm in use. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * A typical sequence of calls to perform a password-authenticated key - * exchange: - * -# Call psa_pake_output(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to get the - * key share that needs to be sent to the peer. - * -# Call psa_pake_input(operation, #PSA_PAKE_STEP_KEY_SHARE, ...) to provide - * the key share that was received from the peer. - * -# Depending on the algorithm additional calls to psa_pake_output() and - * psa_pake_input() might be necessary. - * -# Call psa_pake_get_implicit_key() for accessing the shared secret. - * - * Refer to the documentation of individual PAKE algorithm types (`PSA_ALG_XXX` - * values of type ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) - * for more information. - * - * If an error occurs at any step after a call to psa_pake_setup(), - * the operation will need to be reset by a call to psa_pake_abort(). The - * application may call psa_pake_abort() at any time after the operation - * has been initialized. - * - * After a successful call to psa_pake_setup(), the application must - * eventually terminate the operation. The following events terminate an - * operation: - * - A call to psa_pake_abort(). - * - A successful call to psa_pake_get_implicit_key(). + * \note The signature of this function is that of a PSA driver + * pake_setup entry point. This function behaves as a pake_setup + * entry point as defined in the PSA driver interface specification for + * transparent drivers. * * \param[in,out] operation The operation object to set up. It must have * been initialized but not set up yet. - * \param[in] cipher_suite The cipher suite to use. (A cipher suite fully - * characterizes a PAKE algorithm and determines - * the algorithm as well.) + * \param[in] inputs Inputs required for PAKE operation (role, password, + * key lifetime, cipher suite) * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * The algorithm in \p cipher_suite is not a PAKE algorithm, or the - * PAKE primitive in \p cipher_suite is not compatible with the - * PAKE algorithm, or the hash algorithm in \p cipher_suite is invalid - * or not compatible with the PAKE algorithm and primitive. * \retval #PSA_ERROR_NOT_SUPPORTED * The algorithm in \p cipher_suite is not a supported PAKE algorithm, * or the PAKE primitive in \p cipher_suite is not supported or not * compatible with the PAKE algorithm, or the hash algorithm in * \p cipher_suite is not supported or not compatible with the PAKE * algorithm and primitive. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid, or - * the library has not been previously initialized by psa_crypto_init(). - * It is implementation-dependent whether a failure to initialize - * results in this error code. */ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, const psa_crypto_driver_pake_inputs_t *inputs); @@ -99,17 +50,10 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, /** Get output for a step of a password-authenticated key exchange. * - * Depending on the algorithm being executed, you might need to call this - * function several times or you might not need to call this at all. - * - * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the algorithm in use. Refer to the documentation of - * individual PAKE algorithm types (`PSA_ALG_XXX` values of type - * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more - * information. - * - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling psa_pake_abort(). + * \note The signature of this function is that of a PSA driver + * pake_output entry point. This function behaves as a pake_output + * entry point as defined in the PSA driver interface specification for + * transparent drivers. * * \param[in,out] operation Active PAKE operation. * \param step The step of the algorithm for which the output is @@ -147,8 +91,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, and fully set * up, and this call must conform to the algorithm's requirements - * for ordering of input and output steps), or - * the library has not been previously initialized by psa_crypto_init(). + * for ordering of input and output steps). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -160,17 +103,10 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, /** Provide input for a step of a password-authenticated key exchange. * - * Depending on the algorithm being executed, you might need to call this - * function several times or you might not need to call this at all. - * - * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the algorithm in use. Refer to the documentation of - * individual PAKE algorithm types (`PSA_ALG_XXX` values of type - * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more - * information. - * - * If this function returns an error status, the operation enters an error - * state and must be aborted by calling psa_pake_abort(). + * \note The signature of this function is that of a PSA driver + * key_agreement entry point. This function behaves as a key_agreement + * entry point as defined in the PSA driver interface specification for + * transparent drivers. * * \param[in,out] operation Active PAKE operation. * \param step The step for which the input is provided. @@ -186,7 +122,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, * \retval #PSA_ERROR_INVALID_SIGNATURE * The verification fails for a #PSA_PAKE_STEP_ZK_PROOF input step. * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p is not compatible with the \p operation’s algorithm, or the + * \p step is not compatible with the \p operation’s algorithm, or the * \p input is not valid for the \p operation's algorithm, cipher suite * or \p step. * \retval #PSA_ERROR_NOT_SUPPORTED @@ -202,8 +138,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, * \retval #PSA_ERROR_BAD_STATE * The operation state is not valid (it must be active, and fully set * up, and this call must conform to the algorithm's requirements - * for ordering of input and output steps), or - * the library has not been previously initialized by psa_crypto_init(). + * for ordering of input and output steps). * It is implementation-dependent whether a failure to initialize * results in this error code. */ @@ -214,42 +149,17 @@ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, /** Get implicitly confirmed shared secret from a PAKE. * - * At this point there is a cryptographic guarantee that only the authenticated - * party who used the same password is able to compute the key. But there is no - * guarantee that the peer is the party it claims to be and was able to do so. - * - * That is, the authentication is only implicit. Since the peer is not - * authenticated yet, no action should be taken yet that assumes that the peer - * is who it claims to be. For example, do not access restricted files on the - * peer's behalf until an explicit authentication has succeeded. - * - * This function can be called after the key exchange phase of the operation - * has completed. It imports the shared secret output of the PAKE into the - * provided derivation operation. The input step - * #PSA_KEY_DERIVATION_INPUT_SECRET is used when placing the shared key - * material in the key derivation operation. - * - * The exact sequence of calls to perform a password-authenticated key - * exchange depends on the algorithm in use. Refer to the documentation of - * individual PAKE algorithm types (`PSA_ALG_XXX` values of type - * ::psa_algorithm_t such that #PSA_ALG_IS_PAKE(\c alg) is true) for more - * information. - * - * When this function returns successfully, \p operation becomes inactive. - * If this function returns an error status, both \p operation - * and \p key_derivation operations enter an error state and must be aborted by - * calling psa_pake_abort() and psa_key_derivation_abort() respectively. + * \note The signature of this function is that of a PSA driver + * pake_get_implicit_key entry point. This function behaves as a + * pake_get_implicit_key entry point as defined in the PSA driver + * interface specification for transparent drivers. * * \param[in,out] operation Active PAKE operation. - * \param[out] output A key derivation operation that is ready - * for an input step of type - * #PSA_KEY_DERIVATION_INPUT_SECRET. + * \param[out] output Output buffer for implicit key + * \param[out] output_size Size of the returned implicit key * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * #PSA_KEY_DERIVATION_INPUT_SECRET is not compatible with the - * algorithm in the \p output key derivation operation. * \retval #PSA_ERROR_NOT_SUPPORTED * Input from a PAKE is not supported by the algorithm in the \p output * key derivation operation. @@ -261,8 +171,7 @@ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, * \retval #PSA_ERROR_DATA_INVALID * \retval #PSA_ERROR_BAD_STATE * The PAKE operation state is not valid (it must be active, but beyond - * that validity is specific to the algorithm), or - * the library has not been previously initialized by psa_crypto_init(), + * that validity is specific to the algorithm), * or the state of \p output is not valid for * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the * step is out of order or the application has done this step already @@ -276,16 +185,10 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( /** Abort a PAKE operation. * - * Aborting an operation frees all associated resources except for the \c - * operation structure itself. Once aborted, the operation object can be reused - * for another operation by calling psa_pake_setup() again. - * - * This function may be called at any time after the operation - * object has been initialized as described in #psa_pake_operation_t. - * - * In particular, calling psa_pake_abort() after the operation has been - * terminated by a call to psa_pake_abort() or psa_pake_get_implicit_key() - * is safe and has no effect. + * \note The signature of this function is that of a PSA driver + * pake_abort entry point. This function behaves as a pake_abort + * entry point as defined in the PSA driver interface specification for + * transparent drivers. * * \param[in,out] operation The operation to abort. * @@ -294,7 +197,6 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED * \retval #PSA_ERROR_BAD_STATE - * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize * results in this error code. */ From c6b954686b3b0341cdec7a01e45ae515994c13ca Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 8 Dec 2022 11:13:29 +0100 Subject: [PATCH 232/440] Adapt test_suite_psa_crypto_pake test for the new design Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto_pake.data | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index f447ef05b..0ec16f06c 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -8,19 +8,19 @@ ecjpake_setup:PSA_ALG_SHA_256:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAK PSA PAKE: invalid primitive type depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_DH, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid primitive family depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_K1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid primitive bits depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 128):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: invalid hash depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:ERR_IN_SETUP:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_1:PSA_PAKE_ROLE_SERVER:0:ERR_IN_OUTPUT:PSA_ERROR_NOT_SUPPORTED PSA PAKE: duplicate a valid setup depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 @@ -28,7 +28,7 @@ ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_ PSA PAKE: ecjpake setup invalid role NONE depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:ERR_IN_SET_ROLE:PSA_ERROR_NOT_SUPPORTED +ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_NONE:0:ERR_IN_OUTPUT:PSA_ERROR_BAD_STATE PSA PAKE: wrong password key type depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 From 95629ab4ae3977a7e1c09ea9b568afc12c619aa1 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 14 Dec 2022 08:22:25 +0100 Subject: [PATCH 233/440] Add forced status for pake setup Signed-off-by: Przemek Stekiel --- tests/include/test/drivers/pake.h | 5 ++++- tests/src/drivers/test_driver_pake.c | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index b1d3d4474..041229601 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -29,6 +29,9 @@ typedef struct { /* If not PSA_SUCCESS, return this error code instead of processing the * function call. */ psa_status_t forced_status; + /* PAKE driver setup is executed on the first call to + pake_output/pake_input (added to distinguish forced statuses). */ + psa_status_t forced_setup_status; /* Count the amount of times PAKE driver functions are called. */ unsigned long hits; /* Status returned by the last PAKE driver function call. */ @@ -38,7 +41,7 @@ typedef struct { size_t forced_output_length; } mbedtls_test_driver_pake_hooks_t; -#define MBEDTLS_TEST_DRIVER_PAKE_INIT { 0, 0, 0, NULL, 0 } +#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, 0, PSA_SUCCESS, NULL, 0 } static inline mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks_init(void) { diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 06168a142..437c4995f 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -39,9 +39,9 @@ psa_status_t mbedtls_test_transparent_pake_setup( { mbedtls_test_driver_pake_hooks.hits++; - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { + if (mbedtls_test_driver_pake_hooks.forced_setup_status != PSA_SUCCESS) { mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; + mbedtls_test_driver_pake_hooks.forced_setup_status; } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) From 3f9dbac83fce2bc07202a285fe26fad754315532 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 14 Dec 2022 08:27:46 +0100 Subject: [PATCH 234/440] Adapt ake driver tests to the new design Signed-off-by: Przemek Stekiel --- ...test_suite_psa_crypto_driver_wrappers.data | 56 +-- ..._suite_psa_crypto_driver_wrappers.function | 337 ++++++------------ 2 files changed, 153 insertions(+), 240 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 73c569d39..fa7aa7b62 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -821,38 +821,54 @@ PSA AEAD decrypt setup, AES-GCM, 144 bytes #1, insufficient memory depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY -PSA PAKE setup transparent driver: in-driver success +PSA PAKE transparent driver: setup(via input) in-driver forced status depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -pake_setup:"abcd":PSA_SUCCESS:PSA_SUCCESS +pake_operations:"abcd":PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:"":PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:0 -PSA PAKE setup transparent driver: in-driver forced error +PSA PAKE transparent driver: setup(via output) in-driver forced status depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -pake_setup:"abcd":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY +pake_operations:"abcd":PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:"":PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1 -PSA PAKE setup transparent driver: fallback -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_PAKE -pake_setup:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS +PSA PAKE transparent driver: input in-driver forced status +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +pake_operations:"abcd":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:"":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:2 -PSA PAKE setup transparent driver: fallback not available +PSA PAKE transparent driver: output in-driver forced status +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +pake_operations:"abcd":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:"":PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:PSA_SUCCESS:3 + +PSA PAKE transparent driver: output in-driver forced output +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +pake_operations:"abcd":PSA_SUCCESS:PSA_SUCCESS:"1234":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:3 + +PSA PAKE transparent driver: get_key in-driver forced status +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +pake_operations:"abcd":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:4 + +PSA PAKE transparent driver: abort in-driver forced status +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 +pake_operations:"abcd":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:5 + +PSA PAKE transparent driver: setup(via input) fallback not available depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_PSA_BUILTIN_PAKE -pake_setup:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_NOT_SUPPORTED +pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:0 -PSA PAKE operations transparent driver: in-driver success -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -pake_operations:"abcd":PSA_SUCCESS:"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_BAD_STATE +PSA PAKE transparent driver: setup(via output) fallback not available +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_PSA_BUILTIN_PAKE +pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1 -PSA PAKE operations transparent driver: in-driver forced status -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -pake_operations:"abcd":PSA_SUCCESS:"1234":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY +PSA PAKE transparent driver: input fallback not available +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_PSA_BUILTIN_PAKE +pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:2 -PSA PAKE operations transparent driver: fallback -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:MBEDTLS_PSA_BUILTIN_PAKE -pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_BAD_STATE +PSA PAKE transparent driver: output fallback not available +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_PSA_BUILTIN_PAKE +pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:"":PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:3 -PSA PAKE: ecjpake rounds transparent driver: in-driver +PSA PAKE: ecjpake rounds transparent driver: in-driver success depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:1 -PSA PAKE: ecjpake rounds transparent driver: fallback +PSA PAKE: ecjpake rounds transparent driver: fallback success depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:MBEDTLS_PSA_BUILTIN_PAKE ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:0 diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index cfbcccb34..2e1c626a6 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -3,8 +3,8 @@ /* Auxiliary variables for pake tests. Global to silent the compiler when unused. */ -size_t pake_expected_hit_count; -int pake_in_driver; +size_t pake_expected_hit_count = 0; +int pake_in_driver = 0; #if defined(PSA_WANT_ALG_JPAKE) static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, @@ -142,6 +142,9 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, TEST_EQUAL(status, PSA_SUCCESS); } + /* Adjust for indirect client driver setup in first pake_output call. */ + pake_expected_hit_count++; + /* Client first round Output */ PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, @@ -2974,81 +2977,27 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void pake_setup(data_t *pw_data, int forced_status_arg, int expected_status_arg) -{ - mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; - psa_status_t forced_status = forced_status_arg; - psa_status_t expected_status = expected_status_arg; - psa_pake_operation_t operation = psa_pake_operation_init(); - psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); - psa_key_type_t key_type_pw = PSA_KEY_TYPE_PASSWORD; - psa_key_usage_t key_usage_pw = PSA_KEY_USAGE_DERIVE; - psa_algorithm_t alg = PSA_ALG_JPAKE; - psa_algorithm_t hash_alg = PSA_ALG_SHA_256; - psa_pake_primitive_t primitive_arg = PSA_PAKE_PRIMITIVE( - PSA_PAKE_PRIMITIVE_TYPE_ECC, - PSA_ECC_FAMILY_SECP_R1, 256); - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); - - PSA_INIT(); - - if (pw_data->len > 0) { - psa_set_key_usage_flags(&attributes, key_usage_pw); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, key_type_pw); - PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, - &key)); - } - - psa_pake_cs_set_algorithm(&cipher_suite, alg); - psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); - psa_pake_cs_set_hash(&cipher_suite, hash_alg); - - mbedtls_test_driver_pake_hooks.forced_status = forced_status; - - TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), - expected_status); - - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 1); -exit: - /* - * Key attributes may have been returned by psa_get_key_attributes() - * thus reset them as required. - */ - psa_reset_key_attributes(&attributes); - psa_destroy_key(key); - mbedtls_test_driver_pake_hooks = - mbedtls_test_driver_pake_hooks_init(); - PSA_DONE(); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void pake_operations(data_t *pw_data, int forced_status_setup_arg, data_t *forced_output, - int forced_status_arg, int expected_status_set_user_arg, - int expected_status_set_role_arg, int expected_status_set_peer_arg, - int expected_status_set_password_arg, int expected_status_input_arg, - int expected_status_abort_arg, int expected_status_output_arg, - int expected_status_get_key_arg) +void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_status_arg, + data_t *forced_output, int expected_status_setup_arg, + int expected_status_input_arg, int expected_status_output_arg, + int expected_status_get_key_arg, int expected_status_abort_arg, + int fut) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t forced_status = forced_status_arg; psa_status_t forced_status_setup = forced_status_setup_arg; - psa_status_t expected_status_set_user = expected_status_set_user_arg; - psa_status_t expected_status_set_role = expected_status_set_role_arg; - psa_status_t expected_status_set_peer = expected_status_set_peer_arg; - psa_status_t expected_status_set_password = expected_status_set_password_arg; + psa_status_t expected_status_setup = expected_status_setup_arg; psa_status_t expected_status_input = expected_status_input_arg; - psa_status_t expected_status_abort = expected_status_abort_arg; psa_status_t expected_status_output = expected_status_output_arg; psa_status_t expected_status_get_key = expected_status_get_key_arg; + psa_status_t expected_status_abort = expected_status_abort_arg; psa_pake_operation_t operation = psa_pake_operation_init(); psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_key_type_t key_type_pw = PSA_KEY_TYPE_PASSWORD; psa_key_usage_t key_usage_pw = PSA_KEY_USAGE_DERIVE; psa_algorithm_t alg = PSA_ALG_JPAKE; psa_algorithm_t hash_alg = PSA_ALG_SHA_256; + int in_driver = 1; psa_key_derivation_operation_t implicit_key = PSA_KEY_DERIVATION_OPERATION_INIT; psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( @@ -3056,9 +3005,6 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, data_t *force PSA_ECC_FAMILY_SECP_R1, 256); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); - const unsigned char *user = (const unsigned char *) "user"; - const uint8_t peer[] = "abcd"; - uint32_t expected_hits = 1; unsigned char *input_buffer = NULL; const size_t size_key_share = PSA_PAKE_INPUT_SIZE(alg, primitive, PSA_PAKE_STEP_KEY_SHARE); @@ -3077,9 +3023,8 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, data_t *force PSA_PAKE_STEP_KEY_SHARE)); memset(output_buffer, 0x55, output_size); - /* Transparent driver is not available (fallback). */ - if (forced_status_setup == PSA_ERROR_NOT_SUPPORTED) { - expected_hits = 0; + if (forced_status_setup_arg == PSA_ERROR_NOT_SUPPORTED) { + in_driver = 0; } PSA_INIT(); @@ -3097,99 +3042,9 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, data_t *force psa_pake_cs_set_hash(&cipher_suite, hash_alg); mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; - TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), - PSA_SUCCESS); - /* --- psa_pake_set_user --- */ - mbedtls_test_driver_pake_hooks.forced_status = forced_status; - mbedtls_test_driver_pake_hooks.hits = 0; + /* Collecting input stage (no driver entry points) */ - TEST_EQUAL(psa_pake_set_user(&operation, user, 4), - expected_status_set_user); - - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); - - /* psa_pake_set_user is unsupported (after this call operation is aborted) - we need to reinitialize object. */ - if (mbedtls_test_driver_pake_hooks.forced_status == PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; - TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), - PSA_SUCCESS); - } - - /* --- psa_pake_set_peer --- */ - mbedtls_test_driver_pake_hooks.forced_status = forced_status; - mbedtls_test_driver_pake_hooks.hits = 0; - - TEST_EQUAL(psa_pake_set_peer(&operation, peer, 4), - expected_status_set_peer); - - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); - - /* psa_pake_set_user is unsupported (after this call operation is aborted) - we need to reinitialize object. */ - if (mbedtls_test_driver_pake_hooks.forced_status == PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; - TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), - PSA_SUCCESS); - } - - /* --- psa_pake_set_role --- */ - mbedtls_test_driver_pake_hooks.forced_status = forced_status; - mbedtls_test_driver_pake_hooks.hits = 0; - - TEST_EQUAL(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER), - expected_status_set_role); - - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); - - /* --- psa_pake_set_password_key --- */ - /* psa_pake_set_password_key is dispatched by location and other - functions are dispatched by operation id (set during setup). - In case of dispatching by location fallback is performed when - transparent accelerators are not supported. */ - if (forced_status_setup == PSA_ERROR_NOT_SUPPORTED) { - mbedtls_test_driver_pake_hooks.forced_status = PSA_ERROR_NOT_SUPPORTED; - expected_hits = 1; - } else { - mbedtls_test_driver_pake_hooks.forced_status = forced_status; - } - mbedtls_test_driver_pake_hooks.hits = 0; - - TEST_EQUAL(psa_pake_set_password_key(&operation, key), - expected_status_set_password); - - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); - - /* Restore expected_hits for next tests. */ - if (forced_status_setup == PSA_ERROR_NOT_SUPPORTED) { - expected_hits = 0; - } - - /* --- psa_pake_input --- */ - mbedtls_test_driver_pake_hooks.forced_status = forced_status; - mbedtls_test_driver_pake_hooks.hits = 0; - - TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, - input_buffer, size_key_share), - expected_status_input); - - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); - - /* --- psa_pake_abort --- */ - mbedtls_test_driver_pake_hooks.forced_status = forced_status; - mbedtls_test_driver_pake_hooks.hits = 0; - - TEST_EQUAL(psa_pake_abort(&operation), expected_status_abort); - - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); - - /* --- psa_pake_output --- */ - /* We need to setup pake again */ - mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; - TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS); - - mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; TEST_EQUAL(psa_pake_setup(&operation, &cipher_suite), PSA_SUCCESS); @@ -3199,35 +3054,98 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, data_t *force TEST_EQUAL(psa_pake_set_password_key(&operation, key), PSA_SUCCESS); - mbedtls_test_driver_pake_hooks.forced_status = forced_status; - mbedtls_test_driver_pake_hooks.hits = 0; + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); - if (forced_output->len > 0) { - mbedtls_test_driver_pake_hooks.forced_output = forced_output->x; - mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len; + /* Computation stage (driver entry points) */ + + switch (fut) { + case 0: /* setup (via input) */ + /* --- psa_pake_input (driver: setup, input) --- */ + mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + mbedtls_test_driver_pake_hooks.hits = 0; + TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, + input_buffer, size_key_share), + expected_status_setup); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 1); + break; + + case 1: /* setup (via output) */ + /* --- psa_pake_input (driver: setup, input) --- */ + mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + mbedtls_test_driver_pake_hooks.hits = 0; + TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, + input_buffer, size_key_share), + expected_status_setup); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 1); + break; + + case 2: /* input */ + /* --- psa_pake_input (driver: setup, input) --- */ + mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + mbedtls_test_driver_pake_hooks.hits = 0; + TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, + input_buffer, size_key_share), + expected_status_input); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, in_driver ? 2 : 1); + break; + + case 3: /* output */ + /* --- psa_pake_input (driver: setup, output) --- */ + mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + mbedtls_test_driver_pake_hooks.hits = 0; + if (forced_output->len > 0) { + mbedtls_test_driver_pake_hooks.forced_output = forced_output->x; + mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len; + } + TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, + output_buffer, output_size, &output_len), + expected_status_output); + + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, in_driver ? 2 : 1); + if (forced_output->len > 0) { + TEST_EQUAL(output_len, forced_output->len); + TEST_EQUAL(memcmp(output_buffer, forced_output->x, output_len), 0); + } + break; + + case 4: /* get_implicit_key */ + /* Call driver setup indirectly */ + TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, + input_buffer, size_key_share), + PSA_SUCCESS); + + /* --- psa_pake_get_implicit_key --- */ + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + mbedtls_test_driver_pake_hooks.hits = 0; + TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key), + expected_status_get_key); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 1); + + break; + + case 5: /* abort */ + /* Call driver setup indirectly */ + TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, + input_buffer, size_key_share), + PSA_SUCCESS); + + /* --- psa_pake_abort --- */ + mbedtls_test_driver_pake_hooks.forced_status = forced_status; + mbedtls_test_driver_pake_hooks.hits = 0; + TEST_EQUAL(psa_pake_abort(&operation), expected_status_abort); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 1); + break; + + default: + break; } - TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, - output_buffer, output_size, &output_len), - expected_status_output); - - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); - - if (forced_output->len > 0) { - TEST_EQUAL(output_len, forced_output->len); - TEST_EQUAL(memcmp(output_buffer, forced_output->x, output_len), 0); - } - - /* --- psa_pake_get_implicit_key --- */ - mbedtls_test_driver_pake_hooks.forced_status = forced_status; - mbedtls_test_driver_pake_hooks.hits = 0; - - TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key), - expected_status_get_key); - - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, expected_hits); - /* Clean up */ + mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_SUCCESS; mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; TEST_EQUAL(psa_pake_abort(&operation), PSA_SUCCESS); exit: @@ -3265,7 +3183,12 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, pake_in_driver = in_driver; mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; mbedtls_test_driver_pake_hooks.hits = 0; - pake_expected_hit_count = 1; + /* driver setup is called indirectly through pake_output/pake_input */ + if (pake_in_driver) { + pake_expected_hit_count = 2; + } else { + pake_expected_hit_count = 1; + } PSA_INIT(); @@ -3293,49 +3216,23 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, } if (!pake_in_driver) { - mbedtls_test_driver_pake_hooks.forced_status = PSA_ERROR_NOT_SUPPORTED; + mbedtls_test_driver_pake_hooks.forced_setup_status = PSA_ERROR_NOT_SUPPORTED; } PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, pake_expected_hit_count++); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, pake_expected_hit_count++); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); - /* Restore forced status and adjust pake_expected_hit_count */ - mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; - if (!pake_in_driver) { - pake_expected_hit_count--; - } PSA_ASSERT(psa_pake_set_role(&server, PSA_PAKE_ROLE_SERVER)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, - pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); PSA_ASSERT(psa_pake_set_role(&client, PSA_PAKE_ROLE_CLIENT)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, - pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); - - /* psa_pake_set_password_key is dispatched by location and other - functions are dispatched by operation id (set during setup). - In case of dispatching by location fallback is performed when - transparent accelerators are not supported. We need to also adjust - expected hit counter. */ - if (!pake_in_driver) { - mbedtls_test_driver_pake_hooks.forced_status = PSA_ERROR_NOT_SUPPORTED; - pake_expected_hit_count++; - } - + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); PSA_ASSERT(psa_pake_set_password_key(&server, key)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, - pake_expected_hit_count++); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); PSA_ASSERT(psa_pake_set_password_key(&client, key)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, - pake_expected_hit_count++); - - /* Restore forced status and adjust pake_expected_hit_count */ - mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; - if (!pake_in_driver) { - pake_expected_hit_count--; - } + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); /* First round */ ecjpake_do_round(alg, primitive_arg, &server, &client, From be5e27b5ad46147a3ba69a035a528308f8104d7c Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 14 Dec 2022 08:54:54 +0100 Subject: [PATCH 235/440] Remove redundant code Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4742c3cae..273d248af 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7196,7 +7196,6 @@ psa_status_t psa_pake_setup( return PSA_ERROR_INVALID_ARGUMENT; } - ; memset(&operation->data.inputs, 0, sizeof(operation->data.inputs)); operation->data.inputs.alg = cipher_suite->algorithm; @@ -7233,7 +7232,6 @@ psa_status_t psa_pake_set_password_key( }; psa_key_type_t type = psa_get_key_type(&attributes); - psa_key_usage_t usage = psa_get_key_usage_flags(&attributes); if (type != PSA_KEY_TYPE_PASSWORD && type != PSA_KEY_TYPE_PASSWORD_HASH) { @@ -7241,11 +7239,6 @@ psa_status_t psa_pake_set_password_key( goto error; } - if ((usage & PSA_KEY_USAGE_DERIVE) == 0) { - status = PSA_ERROR_NOT_PERMITTED; - goto error; - } - operation->data.inputs.password = mbedtls_calloc(1, slot->key.bytes); if (operation->data.inputs.password == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; From e12ed36a6ce40cc5d0a94137443bdeb7fce1145d Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 21 Dec 2022 12:54:46 +0100 Subject: [PATCH 236/440] Move JPAKE state machine logic from driver to core - Add `alg` and `computation_stage` to `psa_pake_operation_s`. Now when logic is moved to core information about `alg` is required. `computation_stage` is a structure that provides a union of computation stages for pake algorithms. - Move the jpake operation logic from driver to core. This requires changing driver entry points for `psa_pake_output`/`psa_pake_input` functions and adding a `computation_stage` parameter. I'm not sure if this solution is correct. Now the driver can check the current computation stage and perform some action. For jpake drivers `step` parameter is now not used, but I think it needs to stay as it might be needed for other pake algorithms. - Removed test that seems to be redundant as we can't be sure that operation is aborted after failure. Signed-off-by: Przemek Stekiel --- include/psa/crypto_builtin_composites.h | 5 +- include/psa/crypto_extra.h | 56 ++- library/psa_crypto.c | 324 ++++++++++++++- library/psa_crypto_driver_wrappers.h | 2 + library/psa_crypto_pake.c | 375 +++++------------- library/psa_crypto_pake.h | 4 + .../psa_crypto_driver_wrappers.c.jinja | 20 +- tests/include/test/drivers/pake.h | 4 + tests/src/drivers/test_driver_pake.c | 25 +- tests/suites/test_suite_psa_crypto_pake.data | 8 - 10 files changed, 500 insertions(+), 323 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 295452c8c..3221a6423 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -195,11 +195,8 @@ typedef struct { typedef struct { psa_algorithm_t MBEDTLS_PRIVATE(alg); - unsigned int MBEDTLS_PRIVATE(state); - unsigned int MBEDTLS_PRIVATE(sequence); + #if defined(MBEDTLS_PSA_BUILTIN_PAKE) - unsigned int MBEDTLS_PRIVATE(input_step); - unsigned int MBEDTLS_PRIVATE(output_step); uint8_t *MBEDTLS_PRIVATE(password); size_t MBEDTLS_PRIVATE(password_len); uint8_t MBEDTLS_PRIVATE(role); diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 4fa273d31..1678228d3 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1292,6 +1292,12 @@ typedef struct psa_pake_operation_s psa_pake_operation_t; /** The type of input values for PAKE operations. */ typedef struct psa_crypto_driver_pake_inputs_s psa_crypto_driver_pake_inputs_t; +/** The type of compuatation stage for PAKE operations. */ +typedef struct psa_pake_computation_stage_s psa_pake_computation_stage_t; + +/** The type of compuatation stage for J-PAKE operations. */ +typedef struct psa_jpake_computation_stage_s psa_jpake_computation_stage_t; + /** Return an initial value for a PAKE operation object. */ static psa_pake_operation_t psa_pake_operation_init(void); @@ -1832,7 +1838,8 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); /** Returns a suitable initializer for a PAKE operation object of type * psa_pake_operation_t. */ -#define PSA_PAKE_OPERATION_INIT { 0, PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS, { 0 } } +#define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS, \ + { { 0 } }, { 0 } } struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; @@ -1904,7 +1911,6 @@ static inline void psa_pake_cs_set_hash(psa_pake_cipher_suite_t *cipher_suite, } struct psa_crypto_driver_pake_inputs_s { - psa_algorithm_t MBEDTLS_PRIVATE(alg); uint8_t *MBEDTLS_PRIVATE(password); size_t MBEDTLS_PRIVATE(password_len); psa_pake_role_t MBEDTLS_PRIVATE(role); @@ -1912,6 +1918,48 @@ struct psa_crypto_driver_pake_inputs_s { psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite); }; +enum psa_jpake_step { + PSA_PAKE_STEP_INVALID = 0, + PSA_PAKE_STEP_X1_X2 = 1, + PSA_PAKE_STEP_X2S = 2, + PSA_PAKE_STEP_DERIVE = 3, +}; + +enum psa_jpake_state { + PSA_PAKE_STATE_INVALID = 0, + PSA_PAKE_STATE_SETUP = 1, + PSA_PAKE_STATE_READY = 2, + PSA_PAKE_OUTPUT_X1_X2 = 3, + PSA_PAKE_OUTPUT_X2S = 4, + PSA_PAKE_INPUT_X1_X2 = 5, + PSA_PAKE_INPUT_X4S = 6, +}; + +enum psa_jpake_sequence { + PSA_PAKE_SEQ_INVALID = 0, + PSA_PAKE_X1_STEP_KEY_SHARE = 1, /* also X2S & X4S KEY_SHARE */ + PSA_PAKE_X1_STEP_ZK_PUBLIC = 2, /* also X2S & X4S ZK_PUBLIC */ + PSA_PAKE_X1_STEP_ZK_PROOF = 3, /* also X2S & X4S ZK_PROOF */ + PSA_PAKE_X2_STEP_KEY_SHARE = 4, + PSA_PAKE_X2_STEP_ZK_PUBLIC = 5, + PSA_PAKE_X2_STEP_ZK_PROOF = 6, + PSA_PAKE_SEQ_END = 7, +}; + +struct psa_jpake_computation_stage_s { + unsigned int MBEDTLS_PRIVATE(state); + unsigned int MBEDTLS_PRIVATE(sequence); + unsigned int MBEDTLS_PRIVATE(input_step); + unsigned int MBEDTLS_PRIVATE(output_step); +}; + +struct psa_pake_computation_stage_s { + union { + unsigned dummy; + psa_jpake_computation_stage_t MBEDTLS_PRIVATE(jpake_computation_stage); + } MBEDTLS_PRIVATE(data); +}; + struct psa_pake_operation_s { /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping @@ -1920,10 +1968,14 @@ struct psa_pake_operation_s { * ID value zero means the context is not valid or not assigned to * any driver (i.e. none of the driver contexts are active). */ unsigned int MBEDTLS_PRIVATE(id); + /* Algorithm used for PAKE operation */ + psa_algorithm_t MBEDTLS_PRIVATE(alg); /* Based on stage (collecting inputs/computation) we select active structure of data union. * While switching stage (when driver setup is called) collected inputs are copied to the corresponding operation context. */ uint8_t MBEDTLS_PRIVATE(stage); + /* Holds computation stage of the PAKE algorithms. */ + psa_pake_computation_stage_t MBEDTLS_PRIVATE(computation_stage); union { unsigned dummy; psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 273d248af..66ecc0643 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7180,11 +7180,14 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) { + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { return PSA_ERROR_BAD_STATE; } - if (operation->data.inputs.alg != PSA_ALG_NONE) { + if (operation->alg != PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } @@ -7198,9 +7201,16 @@ psa_status_t psa_pake_setup( memset(&operation->data.inputs, 0, sizeof(operation->data.inputs)); - operation->data.inputs.alg = cipher_suite->algorithm; + operation->alg = cipher_suite->algorithm; operation->data.inputs.cipher_suite = *cipher_suite; + if (operation->alg == PSA_ALG_JPAKE) { + computation_stage->state = PSA_PAKE_STATE_SETUP; + computation_stage->sequence = PSA_PAKE_SEQ_INVALID; + computation_stage->input_step = PSA_PAKE_STEP_X1_X2; + computation_stage->output_step = PSA_PAKE_STEP_X1_X2; + } + return PSA_SUCCESS; } @@ -7216,7 +7226,7 @@ psa_status_t psa_pake_set_password_key( return PSA_ERROR_BAD_STATE; } - if (operation->data.inputs.alg == PSA_ALG_NONE) { + if (operation->alg == PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } @@ -7241,7 +7251,8 @@ psa_status_t psa_pake_set_password_key( operation->data.inputs.password = mbedtls_calloc(1, slot->key.bytes); if (operation->data.inputs.password == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto error; } memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes); @@ -7264,7 +7275,7 @@ psa_status_t psa_pake_set_user( return PSA_ERROR_BAD_STATE; } - if (operation->data.inputs.alg == PSA_ALG_NONE) { + if (operation->alg == PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } @@ -7286,7 +7297,7 @@ psa_status_t psa_pake_set_peer( return PSA_ERROR_BAD_STATE; } - if (operation->data.inputs.alg == PSA_ALG_NONE) { + if (operation->alg == PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } @@ -7305,7 +7316,7 @@ psa_status_t psa_pake_set_role( return PSA_ERROR_BAD_STATE; } - if (operation->data.inputs.alg == PSA_ALG_NONE) { + if (operation->alg == PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } @@ -7322,6 +7333,98 @@ psa_status_t psa_pake_set_role( return PSA_SUCCESS; } +static psa_status_t psa_jpake_output_prologue( + psa_pake_operation_t *operation, + psa_pake_step_t step) +{ + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; + + if (computation_stage->state == PSA_PAKE_STATE_INVALID) { + return PSA_ERROR_BAD_STATE; + } + + if (step != PSA_PAKE_STEP_KEY_SHARE && + step != PSA_PAKE_STEP_ZK_PUBLIC && + step != PSA_PAKE_STEP_ZK_PROOF) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (computation_stage->state != PSA_PAKE_STATE_READY && + computation_stage->state != PSA_PAKE_OUTPUT_X1_X2 && + computation_stage->state != PSA_PAKE_OUTPUT_X2S) { + return PSA_ERROR_BAD_STATE; + } + + if (computation_stage->state == PSA_PAKE_STATE_READY) { + if (step != PSA_PAKE_STEP_KEY_SHARE) { + return PSA_ERROR_BAD_STATE; + } + + switch (computation_stage->output_step) { + case PSA_PAKE_STEP_X1_X2: + computation_stage->state = PSA_PAKE_OUTPUT_X1_X2; + break; + case PSA_PAKE_STEP_X2S: + computation_stage->state = PSA_PAKE_OUTPUT_X2S; + break; + default: + return PSA_ERROR_BAD_STATE; + } + + computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; + } + + /* Check if step matches current sequence */ + switch (computation_stage->sequence) { + case PSA_PAKE_X1_STEP_KEY_SHARE: + case PSA_PAKE_X2_STEP_KEY_SHARE: + if (step != PSA_PAKE_STEP_KEY_SHARE) { + return PSA_ERROR_BAD_STATE; + } + break; + + case PSA_PAKE_X1_STEP_ZK_PUBLIC: + case PSA_PAKE_X2_STEP_ZK_PUBLIC: + if (step != PSA_PAKE_STEP_ZK_PUBLIC) { + return PSA_ERROR_BAD_STATE; + } + break; + + case PSA_PAKE_X1_STEP_ZK_PROOF: + case PSA_PAKE_X2_STEP_ZK_PROOF: + if (step != PSA_PAKE_STEP_ZK_PROOF) { + return PSA_ERROR_BAD_STATE; + } + break; + + default: + return PSA_ERROR_BAD_STATE; + } + + return PSA_SUCCESS; +} + +static psa_status_t psa_jpake_output_epilogue( + psa_pake_operation_t *operation) +{ + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; + + if ((computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && + computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || + (computation_stage->state == PSA_PAKE_OUTPUT_X2S && + computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { + computation_stage->state = PSA_PAKE_STATE_READY; + computation_stage->output_step++; + computation_stage->sequence = PSA_PAKE_SEQ_INVALID; + } else { + computation_stage->sequence++; + } + + return PSA_SUCCESS; +} + psa_status_t psa_pake_output( psa_pake_operation_t *operation, psa_pake_step_t step, @@ -7330,9 +7433,11 @@ psa_status_t psa_pake_output( size_t *output_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - if (operation->data.inputs.alg == PSA_ALG_NONE || + if (operation->alg == PSA_ALG_NONE || operation->data.inputs.password_len == 0 || operation->data.inputs.role == PSA_PAKE_ROLE_NONE) { return PSA_ERROR_BAD_STATE; @@ -7343,6 +7448,12 @@ psa_status_t psa_pake_output( if (status == PSA_SUCCESS) { operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; + if (operation->alg == PSA_ALG_JPAKE) { + computation_stage->state = PSA_PAKE_STATE_READY; + computation_stage->sequence = PSA_PAKE_SEQ_INVALID; + computation_stage->input_step = PSA_PAKE_STEP_X1_X2; + computation_stage->output_step = PSA_PAKE_STEP_X1_X2; + } } else { return status; } @@ -7360,10 +7471,140 @@ psa_status_t psa_pake_output( return PSA_ERROR_INVALID_ARGUMENT; } - return psa_driver_wrapper_pake_output(operation, step, output, - output_size, output_length); + switch (operation->alg) { + case PSA_ALG_JPAKE: + status = psa_jpake_output_prologue(operation, step); + if (status != PSA_SUCCESS) { + return status; + } + break; + default: + return PSA_ERROR_NOT_SUPPORTED; + } + + status = psa_driver_wrapper_pake_output(operation, step, + &operation->computation_stage, + output, output_size, output_length); + + if (status != PSA_SUCCESS) { + return status; + } + + switch (operation->alg) { + case PSA_ALG_JPAKE: + status = psa_jpake_output_epilogue(operation); + if (status != PSA_SUCCESS) { + return status; + } + break; + default: + return PSA_ERROR_NOT_SUPPORTED; + } + + return status; } +static psa_status_t psa_jpake_input_prologue( + psa_pake_operation_t *operation, + psa_pake_step_t step, + size_t input_length) +{ + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; + + if (computation_stage->state == PSA_PAKE_STATE_INVALID) { + return PSA_ERROR_BAD_STATE; + } + + if (step != PSA_PAKE_STEP_KEY_SHARE && + step != PSA_PAKE_STEP_ZK_PUBLIC && + step != PSA_PAKE_STEP_ZK_PROOF) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256); + if (input_length > (size_t) PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, prim, step)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (computation_stage->state != PSA_PAKE_STATE_READY && + computation_stage->state != PSA_PAKE_INPUT_X1_X2 && + computation_stage->state != PSA_PAKE_INPUT_X4S) { + return PSA_ERROR_BAD_STATE; + } + + if (computation_stage->state == PSA_PAKE_STATE_READY) { + if (step != PSA_PAKE_STEP_KEY_SHARE) { + return PSA_ERROR_BAD_STATE; + } + + switch (computation_stage->input_step) { + case PSA_PAKE_STEP_X1_X2: + computation_stage->state = PSA_PAKE_INPUT_X1_X2; + break; + case PSA_PAKE_STEP_X2S: + computation_stage->state = PSA_PAKE_INPUT_X4S; + break; + default: + return PSA_ERROR_BAD_STATE; + } + + computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; + } + + /* Check if step matches current sequence */ + switch (computation_stage->sequence) { + case PSA_PAKE_X1_STEP_KEY_SHARE: + case PSA_PAKE_X2_STEP_KEY_SHARE: + if (step != PSA_PAKE_STEP_KEY_SHARE) { + return PSA_ERROR_BAD_STATE; + } + break; + + case PSA_PAKE_X1_STEP_ZK_PUBLIC: + case PSA_PAKE_X2_STEP_ZK_PUBLIC: + if (step != PSA_PAKE_STEP_ZK_PUBLIC) { + return PSA_ERROR_BAD_STATE; + } + break; + + case PSA_PAKE_X1_STEP_ZK_PROOF: + case PSA_PAKE_X2_STEP_ZK_PROOF: + if (step != PSA_PAKE_STEP_ZK_PROOF) { + return PSA_ERROR_BAD_STATE; + } + break; + + default: + return PSA_ERROR_BAD_STATE; + } + + return PSA_SUCCESS; +} + + +static psa_status_t psa_jpake_input_epilogue( + psa_pake_operation_t *operation) +{ + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; + + if ((computation_stage->state == PSA_PAKE_INPUT_X1_X2 && + computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || + (computation_stage->state == PSA_PAKE_INPUT_X4S && + computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { + computation_stage->state = PSA_PAKE_STATE_READY; + computation_stage->input_step++; + computation_stage->sequence = PSA_PAKE_SEQ_INVALID; + } else { + computation_stage->sequence++; + } + + return PSA_SUCCESS; +} + + psa_status_t psa_pake_input( psa_pake_operation_t *operation, psa_pake_step_t step, @@ -7371,9 +7612,11 @@ psa_status_t psa_pake_input( size_t input_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - if (operation->data.inputs.alg == PSA_ALG_NONE || + if (operation->alg == PSA_ALG_NONE || operation->data.inputs.password_len == 0 || operation->data.inputs.role == PSA_PAKE_ROLE_NONE) { return PSA_ERROR_BAD_STATE; @@ -7384,6 +7627,12 @@ psa_status_t psa_pake_input( if (status == PSA_SUCCESS) { operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; + if (operation->alg == PSA_ALG_JPAKE) { + computation_stage->state = PSA_PAKE_STATE_READY; + computation_stage->sequence = PSA_PAKE_SEQ_INVALID; + computation_stage->input_step = PSA_PAKE_STEP_X1_X2; + computation_stage->output_step = PSA_PAKE_STEP_X1_X2; + } } else { return status; } @@ -7401,8 +7650,37 @@ psa_status_t psa_pake_input( return PSA_ERROR_INVALID_ARGUMENT; } - return psa_driver_wrapper_pake_input(operation, step, input, - input_length); + switch (operation->alg) { + case PSA_ALG_JPAKE: + status = psa_jpake_input_prologue(operation, step, input_length); + if (status != PSA_SUCCESS) { + return status; + } + break; + default: + return PSA_ERROR_NOT_SUPPORTED; + } + + status = psa_driver_wrapper_pake_input(operation, step, + &operation->computation_stage, + input, input_length); + + if (status != PSA_SUCCESS) { + return status; + } + + switch (operation->alg) { + case PSA_ALG_JPAKE: + status = psa_jpake_input_epilogue(operation); + if (status != PSA_SUCCESS) { + return status; + } + break; + default: + return PSA_ERROR_NOT_SUPPORTED; + } + + return status; } psa_status_t psa_pake_get_implicit_key( @@ -7412,11 +7690,20 @@ psa_status_t psa_pake_get_implicit_key( psa_status_t status = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; uint8_t shared_key[MBEDTLS_PSA_PAKE_BUFFER_SIZE]; size_t shared_key_len = 0; + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; if (operation->id == 0) { return PSA_ERROR_BAD_STATE; } + if (operation->alg == PSA_ALG_JPAKE) { + if (computation_stage->input_step != PSA_PAKE_STEP_DERIVE || + computation_stage->output_step != PSA_PAKE_STEP_DERIVE) { + return PSA_ERROR_BAD_STATE; + } + } + status = psa_driver_wrapper_pake_get_implicit_key(operation, shared_key, &shared_key_len); @@ -7436,18 +7723,29 @@ psa_status_t psa_pake_get_implicit_key( mbedtls_platform_zeroize(shared_key, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + psa_pake_abort(operation); + return status; } psa_status_t psa_pake_abort( psa_pake_operation_t *operation) { + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; + /* If we are in collecting inputs stage clear inputs. */ if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { mbedtls_free(operation->data.inputs.password); memset(&operation->data.inputs, 0, sizeof(psa_crypto_driver_pake_inputs_t)); return PSA_SUCCESS; } + if (operation->alg == PSA_ALG_JPAKE) { + computation_stage->input_step = PSA_PAKE_STEP_INVALID; + computation_stage->output_step = PSA_PAKE_STEP_INVALID; + computation_stage->state = PSA_PAKE_STATE_INVALID; + computation_stage->sequence = PSA_PAKE_SEQ_INVALID; + } return psa_driver_wrapper_pake_abort(operation); } diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index abaabb544..ac17be4e3 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -422,6 +422,7 @@ psa_status_t psa_driver_wrapper_pake_setup( psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, uint8_t *output, size_t output_size, size_t *output_length); @@ -429,6 +430,7 @@ psa_status_t psa_driver_wrapper_pake_output( psa_status_t psa_driver_wrapper_pake_input( psa_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, const uint8_t *input, size_t input_length); diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 3a710dc60..3d5b57d29 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -79,23 +79,6 @@ * psa_pake_abort() */ -enum psa_pake_step { - PSA_PAKE_STEP_INVALID = 0, - PSA_PAKE_STEP_X1_X2 = 1, - PSA_PAKE_STEP_X2S = 2, - PSA_PAKE_STEP_DERIVE = 3, -}; - -enum psa_pake_state { - PSA_PAKE_STATE_INVALID = 0, - PSA_PAKE_STATE_SETUP = 1, - PSA_PAKE_STATE_READY = 2, - PSA_PAKE_OUTPUT_X1_X2 = 3, - PSA_PAKE_OUTPUT_X2S = 4, - PSA_PAKE_INPUT_X1_X2 = 5, - PSA_PAKE_INPUT_X4S = 6, -}; - /* * The first PAKE step shares the same sequences of the second PAKE step * but with a second set of KEY_SHARE/ZK_PUBLIC/ZK_PROOF outputs/inputs. @@ -157,16 +140,6 @@ enum psa_pake_state { * psa_pake_get_implicit_key() * => Input & Output Step = PSA_PAKE_STEP_INVALID */ -enum psa_pake_sequence { - PSA_PAKE_SEQ_INVALID = 0, - PSA_PAKE_X1_STEP_KEY_SHARE = 1, /* also X2S & X4S KEY_SHARE */ - PSA_PAKE_X1_STEP_ZK_PUBLIC = 2, /* also X2S & X4S ZK_PUBLIC */ - PSA_PAKE_X1_STEP_ZK_PROOF = 3, /* also X2S & X4S ZK_PROOF */ - PSA_PAKE_X2_STEP_KEY_SHARE = 4, - PSA_PAKE_X2_STEP_ZK_PUBLIC = 5, - PSA_PAKE_X2_STEP_ZK_PROOF = 6, - PSA_PAKE_SEQ_END = 7, -}; #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t mbedtls_ecjpake_to_psa_error(int ret) @@ -190,65 +163,6 @@ static psa_status_t mbedtls_ecjpake_to_psa_error(int ret) } #endif -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) -psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, - const psa_crypto_driver_pake_inputs_t *inputs) -{ - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - - uint8_t *password = inputs->password; - size_t password_len = inputs->password_len; - psa_pake_role_t role = inputs->role; - psa_pake_cipher_suite_t cipher_suite = inputs->cipher_suite; - - memset(operation, 0, sizeof(mbedtls_psa_pake_operation_t)); - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) - if (cipher_suite.algorithm == PSA_ALG_JPAKE) { - if (cipher_suite.type != PSA_PAKE_PRIMITIVE_TYPE_ECC || - cipher_suite.family != PSA_ECC_FAMILY_SECP_R1 || - cipher_suite.bits != 256 || - cipher_suite.hash != PSA_ALG_SHA_256) { - status = PSA_ERROR_NOT_SUPPORTED; - goto error; - } - - if (role != PSA_PAKE_ROLE_CLIENT && - role != PSA_PAKE_ROLE_SERVER) { - status = PSA_ERROR_NOT_SUPPORTED; - goto error; - } - - mbedtls_ecjpake_init(&operation->ctx.pake); - - operation->state = PSA_PAKE_STATE_SETUP; - operation->sequence = PSA_PAKE_SEQ_INVALID; - operation->input_step = PSA_PAKE_STEP_X1_X2; - operation->output_step = PSA_PAKE_STEP_X1_X2; - operation->password_len = password_len; - operation->password = password; - operation->role = role; - operation->alg = cipher_suite.algorithm; - - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); - operation->buffer_length = 0; - operation->buffer_offset = 0; - - return PSA_SUCCESS; - } else -#else - (void) operation; - (void) inputs; -#endif - { status = PSA_ERROR_NOT_SUPPORTED; } - -error: - mbedtls_free(password); - mbedtls_psa_pake_abort(operation); - return status; -} - - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operation) { @@ -283,31 +197,84 @@ static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operati return mbedtls_ecjpake_to_psa_error(ret); } - operation->state = PSA_PAKE_STATE_READY; - return PSA_SUCCESS; } + +psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, + const psa_crypto_driver_pake_inputs_t *inputs) +{ + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + + uint8_t *password = inputs->password; + size_t password_len = inputs->password_len; + psa_pake_role_t role = inputs->role; + psa_pake_cipher_suite_t cipher_suite = inputs->cipher_suite; + + memset(operation, 0, sizeof(mbedtls_psa_pake_operation_t)); + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) + if (cipher_suite.algorithm == PSA_ALG_JPAKE) { + if (cipher_suite.type != PSA_PAKE_PRIMITIVE_TYPE_ECC || + cipher_suite.family != PSA_ECC_FAMILY_SECP_R1 || + cipher_suite.bits != 256 || + cipher_suite.hash != PSA_ALG_SHA_256) { + status = PSA_ERROR_NOT_SUPPORTED; + goto error; + } + + if (role != PSA_PAKE_ROLE_CLIENT && + role != PSA_PAKE_ROLE_SERVER) { + status = PSA_ERROR_NOT_SUPPORTED; + goto error; + } + + mbedtls_ecjpake_init(&operation->ctx.pake); + + operation->password_len = password_len; + operation->password = password; + operation->role = role; + operation->alg = cipher_suite.algorithm; + + mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + operation->buffer_length = 0; + operation->buffer_offset = 0; + + status = psa_pake_ecjpake_setup(operation); + + if (status != PSA_SUCCESS) { + goto error; + } + + return PSA_SUCCESS; + } else +#else + (void) operation; + (void) inputs; #endif + { status = PSA_ERROR_NOT_SUPPORTED; } + +error: + mbedtls_free(password); + mbedtls_psa_pake_abort(operation); + return status; +} static psa_status_t mbedtls_psa_pake_output_internal( mbedtls_psa_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, uint8_t *output, size_t output_size, size_t *output_length) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; size_t length; + (void) step; if (operation->alg == PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } - if (operation->state == PSA_PAKE_STATE_INVALID) { - return PSA_ERROR_BAD_STATE; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) /* * The PSA CRYPTO PAKE and MbedTLS JPAKE API have a different @@ -324,74 +291,12 @@ static psa_status_t mbedtls_psa_pake_output_internal( * to return the right parts on each step. */ if (operation->alg == PSA_ALG_JPAKE) { - if (step != PSA_PAKE_STEP_KEY_SHARE && - step != PSA_PAKE_STEP_ZK_PUBLIC && - step != PSA_PAKE_STEP_ZK_PROOF) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - if (operation->state == PSA_PAKE_STATE_SETUP) { - status = psa_pake_ecjpake_setup(operation); - if (status != PSA_SUCCESS) { - return status; - } - } - - if (operation->state != PSA_PAKE_STATE_READY && - operation->state != PSA_PAKE_OUTPUT_X1_X2 && - operation->state != PSA_PAKE_OUTPUT_X2S) { - return PSA_ERROR_BAD_STATE; - } - - if (operation->state == PSA_PAKE_STATE_READY) { - if (step != PSA_PAKE_STEP_KEY_SHARE) { - return PSA_ERROR_BAD_STATE; - } - - switch (operation->output_step) { - case PSA_PAKE_STEP_X1_X2: - operation->state = PSA_PAKE_OUTPUT_X1_X2; - break; - case PSA_PAKE_STEP_X2S: - operation->state = PSA_PAKE_OUTPUT_X2S; - break; - default: - return PSA_ERROR_BAD_STATE; - } - - operation->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; - } - - /* Check if step matches current sequence */ - switch (operation->sequence) { - case PSA_PAKE_X1_STEP_KEY_SHARE: - case PSA_PAKE_X2_STEP_KEY_SHARE: - if (step != PSA_PAKE_STEP_KEY_SHARE) { - return PSA_ERROR_BAD_STATE; - } - break; - - case PSA_PAKE_X1_STEP_ZK_PUBLIC: - case PSA_PAKE_X2_STEP_ZK_PUBLIC: - if (step != PSA_PAKE_STEP_ZK_PUBLIC) { - return PSA_ERROR_BAD_STATE; - } - break; - - case PSA_PAKE_X1_STEP_ZK_PROOF: - case PSA_PAKE_X2_STEP_ZK_PROOF: - if (step != PSA_PAKE_STEP_ZK_PROOF) { - return PSA_ERROR_BAD_STATE; - } - break; - - default: - return PSA_ERROR_BAD_STATE; - } + const psa_jpake_computation_stage_t *jpake_computation_stage = + &computation_stage->data.jpake_computation_stage; /* Initialize & write round on KEY_SHARE sequences */ - if (operation->state == PSA_PAKE_OUTPUT_X1_X2 && - operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE) { + if (jpake_computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && + jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_KEY_SHARE) { ret = mbedtls_ecjpake_write_round_one(&operation->ctx.pake, operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE, @@ -403,8 +308,8 @@ static psa_status_t mbedtls_psa_pake_output_internal( } operation->buffer_offset = 0; - } else if (operation->state == PSA_PAKE_OUTPUT_X2S && - operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE) { + } else if (jpake_computation_stage->state == PSA_PAKE_OUTPUT_X2S && + jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_KEY_SHARE) { ret = mbedtls_ecjpake_write_round_two(&operation->ctx.pake, operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE, @@ -429,8 +334,8 @@ static psa_status_t mbedtls_psa_pake_output_internal( * output with a length byte, even less a curve identifier, as that * information is already available. */ - if (operation->state == PSA_PAKE_OUTPUT_X2S && - operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE && + if (jpake_computation_stage->state == PSA_PAKE_OUTPUT_X2S && + jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_KEY_SHARE && operation->role == PSA_PAKE_ROLE_SERVER) { /* Skip ECParameters, with is 3 bytes (RFC 8422) */ operation->buffer_offset += 3; @@ -456,25 +361,20 @@ static psa_status_t mbedtls_psa_pake_output_internal( operation->buffer_offset += length; /* Reset buffer after ZK_PROOF sequence */ - if ((operation->state == PSA_PAKE_OUTPUT_X1_X2 && - operation->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || - (operation->state == PSA_PAKE_OUTPUT_X2S && - operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { + if ((jpake_computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && + jpake_computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || + (jpake_computation_stage->state == PSA_PAKE_OUTPUT_X2S && + jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); operation->buffer_length = 0; operation->buffer_offset = 0; - - operation->state = PSA_PAKE_STATE_READY; - operation->output_step++; - operation->sequence = PSA_PAKE_SEQ_INVALID; - } else { - operation->sequence++; } return PSA_SUCCESS; } else #else (void) step; + (void) computation_stage; (void) output; (void) output_size; (void) output_length; @@ -484,12 +384,13 @@ static psa_status_t mbedtls_psa_pake_output_internal( psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, uint8_t *output, size_t output_size, size_t *output_length) { psa_status_t status = mbedtls_psa_pake_output_internal( - operation, step, output, output_size, output_length); + operation, step, computation_stage, output, output_size, output_length); if (status != PSA_SUCCESS) { mbedtls_psa_pake_abort(operation); @@ -501,20 +402,16 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, static psa_status_t mbedtls_psa_pake_input_internal( mbedtls_psa_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, const uint8_t *input, size_t input_length) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - + (void) step; if (operation->alg == PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } - if (operation->state == PSA_PAKE_STATE_INVALID) { - return PSA_ERROR_BAD_STATE; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) /* * The PSA CRYPTO PAKE and MbedTLS JPAKE API have a different @@ -532,77 +429,8 @@ static psa_status_t mbedtls_psa_pake_input_internal( * This causes any input error to be only detected on the last step. */ if (operation->alg == PSA_ALG_JPAKE) { - if (step != PSA_PAKE_STEP_KEY_SHARE && - step != PSA_PAKE_STEP_ZK_PUBLIC && - step != PSA_PAKE_STEP_ZK_PROOF) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE( - PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256); - if (input_length > (size_t) PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, prim, step)) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - if (operation->state == PSA_PAKE_STATE_SETUP) { - status = psa_pake_ecjpake_setup(operation); - if (status != PSA_SUCCESS) { - return status; - } - } - - if (operation->state != PSA_PAKE_STATE_READY && - operation->state != PSA_PAKE_INPUT_X1_X2 && - operation->state != PSA_PAKE_INPUT_X4S) { - return PSA_ERROR_BAD_STATE; - } - - if (operation->state == PSA_PAKE_STATE_READY) { - if (step != PSA_PAKE_STEP_KEY_SHARE) { - return PSA_ERROR_BAD_STATE; - } - - switch (operation->input_step) { - case PSA_PAKE_STEP_X1_X2: - operation->state = PSA_PAKE_INPUT_X1_X2; - break; - case PSA_PAKE_STEP_X2S: - operation->state = PSA_PAKE_INPUT_X4S; - break; - default: - return PSA_ERROR_BAD_STATE; - } - - operation->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; - } - - /* Check if step matches current sequence */ - switch (operation->sequence) { - case PSA_PAKE_X1_STEP_KEY_SHARE: - case PSA_PAKE_X2_STEP_KEY_SHARE: - if (step != PSA_PAKE_STEP_KEY_SHARE) { - return PSA_ERROR_BAD_STATE; - } - break; - - case PSA_PAKE_X1_STEP_ZK_PUBLIC: - case PSA_PAKE_X2_STEP_ZK_PUBLIC: - if (step != PSA_PAKE_STEP_ZK_PUBLIC) { - return PSA_ERROR_BAD_STATE; - } - break; - - case PSA_PAKE_X1_STEP_ZK_PROOF: - case PSA_PAKE_X2_STEP_ZK_PROOF: - if (step != PSA_PAKE_STEP_ZK_PROOF) { - return PSA_ERROR_BAD_STATE; - } - break; - - default: - return PSA_ERROR_BAD_STATE; - } - + const psa_jpake_computation_stage_t *jpake_computation_stage = + &computation_stage->data.jpake_computation_stage; /* * Copy input to local buffer and format it as the Mbed TLS API * expects, i.e. as defined by draft-cragie-tls-ecjpake-01 section 7. @@ -612,8 +440,8 @@ static psa_status_t mbedtls_psa_pake_input_internal( * ECParameters structure - which means we have to prepend that when * we're a client. */ - if (operation->state == PSA_PAKE_INPUT_X4S && - operation->sequence == PSA_PAKE_X1_STEP_KEY_SHARE && + if (jpake_computation_stage->state == PSA_PAKE_INPUT_X4S && + jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_KEY_SHARE && operation->role == PSA_PAKE_ROLE_CLIENT) { /* We only support secp256r1. */ /* This is the ECParameters structure defined by RFC 8422. */ @@ -636,8 +464,8 @@ static psa_status_t mbedtls_psa_pake_input_internal( operation->buffer_length += input_length; /* Load buffer at each last round ZK_PROOF */ - if (operation->state == PSA_PAKE_INPUT_X1_X2 && - operation->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) { + if (jpake_computation_stage->state == PSA_PAKE_INPUT_X1_X2 && + jpake_computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) { ret = mbedtls_ecjpake_read_round_one(&operation->ctx.pake, operation->buffer, operation->buffer_length); @@ -648,8 +476,8 @@ static psa_status_t mbedtls_psa_pake_input_internal( if (ret != 0) { return mbedtls_ecjpake_to_psa_error(ret); } - } else if (operation->state == PSA_PAKE_INPUT_X4S && - operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF) { + } else if (jpake_computation_stage->state == PSA_PAKE_INPUT_X4S && + jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF) { ret = mbedtls_ecjpake_read_round_two(&operation->ctx.pake, operation->buffer, operation->buffer_length); @@ -662,21 +490,11 @@ static psa_status_t mbedtls_psa_pake_input_internal( } } - if ((operation->state == PSA_PAKE_INPUT_X1_X2 && - operation->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || - (operation->state == PSA_PAKE_INPUT_X4S && - operation->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { - operation->state = PSA_PAKE_STATE_READY; - operation->input_step++; - operation->sequence = PSA_PAKE_SEQ_INVALID; - } else { - operation->sequence++; - } - return PSA_SUCCESS; } else #else (void) step; + (void) computation_stage; (void) input; (void) input_length; #endif @@ -685,11 +503,12 @@ static psa_status_t mbedtls_psa_pake_input_internal( psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, const uint8_t *input, size_t input_length) { psa_status_t status = mbedtls_psa_pake_input_internal( - operation, step, input, input_length); + operation, step, computation_stage, input, input_length); if (status != PSA_SUCCESS) { mbedtls_psa_pake_abort(operation); @@ -703,18 +522,11 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( uint8_t *output, size_t *output_size) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; if (operation->alg == PSA_ALG_NONE) { return PSA_ERROR_BAD_STATE; } - if (operation->input_step != PSA_PAKE_STEP_DERIVE || - operation->output_step != PSA_PAKE_STEP_DERIVE) { - status = PSA_ERROR_BAD_STATE; - goto error; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { ret = mbedtls_ecjpake_write_shared_key(&operation->ctx.pake, @@ -740,12 +552,7 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( #else (void) output; #endif - { status = PSA_ERROR_NOT_SUPPORTED; } - -error: - mbedtls_psa_pake_abort(operation); - - return status; + { return PSA_ERROR_NOT_SUPPORTED; } } psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation) @@ -757,8 +564,6 @@ psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { - operation->input_step = PSA_PAKE_STEP_INVALID; - operation->output_step = PSA_PAKE_STEP_INVALID; if (operation->password_len > 0) { mbedtls_platform_zeroize(operation->password, operation->password_len); } @@ -774,8 +579,6 @@ psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation) #endif operation->alg = PSA_ALG_NONE; - operation->state = PSA_PAKE_STATE_INVALID; - operation->sequence = PSA_PAKE_SEQ_INVALID; return PSA_SUCCESS; } diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index 608d76aed..485c93af9 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -58,6 +58,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, * \param[in,out] operation Active PAKE operation. * \param step The step of the algorithm for which the output is * requested. + * \param computation_stage The structure that holds PAKE computation stage. * \param[out] output Buffer where the output is to be written in the * format appropriate for this \p step. Refer to * the documentation of the individual @@ -97,6 +98,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, */ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, uint8_t *output, size_t output_size, size_t *output_length); @@ -110,6 +112,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, * * \param[in,out] operation Active PAKE operation. * \param step The step for which the input is provided. + * \param computation_stage The structure that holds PAKE computation stage. * \param[in] input Buffer containing the input in the format * appropriate for this \p step. Refer to the * documentation of the individual @@ -144,6 +147,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, */ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, const uint8_t *input, size_t input_length); diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 21a3b5f91..e1a4c9ca3 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2866,6 +2866,7 @@ psa_status_t psa_driver_wrapper_pake_setup( psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, uint8_t *output, size_t output_size, size_t *output_length ) @@ -2874,7 +2875,8 @@ psa_status_t psa_driver_wrapper_pake_output( { #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step, output, + return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step, + computation_stage, output, output_size, output_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ @@ -2883,15 +2885,16 @@ psa_status_t psa_driver_wrapper_pake_output( case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_output( &operation->data.ctx.transparent_test_driver_ctx, - step, output, output_size, output_length ) ); + step, computation_stage, output, output_size, output_length ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_output( &operation->data.ctx.opaque_test_driver_ctx, - step, output, output_size, output_length ) ); + step, computation_stage, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) step; + (void) computation_stage; (void) output; (void) output_size; (void) output_length; @@ -2902,6 +2905,7 @@ psa_status_t psa_driver_wrapper_pake_output( psa_status_t psa_driver_wrapper_pake_input( psa_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, const uint8_t *input, size_t input_length ) { @@ -2910,7 +2914,8 @@ psa_status_t psa_driver_wrapper_pake_input( #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx, - step, input, input_length ) ); + step, computation_stage, input, + input_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -2918,15 +2923,18 @@ psa_status_t psa_driver_wrapper_pake_input( case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_input( &operation->data.ctx.transparent_test_driver_ctx, - step, input, input_length ) ); + step, computation_stage, + input, input_length ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_input( &operation->data.ctx.opaque_test_driver_ctx, - step, input, input_length ) ); + step, computation_stage, + input, input_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) step; + (void) computation_stage; (void) input; (void) input_length; return( PSA_ERROR_INVALID_ARGUMENT ); diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index 041229601..1f530081a 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -58,6 +58,7 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, uint8_t *output, size_t output_size, size_t *output_length); @@ -65,6 +66,7 @@ psa_status_t mbedtls_test_transparent_pake_output( psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, const uint8_t *input, size_t input_length); @@ -102,6 +104,7 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, uint8_t *output, size_t output_size, size_t *output_length); @@ -109,6 +112,7 @@ psa_status_t mbedtls_test_opaque_pake_output( psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, const uint8_t *input, size_t input_length); diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 437c4995f..21719e6d7 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -65,6 +65,7 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, uint8_t *output, size_t output_size, size_t *output_length) @@ -92,14 +93,20 @@ psa_status_t mbedtls_test_transparent_pake_output( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_output( - operation, step, output, output_size, output_length); + operation, + step, + (libtestdriver1_psa_pake_computation_stage_t *) computation_stage, + output, + output_size, + output_length); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_output( - operation, step, output, output_size, output_length); + operation, step, computation_stage, output, output_size, output_length); #else (void) operation; (void) step; + (void) computation_stage; (void) output; (void) output_size; (void) output_length; @@ -113,6 +120,7 @@ psa_status_t mbedtls_test_transparent_pake_output( psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, const uint8_t *input, size_t input_length) { @@ -126,14 +134,19 @@ psa_status_t mbedtls_test_transparent_pake_input( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_input( - operation, step, input, input_length); + operation, + step, + (libtestdriver1_psa_pake_computation_stage_t *) computation_stage, + input, + input_length); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_input( - operation, step, input, input_length); + operation, step, computation_stage, input, input_length); #else (void) operation; (void) step; + (void) computation_stage; (void) input; (void) input_length; mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; @@ -258,12 +271,14 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, uint8_t *output, size_t output_size, size_t *output_length) { (void) operation; (void) step; + (void) computation_stage; (void) output; (void) output_size; (void) output_length; @@ -274,11 +289,13 @@ psa_status_t mbedtls_test_opaque_pake_output( psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, const uint8_t *input, size_t input_length) { (void) operation; (void) step; + (void) computation_stage; (void) input; (void) input_length; return PSA_ERROR_NOT_SUPPORTED; diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 0ec16f06c..e4bb92b3c 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -70,10 +70,6 @@ PSA PAKE: input buffer too large depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_INVALID_ARGUMENT -PSA PAKE: valid input operation after a failure -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:1:ERR_INJECT_VALID_OPERATION_AFTER_FAILURE:PSA_ERROR_BAD_STATE - PSA PAKE: invalid output depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_EMPTY_IO_BUFFER:PSA_ERROR_INVALID_ARGUMENT @@ -90,10 +86,6 @@ PSA PAKE: output buffer too small depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_WRONG_BUFFER_SIZE:PSA_ERROR_BUFFER_TOO_SMALL -PSA PAKE: valid output operation after a failure -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -ecjpake_setup:PSA_ALG_JPAKE:PSA_KEY_TYPE_PASSWORD:PSA_KEY_USAGE_DERIVE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_PAKE_ROLE_SERVER:0:ERR_INJECT_VALID_OPERATION_AFTER_FAILURE:PSA_ERROR_BAD_STATE - PSA PAKE: check rounds w/o forced errors depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:0:ERR_NONE From 2797d37424fb27c1b3763544c798cfc214bd73cc Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 22 Dec 2022 11:19:22 +0100 Subject: [PATCH 237/440] Split handling of memory allocation for password between core and driver Driver is now responsible for creating its own copy of the password in the setup function. After calling pake setup driver entry point core frees memory for password. Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 88 +++++++++++++++++++++------------------ library/psa_crypto_pake.c | 9 +++- 2 files changed, 54 insertions(+), 43 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 66ecc0643..0bb751b01 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7333,6 +7333,44 @@ psa_status_t psa_pake_set_role( return PSA_SUCCESS; } +static psa_status_t psa_pake_complete_inputs( + psa_pake_operation_t *operation) +{ + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + uint8_t *password = operation->data.inputs.password; + size_t password_len = operation->data.inputs.password_len; + + if (operation->alg == PSA_ALG_NONE || + operation->data.inputs.password_len == 0 || + operation->data.inputs.role == PSA_PAKE_ROLE_NONE) { + return PSA_ERROR_BAD_STATE; + } + + status = psa_driver_wrapper_pake_setup(operation, + &operation->data.inputs); + + /* Driver is responsible for creating its own copy of the password. */ + mbedtls_platform_zeroize(password, password_len); + mbedtls_free(password); + + if (status == PSA_SUCCESS) { + operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; + if (operation->alg == PSA_ALG_JPAKE) { + computation_stage->state = PSA_PAKE_STATE_READY; + computation_stage->sequence = PSA_PAKE_SEQ_INVALID; + computation_stage->input_step = PSA_PAKE_STEP_X1_X2; + computation_stage->output_step = PSA_PAKE_STEP_X1_X2; + } + } else { + operation->data.inputs.password_len = 0; + operation->data.inputs.password = NULL; + } + + return status; +} + static psa_status_t psa_jpake_output_prologue( psa_pake_operation_t *operation, psa_pake_step_t step) @@ -7433,28 +7471,10 @@ psa_status_t psa_pake_output( size_t *output_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - if (operation->alg == PSA_ALG_NONE || - operation->data.inputs.password_len == 0 || - operation->data.inputs.role == PSA_PAKE_ROLE_NONE) { - return PSA_ERROR_BAD_STATE; - } - - status = psa_driver_wrapper_pake_setup(operation, - &operation->data.inputs); - - if (status == PSA_SUCCESS) { - operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; - if (operation->alg == PSA_ALG_JPAKE) { - computation_stage->state = PSA_PAKE_STATE_READY; - computation_stage->sequence = PSA_PAKE_SEQ_INVALID; - computation_stage->input_step = PSA_PAKE_STEP_X1_X2; - computation_stage->output_step = PSA_PAKE_STEP_X1_X2; - } - } else { + status = psa_pake_complete_inputs(operation); + if (status != PSA_SUCCESS) { return status; } } @@ -7612,28 +7632,10 @@ psa_status_t psa_pake_input( size_t input_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - if (operation->alg == PSA_ALG_NONE || - operation->data.inputs.password_len == 0 || - operation->data.inputs.role == PSA_PAKE_ROLE_NONE) { - return PSA_ERROR_BAD_STATE; - } - - status = psa_driver_wrapper_pake_setup(operation, - &operation->data.inputs); - - if (status == PSA_SUCCESS) { - operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; - if (operation->alg == PSA_ALG_JPAKE) { - computation_stage->state = PSA_PAKE_STATE_READY; - computation_stage->sequence = PSA_PAKE_SEQ_INVALID; - computation_stage->input_step = PSA_PAKE_STEP_X1_X2; - computation_stage->output_step = PSA_PAKE_STEP_X1_X2; - } - } else { + status = psa_pake_complete_inputs(operation); + if (status != PSA_SUCCESS) { return status; } } @@ -7736,7 +7738,11 @@ psa_status_t psa_pake_abort( /* If we are in collecting inputs stage clear inputs. */ if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - mbedtls_free(operation->data.inputs.password); + if (operation->data.inputs.password_len > 0) { + mbedtls_platform_zeroize(operation->data.inputs.password, + operation->data.inputs.password_len); + mbedtls_free(operation->data.inputs.password); + } memset(&operation->data.inputs, 0, sizeof(psa_crypto_driver_pake_inputs_t)); return PSA_SUCCESS; } diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 3d5b57d29..01998a6d5 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -230,8 +230,14 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, mbedtls_ecjpake_init(&operation->ctx.pake); + operation->password = mbedtls_calloc(1, password_len); + if (operation->password == NULL) { + status = PSA_ERROR_INSUFFICIENT_MEMORY; + goto error; + } + + memcpy(operation->password, password, password_len); operation->password_len = password_len; - operation->password = password; operation->role = role; operation->alg = cipher_suite.algorithm; @@ -254,7 +260,6 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, { status = PSA_ERROR_NOT_SUPPORTED; } error: - mbedtls_free(password); mbedtls_psa_pake_abort(operation); return status; } From fcd70e250f5aaad993c29ec279a2b2bc2f95d764 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 22 Dec 2022 11:22:45 +0100 Subject: [PATCH 238/440] Adapt pake driver wrapper tests for the new design Signed-off-by: Przemek Stekiel --- ..._suite_psa_crypto_driver_wrappers.function | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 2e1c626a6..0f376efe0 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -3118,6 +3118,12 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st input_buffer, size_key_share), PSA_SUCCESS); + /* Simulate that we are ready to get implicit key. */ + operation.computation_stage.data.jpake_computation_stage.input_step = + PSA_PAKE_STEP_DERIVE; + operation.computation_stage.data.jpake_computation_stage.output_step = + PSA_PAKE_STEP_DERIVE; + /* --- psa_pake_get_implicit_key --- */ mbedtls_test_driver_pake_hooks.forced_status = forced_status; mbedtls_test_driver_pake_hooks.hits = 0; @@ -3242,9 +3248,22 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, ecjpake_do_round(alg, primitive_arg, &server, &client, client_input_first, 2); + /* After get the key is obtained operation is aborted. + Adapt counter of expected hits. */ + if (pake_in_driver) { + pake_expected_hit_count++; + } + PSA_ASSERT(psa_pake_get_implicit_key(&server, &server_derive)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); + + /* After get the key is obtained operation is aborted. + Adapt counter of expected hits. */ + if (pake_in_driver) { + pake_expected_hit_count++; + } + PSA_ASSERT(psa_pake_get_implicit_key(&client, &client_derive)); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); From 9a5b812aa812032a266b111a0667b33dff0ee10b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 22 Dec 2022 13:34:47 +0100 Subject: [PATCH 239/440] Cleanup the code Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 44 +++++++++++-------- library/psa_crypto_pake.c | 19 +------- tests/scripts/all.sh | 4 +- ..._suite_psa_crypto_driver_wrappers.function | 4 +- 4 files changed, 32 insertions(+), 39 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0bb751b01..f7b0270c1 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -898,7 +898,7 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy( psa_algorithm_t alg) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_key_slot_t *slot; + psa_key_slot_t *slot = NULL; status = psa_get_and_lock_key_slot(key, p_slot); if (status != PSA_SUCCESS) { @@ -7180,9 +7180,6 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; - if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { return PSA_ERROR_BAD_STATE; } @@ -7205,6 +7202,9 @@ psa_status_t psa_pake_setup( operation->data.inputs.cipher_suite = *cipher_suite; if (operation->alg == PSA_ALG_JPAKE) { + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; + computation_stage->state = PSA_PAKE_STATE_SETUP; computation_stage->sequence = PSA_PAKE_SEQ_INVALID; computation_stage->input_step = PSA_PAKE_STEP_X1_X2; @@ -7260,7 +7260,6 @@ psa_status_t psa_pake_set_password_key( operation->data.inputs.key_lifetime = attributes.core.lifetime; error: unlock_status = psa_unlock_key_slot(slot); - return (status == PSA_SUCCESS) ? unlock_status : status; } @@ -7603,7 +7602,6 @@ static psa_status_t psa_jpake_input_prologue( return PSA_SUCCESS; } - static psa_status_t psa_jpake_input_epilogue( psa_pake_operation_t *operation) { @@ -7624,7 +7622,6 @@ static psa_status_t psa_jpake_input_epilogue( return PSA_SUCCESS; } - psa_status_t psa_pake_input( psa_pake_operation_t *operation, psa_pake_step_t step, @@ -7733,27 +7730,38 @@ psa_status_t psa_pake_get_implicit_key( psa_status_t psa_pake_abort( psa_pake_operation_t *operation) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; + psa_status_t status = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - /* If we are in collecting inputs stage clear inputs. */ - if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - if (operation->data.inputs.password_len > 0) { - mbedtls_platform_zeroize(operation->data.inputs.password, - operation->data.inputs.password_len); - mbedtls_free(operation->data.inputs.password); + if (operation->id != 0) { + status = psa_driver_wrapper_pake_abort(operation); + if (status != PSA_SUCCESS) { + return status; } - memset(&operation->data.inputs, 0, sizeof(psa_crypto_driver_pake_inputs_t)); - return PSA_SUCCESS; } + + if (operation->data.inputs.password_len > 0) { + mbedtls_platform_zeroize(operation->data.inputs.password, + operation->data.inputs.password_len); + mbedtls_free(operation->data.inputs.password); + } + + memset(&operation->data, 0, sizeof(operation->data)); + if (operation->alg == PSA_ALG_JPAKE) { + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.data.jpake_computation_stage; + computation_stage->input_step = PSA_PAKE_STEP_INVALID; computation_stage->output_step = PSA_PAKE_STEP_INVALID; computation_stage->state = PSA_PAKE_STATE_INVALID; computation_stage->sequence = PSA_PAKE_SEQ_INVALID; } - return psa_driver_wrapper_pake_abort(operation); + operation->alg = PSA_ALG_NONE; + operation->stage = PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS; + operation->id = 0; + + return PSA_SUCCESS; } #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 01998a6d5..a238147cb 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -274,11 +274,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t length; - (void) step; - - if (operation->alg == PSA_ALG_NONE) { - return PSA_ERROR_BAD_STATE; - } + (void) step; // Unused parameter #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) /* @@ -412,10 +408,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( size_t input_length) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - (void) step; - if (operation->alg == PSA_ALG_NONE) { - return PSA_ERROR_BAD_STATE; - } + (void) step; // Unused parameter #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) /* @@ -528,10 +521,6 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - if (operation->alg == PSA_ALG_NONE) { - return PSA_ERROR_BAD_STATE; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { ret = mbedtls_ecjpake_write_shared_key(&operation->ctx.pake, @@ -562,10 +551,6 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation) { - if (operation->alg == PSA_ALG_NONE) { - return PSA_SUCCESS; - } - #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e75767475..98060d720 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2524,7 +2524,7 @@ component_test_psa_crypto_config_accel_pake () { } component_test_psa_crypto_config_accel_pake_no_fallback () { - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE - no fallback" # Start with full scripts/config.py full @@ -2550,7 +2550,7 @@ component_test_psa_crypto_config_accel_pake_no_fallback () { loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE - no fallback" make test } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 0f376efe0..f718349f9 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -3248,7 +3248,7 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, ecjpake_do_round(alg, primitive_arg, &server, &client, client_input_first, 2); - /* After get the key is obtained operation is aborted. + /* After the key is obtained operation is aborted. Adapt counter of expected hits. */ if (pake_in_driver) { pake_expected_hit_count++; @@ -3258,7 +3258,7 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); - /* After get the key is obtained operation is aborted. + /* After the key is obtained operation is aborted. Adapt counter of expected hits. */ if (pake_in_driver) { pake_expected_hit_count++; From d6eb11007f30dec1c27126e84b2debdf6dfcf060 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 29 Dec 2022 13:27:51 +0100 Subject: [PATCH 240/440] Add draft documentation for the PAKE driver dispatch logic Signed-off-by: Przemek Stekiel --- docs/proposed/psa-driver-interface.md | 75 +++++++++++++++++++++++++++ 1 file changed, 75 insertions(+) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 8f02af182..7cc573d53 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -321,6 +321,81 @@ TODO: key input and output for opaque drivers; deterministic key generation for TODO +#### PAKE operation driver dispatch logic + +PSA PAKE operation structure for driver dispatch: + +``` +struct psa_pake_operation_s +{ +    /** Unique ID indicating which driver got assigned to do the +     * operation. Since driver contexts are driver-specific, swapping +     * drivers halfway through the operation is not supported. +     * ID values are auto-generated in psa_crypto_driver_wrappers.h +     * ID value zero means the context is not valid or not assigned to +     * any driver (i.e. none of the driver contexts are active). */ +    unsigned int MBEDTLS_PRIVATE(id); +    /* Algorithm used for PAKE operation */ +    psa_algorithm_t MBEDTLS_PRIVATE(alg); +    /* Based on stage (collecting inputs/computation) we select active structure of data union. +     * While switching stage (when driver setup is called) collected inputs +       are copied to the corresponding operation context. */ +    uint8_t MBEDTLS_PRIVATE(stage); +    /* Holds the computation stage of the PAKE algorithms. */ +    psa_pake_computation_stage_t MBEDTLS_PRIVATE(computation_stage); +    union { +        unsigned dummy; +        psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs); +        psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); +    } MBEDTLS_PRIVATE(data); +}; +``` + +PAKE operation is divided into two stages: `collecting inputs` and `computation`. `stage` field defines the current stage and selects the active structure of the `data` union. +The core decides whether to dispatch a PAKE operation to a driver based on the location of the provided password while calling `pake_setup` driver entry point. +The core is responsible for holding information about the current stage of computation(`computation_stage`) and provides this information to the driver. + +1. Collecting inputs stage + +The core conveys the initial inputs for a PAKE operation via an opaque data structure of type `psa_crypto_driver_pake_inputs_t`. +After calling `psa_pake_setup` the operation object is initialized and is ready to collect inputs. Driver entry point for `pake_setup` is not called at this point. It will be called later when all inputs are collected. Setter functions: `psa_pake_set_password_key`, `psa_pake_set_role`, `psa_pake_set_user`, `psa_pake_set_peer` do not have driver entry points. These functions just fill `inputs` structure. + +2. Computation stage + +First call of `psa_pake_output()` or `psa_pake_input()` switches the stage to `computation` (assuming that all inputs are collected) and calls `pake_setup` driver entry point. Driver function is responsible for coping inputs from given `inputs` structure to the driver context. Note that, after calling `pake_setup` the driver entry point, core will free memory allocated for the password. The driver is responsible for making its own copy. + +#### Driver entry points for PAKE operation + +A PAKE driver has the following entry points: +`pake_setup` (mandatory): always the first entry point to be called. This entry point provides the `inputs` that need to be copied by the driver to the driver context. +`pake_output` (mandatory): derive cryptographic material for the specified step and output it. +`pake_input` (mandatory): provides cryptographic material in the format appropriate for the specified step. +`pake_get_implicit_key` (mandatory): returns implicitly confirmed shared secret from a PAKE. +`pake_abort` (mandatory): always the last entry point to be called. + +``` +psa_status_t pake_setup( mbedtls_psa_pake_operation_t *operation, + const psa_crypto_driver_pake_inputs_t *inputs ); + +psa_status_t pake_output( mbedtls_psa_pake_operation_t *operation, + psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, + uint8_t *output, + size_t output_size, + size_t *output_length ); + +psa_status_t pake_input( mbedtls_psa_pake_operation_t *operation, + psa_pake_step_t step, + const psa_pake_computation_stage_t *computation_stage, + const uint8_t *input, + size_t input_length ); + +psa_status_t pake_get_implicit_key( mbedtls_psa_pake_operation_t *operation, + uint8_t *output, size_t *output_size ); + +psa_status_t pake_abort( mbedtls_psa_pake_operation_t * operation ); +``` + ### Driver entry points for key management The driver entry points for key management differ significantly between [transparent drivers](#key-management-with-transparent-drivers) and [opaque drivers](#key-management-with-opaque-drivers). This section describes common elements. Refer to the applicable section for each driver type for more information. From 5798003b99c03a676d1684035c1390bb1e796ea5 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 9 Jan 2023 15:07:26 +0100 Subject: [PATCH 241/440] Add enum that presents computation stage as single value Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 1678228d3..fa6ef4e54 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1946,6 +1946,21 @@ enum psa_jpake_sequence { PSA_PAKE_SEQ_END = 7, }; +enum psa_jpake_computation_state { + PSA_PAKE_X1_STEP_KEY_SHARE = 1, /* Round 1: input/output key share (for ephemeral private key X1).*/ + PSA_PAKE_X1_STEP_ZK_PUBLIC = 2, /* Round 1: input/output Schnorr NIZKP public key for the X1 key */ + PSA_PAKE_X1_STEP_ZK_PROOF = 3, /* Round 1: input/output Schnorr NIZKP proof for the X1 key */ + PSA_PAKE_X2_STEP_KEY_SHARE = 4, /* Round 1: input/output key share (for ephemeral private key X2).*/ + PSA_PAKE_X2_STEP_ZK_PUBLIC = 5, /* Round 1: input/output Schnorr NIZKP public key for the X2 key */ + PSA_PAKE_X2_STEP_ZK_PROOF = 6, /* Round 1: input/output Schnorr NIZKP proof for the X2 key */ + PSA_PAKE_X2S_STEP_KEY_SHARE = 7, /* Round 2: output X2S key (our key) */ + PSA_PAKE_X2S_STEP_ZK_PUBLIC = 8, /* Round 2: output Schnorr NIZKP public key for the X2S key (our key) */ + PSA_PAKE_X2S_STEP_ZK_PROOF = 9, /* Round 2: output Schnorr NIZKP proof for the X2S key (our key) */ + PSA_PAKE_X4S_STEP_KEY_SHARE = 10, /* Round 2: input X4S key (from peer) */ + PSA_PAKE_X4S_STEP_ZK_PUBLIC = 11, /* Round 2: input Schnorr NIZKP public key for the X4S key (from peer) */ + PSA_PAKE_X4S_STEP_ZK_PROOF = 12 /* Round 2: input Schnorr NIZKP proof for the X4S key (from peer) */ +}; + struct psa_jpake_computation_stage_s { unsigned int MBEDTLS_PRIVATE(state); unsigned int MBEDTLS_PRIVATE(sequence); From d67a5b63204e639c25d8ffac5a535cc15c2d6ac3 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 11 Jan 2023 10:28:52 +0100 Subject: [PATCH 242/440] Update PAKE driver documentation (v.2) Signed-off-by: Przemek Stekiel --- docs/proposed/psa-driver-interface.md | 193 +++++++++++++++++--------- 1 file changed, 128 insertions(+), 65 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 7cc573d53..5c7b92cbc 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -321,81 +321,144 @@ TODO: key input and output for opaque drivers; deterministic key generation for TODO -#### PAKE operation driver dispatch logic +### Driver entry points for PAKE -PSA PAKE operation structure for driver dispatch: +PAKE operation is divided into two stages: collecting inputs and computation. Core side is responsible for keeping inputs and core set-data functions do not have driver entry points. Collected inputs are available for drivers via get-data functions for `password`, `role` and `cipher_suite`. Lifetime of the inputs is limited by the lifetime of the core operation. -``` -struct psa_pake_operation_s -{ -    /** Unique ID indicating which driver got assigned to do the -     * operation. Since driver contexts are driver-specific, swapping -     * drivers halfway through the operation is not supported. -     * ID values are auto-generated in psa_crypto_driver_wrappers.h -     * ID value zero means the context is not valid or not assigned to -     * any driver (i.e. none of the driver contexts are active). */ -    unsigned int MBEDTLS_PRIVATE(id); -    /* Algorithm used for PAKE operation */ -    psa_algorithm_t MBEDTLS_PRIVATE(alg); -    /* Based on stage (collecting inputs/computation) we select active structure of data union. -     * While switching stage (when driver setup is called) collected inputs -       are copied to the corresponding operation context. */ -    uint8_t MBEDTLS_PRIVATE(stage); -    /* Holds the computation stage of the PAKE algorithms. */ -    psa_pake_computation_stage_t MBEDTLS_PRIVATE(computation_stage); -    union { -        unsigned dummy; -        psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs); -        psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); -    } MBEDTLS_PRIVATE(data); -}; -``` +### PAKE driver dispatch logic +The core decides whether to dispatch a PAKE operation to a driver based on the location of the provided password. +When all inputs are collected and `"psa_pake_output"` or `"psa_pake_input"` is called for the first time `"pake_setup"` driver entry point is invoked. -PAKE operation is divided into two stages: `collecting inputs` and `computation`. `stage` field defines the current stage and selects the active structure of the `data` union. -The core decides whether to dispatch a PAKE operation to a driver based on the location of the provided password while calling `pake_setup` driver entry point. -The core is responsible for holding information about the current stage of computation(`computation_stage`) and provides this information to the driver. +1. Lifetime of the `password` is local storage +- if there is a transparent driver available for the given configuration, the core calls that driver's `"pake_setup"` and subsequent entry points. +- if a transparent driver is not available or can not handle a given configuration, the core uses its built-in implementation. +2. Lifetime of the `password` is test driver +- the core calls opaque driver's `"pake_setup"` and subsequent entry points. -1. Collecting inputs stage - -The core conveys the initial inputs for a PAKE operation via an opaque data structure of type `psa_crypto_driver_pake_inputs_t`. -After calling `psa_pake_setup` the operation object is initialized and is ready to collect inputs. Driver entry point for `pake_setup` is not called at this point. It will be called later when all inputs are collected. Setter functions: `psa_pake_set_password_key`, `psa_pake_set_role`, `psa_pake_set_user`, `psa_pake_set_peer` do not have driver entry points. These functions just fill `inputs` structure. - -2. Computation stage - -First call of `psa_pake_output()` or `psa_pake_input()` switches the stage to `computation` (assuming that all inputs are collected) and calls `pake_setup` driver entry point. Driver function is responsible for coping inputs from given `inputs` structure to the driver context. Note that, after calling `pake_setup` the driver entry point, core will free memory allocated for the password. The driver is responsible for making its own copy. - -#### Driver entry points for PAKE operation +### Summary of entry points for PAKE A PAKE driver has the following entry points: -`pake_setup` (mandatory): always the first entry point to be called. This entry point provides the `inputs` that need to be copied by the driver to the driver context. -`pake_output` (mandatory): derive cryptographic material for the specified step and output it. -`pake_input` (mandatory): provides cryptographic material in the format appropriate for the specified step. -`pake_get_implicit_key` (mandatory): returns implicitly confirmed shared secret from a PAKE. -`pake_abort` (mandatory): always the last entry point to be called. +* `"pake_setup"` (mandatory): always the first entry point to be called. It is called when all inputs are collected and the computation stage starts. +* `"pake_output"` (mandatory): derive cryptographic material for the specified step and output it. +* `"pake_input"` (mandatory): provides cryptographic material in the format appropriate for the specified step. +* `"pake_get_implicit_key"` (mandatory): returns implicitly confirmed shared secret from a PAKE. +* `"pake_abort"` (mandatory): always the last entry point to be called. + +For naming purposes, here and in the following subsection, this specification takes the example of a driver with the prefix `"acme"` that implements the PAKE entry point family with a capability that does not use the `"names"` property to declare different type and entry point names. Such a driver must implement the following type and functions, as well as the entry points listed above and described in the following subsections: +``` +typedef ... acme_pake_operation_t; +psa_status_t acme_pake_abort( acme_pake_operation_t *operation ); +``` + +#### PAKE driver inputs + +The core conveys the initial inputs for a PAKE operation via an opaque data structure of type `psa_crypto_driver_pake_inputs_t`. ``` -psa_status_t pake_setup( mbedtls_psa_pake_operation_t *operation, - const psa_crypto_driver_pake_inputs_t *inputs ); - -psa_status_t pake_output( mbedtls_psa_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, - uint8_t *output, - size_t output_size, - size_t *output_length ); - -psa_status_t pake_input( mbedtls_psa_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, - const uint8_t *input, - size_t input_length ); - -psa_status_t pake_get_implicit_key( mbedtls_psa_pake_operation_t *operation, - uint8_t *output, size_t *output_size ); - -psa_status_t pake_abort( mbedtls_psa_pake_operation_t * operation ); +typedef ... psa_crypto_driver_pake_inputs_t; // implementation-specific type ``` +A driver receiving an argument that points to a `psa_crypto_driver_pake_inputs_t` can retrieve its contents by calling one of the get-data functions below. + +``` +psa_status_t psa_crypto_pake_get_password( +    const psa_crypto_driver_pake_inputs_t *inputs, +    uint8_t **password, +    size_t *password_len); + +psa_status_t psa_crypto_pake_get_role( +    const psa_crypto_driver_pake_inputs_t *inputs, +    psa_pake_role_t *role); + +psa_status_t psa_crypto_pake_get_cipher_suite( +    const psa_crypto_driver_pake_inputs_t *inputs, +    psa_pake_cipher_suite_t *cipher_suite); +``` +The get-data functions take the following parameters: + +The first parameter `inputs` must be a pointer passed by the core to a PAKE driver setup entry point. +Next parameters are return buffers (must not be null pointers). + +These functions can return the following statuses: +* `PSA_SUCCESS`: value has been successfully obtained +* `PSA_ERROR_BAD_STATE`: the inputs are not ready + +#### PAKE driver setup + +``` +psa_status_t acme_psa_pake_setup( acme_pake_operation_t *operation, +                                  const psa_crypto_driver_pake_inputs_t *inputs ); +``` + +* `operation` is a zero-initialized operation object. +* `inputs` is an opaque pointer to the [inputs](#pake-driver-inputs) for the PAKE operation. + +The setup driver function should preserve `inputs` for other driver functions. + +#### PAKE driver output + +``` +psa_status_t acme_pake_output(acme_pake_operation_t *operation, +                              psa_pake_computation_step_t step, +                              uint8_t *output, +                              size_t output_size, +                              size_t *output_length); +``` + +* `operation` is an operation object. +* `step` computation step based on which driver should perform an action. +* `output` buffer where the output is to be written. +* `output_size` size of the output buffer in bytes. +* `output_length` the number of bytes of the returned output. + +For `PSA_ALG_JPAKE` the following steps are available for output operation: +`step` can be one of the following values: +* `PSA_JPAKE_X1_STEP_KEY_SHARE`     Round 1: output our key share (for ephemeral private key X1) +* `PSA_JPAKE_X1_STEP_ZK_PUBLIC`     Round 1: output Schnorr NIZKP public key for the X1 key +* `PSA_JPAKE_X1_STEP_ZK_PROOF`      Round 1: output Schnorr NIZKP proof for the X1 key +* `PSA_JPAKE_X2_STEP_KEY_SHARE`     Round 1: output our key share (for ephemeral private key X2) +* `PSA_JPAKE_X2_STEP_ZK_PUBLIC`     Round 1: output Schnorr NIZKP public key for the X2 key +* `PSA_JPAKE_X2_STEP_ZK_PROOF`      Round 1: output Schnorr NIZKP proof for the X2 key +* `PSA_JPAKE_X2S_STEP_KEY_SHARE`    Round 2: output our X2S key +* `PSA_JPAKE_X2S_STEP_ZK_PUBLIC`    Round 2: output Schnorr NIZKP public key for the X2S key +* `PSA_JPAKE_X2S_STEP_ZK_PROOF`     Round 2: output Schnorr NIZKP proof for the X2S key + +#### PAKE driver input +``` +psa_status_t acme_pake_input(acme_pake_operation_t *operation, +                             psa_pake_computation_step_t step, +                             uint8_t *input, +                             size_t input_size); +``` + +* `operation` is an operation object. +* `step` computation step based on which driver should perform an action. +* `input` buffer containing the input. +* `input_length` length of the input in bytes. + +For `PSA_ALG_JPAKE` the following steps are available for input operation: +* `PSA_JPAKE_X1_STEP_KEY_SHARE`     Round 1: input key share from peer (for ephemeral private key X1) +* `PSA_JPAKE_X1_STEP_ZK_PUBLIC`     Round 1: input Schnorr NIZKP public key for the X1 key +* `PSA_JPAKE_X1_STEP_ZK_PROOF`      Round 1: input Schnorr NIZKP proof for the X1 key +* `PSA_JPAKE_X2_STEP_KEY_SHARE`     Round 1: input key share from peer (for ephemeral private key X2) +* `PSA_JPAKE_X2_STEP_ZK_PUBLIC`     Round 1: input Schnorr NIZKP public key for the X2 key +* `PSA_JPAKE_X2_STEP_ZK_PROOF`      Round 1: input Schnorr NIZKP proof for the X2 key +* `PSA_JPAKE_X4S_STEP_KEY_SHARE`    Round 2: input X4S key from peer +* `PSA_JPAKE_X4S_STEP_ZK_PUBLIC`    Round 2: input Schnorr NIZKP public key for the X4S key +* `PSA_JPAKE_X4S_STEP_ZK_PROOF`     Round 2: input Schnorr NIZKP proof for the X4S key + +### PAKE driver get implicit key + +``` +psa_status_t acme_pake_get_implicit_key( +                            acme_pake_operation_t *operation, +                            uint8_t *output, size_t *output_size ); +``` + +* `operation` is an operation object +* `output` output buffer for implicit key +* `output_size` size of the returned implicit key + ### Driver entry points for key management The driver entry points for key management differ significantly between [transparent drivers](#key-management-with-transparent-drivers) and [opaque drivers](#key-management-with-opaque-drivers). This section describes common elements. Refer to the applicable section for each driver type for more information. From 8c8ab26b2a4ea31ea1538d04338a41a2293f87f5 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 16 Jan 2023 09:36:57 +0100 Subject: [PATCH 243/440] Update documentation (handling inputs, function names) Signed-off-by: Przemek Stekiel --- docs/proposed/psa-driver-interface.md | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 5c7b92cbc..39f13d923 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -323,7 +323,7 @@ TODO ### Driver entry points for PAKE -PAKE operation is divided into two stages: collecting inputs and computation. Core side is responsible for keeping inputs and core set-data functions do not have driver entry points. Collected inputs are available for drivers via get-data functions for `password`, `role` and `cipher_suite`. Lifetime of the inputs is limited by the lifetime of the core operation. +PAKE operation is divided into two stages: collecting inputs and computation. Core side is responsible for keeping inputs and core set-data functions do not have driver entry points. Collected inputs are available for drivers via get-data functions for `password`, `role` and `cipher_suite`. ### PAKE driver dispatch logic The core decides whether to dispatch a PAKE operation to a driver based on the location of the provided password. @@ -361,16 +361,19 @@ typedef ... psa_crypto_driver_pake_inputs_t; // implementation-specific type A driver receiving an argument that points to a `psa_crypto_driver_pake_inputs_t` can retrieve its contents by calling one of the get-data functions below. ``` -psa_status_t psa_crypto_pake_get_password( +psa_status_t psa_crypto_driver_pake_get_password_len(     const psa_crypto_driver_pake_inputs_t *inputs, -    uint8_t **password,     size_t *password_len); -psa_status_t psa_crypto_pake_get_role( +psa_status_t psa_crypto_driver_pake_get_password( +    const psa_crypto_driver_pake_inputs_t *inputs, +    uint8_t *buffer, buffer_size, size_t *buffer_length); + +psa_status_t psa_crypto_driver_pake_get_role(     const psa_crypto_driver_pake_inputs_t *inputs,     psa_pake_role_t *role); -psa_status_t psa_crypto_pake_get_cipher_suite( +psa_status_t psa_crypto_driver_pake_get_cipher_suite(     const psa_crypto_driver_pake_inputs_t *inputs,     psa_pake_cipher_suite_t *cipher_suite); ``` @@ -382,6 +385,7 @@ Next parameters are return buffers (must not be null pointers). These functions can return the following statuses: * `PSA_SUCCESS`: value has been successfully obtained * `PSA_ERROR_BAD_STATE`: the inputs are not ready +* `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_pake_get_password` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_pake_get_password_len` to obtain the required size. #### PAKE driver setup @@ -393,7 +397,7 @@ psa_status_t acme_psa_pake_setup( acme_pake_operation_t *operation, * `operation` is a zero-initialized operation object. * `inputs` is an opaque pointer to the [inputs](#pake-driver-inputs) for the PAKE operation. -The setup driver function should preserve `inputs` for other driver functions. +The setup driver function should preserve the inputs using get-data functions. #### PAKE driver output From b09c487546c3d3573d261ec98dd841a5ebcbf058 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 17 Jan 2023 12:05:38 +0100 Subject: [PATCH 244/440] Combine core pake computation stage(step,sequence,state) into single driver step Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 35 ++++---- library/psa_crypto.c | 84 +++++++++++++++++-- library/psa_crypto_driver_wrappers.h | 6 +- library/psa_crypto_pake.c | 47 ++++------- library/psa_crypto_pake.h | 8 +- .../psa_crypto_driver_wrappers.c.jinja | 21 ++--- tests/include/test/drivers/pake.h | 12 +-- tests/src/drivers/test_driver_pake.c | 33 ++------ 8 files changed, 136 insertions(+), 110 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index fa6ef4e54..83c7e04c4 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1292,12 +1292,15 @@ typedef struct psa_pake_operation_s psa_pake_operation_t; /** The type of input values for PAKE operations. */ typedef struct psa_crypto_driver_pake_inputs_s psa_crypto_driver_pake_inputs_t; -/** The type of compuatation stage for PAKE operations. */ +/** The type of computation stage for PAKE operations. */ typedef struct psa_pake_computation_stage_s psa_pake_computation_stage_t; -/** The type of compuatation stage for J-PAKE operations. */ +/** The type of computation stage for J-PAKE operations. */ typedef struct psa_jpake_computation_stage_s psa_jpake_computation_stage_t; +/** The type of driver step for PAKE operation. */ +typedef enum psa_pake_driver_step psa_pake_driver_step_t; + /** Return an initial value for a PAKE operation object. */ static psa_pake_operation_t psa_pake_operation_init(void); @@ -1946,21 +1949,23 @@ enum psa_jpake_sequence { PSA_PAKE_SEQ_END = 7, }; -enum psa_jpake_computation_state { - PSA_PAKE_X1_STEP_KEY_SHARE = 1, /* Round 1: input/output key share (for ephemeral private key X1).*/ - PSA_PAKE_X1_STEP_ZK_PUBLIC = 2, /* Round 1: input/output Schnorr NIZKP public key for the X1 key */ - PSA_PAKE_X1_STEP_ZK_PROOF = 3, /* Round 1: input/output Schnorr NIZKP proof for the X1 key */ - PSA_PAKE_X2_STEP_KEY_SHARE = 4, /* Round 1: input/output key share (for ephemeral private key X2).*/ - PSA_PAKE_X2_STEP_ZK_PUBLIC = 5, /* Round 1: input/output Schnorr NIZKP public key for the X2 key */ - PSA_PAKE_X2_STEP_ZK_PROOF = 6, /* Round 1: input/output Schnorr NIZKP proof for the X2 key */ - PSA_PAKE_X2S_STEP_KEY_SHARE = 7, /* Round 2: output X2S key (our key) */ - PSA_PAKE_X2S_STEP_ZK_PUBLIC = 8, /* Round 2: output Schnorr NIZKP public key for the X2S key (our key) */ - PSA_PAKE_X2S_STEP_ZK_PROOF = 9, /* Round 2: output Schnorr NIZKP proof for the X2S key (our key) */ - PSA_PAKE_X4S_STEP_KEY_SHARE = 10, /* Round 2: input X4S key (from peer) */ - PSA_PAKE_X4S_STEP_ZK_PUBLIC = 11, /* Round 2: input Schnorr NIZKP public key for the X4S key (from peer) */ - PSA_PAKE_X4S_STEP_ZK_PROOF = 12 /* Round 2: input Schnorr NIZKP proof for the X4S key (from peer) */ +enum psa_pake_driver_step { + PSA_JPAKE_STEP_INVALID = 0, /* Invalid step */ + PSA_JPAKE_X1_STEP_KEY_SHARE = 1, /* Round 1: input/output key share (for ephemeral private key X1).*/ + PSA_JPAKE_X1_STEP_ZK_PUBLIC = 2, /* Round 1: input/output Schnorr NIZKP public key for the X1 key */ + PSA_JPAKE_X1_STEP_ZK_PROOF = 3, /* Round 1: input/output Schnorr NIZKP proof for the X1 key */ + PSA_JPAKE_X2_STEP_KEY_SHARE = 4, /* Round 1: input/output key share (for ephemeral private key X2).*/ + PSA_JPAKE_X2_STEP_ZK_PUBLIC = 5, /* Round 1: input/output Schnorr NIZKP public key for the X2 key */ + PSA_JPAKE_X2_STEP_ZK_PROOF = 6, /* Round 1: input/output Schnorr NIZKP proof for the X2 key */ + PSA_JPAKE_X2S_STEP_KEY_SHARE = 7, /* Round 2: output X2S key (our key) */ + PSA_JPAKE_X2S_STEP_ZK_PUBLIC = 8, /* Round 2: output Schnorr NIZKP public key for the X2S key (our key) */ + PSA_JPAKE_X2S_STEP_ZK_PROOF = 9, /* Round 2: output Schnorr NIZKP proof for the X2S key (our key) */ + PSA_JPAKE_X4S_STEP_KEY_SHARE = 10, /* Round 2: input X4S key (from peer) */ + PSA_JPAKE_X4S_STEP_ZK_PUBLIC = 11, /* Round 2: input Schnorr NIZKP public key for the X4S key (from peer) */ + PSA_JPAKE_X4S_STEP_ZK_PROOF = 12 /* Round 2: input Schnorr NIZKP proof for the X4S key (from peer) */ }; + struct psa_jpake_computation_stage_s { unsigned int MBEDTLS_PRIVATE(state); unsigned int MBEDTLS_PRIVATE(sequence); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f7b0270c1..09d46ed90 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7332,6 +7332,70 @@ psa_status_t psa_pake_set_role( return PSA_SUCCESS; } +/* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */ +static psa_pake_driver_step_t convert_jpake_computation_stage_to_driver_step( + psa_pake_computation_stage_t *stage) +{ + switch (stage->data.jpake_computation_stage.state) { + case PSA_PAKE_OUTPUT_X1_X2: + case PSA_PAKE_INPUT_X1_X2: + switch (stage->data.jpake_computation_stage.sequence) { + case PSA_PAKE_X1_STEP_KEY_SHARE: + return PSA_JPAKE_X1_STEP_KEY_SHARE; + break; + case PSA_PAKE_X1_STEP_ZK_PUBLIC: + return PSA_JPAKE_X1_STEP_ZK_PUBLIC; + break; + case PSA_PAKE_X1_STEP_ZK_PROOF: + return PSA_JPAKE_X1_STEP_ZK_PROOF; + break; + case PSA_PAKE_X2_STEP_KEY_SHARE: + return PSA_JPAKE_X2_STEP_KEY_SHARE; + break; + case PSA_PAKE_X2_STEP_ZK_PUBLIC: + return PSA_JPAKE_X2_STEP_ZK_PUBLIC; + break; + case PSA_PAKE_X2_STEP_ZK_PROOF: + return PSA_JPAKE_X2_STEP_ZK_PROOF; + break; + default: + return PSA_JPAKE_STEP_INVALID; + } + break; + case PSA_PAKE_OUTPUT_X2S: + switch (stage->data.jpake_computation_stage.sequence) { + case PSA_PAKE_X1_STEP_KEY_SHARE: + return PSA_JPAKE_X2S_STEP_KEY_SHARE; + break; + case PSA_PAKE_X1_STEP_ZK_PUBLIC: + return PSA_JPAKE_X2S_STEP_ZK_PUBLIC; + break; + case PSA_PAKE_X1_STEP_ZK_PROOF: + return PSA_JPAKE_X2S_STEP_ZK_PROOF; + break; + return PSA_JPAKE_STEP_INVALID; + } + break; + case PSA_PAKE_INPUT_X4S: + switch (stage->data.jpake_computation_stage.sequence) { + case PSA_PAKE_X1_STEP_KEY_SHARE: + return PSA_JPAKE_X4S_STEP_KEY_SHARE; + break; + case PSA_PAKE_X1_STEP_ZK_PUBLIC: + return PSA_JPAKE_X4S_STEP_ZK_PUBLIC; + break; + case PSA_PAKE_X1_STEP_ZK_PROOF: + return PSA_JPAKE_X4S_STEP_ZK_PROOF; + break; + return PSA_JPAKE_STEP_INVALID; + } + break; + default: + return PSA_JPAKE_STEP_INVALID; + } + return PSA_JPAKE_STEP_INVALID; +} + static psa_status_t psa_pake_complete_inputs( psa_pake_operation_t *operation) { @@ -7501,9 +7565,14 @@ psa_status_t psa_pake_output( return PSA_ERROR_NOT_SUPPORTED; } - status = psa_driver_wrapper_pake_output(operation, step, - &operation->computation_stage, - output, output_size, output_length); + status = psa_driver_wrapper_pake_output(operation, + convert_jpake_computation_stage_to_driver_step(& + operation + -> + computation_stage), + output, + output_size, + output_length); if (status != PSA_SUCCESS) { return status; @@ -7660,9 +7729,12 @@ psa_status_t psa_pake_input( return PSA_ERROR_NOT_SUPPORTED; } - status = psa_driver_wrapper_pake_input(operation, step, - &operation->computation_stage, - input, input_length); + status = psa_driver_wrapper_pake_input(operation, + convert_jpake_computation_stage_to_driver_step(&operation + -> + computation_stage), + input, + input_length); if (status != PSA_SUCCESS) { return status; diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index ac17be4e3..11a95e3a0 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -421,16 +421,14 @@ psa_status_t psa_driver_wrapper_pake_setup( psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, uint8_t *output, size_t output_size, size_t *output_length); psa_status_t psa_driver_wrapper_pake_input( psa_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, const uint8_t *input, size_t input_length); diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index a238147cb..da10cdd1f 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -266,8 +266,7 @@ error: static psa_status_t mbedtls_psa_pake_output_internal( mbedtls_psa_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, uint8_t *output, size_t output_size, size_t *output_length) @@ -292,12 +291,8 @@ static psa_status_t mbedtls_psa_pake_output_internal( * to return the right parts on each step. */ if (operation->alg == PSA_ALG_JPAKE) { - const psa_jpake_computation_stage_t *jpake_computation_stage = - &computation_stage->data.jpake_computation_stage; - /* Initialize & write round on KEY_SHARE sequences */ - if (jpake_computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && - jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_KEY_SHARE) { + if (step == PSA_JPAKE_X1_STEP_KEY_SHARE) { ret = mbedtls_ecjpake_write_round_one(&operation->ctx.pake, operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE, @@ -309,8 +304,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( } operation->buffer_offset = 0; - } else if (jpake_computation_stage->state == PSA_PAKE_OUTPUT_X2S && - jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_KEY_SHARE) { + } else if (step == PSA_JPAKE_X2S_STEP_KEY_SHARE) { ret = mbedtls_ecjpake_write_round_two(&operation->ctx.pake, operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE, @@ -335,8 +329,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( * output with a length byte, even less a curve identifier, as that * information is already available. */ - if (jpake_computation_stage->state == PSA_PAKE_OUTPUT_X2S && - jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_KEY_SHARE && + if (step == PSA_JPAKE_X2S_STEP_KEY_SHARE && operation->role == PSA_PAKE_ROLE_SERVER) { /* Skip ECParameters, with is 3 bytes (RFC 8422) */ operation->buffer_offset += 3; @@ -362,10 +355,8 @@ static psa_status_t mbedtls_psa_pake_output_internal( operation->buffer_offset += length; /* Reset buffer after ZK_PROOF sequence */ - if ((jpake_computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && - jpake_computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || - (jpake_computation_stage->state == PSA_PAKE_OUTPUT_X2S && - jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { + if ((step == PSA_JPAKE_X2_STEP_ZK_PROOF) || + (step == PSA_JPAKE_X2S_STEP_ZK_PROOF)) { mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); operation->buffer_length = 0; operation->buffer_offset = 0; @@ -375,7 +366,6 @@ static psa_status_t mbedtls_psa_pake_output_internal( } else #else (void) step; - (void) computation_stage; (void) output; (void) output_size; (void) output_length; @@ -384,14 +374,13 @@ static psa_status_t mbedtls_psa_pake_output_internal( } psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, uint8_t *output, size_t output_size, size_t *output_length) { psa_status_t status = mbedtls_psa_pake_output_internal( - operation, step, computation_stage, output, output_size, output_length); + operation, step, output, output_size, output_length); if (status != PSA_SUCCESS) { mbedtls_psa_pake_abort(operation); @@ -402,8 +391,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, static psa_status_t mbedtls_psa_pake_input_internal( mbedtls_psa_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, const uint8_t *input, size_t input_length) { @@ -427,8 +415,6 @@ static psa_status_t mbedtls_psa_pake_input_internal( * This causes any input error to be only detected on the last step. */ if (operation->alg == PSA_ALG_JPAKE) { - const psa_jpake_computation_stage_t *jpake_computation_stage = - &computation_stage->data.jpake_computation_stage; /* * Copy input to local buffer and format it as the Mbed TLS API * expects, i.e. as defined by draft-cragie-tls-ecjpake-01 section 7. @@ -438,8 +424,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( * ECParameters structure - which means we have to prepend that when * we're a client. */ - if (jpake_computation_stage->state == PSA_PAKE_INPUT_X4S && - jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_KEY_SHARE && + if (step == PSA_JPAKE_X4S_STEP_KEY_SHARE && operation->role == PSA_PAKE_ROLE_CLIENT) { /* We only support secp256r1. */ /* This is the ECParameters structure defined by RFC 8422. */ @@ -462,8 +447,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( operation->buffer_length += input_length; /* Load buffer at each last round ZK_PROOF */ - if (jpake_computation_stage->state == PSA_PAKE_INPUT_X1_X2 && - jpake_computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) { + if (step == PSA_JPAKE_X2_STEP_ZK_PROOF) { ret = mbedtls_ecjpake_read_round_one(&operation->ctx.pake, operation->buffer, operation->buffer_length); @@ -474,8 +458,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( if (ret != 0) { return mbedtls_ecjpake_to_psa_error(ret); } - } else if (jpake_computation_stage->state == PSA_PAKE_INPUT_X4S && - jpake_computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF) { + } else if (step == PSA_JPAKE_X4S_STEP_ZK_PROOF) { ret = mbedtls_ecjpake_read_round_two(&operation->ctx.pake, operation->buffer, operation->buffer_length); @@ -492,7 +475,6 @@ static psa_status_t mbedtls_psa_pake_input_internal( } else #else (void) step; - (void) computation_stage; (void) input; (void) input_length; #endif @@ -500,13 +482,12 @@ static psa_status_t mbedtls_psa_pake_input_internal( } psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, const uint8_t *input, size_t input_length) { psa_status_t status = mbedtls_psa_pake_input_internal( - operation, step, computation_stage, input, input_length); + operation, step, input, input_length); if (status != PSA_SUCCESS) { mbedtls_psa_pake_abort(operation); diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index 485c93af9..dc6ad7b54 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -58,7 +58,6 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, * \param[in,out] operation Active PAKE operation. * \param step The step of the algorithm for which the output is * requested. - * \param computation_stage The structure that holds PAKE computation stage. * \param[out] output Buffer where the output is to be written in the * format appropriate for this \p step. Refer to * the documentation of the individual @@ -97,8 +96,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, * results in this error code. */ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, uint8_t *output, size_t output_size, size_t *output_length); @@ -112,7 +110,6 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, * * \param[in,out] operation Active PAKE operation. * \param step The step for which the input is provided. - * \param computation_stage The structure that holds PAKE computation stage. * \param[in] input Buffer containing the input in the format * appropriate for this \p step. Refer to the * documentation of the individual @@ -146,8 +143,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, * results in this error code. */ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, const uint8_t *input, size_t input_length); diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index e1a4c9ca3..d7dabed63 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2865,8 +2865,7 @@ psa_status_t psa_driver_wrapper_pake_setup( } psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, uint8_t *output, size_t output_size, size_t *output_length ) @@ -2876,8 +2875,7 @@ psa_status_t psa_driver_wrapper_pake_output( #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_pake_output( &operation->data.ctx.mbedtls_ctx, step, - computation_stage, output, - output_size, output_length ) ); + output, output_size, output_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -2885,16 +2883,15 @@ psa_status_t psa_driver_wrapper_pake_output( case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_output( &operation->data.ctx.transparent_test_driver_ctx, - step, computation_stage, output, output_size, output_length ) ); + step, output, output_size, output_length ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_output( &operation->data.ctx.opaque_test_driver_ctx, - step, computation_stage, output, output_size, output_length ) ); + step, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) step; - (void) computation_stage; (void) output; (void) output_size; (void) output_length; @@ -2904,8 +2901,7 @@ psa_status_t psa_driver_wrapper_pake_output( psa_status_t psa_driver_wrapper_pake_input( psa_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, const uint8_t *input, size_t input_length ) { @@ -2914,7 +2910,7 @@ psa_status_t psa_driver_wrapper_pake_input( #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: return( mbedtls_psa_pake_input( &operation->data.ctx.mbedtls_ctx, - step, computation_stage, input, + step, input, input_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ @@ -2923,18 +2919,17 @@ psa_status_t psa_driver_wrapper_pake_input( case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_input( &operation->data.ctx.transparent_test_driver_ctx, - step, computation_stage, + step, input, input_length ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_input( &operation->data.ctx.opaque_test_driver_ctx, - step, computation_stage, + step, input, input_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) step; - (void) computation_stage; (void) input; (void) input_length; return( PSA_ERROR_INVALID_ARGUMENT ); diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index 1f530081a..23cb98aa4 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -57,16 +57,14 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, const uint8_t *input, size_t input_length); @@ -103,16 +101,14 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, const uint8_t *input, size_t input_length); diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 21719e6d7..e0be17dd0 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -64,8 +64,7 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, uint8_t *output, size_t output_size, size_t *output_length) @@ -93,20 +92,14 @@ psa_status_t mbedtls_test_transparent_pake_output( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_output( - operation, - step, - (libtestdriver1_psa_pake_computation_stage_t *) computation_stage, - output, - output_size, - output_length); + operation, step, output, output_size, output_length); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_output( - operation, step, computation_stage, output, output_size, output_length); + operation, step, output, output_size, output_length); #else (void) operation; (void) step; - (void) computation_stage; (void) output; (void) output_size; (void) output_length; @@ -119,8 +112,7 @@ psa_status_t mbedtls_test_transparent_pake_output( psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, const uint8_t *input, size_t input_length) { @@ -134,19 +126,14 @@ psa_status_t mbedtls_test_transparent_pake_input( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_input( - operation, - step, - (libtestdriver1_psa_pake_computation_stage_t *) computation_stage, - input, - input_length); + operation, step, input, input_length); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_input( - operation, step, computation_stage, input, input_length); + operation, step, input, input_length); #else (void) operation; (void) step; - (void) computation_stage; (void) input; (void) input_length; mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; @@ -270,15 +257,13 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, uint8_t *output, size_t output_size, size_t *output_length) { (void) operation; (void) step; - (void) computation_stage; (void) output; (void) output_size; (void) output_length; @@ -288,14 +273,12 @@ psa_status_t mbedtls_test_opaque_pake_output( psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_step_t step, - const psa_pake_computation_stage_t *computation_stage, + psa_pake_driver_step_t step, const uint8_t *input, size_t input_length) { (void) operation; (void) step; - (void) computation_stage; (void) input; (void) input_length; return PSA_ERROR_NOT_SUPPORTED; From 7b730175b30973bd56e3cffbe90892285370fc81 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 17 Jan 2023 12:49:44 +0100 Subject: [PATCH 245/440] Simplify psa_pake_computation_stage_s structure Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 2 +- library/psa_crypto.c | 24 +++++++++---------- ..._suite_psa_crypto_driver_wrappers.function | 6 ++--- 3 files changed, 15 insertions(+), 17 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 83c7e04c4..75ce1a33d 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1976,7 +1976,7 @@ struct psa_jpake_computation_stage_s { struct psa_pake_computation_stage_s { union { unsigned dummy; - psa_jpake_computation_stage_t MBEDTLS_PRIVATE(jpake_computation_stage); + psa_jpake_computation_stage_t MBEDTLS_PRIVATE(jpake); } MBEDTLS_PRIVATE(data); }; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 09d46ed90..46d62b098 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7203,7 +7203,7 @@ psa_status_t psa_pake_setup( if (operation->alg == PSA_ALG_JPAKE) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; + &operation->computation_stage.data.jpake; computation_stage->state = PSA_PAKE_STATE_SETUP; computation_stage->sequence = PSA_PAKE_SEQ_INVALID; @@ -7336,10 +7336,10 @@ psa_status_t psa_pake_set_role( static psa_pake_driver_step_t convert_jpake_computation_stage_to_driver_step( psa_pake_computation_stage_t *stage) { - switch (stage->data.jpake_computation_stage.state) { + switch (stage->data.jpake.state) { case PSA_PAKE_OUTPUT_X1_X2: case PSA_PAKE_INPUT_X1_X2: - switch (stage->data.jpake_computation_stage.sequence) { + switch (stage->data.jpake.sequence) { case PSA_PAKE_X1_STEP_KEY_SHARE: return PSA_JPAKE_X1_STEP_KEY_SHARE; break; @@ -7363,7 +7363,7 @@ static psa_pake_driver_step_t convert_jpake_computation_stage_to_driver_step( } break; case PSA_PAKE_OUTPUT_X2S: - switch (stage->data.jpake_computation_stage.sequence) { + switch (stage->data.jpake.sequence) { case PSA_PAKE_X1_STEP_KEY_SHARE: return PSA_JPAKE_X2S_STEP_KEY_SHARE; break; @@ -7377,7 +7377,7 @@ static psa_pake_driver_step_t convert_jpake_computation_stage_to_driver_step( } break; case PSA_PAKE_INPUT_X4S: - switch (stage->data.jpake_computation_stage.sequence) { + switch (stage->data.jpake.sequence) { case PSA_PAKE_X1_STEP_KEY_SHARE: return PSA_JPAKE_X4S_STEP_KEY_SHARE; break; @@ -7400,7 +7400,7 @@ static psa_status_t psa_pake_complete_inputs( psa_pake_operation_t *operation) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; + &operation->computation_stage.data.jpake; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; uint8_t *password = operation->data.inputs.password; size_t password_len = operation->data.inputs.password_len; @@ -7439,7 +7439,7 @@ static psa_status_t psa_jpake_output_prologue( psa_pake_step_t step) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; + &operation->computation_stage.data.jpake; if (computation_stage->state == PSA_PAKE_STATE_INVALID) { return PSA_ERROR_BAD_STATE; @@ -7510,7 +7510,7 @@ static psa_status_t psa_jpake_output_epilogue( psa_pake_operation_t *operation) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; + &operation->computation_stage.data.jpake; if ((computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || @@ -7598,7 +7598,7 @@ static psa_status_t psa_jpake_input_prologue( size_t input_length) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; + &operation->computation_stage.data.jpake; if (computation_stage->state == PSA_PAKE_STATE_INVALID) { return PSA_ERROR_BAD_STATE; @@ -7675,7 +7675,7 @@ static psa_status_t psa_jpake_input_epilogue( psa_pake_operation_t *operation) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; + &operation->computation_stage.data.jpake; if ((computation_stage->state == PSA_PAKE_INPUT_X1_X2 && computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || @@ -7762,7 +7762,7 @@ psa_status_t psa_pake_get_implicit_key( uint8_t shared_key[MBEDTLS_PSA_PAKE_BUFFER_SIZE]; size_t shared_key_len = 0; psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; + &operation->computation_stage.data.jpake; if (operation->id == 0) { return PSA_ERROR_BAD_STATE; @@ -7821,7 +7821,7 @@ psa_status_t psa_pake_abort( if (operation->alg == PSA_ALG_JPAKE) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake_computation_stage; + &operation->computation_stage.data.jpake; computation_stage->input_step = PSA_PAKE_STEP_INVALID; computation_stage->output_step = PSA_PAKE_STEP_INVALID; diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index f718349f9..0c4422783 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -3119,10 +3119,8 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st PSA_SUCCESS); /* Simulate that we are ready to get implicit key. */ - operation.computation_stage.data.jpake_computation_stage.input_step = - PSA_PAKE_STEP_DERIVE; - operation.computation_stage.data.jpake_computation_stage.output_step = - PSA_PAKE_STEP_DERIVE; + operation.computation_stage.data.jpake.input_step = PSA_PAKE_STEP_DERIVE; + operation.computation_stage.data.jpake.output_step = PSA_PAKE_STEP_DERIVE; /* --- psa_pake_get_implicit_key --- */ mbedtls_test_driver_pake_hooks.forced_status = forced_status; From 0f50f689b74cb7b865ab5ae4b04f56753f83e18d Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 17 Jan 2023 14:22:10 +0100 Subject: [PATCH 246/440] Remove redundant dummy fields inside unions Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 75ce1a33d..57b173351 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1842,7 +1842,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); * psa_pake_operation_t. */ #define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS, \ - { { 0 } }, { 0 } } + { { { 0 } } }, { { 0 } } } struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; @@ -1975,7 +1975,6 @@ struct psa_jpake_computation_stage_s { struct psa_pake_computation_stage_s { union { - unsigned dummy; psa_jpake_computation_stage_t MBEDTLS_PRIVATE(jpake); } MBEDTLS_PRIVATE(data); }; @@ -1997,7 +1996,6 @@ struct psa_pake_operation_s { /* Holds computation stage of the PAKE algorithms. */ psa_pake_computation_stage_t MBEDTLS_PRIVATE(computation_stage); union { - unsigned dummy; psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs); psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); } MBEDTLS_PRIVATE(data); From ca8d2b25896c6235ee04c47ca792236216e8a896 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 17 Jan 2023 16:21:33 +0100 Subject: [PATCH 247/440] Add get-data functions for inputs + tests Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 58 ++++++++++++++ library/psa_crypto.c | 57 ++++++++++++++ tests/suites/test_suite_psa_crypto_pake.data | 12 +++ .../test_suite_psa_crypto_pake.function | 75 +++++++++++++++++++ 4 files changed, 202 insertions(+) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 57b173351..79fb263ba 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1305,6 +1305,64 @@ typedef enum psa_pake_driver_step psa_pake_driver_step_t; */ static psa_pake_operation_t psa_pake_operation_init(void); +/** Get the lengths of the password in bytes from given inputs. + * + * \param[in] inputs Operation inputs. + * \param[out] password_len Return buffer for password length. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * Password hasn't been set yet. + */ +psa_status_t psa_crypto_driver_pake_get_password_len( + const psa_crypto_driver_pake_inputs_t *inputs, + size_t *password_len); + +/** Get the password from given inputs. + * + * \param[in] inputs Operation inputs. + * \param[out] buffer Return buffer for password. + * \param[in] buffer_size Size of the return buffer in bytes. + * \param[in] buffer_length Actual size of the password in bytes. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * Password hasn't been set yet. + */ +psa_status_t psa_crypto_driver_pake_get_password( + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *buffer, size_t buffer_size, size_t *buffer_length); + +/** Get the role from given inputs. + * + * \param[in] inputs Operation inputs. + * \param[out] role Return buffer for role. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * Role hasn't been set yet. + */ +psa_status_t psa_crypto_driver_pake_get_role( + const psa_crypto_driver_pake_inputs_t *inputs, + psa_pake_role_t *role); + +/** Get the cipher suite from given inputs. + * + * \param[in] inputs Operation inputs. + * \param[out] cipher_suite Return buffer for role. + * + * \retval #PSA_SUCCESS + * Success. + * \retval #PSA_ERROR_BAD_STATE + * Cipher_suite hasn't been set yet. + */ +psa_status_t psa_crypto_driver_pake_get_cipher_suite( + const psa_crypto_driver_pake_inputs_t *inputs, + psa_pake_cipher_suite_t *cipher_suite); + /** Set the session information for a password-authenticated key exchange. * * The sequence of operations to set up a password-authenticated key exchange diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 46d62b098..06308852d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7176,6 +7176,63 @@ exit: return status; } +psa_status_t psa_crypto_driver_pake_get_password_len( + const psa_crypto_driver_pake_inputs_t *inputs, + size_t *password_len) +{ + if (inputs->password_len == 0) { + return PSA_ERROR_BAD_STATE; + } + + *password_len = inputs->password_len; + + return PSA_SUCCESS; +} + +psa_status_t psa_crypto_driver_pake_get_password( + const psa_crypto_driver_pake_inputs_t *inputs, + uint8_t *buffer, size_t buffer_size, size_t *buffer_length) +{ + if (inputs->password_len == 0) { + return PSA_ERROR_BAD_STATE; + } + + if (buffer_size < inputs->password_len) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + memcpy(buffer, inputs->password, inputs->password_len); + *buffer_length = inputs->password_len; + + return PSA_SUCCESS; +} + +psa_status_t psa_crypto_driver_pake_get_role( + const psa_crypto_driver_pake_inputs_t *inputs, + psa_pake_role_t *role) +{ + if (inputs->role == PSA_PAKE_ROLE_NONE) { + return PSA_ERROR_BAD_STATE; + } + + *role = inputs->role; + + return PSA_SUCCESS; +} + +psa_status_t psa_crypto_driver_pake_get_cipher_suite( + const psa_crypto_driver_pake_inputs_t *inputs, + psa_pake_cipher_suite_t *cipher_suite) +{ + if (inputs->cipher_suite.algorithm == PSA_ALG_NONE) { + return PSA_ERROR_BAD_STATE; + } + + *cipher_suite = inputs->cipher_suite; + + return PSA_SUCCESS; +} + psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index e4bb92b3c..3be249fda 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -193,3 +193,15 @@ ecjpake_rounds_inject:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_E PSA PAKE: ecjpake size macros depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 ecjpake_size_macros: + +PSA PAKE: input getters: ok #1 +pake_input_getters:"aabbccddee":PSA_PAKE_ROLE_SERVER:5:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS + +PSA PAKE: input getters: ok #2 +pake_input_getters:"ddccbbaa":PSA_PAKE_ROLE_CLIENT:5:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_512:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS + +PSA PAKE: input getters: buffer for password to small +pake_input_getters:"aabbccddee":PSA_PAKE_ROLE_SERVER:4:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ERROR_BUFFER_TOO_SMALL:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS + +PSA PAKE: input getters: inputs not ready +pake_input_getters:"":0:5:0:0:0:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 4dffa3b9d..5af41f75f 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -728,6 +728,7 @@ void ecjpake_rounds_inject(int alg_arg, int primitive_arg, int hash_arg, psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); + PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, &key)); @@ -905,3 +906,77 @@ void ecjpake_size_macros() PSA_PAKE_INPUT_MAX_SIZE); } /* END_CASE */ + +/* BEGIN_CASE */ +void pake_input_getters(data_t *password, int role_arg, int password_buffer_size, + int alg_arg, int primitive_arg, int hash_arg, + int expected_status_pass, int expected_status_pass_len, + int expected_status_role, int expected_status_cs) +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t operation = psa_pake_operation_init(); + psa_pake_role_t role = role_arg; + psa_algorithm_t alg = alg_arg; + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + psa_pake_role_t role_ret = PSA_PAKE_ROLE_NONE; + uint8_t password_ret[20] = { 0 }; // max key length is 20 bytes + size_t password_len_ret = 0; + psa_pake_cipher_suite_t cipher_suite_ret = psa_pake_cipher_suite_init(); + size_t buffer_len_ret = 0; + + PSA_INIT(); + + /* alg equal to 0 indicates case when inputs are not set yet. */ + if (alg != 0) { + psa_pake_cs_set_algorithm(&cipher_suite, alg); + psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); + psa_pake_cs_set_hash(&cipher_suite, hash_arg); + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); + + PSA_ASSERT(psa_import_key(&attributes, password->x, password->len, &key)); + + PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); + PSA_ASSERT(psa_pake_set_password_key(&operation, key)); + PSA_ASSERT(psa_pake_set_role(&operation, role)); + } + + TEST_EQUAL(psa_crypto_driver_pake_get_password_len(&operation.data.inputs, &password_len_ret), + expected_status_pass_len); + + TEST_EQUAL(psa_crypto_driver_pake_get_password(&operation.data.inputs, + (uint8_t *) &password_ret, + password_buffer_size, &buffer_len_ret), + expected_status_pass); + + TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret), + expected_status_role); + + TEST_EQUAL(psa_crypto_driver_pake_get_cipher_suite(&operation.data.inputs, &cipher_suite_ret), + expected_status_cs); + + if (expected_status_pass_len == PSA_SUCCESS) { + TEST_EQUAL(password_len_ret, password->len); + } + + if (expected_status_pass == PSA_SUCCESS) { + PSA_ASSERT(memcmp(password_ret, password->x, password->len)); + } + + if (expected_status_role == PSA_SUCCESS) { + TEST_EQUAL(role_ret, role); + } + + if (expected_status_pass == PSA_SUCCESS) { + PSA_ASSERT(memcmp(&cipher_suite_ret, &cipher_suite, sizeof(cipher_suite))); + } + +exit: + PSA_ASSERT(psa_destroy_key(key)); + PSA_ASSERT(psa_pake_abort(&operation)); + PSA_DONE(); +} +/* END_CASE */ From 18620a3b1cf4f0c6e3881ed3add4f6653e5d8278 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 17 Jan 2023 16:34:52 +0100 Subject: [PATCH 248/440] Make copy of inputs on stack before passing to psa_driver_wrapper_pake_setup Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 06308852d..75196fc1e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7461,6 +7461,9 @@ static psa_status_t psa_pake_complete_inputs( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; uint8_t *password = operation->data.inputs.password; size_t password_len = operation->data.inputs.password_len; + /* Create copy of the inputs on stack as inputs share memory + with the driver context which will be setup by the driver. */ + psa_crypto_driver_pake_inputs_t inputs = operation->data.inputs; if (operation->alg == PSA_ALG_NONE || operation->data.inputs.password_len == 0 || @@ -7468,8 +7471,10 @@ static psa_status_t psa_pake_complete_inputs( return PSA_ERROR_BAD_STATE; } - status = psa_driver_wrapper_pake_setup(operation, - &operation->data.inputs); + /* Clear driver context */ + mbedtls_platform_zeroize(&operation->data, sizeof(operation->data)); + + status = psa_driver_wrapper_pake_setup(operation, &inputs); /* Driver is responsible for creating its own copy of the password. */ mbedtls_platform_zeroize(password, password_len); From 5cbca790f7c2d8b667e0d067666b699bab3ac218 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 17 Jan 2023 16:51:19 +0100 Subject: [PATCH 249/440] Make usage of pake input getters Signed-off-by: Przemek Stekiel --- library/psa_crypto_pake.c | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index da10cdd1f..1a7725f68 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -204,13 +204,25 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, const psa_crypto_driver_pake_inputs_t *inputs) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + size_t password_len = 0; + psa_pake_role_t role = PSA_PAKE_ROLE_NONE; + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + size_t actual_password_len = 0; - uint8_t *password = inputs->password; - size_t password_len = inputs->password_len; - psa_pake_role_t role = inputs->role; - psa_pake_cipher_suite_t cipher_suite = inputs->cipher_suite; + status = psa_crypto_driver_pake_get_password_len(inputs, &password_len); + if (status != PSA_SUCCESS) { + return status; + } - memset(operation, 0, sizeof(mbedtls_psa_pake_operation_t)); + status = psa_crypto_driver_pake_get_role(inputs, &role); + if (status != PSA_SUCCESS) { + return status; + } + + status = psa_crypto_driver_pake_get_cipher_suite(inputs, &cipher_suite); + if (status != PSA_SUCCESS) { + return status; + } #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (cipher_suite.algorithm == PSA_ALG_JPAKE) { @@ -236,8 +248,13 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, goto error; } - memcpy(operation->password, password, password_len); - operation->password_len = password_len; + status = psa_crypto_driver_pake_get_password(inputs, operation->password, + password_len, &actual_password_len); + if (status != PSA_SUCCESS) { + goto error; + } + + operation->password_len = actual_password_len; operation->role = role; operation->alg = cipher_suite.algorithm; From 33ea63d766fdf19e376631beac7c04505d61f3db Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 18 Jan 2023 09:42:32 +0100 Subject: [PATCH 250/440] Minor updates of the documentation Signed-off-by: Przemek Stekiel --- docs/proposed/psa-driver-interface.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 39f13d923..d2c6b7c04 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -367,7 +367,7 @@ psa_status_t psa_crypto_driver_pake_get_password_len( psa_status_t psa_crypto_driver_pake_get_password(     const psa_crypto_driver_pake_inputs_t *inputs, -    uint8_t *buffer, buffer_size, size_t *buffer_length); +    uint8_t *buffer, size_t buffer_size, size_t *buffer_length); psa_status_t psa_crypto_driver_pake_get_role(     const psa_crypto_driver_pake_inputs_t *inputs, @@ -403,7 +403,7 @@ The setup driver function should preserve the inputs using get-data functions. ``` psa_status_t acme_pake_output(acme_pake_operation_t *operation, -                              psa_pake_computation_step_t step, +                              psa_pake_driver_step_t step,                               uint8_t *output,                               size_t output_size,                               size_t *output_length); @@ -430,7 +430,7 @@ For `PSA_ALG_JPAKE` the following steps are available for output operation: #### PAKE driver input ``` psa_status_t acme_pake_input(acme_pake_operation_t *operation, -                             psa_pake_computation_step_t step, +                            psa_pake_driver_step_t step,                              uint8_t *input,                              size_t input_size); ``` From 38b4e1761d509a605c2aae4e29616c4fce3eb383 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 18 Jan 2023 15:52:24 +0100 Subject: [PATCH 251/440] Remove typedef for enum Workaround for CI error: Parsing source code... Compiling... ============= All symbols in header: PASS Naming patterns of public_macros: PASS Naming patterns of internal_macros: PASS Naming patterns of enum_consts: FAIL > include/psa/crypto_extra.h:1857: 'return' does not match the required pattern '^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$'. | 1857 | return cipher_suite->algorithm; | ^^^^^^ Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 79fb263ba..cd16410d6 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1298,9 +1298,6 @@ typedef struct psa_pake_computation_stage_s psa_pake_computation_stage_t; /** The type of computation stage for J-PAKE operations. */ typedef struct psa_jpake_computation_stage_s psa_jpake_computation_stage_t; -/** The type of driver step for PAKE operation. */ -typedef enum psa_pake_driver_step psa_pake_driver_step_t; - /** Return an initial value for a PAKE operation object. */ static psa_pake_operation_t psa_pake_operation_init(void); @@ -2007,7 +2004,7 @@ enum psa_jpake_sequence { PSA_PAKE_SEQ_END = 7, }; -enum psa_pake_driver_step { +typedef enum psa_pake_driver_step { PSA_JPAKE_STEP_INVALID = 0, /* Invalid step */ PSA_JPAKE_X1_STEP_KEY_SHARE = 1, /* Round 1: input/output key share (for ephemeral private key X1).*/ PSA_JPAKE_X1_STEP_ZK_PUBLIC = 2, /* Round 1: input/output Schnorr NIZKP public key for the X1 key */ @@ -2021,7 +2018,7 @@ enum psa_pake_driver_step { PSA_JPAKE_X4S_STEP_KEY_SHARE = 10, /* Round 2: input X4S key (from peer) */ PSA_JPAKE_X4S_STEP_ZK_PUBLIC = 11, /* Round 2: input Schnorr NIZKP public key for the X4S key (from peer) */ PSA_JPAKE_X4S_STEP_ZK_PROOF = 12 /* Round 2: input Schnorr NIZKP proof for the X4S key (from peer) */ -}; +} psa_pake_driver_step_t; struct psa_jpake_computation_stage_s { From 27cd488088e6dd38a399c29b32bb7ad03e59a4f8 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 25 Jan 2023 23:16:18 +0100 Subject: [PATCH 252/440] Update the documentation (v.3) Signed-off-by: Przemek Stekiel --- docs/proposed/psa-driver-interface.md | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index d2c6b7c04..1b941cede 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -323,17 +323,17 @@ TODO ### Driver entry points for PAKE -PAKE operation is divided into two stages: collecting inputs and computation. Core side is responsible for keeping inputs and core set-data functions do not have driver entry points. Collected inputs are available for drivers via get-data functions for `password`, `role` and `cipher_suite`. +A PAKE operation is divided into two stages: collecting inputs and computation. Core side is responsible for keeping inputs and core set-data functions do not have driver entry points. Collected inputs are available for drivers via get-data functions for `password`, `role` and `cipher_suite`. ### PAKE driver dispatch logic The core decides whether to dispatch a PAKE operation to a driver based on the location of the provided password. When all inputs are collected and `"psa_pake_output"` or `"psa_pake_input"` is called for the first time `"pake_setup"` driver entry point is invoked. -1. Lifetime of the `password` is local storage -- if there is a transparent driver available for the given configuration, the core calls that driver's `"pake_setup"` and subsequent entry points. -- if a transparent driver is not available or can not handle a given configuration, the core uses its built-in implementation. -2. Lifetime of the `password` is test driver -- the core calls opaque driver's `"pake_setup"` and subsequent entry points. +1. If the location of the `password` is the local storage +- if there is a transparent driver for the specified ciphersuite, the core calls that driver's `"pake_setup"` and subsequent entry points. +- otherwise, or on fallback, the core uses its built-in implementation. +2. If the location of the `password` is the location of a secure element +- the core calls the `"pake_setup"` entry point of the secure element driver and subsequent entry points. ### Summary of entry points for PAKE @@ -365,10 +365,15 @@ psa_status_t psa_crypto_driver_pake_get_password_len(     const psa_crypto_driver_pake_inputs_t *inputs,     size_t *password_len); -psa_status_t psa_crypto_driver_pake_get_password( +psa_status_t psa_crypto_driver_pake_get_password_bytes(     const psa_crypto_driver_pake_inputs_t *inputs,     uint8_t *buffer, size_t buffer_size, size_t *buffer_length); +psa_status_t psa_crypto_driver_pake_get_password_key( +    const psa_crypto_driver_pake_inputs_t *inputs, +    uint8_t** p_key_buffer, size_t *key_buffer_size, + const psa_key_attributes_t *attributes); + psa_status_t psa_crypto_driver_pake_get_role(     const psa_crypto_driver_pake_inputs_t *inputs,     psa_pake_role_t *role); @@ -385,13 +390,13 @@ Next parameters are return buffers (must not be null pointers). These functions can return the following statuses: * `PSA_SUCCESS`: value has been successfully obtained * `PSA_ERROR_BAD_STATE`: the inputs are not ready -* `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_pake_get_password` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_pake_get_password_len` to obtain the required size. +* `PSA_ERROR_BUFFER_TOO_SMALL` (`psa_crypto_driver_pake_get_password_bytes` and `psa_crypto_driver_pake_get_password_key` only): the output buffer is too small. This is not a fatal error and the driver can, for example, subsequently call the same function again with a larger buffer. Call `psa_crypto_driver_pake_get_password_len` to obtain the required size. #### PAKE driver setup ``` -psa_status_t acme_psa_pake_setup( acme_pake_operation_t *operation, -                                  const psa_crypto_driver_pake_inputs_t *inputs ); +psa_status_t acme_pake_setup( acme_pake_operation_t *operation, +                              const psa_crypto_driver_pake_inputs_t *inputs ); ``` * `operation` is a zero-initialized operation object. @@ -399,6 +404,8 @@ psa_status_t acme_psa_pake_setup( acme_pake_operation_t *operation, The setup driver function should preserve the inputs using get-data functions. +The pointer output by `psa_crypto_driver_pake_get_password_key` is only valid until the "pake_setup" entry point returns. Opaque drivers must copy all relevant data from the key buffer during the "pake_setup" entry point and must not store the pointer itself. + #### PAKE driver output ``` From dde6a910bba23168d8455122557aaa4467272a50 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 26 Jan 2023 08:46:37 +0100 Subject: [PATCH 253/440] Optimize out psa_pake_computation_stage_t Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 15 ++------ library/psa_crypto.c | 37 +++++++++---------- ..._suite_psa_crypto_driver_wrappers.function | 4 +- 3 files changed, 23 insertions(+), 33 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index cd16410d6..07d7bae31 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1292,9 +1292,6 @@ typedef struct psa_pake_operation_s psa_pake_operation_t; /** The type of input values for PAKE operations. */ typedef struct psa_crypto_driver_pake_inputs_s psa_crypto_driver_pake_inputs_t; -/** The type of computation stage for PAKE operations. */ -typedef struct psa_pake_computation_stage_s psa_pake_computation_stage_t; - /** The type of computation stage for J-PAKE operations. */ typedef struct psa_jpake_computation_stage_s psa_jpake_computation_stage_t; @@ -1897,7 +1894,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); * psa_pake_operation_t. */ #define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS, \ - { { { 0 } } }, { { 0 } } } + { { 0 } }, { { 0 } } } struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; @@ -2028,12 +2025,6 @@ struct psa_jpake_computation_stage_s { unsigned int MBEDTLS_PRIVATE(output_step); }; -struct psa_pake_computation_stage_s { - union { - psa_jpake_computation_stage_t MBEDTLS_PRIVATE(jpake); - } MBEDTLS_PRIVATE(data); -}; - struct psa_pake_operation_s { /** Unique ID indicating which driver got assigned to do the * operation. Since driver contexts are driver-specific, swapping @@ -2049,7 +2040,9 @@ struct psa_pake_operation_s { are copied to the corresponding operation context. */ uint8_t MBEDTLS_PRIVATE(stage); /* Holds computation stage of the PAKE algorithms. */ - psa_pake_computation_stage_t MBEDTLS_PRIVATE(computation_stage); + union { + psa_jpake_computation_stage_t MBEDTLS_PRIVATE(jpake); + } MBEDTLS_PRIVATE(computation_stage); union { psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs); psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 75196fc1e..bafb0ae0b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7260,7 +7260,7 @@ psa_status_t psa_pake_setup( if (operation->alg == PSA_ALG_JPAKE) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake; + &operation->computation_stage.jpake; computation_stage->state = PSA_PAKE_STATE_SETUP; computation_stage->sequence = PSA_PAKE_SEQ_INVALID; @@ -7391,12 +7391,12 @@ psa_status_t psa_pake_set_role( /* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */ static psa_pake_driver_step_t convert_jpake_computation_stage_to_driver_step( - psa_pake_computation_stage_t *stage) + psa_jpake_computation_stage_t *stage) { - switch (stage->data.jpake.state) { + switch (stage->state) { case PSA_PAKE_OUTPUT_X1_X2: case PSA_PAKE_INPUT_X1_X2: - switch (stage->data.jpake.sequence) { + switch (stage->sequence) { case PSA_PAKE_X1_STEP_KEY_SHARE: return PSA_JPAKE_X1_STEP_KEY_SHARE; break; @@ -7420,7 +7420,7 @@ static psa_pake_driver_step_t convert_jpake_computation_stage_to_driver_step( } break; case PSA_PAKE_OUTPUT_X2S: - switch (stage->data.jpake.sequence) { + switch (stage->sequence) { case PSA_PAKE_X1_STEP_KEY_SHARE: return PSA_JPAKE_X2S_STEP_KEY_SHARE; break; @@ -7434,7 +7434,7 @@ static psa_pake_driver_step_t convert_jpake_computation_stage_to_driver_step( } break; case PSA_PAKE_INPUT_X4S: - switch (stage->data.jpake.sequence) { + switch (stage->sequence) { case PSA_PAKE_X1_STEP_KEY_SHARE: return PSA_JPAKE_X4S_STEP_KEY_SHARE; break; @@ -7457,7 +7457,7 @@ static psa_status_t psa_pake_complete_inputs( psa_pake_operation_t *operation) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake; + &operation->computation_stage.jpake; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; uint8_t *password = operation->data.inputs.password; size_t password_len = operation->data.inputs.password_len; @@ -7501,7 +7501,7 @@ static psa_status_t psa_jpake_output_prologue( psa_pake_step_t step) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake; + &operation->computation_stage.jpake; if (computation_stage->state == PSA_PAKE_STATE_INVALID) { return PSA_ERROR_BAD_STATE; @@ -7572,7 +7572,7 @@ static psa_status_t psa_jpake_output_epilogue( psa_pake_operation_t *operation) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake; + &operation->computation_stage.jpake; if ((computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || @@ -7628,10 +7628,8 @@ psa_status_t psa_pake_output( } status = psa_driver_wrapper_pake_output(operation, - convert_jpake_computation_stage_to_driver_step(& - operation - -> - computation_stage), + convert_jpake_computation_stage_to_driver_step( + &operation->computation_stage.jpake), output, output_size, output_length); @@ -7660,7 +7658,7 @@ static psa_status_t psa_jpake_input_prologue( size_t input_length) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake; + &operation->computation_stage.jpake; if (computation_stage->state == PSA_PAKE_STATE_INVALID) { return PSA_ERROR_BAD_STATE; @@ -7737,7 +7735,7 @@ static psa_status_t psa_jpake_input_epilogue( psa_pake_operation_t *operation) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake; + &operation->computation_stage.jpake; if ((computation_stage->state == PSA_PAKE_INPUT_X1_X2 && computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || @@ -7792,9 +7790,8 @@ psa_status_t psa_pake_input( } status = psa_driver_wrapper_pake_input(operation, - convert_jpake_computation_stage_to_driver_step(&operation - -> - computation_stage), + convert_jpake_computation_stage_to_driver_step( + &operation->computation_stage.jpake), input, input_length); @@ -7824,7 +7821,7 @@ psa_status_t psa_pake_get_implicit_key( uint8_t shared_key[MBEDTLS_PSA_PAKE_BUFFER_SIZE]; size_t shared_key_len = 0; psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake; + &operation->computation_stage.jpake; if (operation->id == 0) { return PSA_ERROR_BAD_STATE; @@ -7883,7 +7880,7 @@ psa_status_t psa_pake_abort( if (operation->alg == PSA_ALG_JPAKE) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.data.jpake; + &operation->computation_stage.jpake; computation_stage->input_step = PSA_PAKE_STEP_INVALID; computation_stage->output_step = PSA_PAKE_STEP_INVALID; diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 0c4422783..3220c62a6 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -3119,8 +3119,8 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st PSA_SUCCESS); /* Simulate that we are ready to get implicit key. */ - operation.computation_stage.data.jpake.input_step = PSA_PAKE_STEP_DERIVE; - operation.computation_stage.data.jpake.output_step = PSA_PAKE_STEP_DERIVE; + operation.computation_stage.jpake.input_step = PSA_PAKE_STEP_DERIVE; + operation.computation_stage.jpake.output_step = PSA_PAKE_STEP_DERIVE; /* --- psa_pake_get_implicit_key --- */ mbedtls_test_driver_pake_hooks.forced_status = forced_status; From ff01bc496c4ded56614114115e3738ad34036c87 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 26 Jan 2023 09:48:06 +0100 Subject: [PATCH 254/440] Remove j-pake specific checks from psa_pake_setup mbedtls_psa_pake_setup has already check for PSA_PAKE_PRIMITIVE_TYPE_ECC primitive. Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bafb0ae0b..bfbd49735 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7247,8 +7247,6 @@ psa_status_t psa_pake_setup( if (cipher_suite == NULL || PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 || - (cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_ECC && - cipher_suite->type != PSA_PAKE_PRIMITIVE_TYPE_DH) || PSA_ALG_IS_HASH(cipher_suite->hash) == 0) { return PSA_ERROR_INVALID_ARGUMENT; } From 1c3cfb4fb0ba2000ac04d9379c00f96fd9764ef5 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 26 Jan 2023 10:35:02 +0100 Subject: [PATCH 255/440] Introduce PSA_PAKE_OPERATION_STAGE_SETUP to optimize out alg checks Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 7 ++++--- library/psa_crypto.c | 26 ++++---------------------- 2 files changed, 8 insertions(+), 25 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 07d7bae31..32e956925 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -430,8 +430,9 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, #define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e) /** EC-JPAKE operation stages. */ -#define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 0 -#define PSA_PAKE_OPERATION_STAGE_COMPUTATION 1 +#define PSA_PAKE_OPERATION_STAGE_SETUP 0 +#define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1 +#define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2 /** * \brief Set domain parameters for a key. @@ -1893,7 +1894,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); /** Returns a suitable initializer for a PAKE operation object of type * psa_pake_operation_t. */ -#define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS, \ +#define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, PSA_PAKE_OPERATION_STAGE_SETUP, \ { { 0 } }, { { 0 } } } struct psa_pake_cipher_suite_s { diff --git a/library/psa_crypto.c b/library/psa_crypto.c index bfbd49735..2d1c06500 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7237,11 +7237,7 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) { - if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - return PSA_ERROR_BAD_STATE; - } - - if (operation->alg != PSA_ALG_NONE) { + if (operation->stage != PSA_PAKE_OPERATION_STAGE_SETUP) { return PSA_ERROR_BAD_STATE; } @@ -7266,6 +7262,8 @@ psa_status_t psa_pake_setup( computation_stage->output_step = PSA_PAKE_STEP_X1_X2; } + operation->stage = PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS; + return PSA_SUCCESS; } @@ -7281,10 +7279,6 @@ psa_status_t psa_pake_set_password_key( return PSA_ERROR_BAD_STATE; } - if (operation->alg == PSA_ALG_NONE) { - return PSA_ERROR_BAD_STATE; - } - status = psa_get_and_lock_key_slot_with_policy(password, &slot, PSA_KEY_USAGE_DERIVE, PSA_ALG_JPAKE); @@ -7329,10 +7323,6 @@ psa_status_t psa_pake_set_user( return PSA_ERROR_BAD_STATE; } - if (operation->alg == PSA_ALG_NONE) { - return PSA_ERROR_BAD_STATE; - } - if (user_id_len == 0) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -7351,10 +7341,6 @@ psa_status_t psa_pake_set_peer( return PSA_ERROR_BAD_STATE; } - if (operation->alg == PSA_ALG_NONE) { - return PSA_ERROR_BAD_STATE; - } - if (peer_id_len == 0) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -7370,10 +7356,6 @@ psa_status_t psa_pake_set_role( return PSA_ERROR_BAD_STATE; } - if (operation->alg == PSA_ALG_NONE) { - return PSA_ERROR_BAD_STATE; - } - if (role != PSA_PAKE_ROLE_NONE && role != PSA_PAKE_ROLE_FIRST && role != PSA_PAKE_ROLE_SECOND && @@ -7887,7 +7869,7 @@ psa_status_t psa_pake_abort( } operation->alg = PSA_ALG_NONE; - operation->stage = PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS; + operation->stage = PSA_PAKE_OPERATION_STAGE_SETUP; operation->id = 0; return PSA_SUCCESS; From d5d28a217fd0b2e5ee40cbd8cee241f7ffbceab1 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 26 Jan 2023 10:46:05 +0100 Subject: [PATCH 256/440] Use operation alg for locking key slot Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2d1c06500..5e567ad12 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7281,7 +7281,7 @@ psa_status_t psa_pake_set_password_key( status = psa_get_and_lock_key_slot_with_policy(password, &slot, PSA_KEY_USAGE_DERIVE, - PSA_ALG_JPAKE); + operation->alg); if (status != PSA_SUCCESS) { return status; } From 9dd2440c95707ae66e707f8144a80a384e89c5c2 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 26 Jan 2023 15:06:09 +0100 Subject: [PATCH 257/440] Change pake input: key_lifetime -> key attributes In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key(). Signed-off-by: Przemek Stekiel Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 2 +- library/psa_crypto.c | 2 +- .../psa_crypto_driver_wrappers.c.jinja | 2 +- tests/scripts/all.sh | 12 ++++++++++-- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 32e956925..2d6b6abd1 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1970,7 +1970,7 @@ struct psa_crypto_driver_pake_inputs_s { uint8_t *MBEDTLS_PRIVATE(password); size_t MBEDTLS_PRIVATE(password_len); psa_pake_role_t MBEDTLS_PRIVATE(role); - psa_key_lifetime_t MBEDTLS_PRIVATE(key_lifetime); + psa_key_attributes_t MBEDTLS_PRIVATE(attributes); psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite); }; diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 5e567ad12..b4fad33d3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7306,7 +7306,7 @@ psa_status_t psa_pake_set_password_key( memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes); operation->data.inputs.password_len = slot->key.bytes; - operation->data.inputs.key_lifetime = attributes.core.lifetime; + operation->data.inputs.attributes = attributes; error: unlock_status = psa_unlock_key_slot(slot); return (status == PSA_SUCCESS) ? unlock_status : status; diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index d7dabed63..d52ed5993 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2816,7 +2816,7 @@ psa_status_t psa_driver_wrapper_pake_setup( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( inputs->key_lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( inputs->attributes.core.lifetime ); switch( location ) { diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 98060d720..7964319e6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2506,15 +2506,19 @@ component_test_psa_crypto_config_accel_pake () { loc_accel_list="ALG_JPAKE" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" DEBUG=1 scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_ECJPAKE_C + # Dynamic secure element support is a deprecated feature and needs to be disabled here. + # This is done to have the same form of psa_key_attributes_s for libdriver and library. + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" + make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" DEBUG=1 msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" tests/ssl-opt.sh -f "ECJPAKE" @@ -2547,6 +2551,10 @@ component_test_psa_crypto_config_accel_pake_no_fallback () { scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_JPAKE scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + # Dynamic secure element support is a deprecated feature and needs to be disabled here. + # This is done to have the same form of psa_key_attributes_s for libdriver and library. + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C + loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" From ac067d779eb8a849f122b0f0000260e2a37d399c Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 26 Jan 2023 16:31:03 +0100 Subject: [PATCH 258/440] Fix PSA_PAKE_OPERATION_INIT macro Needs to be adapted for the clang -Wall -Wextra. Requirea to explicitly initialize all the members of the struct that is the first member in the union. Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 2d6b6abd1..8b8cb042e 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1895,7 +1895,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); * psa_pake_operation_t. */ #define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, PSA_PAKE_OPERATION_STAGE_SETUP, \ - { { 0 } }, { { 0 } } } + { { 0, 0, 0, 0 } }, { { 0 } } } struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; @@ -2045,8 +2045,8 @@ struct psa_pake_operation_s { psa_jpake_computation_stage_t MBEDTLS_PRIVATE(jpake); } MBEDTLS_PRIVATE(computation_stage); union { - psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs); psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); + psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs); } MBEDTLS_PRIVATE(data); }; From f62b3bb0878c6056f07345521f75a1cc838a29d3 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 31 Jan 2023 19:51:24 +0100 Subject: [PATCH 259/440] Optimization of pake core functions Adapt pake test (passing NULL buffers is not allowed). Passing the null buffer to psa_pake_output results in a hard fault. Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 33 +++++++------------ .../psa_crypto_driver_wrappers.c.jinja | 2 +- .../test_suite_psa_crypto_pake.function | 10 +++--- 3 files changed, 18 insertions(+), 27 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index b4fad33d3..4f3d774af 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7241,8 +7241,7 @@ psa_status_t psa_pake_setup( return PSA_ERROR_BAD_STATE; } - if (cipher_suite == NULL || - PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 || + if (PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 || PSA_ALG_IS_HASH(cipher_suite->hash) == 0) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -7436,17 +7435,12 @@ static psa_pake_driver_step_t convert_jpake_computation_stage_to_driver_step( static psa_status_t psa_pake_complete_inputs( psa_pake_operation_t *operation) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - uint8_t *password = operation->data.inputs.password; - size_t password_len = operation->data.inputs.password_len; /* Create copy of the inputs on stack as inputs share memory with the driver context which will be setup by the driver. */ psa_crypto_driver_pake_inputs_t inputs = operation->data.inputs; - if (operation->alg == PSA_ALG_NONE || - operation->data.inputs.password_len == 0 || + if (operation->data.inputs.password_len == 0 || operation->data.inputs.role == PSA_PAKE_ROLE_NONE) { return PSA_ERROR_BAD_STATE; } @@ -7457,12 +7451,14 @@ static psa_status_t psa_pake_complete_inputs( status = psa_driver_wrapper_pake_setup(operation, &inputs); /* Driver is responsible for creating its own copy of the password. */ - mbedtls_platform_zeroize(password, password_len); - mbedtls_free(password); + mbedtls_platform_zeroize(inputs.password, inputs.password_len); + mbedtls_free(inputs.password); if (status == PSA_SUCCESS) { operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; if (operation->alg == PSA_ALG_JPAKE) { + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.jpake; computation_stage->state = PSA_PAKE_STATE_READY; computation_stage->sequence = PSA_PAKE_SEQ_INVALID; computation_stage->input_step = PSA_PAKE_STEP_X1_X2; @@ -7576,6 +7572,7 @@ psa_status_t psa_pake_output( size_t *output_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + *output_length = 0; if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = psa_pake_complete_inputs(operation); @@ -7588,11 +7585,7 @@ psa_status_t psa_pake_output( return PSA_ERROR_BAD_STATE; } - if (operation->id == 0) { - return PSA_ERROR_BAD_STATE; - } - - if (output == NULL || output_size == 0) { + if (output_size == 0) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -7750,11 +7743,7 @@ psa_status_t psa_pake_input( return PSA_ERROR_BAD_STATE; } - if (operation->id == 0) { - return PSA_ERROR_BAD_STATE; - } - - if (input == NULL || input_length == 0) { + if (input_length == 0) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -7797,13 +7786,13 @@ psa_status_t psa_pake_get_implicit_key( psa_pake_operation_t *operation, psa_key_derivation_operation_t *output) { - psa_status_t status = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; uint8_t shared_key[MBEDTLS_PSA_PAKE_BUFFER_SIZE]; size_t shared_key_len = 0; psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; - if (operation->id == 0) { + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) { return PSA_ERROR_BAD_STATE; } diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index d52ed5993..cf08794c6 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2816,7 +2816,7 @@ psa_status_t psa_driver_wrapper_pake_setup( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_location_t location = - PSA_KEY_LIFETIME_GET_LOCATION( inputs->attributes.core.lifetime ); + PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime( &inputs->attributes ) ); switch( location ) { diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 5af41f75f..d77dfdc8e 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -590,10 +590,10 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, TEST_EQUAL(psa_pake_set_role(&operation, role), expected_error); TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, - NULL, 0, NULL), + output_buffer, 0, &output_len), expected_error); TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, - NULL, 0), + output_buffer, 0), expected_error); TEST_EQUAL(psa_pake_get_implicit_key(&operation, &key_derivation), expected_error); @@ -633,7 +633,8 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, if (test_input) { SETUP_CONDITIONAL_CHECK_STEP(psa_pake_input(&operation, - PSA_PAKE_STEP_ZK_PROOF, NULL, 0), + PSA_PAKE_STEP_ZK_PROOF, + output_buffer, 0), ERR_INJECT_EMPTY_IO_BUFFER); SETUP_CONDITIONAL_CHECK_STEP(psa_pake_input(&operation, @@ -665,7 +666,8 @@ void ecjpake_setup(int alg_arg, int key_type_pw_arg, int key_usage_pw_arg, } else { SETUP_CONDITIONAL_CHECK_STEP(psa_pake_output(&operation, PSA_PAKE_STEP_ZK_PROOF, - NULL, 0, NULL), + output_buffer, 0, + &output_len), ERR_INJECT_EMPTY_IO_BUFFER); SETUP_CONDITIONAL_CHECK_STEP(psa_pake_output(&operation, From d69dca9fc405438731550c0092c6be3719d04623 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 31 Jan 2023 19:59:20 +0100 Subject: [PATCH 260/440] Rework psa_pake_abort - Fix potential issue with freeing password - Clean operation object even if psa_driver_wrapper_pake_abort fails - Remove redundant code Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 28 ++++++---------------------- 1 file changed, 6 insertions(+), 22 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4f3d774af..93e76aee8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7830,38 +7830,22 @@ psa_status_t psa_pake_get_implicit_key( psa_status_t psa_pake_abort( psa_pake_operation_t *operation) { - psa_status_t status = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + psa_status_t status = PSA_SUCCESS; - if (operation->id != 0) { + if (operation->stage == PSA_PAKE_OPERATION_STAGE_COMPUTATION) { status = psa_driver_wrapper_pake_abort(operation); - if (status != PSA_SUCCESS) { - return status; - } } - if (operation->data.inputs.password_len > 0) { + if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS && + operation->data.inputs.password_len > 0) { mbedtls_platform_zeroize(operation->data.inputs.password, operation->data.inputs.password_len); mbedtls_free(operation->data.inputs.password); } - memset(&operation->data, 0, sizeof(operation->data)); + memset(operation, 0, sizeof(psa_pake_operation_t)); - if (operation->alg == PSA_ALG_JPAKE) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; - - computation_stage->input_step = PSA_PAKE_STEP_INVALID; - computation_stage->output_step = PSA_PAKE_STEP_INVALID; - computation_stage->state = PSA_PAKE_STATE_INVALID; - computation_stage->sequence = PSA_PAKE_SEQ_INVALID; - } - - operation->alg = PSA_ALG_NONE; - operation->stage = PSA_PAKE_OPERATION_STAGE_SETUP; - operation->id = 0; - - return PSA_SUCCESS; + return status; } #endif /* MBEDTLS_PSA_CRYPTO_C */ From a48cf500d7fd8e4a4c8099cbba6738bf1b061868 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 31 Jan 2023 20:03:57 +0100 Subject: [PATCH 261/440] mbedtls_test_transparent_pake_abort: call driver/build-in impl even when status is forced This is done to solve the problem with memory leak when pake abort status is forced. In this case the driver/build-in abort function was not executed. After failure core clears the operation object and no successive abort call is possible. Signed-off-by: Przemek Stekiel --- tests/src/drivers/test_driver_pake.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index e0be17dd0..9d51ea10b 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -177,25 +177,28 @@ psa_status_t mbedtls_test_transparent_pake_abort( { mbedtls_test_driver_pake_hooks.hits++; - if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_test_driver_pake_hooks.forced_status; - } else { #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - libtestdriver1_mbedtls_psa_pake_abort( - operation); + mbedtls_test_driver_pake_hooks.driver_status = + libtestdriver1_mbedtls_psa_pake_abort( + operation); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) - mbedtls_test_driver_pake_hooks.driver_status = - mbedtls_psa_pake_abort( - operation); + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_psa_pake_abort( + operation); #else - (void) operation; - mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; + (void) operation; + mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; #endif + + + if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS && + mbedtls_test_driver_pake_hooks.driver_status == PSA_SUCCESS) { + mbedtls_test_driver_pake_hooks.driver_status = + mbedtls_test_driver_pake_hooks.forced_status; } + return mbedtls_test_driver_pake_hooks.driver_status; } From 3e784d898114883facf559b82940315964502dab Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 8 Feb 2023 09:12:42 +0100 Subject: [PATCH 262/440] PSA crypto pake: call abort on each failure Adapt driver hook counters in pake driver test. Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 139 ++++++++++++------ ..._suite_psa_crypto_driver_wrappers.function | 12 +- 2 files changed, 102 insertions(+), 49 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 93e76aee8..adbd7af82 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7237,13 +7237,18 @@ psa_status_t psa_pake_setup( psa_pake_operation_t *operation, const psa_pake_cipher_suite_t *cipher_suite) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; + if (operation->stage != PSA_PAKE_OPERATION_STAGE_SETUP) { - return PSA_ERROR_BAD_STATE; + status = PSA_ERROR_BAD_STATE; + goto exit; } if (PSA_ALG_IS_PAKE(cipher_suite->algorithm) == 0 || PSA_ALG_IS_HASH(cipher_suite->hash) == 0) { - return PSA_ERROR_INVALID_ARGUMENT; + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } memset(&operation->data.inputs, 0, sizeof(operation->data.inputs)); @@ -7264,6 +7269,9 @@ psa_status_t psa_pake_setup( operation->stage = PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS; return PSA_SUCCESS; +exit: + abort_status = psa_pake_abort(operation); + return status == PSA_SUCCESS ? abort_status : status; } psa_status_t psa_pake_set_password_key( @@ -7272,17 +7280,19 @@ psa_status_t psa_pake_set_password_key( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - return PSA_ERROR_BAD_STATE; + status = PSA_ERROR_BAD_STATE; + goto exit; } status = psa_get_and_lock_key_slot_with_policy(password, &slot, PSA_KEY_USAGE_DERIVE, operation->alg); if (status != PSA_SUCCESS) { - return status; + goto exit; } psa_key_attributes_t attributes = { @@ -7294,21 +7304,27 @@ psa_status_t psa_pake_set_password_key( if (type != PSA_KEY_TYPE_PASSWORD && type != PSA_KEY_TYPE_PASSWORD_HASH) { status = PSA_ERROR_INVALID_ARGUMENT; - goto error; + goto exit; } operation->data.inputs.password = mbedtls_calloc(1, slot->key.bytes); if (operation->data.inputs.password == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto error; + goto exit; } memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes); operation->data.inputs.password_len = slot->key.bytes; operation->data.inputs.attributes = attributes; -error: + unlock_status = psa_unlock_key_slot(slot); - return (status == PSA_SUCCESS) ? unlock_status : status; + + return unlock_status; +exit: + unlock_status = psa_unlock_key_slot(slot); + abort_status = psa_pake_abort(operation); + status = (status == PSA_SUCCESS) ? unlock_status : status; + return (status == PSA_SUCCESS) ? abort_status : status; } psa_status_t psa_pake_set_user( @@ -7316,17 +7332,24 @@ psa_status_t psa_pake_set_user( const uint8_t *user_id, size_t user_id_len) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; (void) user_id; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - return PSA_ERROR_BAD_STATE; + status = PSA_ERROR_BAD_STATE; + goto exit; } if (user_id_len == 0) { - return PSA_ERROR_INVALID_ARGUMENT; + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } return PSA_ERROR_NOT_SUPPORTED; +exit: + abort_status = psa_pake_abort(operation); + return status == PSA_SUCCESS ? abort_status : status; } psa_status_t psa_pake_set_peer( @@ -7334,25 +7357,36 @@ psa_status_t psa_pake_set_peer( const uint8_t *peer_id, size_t peer_id_len) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; (void) peer_id; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - return PSA_ERROR_BAD_STATE; + status = PSA_ERROR_BAD_STATE; + goto exit; } if (peer_id_len == 0) { - return PSA_ERROR_INVALID_ARGUMENT; + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } return PSA_ERROR_NOT_SUPPORTED; +exit: + abort_status = psa_pake_abort(operation); + return status == PSA_SUCCESS ? abort_status : status; } psa_status_t psa_pake_set_role( psa_pake_operation_t *operation, psa_pake_role_t role) { + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; + if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { - return PSA_ERROR_BAD_STATE; + status = PSA_ERROR_BAD_STATE; + goto exit; } if (role != PSA_PAKE_ROLE_NONE && @@ -7360,12 +7394,16 @@ psa_status_t psa_pake_set_role( role != PSA_PAKE_ROLE_SECOND && role != PSA_PAKE_ROLE_CLIENT && role != PSA_PAKE_ROLE_SERVER) { - return PSA_ERROR_INVALID_ARGUMENT; + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } operation->data.inputs.role = role; return PSA_SUCCESS; +exit: + abort_status = psa_pake_abort(operation); + return status == PSA_SUCCESS ? abort_status : status; } /* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */ @@ -7572,32 +7610,36 @@ psa_status_t psa_pake_output( size_t *output_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; *output_length = 0; if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = psa_pake_complete_inputs(operation); if (status != PSA_SUCCESS) { - return status; + goto exit; } } if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) { - return PSA_ERROR_BAD_STATE; + status = PSA_ERROR_BAD_STATE; + goto exit; } if (output_size == 0) { - return PSA_ERROR_INVALID_ARGUMENT; + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } switch (operation->alg) { case PSA_ALG_JPAKE: status = psa_jpake_output_prologue(operation, step); if (status != PSA_SUCCESS) { - return status; + goto exit; } break; default: - return PSA_ERROR_NOT_SUPPORTED; + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; } status = psa_driver_wrapper_pake_output(operation, @@ -7608,21 +7650,25 @@ psa_status_t psa_pake_output( output_length); if (status != PSA_SUCCESS) { - return status; + goto exit; } switch (operation->alg) { case PSA_ALG_JPAKE: status = psa_jpake_output_epilogue(operation); if (status != PSA_SUCCESS) { - return status; + goto exit; } break; default: - return PSA_ERROR_NOT_SUPPORTED; + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; } - return status; + return PSA_SUCCESS; +exit: + abort_status = psa_pake_abort(operation); + return status == PSA_SUCCESS ? abort_status : status; } static psa_status_t psa_jpake_input_prologue( @@ -7731,27 +7777,30 @@ psa_status_t psa_pake_input( size_t input_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = psa_pake_complete_inputs(operation); if (status != PSA_SUCCESS) { - return status; + goto exit; } } if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) { - return PSA_ERROR_BAD_STATE; + status = PSA_ERROR_BAD_STATE; + goto exit; } if (input_length == 0) { - return PSA_ERROR_INVALID_ARGUMENT; + status = PSA_ERROR_INVALID_ARGUMENT; + goto exit; } switch (operation->alg) { case PSA_ALG_JPAKE: status = psa_jpake_input_prologue(operation, step, input_length); if (status != PSA_SUCCESS) { - return status; + goto exit; } break; default: @@ -7765,21 +7814,25 @@ psa_status_t psa_pake_input( input_length); if (status != PSA_SUCCESS) { - return status; + goto exit; } switch (operation->alg) { case PSA_ALG_JPAKE: status = psa_jpake_input_epilogue(operation); if (status != PSA_SUCCESS) { - return status; + goto exit; } break; default: - return PSA_ERROR_NOT_SUPPORTED; + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; } - return status; + return PSA_SUCCESS; +exit: + abort_status = psa_pake_abort(operation); + return status == PSA_SUCCESS ? abort_status : status; } psa_status_t psa_pake_get_implicit_key( @@ -7787,19 +7840,22 @@ psa_status_t psa_pake_get_implicit_key( psa_key_derivation_operation_t *output) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; uint8_t shared_key[MBEDTLS_PSA_PAKE_BUFFER_SIZE]; size_t shared_key_len = 0; - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) { - return PSA_ERROR_BAD_STATE; + status = PSA_ERROR_BAD_STATE; + goto exit; } if (operation->alg == PSA_ALG_JPAKE) { + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.jpake; if (computation_stage->input_step != PSA_PAKE_STEP_DERIVE || computation_stage->output_step != PSA_PAKE_STEP_DERIVE) { - return PSA_ERROR_BAD_STATE; + status = PSA_ERROR_BAD_STATE; + goto exit; } } @@ -7808,7 +7864,7 @@ psa_status_t psa_pake_get_implicit_key( &shared_key_len); if (status != PSA_SUCCESS) { - return status; + goto exit; } status = psa_key_derivation_input_bytes(output, @@ -7816,15 +7872,10 @@ psa_status_t psa_pake_get_implicit_key( shared_key, shared_key_len); - if (status != PSA_SUCCESS) { - psa_key_derivation_abort(output); - } - mbedtls_platform_zeroize(shared_key, MBEDTLS_PSA_PAKE_BUFFER_SIZE); - - psa_pake_abort(operation); - - return status; +exit: + abort_status = psa_pake_abort(operation); + return status == PSA_SUCCESS ? abort_status : status; } psa_status_t psa_pake_abort( diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 3220c62a6..c1eea5059 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -3082,18 +3082,18 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st break; case 2: /* input */ - /* --- psa_pake_input (driver: setup, input) --- */ + /* --- psa_pake_input (driver: setup, input, (abort)) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; mbedtls_test_driver_pake_hooks.hits = 0; TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, input_buffer, size_key_share), expected_status_input); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, in_driver ? 2 : 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, in_driver ? 3 : 1); break; case 3: /* output */ - /* --- psa_pake_input (driver: setup, output) --- */ + /* --- psa_pake_input (driver: setup, output, (abort)) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; mbedtls_test_driver_pake_hooks.hits = 0; @@ -3105,10 +3105,12 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st output_buffer, output_size, &output_len), expected_status_output); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, in_driver ? 2 : 1); if (forced_output->len > 0) { + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, in_driver ? 2 : 1); TEST_EQUAL(output_len, forced_output->len); TEST_EQUAL(memcmp(output_buffer, forced_output->x, output_len), 0); + } else { + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, in_driver ? 3 : 1); } break; @@ -3127,7 +3129,7 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st mbedtls_test_driver_pake_hooks.hits = 0; TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key), expected_status_get_key); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 2); break; From e1d51bf3c9f47f5a8325db7d00448a3c458fa1b8 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 14 Feb 2023 14:28:33 +0100 Subject: [PATCH 263/440] Optimieze psa_pake_complete_inputs() Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index adbd7af82..9c12863f0 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7478,8 +7478,8 @@ static psa_status_t psa_pake_complete_inputs( with the driver context which will be setup by the driver. */ psa_crypto_driver_pake_inputs_t inputs = operation->data.inputs; - if (operation->data.inputs.password_len == 0 || - operation->data.inputs.role == PSA_PAKE_ROLE_NONE) { + if (inputs.password_len == 0 || + inputs.role == PSA_PAKE_ROLE_NONE) { return PSA_ERROR_BAD_STATE; } @@ -7503,8 +7503,8 @@ static psa_status_t psa_pake_complete_inputs( computation_stage->output_step = PSA_PAKE_STEP_X1_X2; } } else { - operation->data.inputs.password_len = 0; - operation->data.inputs.password = NULL; + inputs.password_len = 0; + inputs.password = NULL; } return status; @@ -7888,7 +7888,7 @@ psa_status_t psa_pake_abort( } if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS && - operation->data.inputs.password_len > 0) { + operation->data.inputs.password != NULL) { mbedtls_platform_zeroize(operation->data.inputs.password, operation->data.inputs.password_len); mbedtls_free(operation->data.inputs.password); From 849c35f8b469f8ec4fed0b7c2d6db2ea9c799ddd Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 14 Feb 2023 15:11:40 +0100 Subject: [PATCH 264/440] Remove pake abort on failure from driver (handled by core) Signed-off-by: Przemek Stekiel --- library/psa_crypto_pake.c | 25 +++++-------------------- 1 file changed, 5 insertions(+), 20 deletions(-) diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 1a7725f68..10691afeb 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -230,14 +230,12 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, cipher_suite.family != PSA_ECC_FAMILY_SECP_R1 || cipher_suite.bits != 256 || cipher_suite.hash != PSA_ALG_SHA_256) { - status = PSA_ERROR_NOT_SUPPORTED; - goto error; + return PSA_ERROR_NOT_SUPPORTED; } if (role != PSA_PAKE_ROLE_CLIENT && role != PSA_PAKE_ROLE_SERVER) { - status = PSA_ERROR_NOT_SUPPORTED; - goto error; + return PSA_ERROR_NOT_SUPPORTED; } mbedtls_ecjpake_init(&operation->ctx.pake); @@ -245,13 +243,13 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, operation->password = mbedtls_calloc(1, password_len); if (operation->password == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; - goto error; + return status; } status = psa_crypto_driver_pake_get_password(inputs, operation->password, password_len, &actual_password_len); if (status != PSA_SUCCESS) { - goto error; + return status; } operation->password_len = actual_password_len; @@ -265,7 +263,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, status = psa_pake_ecjpake_setup(operation); if (status != PSA_SUCCESS) { - goto error; + return status; } return PSA_SUCCESS; @@ -276,8 +274,6 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, #endif { status = PSA_ERROR_NOT_SUPPORTED; } -error: - mbedtls_psa_pake_abort(operation); return status; } @@ -399,10 +395,6 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, psa_status_t status = mbedtls_psa_pake_output_internal( operation, step, output, output_size, output_length); - if (status != PSA_SUCCESS) { - mbedtls_psa_pake_abort(operation); - } - return status; } @@ -506,10 +498,6 @@ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, psa_status_t status = mbedtls_psa_pake_input_internal( operation, step, input, input_length); - if (status != PSA_SUCCESS) { - mbedtls_psa_pake_abort(operation); - } - return status; } @@ -528,7 +516,6 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); if (ret != 0) { - mbedtls_psa_pake_abort(operation); return mbedtls_ecjpake_to_psa_error(ret); } @@ -537,8 +524,6 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); - mbedtls_psa_pake_abort(operation); - return PSA_SUCCESS; } else #else From 4fcc61eec055dc8451c348f850e207796c765eea Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 14 Feb 2023 20:05:43 +0100 Subject: [PATCH 265/440] Optimize psa_pake_ecjpake_setup() Signed-off-by: Przemek Stekiel --- library/psa_crypto_pake.c | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 10691afeb..2d84f570b 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -167,19 +167,10 @@ static psa_status_t mbedtls_ecjpake_to_psa_error(int ret) static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operation) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_ecjpake_role role; + mbedtls_ecjpake_role role = (operation->role == PSA_PAKE_ROLE_CLIENT) ? + MBEDTLS_ECJPAKE_CLIENT : MBEDTLS_ECJPAKE_SERVER; - if (operation->role == PSA_PAKE_ROLE_CLIENT) { - role = MBEDTLS_ECJPAKE_CLIENT; - } else if (operation->role == PSA_PAKE_ROLE_SERVER) { - role = MBEDTLS_ECJPAKE_SERVER; - } else { - return PSA_ERROR_BAD_STATE; - } - - if (operation->password_len == 0) { - return PSA_ERROR_BAD_STATE; - } + mbedtls_ecjpake_init(&operation->ctx.pake); ret = mbedtls_ecjpake_setup(&operation->ctx.pake, role, @@ -189,9 +180,6 @@ static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operati operation->password_len); mbedtls_platform_zeroize(operation->password, operation->password_len); - mbedtls_free(operation->password); - operation->password = NULL; - operation->password_len = 0; if (ret != 0) { return mbedtls_ecjpake_to_psa_error(ret); @@ -238,7 +226,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, return PSA_ERROR_NOT_SUPPORTED; } - mbedtls_ecjpake_init(&operation->ctx.pake); + operation->password = mbedtls_calloc(1, password_len); if (operation->password == NULL) { From dff21d3429449bcc89d3980a38bcbaa83545168f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 14 Feb 2023 20:09:10 +0100 Subject: [PATCH 266/440] Move jpake role check to psa_pake_complete_inputs() Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 6 ++++++ library/psa_crypto_pake.c | 7 ------- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9c12863f0..0fd0eff88 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7483,6 +7483,12 @@ static psa_status_t psa_pake_complete_inputs( return PSA_ERROR_BAD_STATE; } + if (operation->alg == PSA_ALG_JPAKE && + inputs.role != PSA_PAKE_ROLE_CLIENT && + inputs.role != PSA_PAKE_ROLE_SERVER) { + return PSA_ERROR_NOT_SUPPORTED; + } + /* Clear driver context */ mbedtls_platform_zeroize(&operation->data, sizeof(operation->data)); diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 2d84f570b..382f0214a 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -221,13 +221,6 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, return PSA_ERROR_NOT_SUPPORTED; } - if (role != PSA_PAKE_ROLE_CLIENT && - role != PSA_PAKE_ROLE_SERVER) { - return PSA_ERROR_NOT_SUPPORTED; - } - - - operation->password = mbedtls_calloc(1, password_len); if (operation->password == NULL) { status = PSA_ERROR_INSUFFICIENT_MEMORY; From 6d77830c6a0ee0bd7314c4e752f9d9d3fa338556 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 14 Feb 2023 20:24:32 +0100 Subject: [PATCH 267/440] Remove redundant code Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 4 ---- library/psa_crypto_pake.c | 7 +------ 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0fd0eff88..c57583aef 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7508,11 +7508,7 @@ static psa_status_t psa_pake_complete_inputs( computation_stage->input_step = PSA_PAKE_STEP_X1_X2; computation_stage->output_step = PSA_PAKE_STEP_X1_X2; } - } else { - inputs.password_len = 0; - inputs.password = NULL; } - return status; } diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 382f0214a..fdfbd16fb 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -242,7 +242,6 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, operation->buffer_offset = 0; status = psa_pake_ecjpake_setup(operation); - if (status != PSA_SUCCESS) { return status; } @@ -503,8 +502,6 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( memcpy(output, operation->buffer, operation->buffer_length); *output_size = operation->buffer_length; - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); - return PSA_SUCCESS; } else #else @@ -518,9 +515,7 @@ psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { - if (operation->password_len > 0) { - mbedtls_platform_zeroize(operation->password, operation->password_len); - } + mbedtls_platform_zeroize(operation->password, operation->password_len); mbedtls_free(operation->password); operation->password = NULL; operation->password_len = 0; From b45b8ce47457225336388a9d3006087abc623be4 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 15 Feb 2023 14:50:14 +0100 Subject: [PATCH 268/440] Disable MBEDTLS_PSA_CRYPTO_SE_C is hash psa builds Signed-off-by: Przemek Stekiel --- tests/scripts/all.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7964319e6..b0d460dd9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2355,6 +2355,10 @@ config_psa_crypto_hash_use_psa () { scripts/config.py unset MBEDTLS_PKCS7_C scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + + # Dynamic secure element support is a deprecated feature and needs to be disabled here. + # This is done to have the same form of psa_key_attributes_s for libdriver and library. + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C } # Note that component_test_psa_crypto_config_reference_hash_use_psa From 251e86ae3f19c3866650b517f61a80cd881f44a3 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 17 Feb 2023 14:30:50 +0100 Subject: [PATCH 269/440] Adapt names to more suitable and fix conditional compilation flags Signed-off-by: Przemek Stekiel --- docs/proposed/psa-driver-interface.md | 4 +-- include/psa/crypto_builtin_composites.h | 8 +++--- .../psa/crypto_driver_contexts_composites.h | 2 +- .../psa/crypto_driver_contexts_primitives.h | 2 -- include/psa/crypto_extra.h | 11 +++++--- library/psa_crypto.c | 6 ++--- library/psa_crypto_driver_wrappers.h | 4 +-- library/psa_crypto_pake.c | 26 ++++++++++--------- library/psa_crypto_pake.h | 4 +-- .../psa_crypto_driver_wrappers.c.jinja | 4 +-- tests/include/test/drivers/pake.h | 8 +++--- tests/src/drivers/test_driver_pake.c | 8 +++--- 12 files changed, 46 insertions(+), 41 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 1b941cede..07f198908 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -410,7 +410,7 @@ The pointer output by `psa_crypto_driver_pake_get_password_key` is only valid un ``` psa_status_t acme_pake_output(acme_pake_operation_t *operation, -                              psa_pake_driver_step_t step, +                              psa_crypto_driver_pake_step_t step,                               uint8_t *output,                               size_t output_size,                               size_t *output_length); @@ -437,7 +437,7 @@ For `PSA_ALG_JPAKE` the following steps are available for output operation: #### PAKE driver input ``` psa_status_t acme_pake_input(acme_pake_operation_t *operation, -                            psa_pake_driver_step_t step, +                            psa_crypto_driver_pake_step_t step,                              uint8_t *input,                              size_t input_size); ``` diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index 3221a6423..f331ec5f4 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -191,23 +191,25 @@ typedef struct { /* Note: the format for mbedtls_ecjpake_read/write function has an extra * length byte for each step, plus an extra 3 bytes for ECParameters in the * server's 2nd round. */ -#define MBEDTLS_PSA_PAKE_BUFFER_SIZE ((3 + 1 + 65 + 1 + 65 + 1 + 32) * 2) +#define MBEDTLS_PSA_JPAKE_BUFFER_SIZE ((3 + 1 + 65 + 1 + 65 + 1 + 32) * 2) typedef struct { psa_algorithm_t MBEDTLS_PRIVATE(alg); -#if defined(MBEDTLS_PSA_BUILTIN_PAKE) uint8_t *MBEDTLS_PRIVATE(password); size_t MBEDTLS_PRIVATE(password_len); +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) uint8_t MBEDTLS_PRIVATE(role); - uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_PAKE_BUFFER_SIZE]); + uint8_t MBEDTLS_PRIVATE(buffer[MBEDTLS_PSA_JPAKE_BUFFER_SIZE]); size_t MBEDTLS_PRIVATE(buffer_length); size_t MBEDTLS_PRIVATE(buffer_offset); #endif /* Context structure for the Mbed TLS EC-JPAKE implementation. */ union { unsigned int MBEDTLS_PRIVATE(dummy); +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) mbedtls_ecjpake_context MBEDTLS_PRIVATE(pake); +#endif } MBEDTLS_PRIVATE(ctx); } mbedtls_psa_pake_operation_t; diff --git a/include/psa/crypto_driver_contexts_composites.h b/include/psa/crypto_driver_contexts_composites.h index 4d0e9848d..6c56a51db 100644 --- a/include/psa/crypto_driver_contexts_composites.h +++ b/include/psa/crypto_driver_contexts_composites.h @@ -93,7 +93,7 @@ typedef mbedtls_psa_aead_operation_t typedef libtestdriver1_mbedtls_psa_pake_operation_t mbedtls_transparent_test_driver_pake_operation_t; -typedef libtestdriver1_psa_pake_operation_t +typedef libtestdriver1_mbedtls_psa_pake_operation_t mbedtls_opaque_test_driver_pake_operation_t; #define MBEDTLS_TRANSPARENT_TEST_DRIVER_PAKE_OPERATION_INIT \ diff --git a/include/psa/crypto_driver_contexts_primitives.h b/include/psa/crypto_driver_contexts_primitives.h index f1463f34d..620a4b3a7 100644 --- a/include/psa/crypto_driver_contexts_primitives.h +++ b/include/psa/crypto_driver_contexts_primitives.h @@ -45,8 +45,6 @@ #include #endif -#include "mbedtls/ecjpake.h" - #if defined(PSA_CRYPTO_DRIVER_TEST) #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 8b8cb042e..39ef52cbe 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -429,7 +429,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, */ #define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e) -/** EC-JPAKE operation stages. */ +/** PAKE operation stages. */ #define PSA_PAKE_OPERATION_STAGE_SETUP 0 #define PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS 1 #define PSA_PAKE_OPERATION_STAGE_COMPUTATION 2 @@ -1895,7 +1895,7 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation); * psa_pake_operation_t. */ #define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, PSA_PAKE_OPERATION_STAGE_SETUP, \ - { { 0, 0, 0, 0 } }, { { 0 } } } + { 0 }, { { 0 } } } struct psa_pake_cipher_suite_s { psa_algorithm_t algorithm; @@ -2002,7 +2002,7 @@ enum psa_jpake_sequence { PSA_PAKE_SEQ_END = 7, }; -typedef enum psa_pake_driver_step { +typedef enum psa_crypto_driver_pake_step { PSA_JPAKE_STEP_INVALID = 0, /* Invalid step */ PSA_JPAKE_X1_STEP_KEY_SHARE = 1, /* Round 1: input/output key share (for ephemeral private key X1).*/ PSA_JPAKE_X1_STEP_ZK_PUBLIC = 2, /* Round 1: input/output Schnorr NIZKP public key for the X1 key */ @@ -2016,7 +2016,7 @@ typedef enum psa_pake_driver_step { PSA_JPAKE_X4S_STEP_KEY_SHARE = 10, /* Round 2: input X4S key (from peer) */ PSA_JPAKE_X4S_STEP_ZK_PUBLIC = 11, /* Round 2: input Schnorr NIZKP public key for the X4S key (from peer) */ PSA_JPAKE_X4S_STEP_ZK_PROOF = 12 /* Round 2: input Schnorr NIZKP proof for the X4S key (from peer) */ -} psa_pake_driver_step_t; +} psa_crypto_driver_pake_step_t; struct psa_jpake_computation_stage_s { @@ -2042,7 +2042,10 @@ struct psa_pake_operation_s { uint8_t MBEDTLS_PRIVATE(stage); /* Holds computation stage of the PAKE algorithms. */ union { + uint8_t MBEDTLS_PRIVATE(dummy); +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) psa_jpake_computation_stage_t MBEDTLS_PRIVATE(jpake); +#endif } MBEDTLS_PRIVATE(computation_stage); union { psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c57583aef..2c1a910fb 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7407,7 +7407,7 @@ exit: } /* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */ -static psa_pake_driver_step_t convert_jpake_computation_stage_to_driver_step( +static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_step( psa_jpake_computation_stage_t *stage) { switch (stage->state) { @@ -7843,7 +7843,7 @@ psa_status_t psa_pake_get_implicit_key( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; - uint8_t shared_key[MBEDTLS_PSA_PAKE_BUFFER_SIZE]; + uint8_t shared_key[MBEDTLS_PSA_JPAKE_BUFFER_SIZE]; size_t shared_key_len = 0; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COMPUTATION) { @@ -7874,7 +7874,7 @@ psa_status_t psa_pake_get_implicit_key( shared_key, shared_key_len); - mbedtls_platform_zeroize(shared_key, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(shared_key, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); exit: abort_status = psa_pake_abort(operation); return status == PSA_SUCCESS ? abort_status : status; diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 11a95e3a0..65d0d3f07 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -421,14 +421,14 @@ psa_status_t psa_driver_wrapper_pake_setup( psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length); psa_status_t psa_driver_wrapper_pake_input( psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length); diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index fdfbd16fb..73032c6a8 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -163,6 +163,7 @@ static psa_status_t mbedtls_ecjpake_to_psa_error(int ret) } #endif +#if defined(MBEDTLS_PSA_BUILTIN_PAKE) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operation) { @@ -187,6 +188,7 @@ static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operati return PSA_SUCCESS; } +#endif psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, const psa_crypto_driver_pake_inputs_t *inputs) @@ -237,7 +239,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, operation->role = role; operation->alg = cipher_suite.algorithm; - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); operation->buffer_length = 0; operation->buffer_offset = 0; @@ -259,7 +261,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, static psa_status_t mbedtls_psa_pake_output_internal( mbedtls_psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length) @@ -288,7 +290,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( if (step == PSA_JPAKE_X1_STEP_KEY_SHARE) { ret = mbedtls_ecjpake_write_round_one(&operation->ctx.pake, operation->buffer, - MBEDTLS_PSA_PAKE_BUFFER_SIZE, + MBEDTLS_PSA_JPAKE_BUFFER_SIZE, &operation->buffer_length, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); @@ -300,7 +302,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( } else if (step == PSA_JPAKE_X2S_STEP_KEY_SHARE) { ret = mbedtls_ecjpake_write_round_two(&operation->ctx.pake, operation->buffer, - MBEDTLS_PSA_PAKE_BUFFER_SIZE, + MBEDTLS_PSA_JPAKE_BUFFER_SIZE, &operation->buffer_length, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); @@ -350,7 +352,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( /* Reset buffer after ZK_PROOF sequence */ if ((step == PSA_JPAKE_X2_STEP_ZK_PROOF) || (step == PSA_JPAKE_X2S_STEP_ZK_PROOF)) { - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); operation->buffer_length = 0; operation->buffer_offset = 0; } @@ -367,7 +369,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( } psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length) @@ -380,7 +382,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, static psa_status_t mbedtls_psa_pake_input_internal( mbedtls_psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length) { @@ -441,7 +443,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( operation->buffer, operation->buffer_length); - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); operation->buffer_length = 0; if (ret != 0) { @@ -452,7 +454,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( operation->buffer, operation->buffer_length); - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); operation->buffer_length = 0; if (ret != 0) { @@ -471,7 +473,7 @@ static psa_status_t mbedtls_psa_pake_input_internal( } psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length) { @@ -491,7 +493,7 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( if (operation->alg == PSA_ALG_JPAKE) { ret = mbedtls_ecjpake_write_shared_key(&operation->ctx.pake, operation->buffer, - MBEDTLS_PSA_PAKE_BUFFER_SIZE, + MBEDTLS_PSA_JPAKE_BUFFER_SIZE, &operation->buffer_length, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); @@ -520,7 +522,7 @@ psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation) operation->password = NULL; operation->password_len = 0; operation->role = PSA_PAKE_ROLE_NONE; - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_PAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); operation->buffer_length = 0; operation->buffer_offset = 0; mbedtls_ecjpake_free(&operation->ctx.pake); diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index dc6ad7b54..365855601 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -96,7 +96,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, * results in this error code. */ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length); @@ -143,7 +143,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, * results in this error code. */ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length); diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index cf08794c6..b287b37a1 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2865,7 +2865,7 @@ psa_status_t psa_driver_wrapper_pake_setup( } psa_status_t psa_driver_wrapper_pake_output( psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length ) @@ -2901,7 +2901,7 @@ psa_status_t psa_driver_wrapper_pake_output( psa_status_t psa_driver_wrapper_pake_input( psa_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length ) { diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index 23cb98aa4..d082d6e5e 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -57,14 +57,14 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length); @@ -101,14 +101,14 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length); diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 9d51ea10b..615f7ef8a 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -64,7 +64,7 @@ psa_status_t mbedtls_test_transparent_pake_setup( psa_status_t mbedtls_test_transparent_pake_output( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length) @@ -112,7 +112,7 @@ psa_status_t mbedtls_test_transparent_pake_output( psa_status_t mbedtls_test_transparent_pake_input( mbedtls_transparent_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length) { @@ -260,7 +260,7 @@ psa_status_t mbedtls_test_opaque_pake_set_role( psa_status_t mbedtls_test_opaque_pake_output( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, uint8_t *output, size_t output_size, size_t *output_length) @@ -276,7 +276,7 @@ psa_status_t mbedtls_test_opaque_pake_output( psa_status_t mbedtls_test_opaque_pake_input( mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_driver_step_t step, + psa_crypto_driver_pake_step_t step, const uint8_t *input, size_t input_length) { From 6b64862ef7b4b1b6256ca878163399c712e0f043 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Sun, 19 Feb 2023 22:55:33 +0100 Subject: [PATCH 270/440] Documentation fixes and code adaptation Signed-off-by: Przemek Stekiel --- docs/proposed/psa-driver-interface.md | 10 +-- include/psa/crypto_extra.h | 11 ++- library/psa_crypto.c | 1 + library/psa_crypto_driver_wrappers.h | 3 +- library/psa_crypto_pake.c | 7 +- library/psa_crypto_pake.h | 70 +++++-------------- .../psa_crypto_driver_wrappers.c.jinja | 10 +-- tests/include/test/drivers/pake.h | 4 +- tests/src/drivers/test_driver_pake.c | 9 +-- 9 files changed, 48 insertions(+), 77 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index 07f198908..ac6b8ded7 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -463,12 +463,14 @@ For `PSA_ALG_JPAKE` the following steps are available for input operation: ``` psa_status_t acme_pake_get_implicit_key(                             acme_pake_operation_t *operation, -                            uint8_t *output, size_t *output_size ); +                            uint8_t *output, size_t output_size, + size_t *output_length ); ``` -* `operation` is an operation object -* `output` output buffer for implicit key -* `output_size` size of the returned implicit key +* `operation` The driver PAKE operation object to use. +* `output` Buffer where the implicit key is to be written. +* `output_size` Size of the output buffer in bytes. +* `output_length` On success, the number of bytes of the implicit key. ### Driver entry points for key management diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 39ef52cbe..5f86c3f4f 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1318,8 +1318,8 @@ psa_status_t psa_crypto_driver_pake_get_password_len( * * \param[in] inputs Operation inputs. * \param[out] buffer Return buffer for password. - * \param[in] buffer_size Size of the return buffer in bytes. - * \param[in] buffer_length Actual size of the password in bytes. + * \param buffer_size Size of the return buffer in bytes. + * \param[out] buffer_length Actual size of the password in bytes. * * \retval #PSA_SUCCESS * Success. @@ -2034,11 +2034,10 @@ struct psa_pake_operation_s { * ID value zero means the context is not valid or not assigned to * any driver (i.e. none of the driver contexts are active). */ unsigned int MBEDTLS_PRIVATE(id); - /* Algorithm used for PAKE operation */ + /* Algorithm of the PAKE operation */ psa_algorithm_t MBEDTLS_PRIVATE(alg); - /* Based on stage (collecting inputs/computation) we select active structure of data union. - * While switching stage (when driver setup is called) collected inputs - are copied to the corresponding operation context. */ + /* Stage of the PAKE operation: waiting for the setup, collecting inputs + * or computing. */ uint8_t MBEDTLS_PRIVATE(stage); /* Holds computation stage of the PAKE algorithms. */ union { diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2c1a910fb..1c066ce13 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7863,6 +7863,7 @@ psa_status_t psa_pake_get_implicit_key( status = psa_driver_wrapper_pake_get_implicit_key(operation, shared_key, + sizeof(shared_key), &shared_key_len); if (status != PSA_SUCCESS) { diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index 65d0d3f07..dd1b763b1 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -434,7 +434,8 @@ psa_status_t psa_driver_wrapper_pake_input( psa_status_t psa_driver_wrapper_pake_get_implicit_key( psa_pake_operation_t *operation, - uint8_t *output, size_t *output_size); + uint8_t *output, size_t output_size, + size_t *output_length); psa_status_t psa_driver_wrapper_pake_abort( psa_pake_operation_t *operation); diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 73032c6a8..150270c6c 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -485,7 +485,8 @@ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, psa_status_t mbedtls_psa_pake_get_implicit_key( mbedtls_psa_pake_operation_t *operation, - uint8_t *output, size_t *output_size) + uint8_t *output, size_t output_size, + size_t *output_length) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -493,7 +494,7 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( if (operation->alg == PSA_ALG_JPAKE) { ret = mbedtls_ecjpake_write_shared_key(&operation->ctx.pake, operation->buffer, - MBEDTLS_PSA_JPAKE_BUFFER_SIZE, + output_size, &operation->buffer_length, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); @@ -502,7 +503,7 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( } memcpy(output, operation->buffer, operation->buffer_length); - *output_size = operation->buffer_length; + *output_length = operation->buffer_length; return PSA_SUCCESS; } else diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index 365855601..9bdcc3387 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -43,6 +43,8 @@ * compatible with the PAKE algorithm, or the hash algorithm in * \p cipher_suite is not supported or not compatible with the PAKE * algorithm and primitive. + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_CORRUPTION_DETECTED */ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, const psa_crypto_driver_pake_inputs_t *inputs); @@ -59,10 +61,9 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, * \param step The step of the algorithm for which the output is * requested. * \param[out] output Buffer where the output is to be written in the - * format appropriate for this \p step. Refer to - * the documentation of the individual - * \c PSA_PAKE_STEP_XXX constants for more - * information. + * format appropriate for this driver \p step. Refer to + * the documentation of psa_crypto_driver_pake_step_t for + * more information. * \param output_size Size of the \p output buffer in bytes. This must * be at least #PSA_PAKE_OUTPUT_SIZE(\p alg, \p * primitive, \p step) where \p alg and @@ -77,23 +78,10 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, * Success. * \retval #PSA_ERROR_BUFFER_TOO_SMALL * The size of the \p output buffer is too small. - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p step is not compatible with the operation's algorithm. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \p step is not supported with the operation's algorithm. * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_DATA_CORRUPT * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, and fully set - * up, and this call must conform to the algorithm's requirements - * for ordering of input and output steps). - * It is implementation-dependent whether a failure to initialize - * results in this error code. */ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, psa_crypto_driver_pake_step_t step, @@ -104,43 +92,32 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, /** Provide input for a step of a password-authenticated key exchange. * * \note The signature of this function is that of a PSA driver - * key_agreement entry point. This function behaves as a key_agreement + * pake_input entry point. This function behaves as a pake_input * entry point as defined in the PSA driver interface specification for * transparent drivers. * * \param[in,out] operation Active PAKE operation. - * \param step The step for which the input is provided. + * \param step The driver step for which the input is provided. * \param[in] input Buffer containing the input in the format * appropriate for this \p step. Refer to the - * documentation of the individual - * \c PSA_PAKE_STEP_XXX constants for more - * information. + * documentation of psa_crypto_driver_pake_step_t + * for more information. * \param input_length Size of the \p input buffer in bytes. * * \retval #PSA_SUCCESS * Success. * \retval #PSA_ERROR_INVALID_SIGNATURE - * The verification fails for a #PSA_PAKE_STEP_ZK_PROOF input step. + * The verification fails for a zero-knowledge input step. * \retval #PSA_ERROR_INVALID_ARGUMENT - * \p step is not compatible with the \p operation’s algorithm, or the - * \p input is not valid for the \p operation's algorithm, cipher suite + * the \p input is not valid for the \p operation's algorithm, cipher suite * or \p step. * \retval #PSA_ERROR_NOT_SUPPORTED - * \p step p is not supported with the \p operation's algorithm, or the - * \p input is not supported for the \p operation's algorithm, cipher + * the \p input is not supported for the \p operation's algorithm, cipher * suite or \p step. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_DATA_CORRUPT * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_BAD_STATE - * The operation state is not valid (it must be active, and fully set - * up, and this call must conform to the algorithm's requirements - * for ordering of input and output steps). - * It is implementation-dependent whether a failure to initialize - * results in this error code. */ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, psa_crypto_driver_pake_step_t step, @@ -155,8 +132,9 @@ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, * interface specification for transparent drivers. * * \param[in,out] operation Active PAKE operation. - * \param[out] output Output buffer for implicit key - * \param[out] output_size Size of the returned implicit key + * \param[out] output Output buffer for implicit key. + * \param output_size Size of the output buffer in bytes. + * \param[out] output_length On success, the number of bytes of the implicit key. * * \retval #PSA_SUCCESS * Success. @@ -164,24 +142,14 @@ psa_status_t mbedtls_psa_pake_input(mbedtls_psa_pake_operation_t *operation, * Input from a PAKE is not supported by the algorithm in the \p output * key derivation operation. * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE * \retval #PSA_ERROR_DATA_CORRUPT * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_BAD_STATE - * The PAKE operation state is not valid (it must be active, but beyond - * that validity is specific to the algorithm), - * or the state of \p output is not valid for - * the #PSA_KEY_DERIVATION_INPUT_SECRET step. This can happen if the - * step is out of order or the application has done this step already - * and it may not be repeated. - * It is implementation-dependent whether a failure to initialize - * results in this error code. */ psa_status_t mbedtls_psa_pake_get_implicit_key( mbedtls_psa_pake_operation_t *operation, - uint8_t *output, size_t *output_size); + uint8_t *output, size_t output_size, + size_t *output_length); /** Abort a PAKE operation. * @@ -194,11 +162,7 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( * * \retval #PSA_SUCCESS * Success. - * \retval #PSA_ERROR_COMMUNICATION_FAILURE * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_BAD_STATE - * It is implementation-dependent whether a failure to initialize - * results in this error code. */ psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation); diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index b287b37a1..a34d9b094 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2938,13 +2938,15 @@ psa_status_t psa_driver_wrapper_pake_input( psa_status_t psa_driver_wrapper_pake_get_implicit_key( psa_pake_operation_t *operation, - uint8_t *output, size_t *output_size ) + uint8_t *output, size_t output_size, + size_t *output_length ) { switch( operation->id ) { #if defined(MBEDTLS_PSA_BUILTIN_PAKE) case PSA_CRYPTO_MBED_TLS_DRIVER_ID: - return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx, output, output_size ) ); + return( mbedtls_psa_pake_get_implicit_key( &operation->data.ctx.mbedtls_ctx, + output, output_size, output_length ) ); #endif /* MBEDTLS_PSA_BUILTIN_PAKE */ #if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) @@ -2952,11 +2954,11 @@ psa_status_t psa_driver_wrapper_pake_get_implicit_key( case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_get_implicit_key( &operation->data.ctx.transparent_test_driver_ctx, - output, output_size ) ); + output, output_size, output_length ) ); case MBEDTLS_TEST_OPAQUE_DRIVER_ID: return( mbedtls_test_opaque_pake_get_implicit_key( &operation->data.ctx.opaque_test_driver_ctx, - output, output_size ) ); + output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index d082d6e5e..4a2b7c461 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -70,7 +70,7 @@ psa_status_t mbedtls_test_transparent_pake_input( psa_status_t mbedtls_test_transparent_pake_get_implicit_key( mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *output, size_t *output_size); + uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_transparent_pake_abort( mbedtls_transparent_test_driver_pake_operation_t *operation); @@ -114,7 +114,7 @@ psa_status_t mbedtls_test_opaque_pake_input( psa_status_t mbedtls_test_opaque_pake_get_implicit_key( mbedtls_opaque_test_driver_pake_operation_t *operation, - uint8_t *output, size_t *output_size); + uint8_t *output, size_t output_size, size_t *output_length); psa_status_t mbedtls_test_opaque_pake_abort( mbedtls_opaque_test_driver_pake_operation_t *operation); diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 615f7ef8a..3eaf38a65 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -145,7 +145,7 @@ psa_status_t mbedtls_test_transparent_pake_input( psa_status_t mbedtls_test_transparent_pake_get_implicit_key( mbedtls_transparent_test_driver_pake_operation_t *operation, - uint8_t *output, size_t *output_size) + uint8_t *output, size_t output_size, size_t *output_length) { mbedtls_test_driver_pake_hooks.hits++; @@ -157,11 +157,11 @@ psa_status_t mbedtls_test_transparent_pake_get_implicit_key( defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_get_implicit_key( - operation, output, output_size); + operation, output, output_size, output_length); #elif defined(MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = mbedtls_psa_pake_get_implicit_key( - operation, output, output_size); + operation, output, output_size, output_length); #else (void) operation; (void) output; @@ -289,11 +289,12 @@ psa_status_t mbedtls_test_opaque_pake_input( psa_status_t mbedtls_test_opaque_pake_get_implicit_key( mbedtls_opaque_test_driver_pake_operation_t *operation, - uint8_t *output, size_t *output_size) + uint8_t *output, size_t output_size, size_t *output_length) { (void) operation; (void) output; (void) output_size; + (void) output_length; return PSA_ERROR_NOT_SUPPORTED; } From a54dc69fe0dd93c02fe8a29bfa4ee69289c22ec3 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 20 Feb 2023 10:18:10 +0100 Subject: [PATCH 271/440] mbedtls_psa_pake_setup: move driver password and alg init to the common part Also in the core part change stage to computation after return from psa_driver_wrapper_pake_setup() regardless of the result. At this point driver context is active even if init has failed. Additionally handle deallocation of password on failure in mbedtls_psa_pake_setup(). The plan was to handle deallocation on core level by calling abort on failure. Unfortunately in this case when mbedtls_psa_pake_setup() fails with an unsupported result the built-in implementation is executed (if available) and it will reallocate the password leading to the memory leak. Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 3 ++- library/psa_crypto_pake.c | 39 +++++++++++++++++++++------------------ 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1c066ce13..e2cb06f42 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7494,12 +7494,13 @@ static psa_status_t psa_pake_complete_inputs( status = psa_driver_wrapper_pake_setup(operation, &inputs); + operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; + /* Driver is responsible for creating its own copy of the password. */ mbedtls_platform_zeroize(inputs.password, inputs.password_len); mbedtls_free(inputs.password); if (status == PSA_SUCCESS) { - operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; if (operation->alg == PSA_ALG_JPAKE) { psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 150270c6c..a6798111d 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -214,38 +214,38 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, return status; } + operation->password = mbedtls_calloc(1, password_len); + if (operation->password == NULL) { + return PSA_ERROR_INSUFFICIENT_MEMORY; + } + + status = psa_crypto_driver_pake_get_password(inputs, operation->password, + password_len, &actual_password_len); + if (status != PSA_SUCCESS) { + goto error; + } + + operation->password_len = actual_password_len; + operation->alg = cipher_suite.algorithm; + #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (cipher_suite.algorithm == PSA_ALG_JPAKE) { if (cipher_suite.type != PSA_PAKE_PRIMITIVE_TYPE_ECC || cipher_suite.family != PSA_ECC_FAMILY_SECP_R1 || cipher_suite.bits != 256 || cipher_suite.hash != PSA_ALG_SHA_256) { - return PSA_ERROR_NOT_SUPPORTED; + status = PSA_ERROR_NOT_SUPPORTED; + goto error; } - operation->password = mbedtls_calloc(1, password_len); - if (operation->password == NULL) { - status = PSA_ERROR_INSUFFICIENT_MEMORY; - return status; - } - - status = psa_crypto_driver_pake_get_password(inputs, operation->password, - password_len, &actual_password_len); - if (status != PSA_SUCCESS) { - return status; - } - - operation->password_len = actual_password_len; operation->role = role; - operation->alg = cipher_suite.algorithm; - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); operation->buffer_length = 0; operation->buffer_offset = 0; status = psa_pake_ecjpake_setup(operation); if (status != PSA_SUCCESS) { - return status; + goto error; } return PSA_SUCCESS; @@ -254,8 +254,11 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, (void) operation; (void) inputs; #endif - { status = PSA_ERROR_NOT_SUPPORTED; } + { return PSA_ERROR_NOT_SUPPORTED; } +error: + mbedtls_platform_zeroize(operation->password, operation->password_len); + mbedtls_free(operation->password); return status; } From 80a884990311f1be27a05a052dde29489747a3b0 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 20 Feb 2023 13:32:22 +0100 Subject: [PATCH 272/440] Adapt conditional compilation flags for jpake alg Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 288 +++++++++++------- ..._suite_psa_crypto_driver_wrappers.function | 2 +- .../test_suite_psa_crypto_pake.function | 2 +- 3 files changed, 175 insertions(+), 117 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index e2cb06f42..f11be0e40 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7256,6 +7256,7 @@ psa_status_t psa_pake_setup( operation->alg = cipher_suite->algorithm; operation->data.inputs.cipher_suite = *cipher_suite; +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; @@ -7264,6 +7265,12 @@ psa_status_t psa_pake_setup( computation_stage->sequence = PSA_PAKE_SEQ_INVALID; computation_stage->input_step = PSA_PAKE_STEP_X1_X2; computation_stage->output_step = PSA_PAKE_STEP_X1_X2; + } else +#else +#endif + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; } operation->stage = PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS; @@ -7407,6 +7414,7 @@ exit: } /* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_step( psa_jpake_computation_stage_t *stage) { @@ -7469,6 +7477,7 @@ static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_s } return PSA_JPAKE_STEP_INVALID; } +#endif static psa_status_t psa_pake_complete_inputs( psa_pake_operation_t *operation) @@ -7501,6 +7510,7 @@ static psa_status_t psa_pake_complete_inputs( mbedtls_free(inputs.password); if (status == PSA_SUCCESS) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; @@ -7508,102 +7518,114 @@ static psa_status_t psa_pake_complete_inputs( computation_stage->sequence = PSA_PAKE_SEQ_INVALID; computation_stage->input_step = PSA_PAKE_STEP_X1_X2; computation_stage->output_step = PSA_PAKE_STEP_X1_X2; + } else +#endif + { + status = PSA_ERROR_NOT_SUPPORTED; } } return status; } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t psa_jpake_output_prologue( psa_pake_operation_t *operation, psa_pake_step_t step) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; - - if (computation_stage->state == PSA_PAKE_STATE_INVALID) { - return PSA_ERROR_BAD_STATE; - } - if (step != PSA_PAKE_STEP_KEY_SHARE && step != PSA_PAKE_STEP_ZK_PUBLIC && step != PSA_PAKE_STEP_ZK_PROOF) { return PSA_ERROR_INVALID_ARGUMENT; } - if (computation_stage->state != PSA_PAKE_STATE_READY && - computation_stage->state != PSA_PAKE_OUTPUT_X1_X2 && - computation_stage->state != PSA_PAKE_OUTPUT_X2S) { - return PSA_ERROR_BAD_STATE; - } + if (operation->alg == PSA_ALG_JPAKE) { + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.jpake; - if (computation_stage->state == PSA_PAKE_STATE_READY) { - if (step != PSA_PAKE_STEP_KEY_SHARE) { + if (computation_stage->state == PSA_PAKE_STATE_INVALID) { return PSA_ERROR_BAD_STATE; } - switch (computation_stage->output_step) { - case PSA_PAKE_STEP_X1_X2: - computation_stage->state = PSA_PAKE_OUTPUT_X1_X2; - break; - case PSA_PAKE_STEP_X2S: - computation_stage->state = PSA_PAKE_OUTPUT_X2S; - break; - default: - return PSA_ERROR_BAD_STATE; + if (computation_stage->state != PSA_PAKE_STATE_READY && + computation_stage->state != PSA_PAKE_OUTPUT_X1_X2 && + computation_stage->state != PSA_PAKE_OUTPUT_X2S) { + return PSA_ERROR_BAD_STATE; } - computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; - } - - /* Check if step matches current sequence */ - switch (computation_stage->sequence) { - case PSA_PAKE_X1_STEP_KEY_SHARE: - case PSA_PAKE_X2_STEP_KEY_SHARE: + if (computation_stage->state == PSA_PAKE_STATE_READY) { if (step != PSA_PAKE_STEP_KEY_SHARE) { return PSA_ERROR_BAD_STATE; } - break; - case PSA_PAKE_X1_STEP_ZK_PUBLIC: - case PSA_PAKE_X2_STEP_ZK_PUBLIC: - if (step != PSA_PAKE_STEP_ZK_PUBLIC) { - return PSA_ERROR_BAD_STATE; + switch (computation_stage->output_step) { + case PSA_PAKE_STEP_X1_X2: + computation_stage->state = PSA_PAKE_OUTPUT_X1_X2; + break; + case PSA_PAKE_STEP_X2S: + computation_stage->state = PSA_PAKE_OUTPUT_X2S; + break; + default: + return PSA_ERROR_BAD_STATE; } - break; - case PSA_PAKE_X1_STEP_ZK_PROOF: - case PSA_PAKE_X2_STEP_ZK_PROOF: - if (step != PSA_PAKE_STEP_ZK_PROOF) { + computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; + } + + /* Check if step matches current sequence */ + switch (computation_stage->sequence) { + case PSA_PAKE_X1_STEP_KEY_SHARE: + case PSA_PAKE_X2_STEP_KEY_SHARE: + if (step != PSA_PAKE_STEP_KEY_SHARE) { + return PSA_ERROR_BAD_STATE; + } + break; + + case PSA_PAKE_X1_STEP_ZK_PUBLIC: + case PSA_PAKE_X2_STEP_ZK_PUBLIC: + if (step != PSA_PAKE_STEP_ZK_PUBLIC) { + return PSA_ERROR_BAD_STATE; + } + break; + + case PSA_PAKE_X1_STEP_ZK_PROOF: + case PSA_PAKE_X2_STEP_ZK_PROOF: + if (step != PSA_PAKE_STEP_ZK_PROOF) { + return PSA_ERROR_BAD_STATE; + } + break; + + default: return PSA_ERROR_BAD_STATE; - } - break; - - default: - return PSA_ERROR_BAD_STATE; + } } return PSA_SUCCESS; } +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t psa_jpake_output_epilogue( psa_pake_operation_t *operation) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; + if (operation->alg == PSA_ALG_JPAKE) { + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.jpake; - if ((computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && - computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || - (computation_stage->state == PSA_PAKE_OUTPUT_X2S && - computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { - computation_stage->state = PSA_PAKE_STATE_READY; - computation_stage->output_step++; - computation_stage->sequence = PSA_PAKE_SEQ_INVALID; - } else { - computation_stage->sequence++; + if ((computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && + computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || + (computation_stage->state == PSA_PAKE_OUTPUT_X2S && + computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { + computation_stage->state = PSA_PAKE_STATE_READY; + computation_stage->output_step++; + computation_stage->sequence = PSA_PAKE_SEQ_INVALID; + } else { + computation_stage->sequence++; + } } return PSA_SUCCESS; } +#endif psa_status_t psa_pake_output( psa_pake_operation_t *operation, @@ -7634,35 +7656,45 @@ psa_status_t psa_pake_output( } switch (operation->alg) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) case PSA_ALG_JPAKE: status = psa_jpake_output_prologue(operation, step); if (status != PSA_SUCCESS) { goto exit; } break; +#endif default: + (void) step; status = PSA_ERROR_NOT_SUPPORTED; goto exit; } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) status = psa_driver_wrapper_pake_output(operation, convert_jpake_computation_stage_to_driver_step( &operation->computation_stage.jpake), output, output_size, output_length); +#else + (void) output; + status = PSA_ERROR_NOT_SUPPORTED; +#endif if (status != PSA_SUCCESS) { goto exit; } switch (operation->alg) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) case PSA_ALG_JPAKE: status = psa_jpake_output_epilogue(operation); if (status != PSA_SUCCESS) { goto exit; } break; +#endif default: status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -7674,104 +7706,112 @@ exit: return status == PSA_SUCCESS ? abort_status : status; } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t psa_jpake_input_prologue( psa_pake_operation_t *operation, psa_pake_step_t step, size_t input_length) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; - - if (computation_stage->state == PSA_PAKE_STATE_INVALID) { - return PSA_ERROR_BAD_STATE; - } - if (step != PSA_PAKE_STEP_KEY_SHARE && step != PSA_PAKE_STEP_ZK_PUBLIC && step != PSA_PAKE_STEP_ZK_PROOF) { return PSA_ERROR_INVALID_ARGUMENT; } - const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE( - PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256); - if (input_length > (size_t) PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, prim, step)) { - return PSA_ERROR_INVALID_ARGUMENT; - } + if (operation->alg == PSA_ALG_JPAKE) { + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.jpake; - if (computation_stage->state != PSA_PAKE_STATE_READY && - computation_stage->state != PSA_PAKE_INPUT_X1_X2 && - computation_stage->state != PSA_PAKE_INPUT_X4S) { - return PSA_ERROR_BAD_STATE; - } - - if (computation_stage->state == PSA_PAKE_STATE_READY) { - if (step != PSA_PAKE_STEP_KEY_SHARE) { + if (computation_stage->state == PSA_PAKE_STATE_INVALID) { return PSA_ERROR_BAD_STATE; } - switch (computation_stage->input_step) { - case PSA_PAKE_STEP_X1_X2: - computation_stage->state = PSA_PAKE_INPUT_X1_X2; - break; - case PSA_PAKE_STEP_X2S: - computation_stage->state = PSA_PAKE_INPUT_X4S; - break; - default: - return PSA_ERROR_BAD_STATE; + const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256); + if (input_length > (size_t) PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, prim, step)) { + return PSA_ERROR_INVALID_ARGUMENT; } - computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; - } + if (computation_stage->state != PSA_PAKE_STATE_READY && + computation_stage->state != PSA_PAKE_INPUT_X1_X2 && + computation_stage->state != PSA_PAKE_INPUT_X4S) { + return PSA_ERROR_BAD_STATE; + } - /* Check if step matches current sequence */ - switch (computation_stage->sequence) { - case PSA_PAKE_X1_STEP_KEY_SHARE: - case PSA_PAKE_X2_STEP_KEY_SHARE: + if (computation_stage->state == PSA_PAKE_STATE_READY) { if (step != PSA_PAKE_STEP_KEY_SHARE) { return PSA_ERROR_BAD_STATE; } - break; - case PSA_PAKE_X1_STEP_ZK_PUBLIC: - case PSA_PAKE_X2_STEP_ZK_PUBLIC: - if (step != PSA_PAKE_STEP_ZK_PUBLIC) { - return PSA_ERROR_BAD_STATE; + switch (computation_stage->input_step) { + case PSA_PAKE_STEP_X1_X2: + computation_stage->state = PSA_PAKE_INPUT_X1_X2; + break; + case PSA_PAKE_STEP_X2S: + computation_stage->state = PSA_PAKE_INPUT_X4S; + break; + default: + return PSA_ERROR_BAD_STATE; } - break; - case PSA_PAKE_X1_STEP_ZK_PROOF: - case PSA_PAKE_X2_STEP_ZK_PROOF: - if (step != PSA_PAKE_STEP_ZK_PROOF) { + computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; + } + + /* Check if step matches current sequence */ + switch (computation_stage->sequence) { + case PSA_PAKE_X1_STEP_KEY_SHARE: + case PSA_PAKE_X2_STEP_KEY_SHARE: + if (step != PSA_PAKE_STEP_KEY_SHARE) { + return PSA_ERROR_BAD_STATE; + } + break; + + case PSA_PAKE_X1_STEP_ZK_PUBLIC: + case PSA_PAKE_X2_STEP_ZK_PUBLIC: + if (step != PSA_PAKE_STEP_ZK_PUBLIC) { + return PSA_ERROR_BAD_STATE; + } + break; + + case PSA_PAKE_X1_STEP_ZK_PROOF: + case PSA_PAKE_X2_STEP_ZK_PROOF: + if (step != PSA_PAKE_STEP_ZK_PROOF) { + return PSA_ERROR_BAD_STATE; + } + break; + + default: return PSA_ERROR_BAD_STATE; - } - break; - - default: - return PSA_ERROR_BAD_STATE; + } } return PSA_SUCCESS; } +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t psa_jpake_input_epilogue( psa_pake_operation_t *operation) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; + if (operation->alg == PSA_ALG_JPAKE) { + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.jpake; - if ((computation_stage->state == PSA_PAKE_INPUT_X1_X2 && - computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || - (computation_stage->state == PSA_PAKE_INPUT_X4S && - computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { - computation_stage->state = PSA_PAKE_STATE_READY; - computation_stage->input_step++; - computation_stage->sequence = PSA_PAKE_SEQ_INVALID; - } else { - computation_stage->sequence++; + if ((computation_stage->state == PSA_PAKE_INPUT_X1_X2 && + computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || + (computation_stage->state == PSA_PAKE_INPUT_X4S && + computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { + computation_stage->state = PSA_PAKE_STATE_READY; + computation_stage->input_step++; + computation_stage->sequence = PSA_PAKE_SEQ_INVALID; + } else { + computation_stage->sequence++; + } } return PSA_SUCCESS; } +#endif psa_status_t psa_pake_input( psa_pake_operation_t *operation, @@ -7800,33 +7840,43 @@ psa_status_t psa_pake_input( } switch (operation->alg) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) case PSA_ALG_JPAKE: status = psa_jpake_input_prologue(operation, step, input_length); if (status != PSA_SUCCESS) { goto exit; } break; +#endif default: + (void) step; return PSA_ERROR_NOT_SUPPORTED; } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) status = psa_driver_wrapper_pake_input(operation, convert_jpake_computation_stage_to_driver_step( &operation->computation_stage.jpake), input, input_length); +#else + (void) input; + status = PSA_ERROR_NOT_SUPPORTED; +#endif if (status != PSA_SUCCESS) { goto exit; } switch (operation->alg) { +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) case PSA_ALG_JPAKE: status = psa_jpake_input_epilogue(operation); if (status != PSA_SUCCESS) { goto exit; } break; +#endif default: status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -7852,6 +7902,7 @@ psa_status_t psa_pake_get_implicit_key( goto exit; } +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; @@ -7860,6 +7911,13 @@ psa_status_t psa_pake_get_implicit_key( status = PSA_ERROR_BAD_STATE; goto exit; } + } else +#else + +#endif + { + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; } status = psa_driver_wrapper_pake_get_implicit_key(operation, diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index c1eea5059..0bc0a32ff 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -2976,7 +2976,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_BUILTIN_ALG_JPAKE */ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_status_arg, data_t *forced_output, int expected_status_setup_arg, int expected_status_input_arg, int expected_status_output_arg, diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index d77dfdc8e..1c3b3289a 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -909,7 +909,7 @@ void ecjpake_size_macros() } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_BUILTIN_ALG_JPAKE */ void pake_input_getters(data_t *password, int role_arg, int password_buffer_size, int alg_arg, int primitive_arg, int hash_arg, int expected_status_pass, int expected_status_pass_len, From ce131bf5c5ce51d8f2400a3b23fb555745bd67d7 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 21 Feb 2023 12:19:27 +0100 Subject: [PATCH 273/440] PAKE driver: fix password releasing Signed-off-by: Przemek Stekiel --- library/psa_crypto_pake.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index a6798111d..929db5919 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -254,11 +254,13 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, (void) operation; (void) inputs; #endif - { return PSA_ERROR_NOT_SUPPORTED; } + { status = PSA_ERROR_NOT_SUPPORTED; } error: - mbedtls_platform_zeroize(operation->password, operation->password_len); - mbedtls_free(operation->password); + /* When driver fails with PSA_ERROR_NOT_SUPPORTED the built-in implementation is executed (if available) + and it will reallocate the password leading to the memory leak. + Call abort explicitly to clean up allocated memory for password on failure. */ + mbedtls_psa_pake_abort(operation); return status; } @@ -518,13 +520,13 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) + mbedtls_platform_zeroize(operation->password, operation->password_len); + mbedtls_free(operation->password); + operation->password = NULL; + operation->password_len = 0; +#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { - mbedtls_platform_zeroize(operation->password, operation->password_len); - mbedtls_free(operation->password); - operation->password = NULL; - operation->password_len = 0; operation->role = PSA_PAKE_ROLE_NONE; mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); operation->buffer_length = 0; From 51a677bb307549096fc04db2aeb4eee5ec597f8f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 21 Feb 2023 12:20:46 +0100 Subject: [PATCH 274/440] Remove support for pake opaque driver Signed-off-by: Przemek Stekiel --- .../psa_crypto_driver_wrappers.c.jinja | 28 +---- tests/include/test/drivers/pake.h | 44 -------- tests/src/drivers/test_driver_pake.c | 105 +----------------- 3 files changed, 3 insertions(+), 174 deletions(-) diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index a34d9b094..1e7140ca8 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -2844,17 +2844,6 @@ psa_status_t psa_driver_wrapper_pake_setup( #endif return( PSA_ERROR_NOT_SUPPORTED ); /* Add cases for opaque driver here */ -#if defined(PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT) -#if defined(PSA_CRYPTO_DRIVER_TEST) - case PSA_CRYPTO_TEST_DRIVER_LOCATION: - status = mbedtls_test_opaque_pake_setup( - &operation->data.ctx.opaque_test_driver_ctx, - inputs ); - if( status == PSA_SUCCESS ) - operation->id = MBEDTLS_TEST_OPAQUE_DRIVER_ID; - return status; -#endif /* PSA_CRYPTO_DRIVER_TEST */ -#endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: /* Key is declared with a lifetime not known to us */ (void)operation; @@ -2884,10 +2873,6 @@ psa_status_t psa_driver_wrapper_pake_output( return( mbedtls_test_transparent_pake_output( &operation->data.ctx.transparent_test_driver_ctx, step, output, output_size, output_length ) ); - case MBEDTLS_TEST_OPAQUE_DRIVER_ID: - return( mbedtls_test_opaque_pake_output( - &operation->data.ctx.opaque_test_driver_ctx, - step, output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: @@ -2921,11 +2906,6 @@ psa_status_t psa_driver_wrapper_pake_input( &operation->data.ctx.transparent_test_driver_ctx, step, input, input_length ) ); - case MBEDTLS_TEST_OPAQUE_DRIVER_ID: - return( mbedtls_test_opaque_pake_input( - &operation->data.ctx.opaque_test_driver_ctx, - step, - input, input_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: @@ -2955,15 +2935,12 @@ psa_status_t psa_driver_wrapper_pake_get_implicit_key( return( mbedtls_test_transparent_pake_get_implicit_key( &operation->data.ctx.transparent_test_driver_ctx, output, output_size, output_length ) ); - case MBEDTLS_TEST_OPAQUE_DRIVER_ID: - return( mbedtls_test_opaque_pake_get_implicit_key( - &operation->data.ctx.opaque_test_driver_ctx, - output, output_size, output_length ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: (void) output; (void) output_size; + (void) output_length; return( PSA_ERROR_INVALID_ARGUMENT ); } } @@ -2983,9 +2960,6 @@ psa_status_t psa_driver_wrapper_pake_abort( case MBEDTLS_TEST_TRANSPARENT_DRIVER_ID: return( mbedtls_test_transparent_pake_abort( &operation->data.ctx.transparent_test_driver_ctx ) ); - case MBEDTLS_TEST_OPAQUE_DRIVER_ID: - return( mbedtls_test_opaque_pake_abort( - &operation->data.ctx.opaque_test_driver_ctx ) ); #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ default: diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index 4a2b7c461..80307248f 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -75,49 +75,5 @@ psa_status_t mbedtls_test_transparent_pake_get_implicit_key( psa_status_t mbedtls_test_transparent_pake_abort( mbedtls_transparent_test_driver_pake_operation_t *operation); -psa_status_t mbedtls_test_opaque_pake_setup( - mbedtls_opaque_test_driver_pake_operation_t *operation, - const psa_crypto_driver_pake_inputs_t *inputs); - -psa_status_t mbedtls_test_opaque_set_password_key( - const psa_key_attributes_t *attributes, - mbedtls_opaque_test_driver_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size); - -psa_status_t mbedtls_test_opaque_pake_set_user( - mbedtls_opaque_test_driver_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len); - -psa_status_t mbedtls_test_opaque_pake_set_peer( - mbedtls_opaque_test_driver_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len); - -psa_status_t mbedtls_test_opaque_pake_set_role( - mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_role_t role); - -psa_status_t mbedtls_test_opaque_pake_output( - mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - uint8_t *output, - size_t output_size, - size_t *output_length); - -psa_status_t mbedtls_test_opaque_pake_input( - mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - const uint8_t *input, - size_t input_length); - -psa_status_t mbedtls_test_opaque_pake_get_implicit_key( - mbedtls_opaque_test_driver_pake_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length); - -psa_status_t mbedtls_test_opaque_pake_abort( - mbedtls_opaque_test_driver_pake_operation_t *operation); - #endif /* PSA_CRYPTO_DRIVER_TEST */ #endif /* PSA_CRYPTO_TEST_DRIVERS_PAKE_H */ diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 3eaf38a65..03f387fa1 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -165,6 +165,8 @@ psa_status_t mbedtls_test_transparent_pake_get_implicit_key( #else (void) operation; (void) output; + (void) output_size; + (void) output_length; mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED; #endif } @@ -202,107 +204,4 @@ psa_status_t mbedtls_test_transparent_pake_abort( return mbedtls_test_driver_pake_hooks.driver_status; } -/* - * opaque versions, to do - */ -psa_status_t mbedtls_test_opaque_pake_setup( - mbedtls_opaque_test_driver_pake_operation_t *operation, - const psa_crypto_driver_pake_inputs_t *inputs) -{ - (void) operation; - (void) inputs; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_set_password_key( - const psa_key_attributes_t *attributes, - mbedtls_opaque_test_driver_pake_operation_t *operation, - uint8_t *key_buffer, - size_t key_size) -{ - (void) attributes; - (void) operation; - (void) key_buffer; - (void) key_size; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_set_user( - mbedtls_opaque_test_driver_pake_operation_t *operation, - const uint8_t *user_id, - size_t user_id_len) -{ - (void) operation; - (void) user_id; - (void) user_id_len; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_set_peer( - mbedtls_opaque_test_driver_pake_operation_t *operation, - const uint8_t *peer_id, - size_t peer_id_len) -{ - (void) operation; - (void) peer_id; - (void) peer_id_len; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_set_role( - mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_pake_role_t role) -{ - (void) operation; - (void) role; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_output( - mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - uint8_t *output, - size_t output_size, - size_t *output_length) -{ - (void) operation; - (void) step; - (void) output; - (void) output_size; - (void) output_length; - - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_input( - mbedtls_opaque_test_driver_pake_operation_t *operation, - psa_crypto_driver_pake_step_t step, - const uint8_t *input, - size_t input_length) -{ - (void) operation; - (void) step; - (void) input; - (void) input_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_get_implicit_key( - mbedtls_opaque_test_driver_pake_operation_t *operation, - uint8_t *output, size_t output_size, size_t *output_length) -{ - (void) operation; - (void) output; - (void) output_size; - (void) output_length; - return PSA_ERROR_NOT_SUPPORTED; -} - -psa_status_t mbedtls_test_opaque_pake_abort( - mbedtls_opaque_test_driver_pake_operation_t *operation) -{ - (void) operation; - return PSA_ERROR_NOT_SUPPORTED; -} - #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */ From 5eff1033b6aa176b5758808bc0a61ffa4e1d7b0e Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 21 Feb 2023 19:10:36 +0100 Subject: [PATCH 275/440] Remove redundant checks for jpake alg Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 256 +++++++++++++++++++++---------------------- 1 file changed, 124 insertions(+), 132 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index f11be0e40..3823f7ad7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7538,65 +7538,63 @@ static psa_status_t psa_jpake_output_prologue( return PSA_ERROR_INVALID_ARGUMENT; } - if (operation->alg == PSA_ALG_JPAKE) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.jpake; - if (computation_stage->state == PSA_PAKE_STATE_INVALID) { + if (computation_stage->state == PSA_PAKE_STATE_INVALID) { + return PSA_ERROR_BAD_STATE; + } + + if (computation_stage->state != PSA_PAKE_STATE_READY && + computation_stage->state != PSA_PAKE_OUTPUT_X1_X2 && + computation_stage->state != PSA_PAKE_OUTPUT_X2S) { + return PSA_ERROR_BAD_STATE; + } + + if (computation_stage->state == PSA_PAKE_STATE_READY) { + if (step != PSA_PAKE_STEP_KEY_SHARE) { return PSA_ERROR_BAD_STATE; } - if (computation_stage->state != PSA_PAKE_STATE_READY && - computation_stage->state != PSA_PAKE_OUTPUT_X1_X2 && - computation_stage->state != PSA_PAKE_OUTPUT_X2S) { - return PSA_ERROR_BAD_STATE; - } - - if (computation_stage->state == PSA_PAKE_STATE_READY) { - if (step != PSA_PAKE_STEP_KEY_SHARE) { - return PSA_ERROR_BAD_STATE; - } - - switch (computation_stage->output_step) { - case PSA_PAKE_STEP_X1_X2: - computation_stage->state = PSA_PAKE_OUTPUT_X1_X2; - break; - case PSA_PAKE_STEP_X2S: - computation_stage->state = PSA_PAKE_OUTPUT_X2S; - break; - default: - return PSA_ERROR_BAD_STATE; - } - - computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; - } - - /* Check if step matches current sequence */ - switch (computation_stage->sequence) { - case PSA_PAKE_X1_STEP_KEY_SHARE: - case PSA_PAKE_X2_STEP_KEY_SHARE: - if (step != PSA_PAKE_STEP_KEY_SHARE) { - return PSA_ERROR_BAD_STATE; - } + switch (computation_stage->output_step) { + case PSA_PAKE_STEP_X1_X2: + computation_stage->state = PSA_PAKE_OUTPUT_X1_X2; break; - - case PSA_PAKE_X1_STEP_ZK_PUBLIC: - case PSA_PAKE_X2_STEP_ZK_PUBLIC: - if (step != PSA_PAKE_STEP_ZK_PUBLIC) { - return PSA_ERROR_BAD_STATE; - } + case PSA_PAKE_STEP_X2S: + computation_stage->state = PSA_PAKE_OUTPUT_X2S; break; - - case PSA_PAKE_X1_STEP_ZK_PROOF: - case PSA_PAKE_X2_STEP_ZK_PROOF: - if (step != PSA_PAKE_STEP_ZK_PROOF) { - return PSA_ERROR_BAD_STATE; - } - break; - default: return PSA_ERROR_BAD_STATE; } + + computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; + } + + /* Check if step matches current sequence */ + switch (computation_stage->sequence) { + case PSA_PAKE_X1_STEP_KEY_SHARE: + case PSA_PAKE_X2_STEP_KEY_SHARE: + if (step != PSA_PAKE_STEP_KEY_SHARE) { + return PSA_ERROR_BAD_STATE; + } + break; + + case PSA_PAKE_X1_STEP_ZK_PUBLIC: + case PSA_PAKE_X2_STEP_ZK_PUBLIC: + if (step != PSA_PAKE_STEP_ZK_PUBLIC) { + return PSA_ERROR_BAD_STATE; + } + break; + + case PSA_PAKE_X1_STEP_ZK_PROOF: + case PSA_PAKE_X2_STEP_ZK_PROOF: + if (step != PSA_PAKE_STEP_ZK_PROOF) { + return PSA_ERROR_BAD_STATE; + } + break; + + default: + return PSA_ERROR_BAD_STATE; } return PSA_SUCCESS; @@ -7607,20 +7605,18 @@ static psa_status_t psa_jpake_output_prologue( static psa_status_t psa_jpake_output_epilogue( psa_pake_operation_t *operation) { - if (operation->alg == PSA_ALG_JPAKE) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.jpake; - if ((computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && - computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || - (computation_stage->state == PSA_PAKE_OUTPUT_X2S && - computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { - computation_stage->state = PSA_PAKE_STATE_READY; - computation_stage->output_step++; - computation_stage->sequence = PSA_PAKE_SEQ_INVALID; - } else { - computation_stage->sequence++; - } + if ((computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && + computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || + (computation_stage->state == PSA_PAKE_OUTPUT_X2S && + computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { + computation_stage->state = PSA_PAKE_STATE_READY; + computation_stage->output_step++; + computation_stage->sequence = PSA_PAKE_SEQ_INVALID; + } else { + computation_stage->sequence++; } return PSA_SUCCESS; @@ -7718,71 +7714,69 @@ static psa_status_t psa_jpake_input_prologue( return PSA_ERROR_INVALID_ARGUMENT; } - if (operation->alg == PSA_ALG_JPAKE) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.jpake; - if (computation_stage->state == PSA_PAKE_STATE_INVALID) { + if (computation_stage->state == PSA_PAKE_STATE_INVALID) { + return PSA_ERROR_BAD_STATE; + } + + const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256); + if (input_length > (size_t) PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, prim, step)) { + return PSA_ERROR_INVALID_ARGUMENT; + } + + if (computation_stage->state != PSA_PAKE_STATE_READY && + computation_stage->state != PSA_PAKE_INPUT_X1_X2 && + computation_stage->state != PSA_PAKE_INPUT_X4S) { + return PSA_ERROR_BAD_STATE; + } + + if (computation_stage->state == PSA_PAKE_STATE_READY) { + if (step != PSA_PAKE_STEP_KEY_SHARE) { return PSA_ERROR_BAD_STATE; } - const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE( - PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256); - if (input_length > (size_t) PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, prim, step)) { - return PSA_ERROR_INVALID_ARGUMENT; - } - - if (computation_stage->state != PSA_PAKE_STATE_READY && - computation_stage->state != PSA_PAKE_INPUT_X1_X2 && - computation_stage->state != PSA_PAKE_INPUT_X4S) { - return PSA_ERROR_BAD_STATE; - } - - if (computation_stage->state == PSA_PAKE_STATE_READY) { - if (step != PSA_PAKE_STEP_KEY_SHARE) { - return PSA_ERROR_BAD_STATE; - } - - switch (computation_stage->input_step) { - case PSA_PAKE_STEP_X1_X2: - computation_stage->state = PSA_PAKE_INPUT_X1_X2; - break; - case PSA_PAKE_STEP_X2S: - computation_stage->state = PSA_PAKE_INPUT_X4S; - break; - default: - return PSA_ERROR_BAD_STATE; - } - - computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; - } - - /* Check if step matches current sequence */ - switch (computation_stage->sequence) { - case PSA_PAKE_X1_STEP_KEY_SHARE: - case PSA_PAKE_X2_STEP_KEY_SHARE: - if (step != PSA_PAKE_STEP_KEY_SHARE) { - return PSA_ERROR_BAD_STATE; - } + switch (computation_stage->input_step) { + case PSA_PAKE_STEP_X1_X2: + computation_stage->state = PSA_PAKE_INPUT_X1_X2; break; - - case PSA_PAKE_X1_STEP_ZK_PUBLIC: - case PSA_PAKE_X2_STEP_ZK_PUBLIC: - if (step != PSA_PAKE_STEP_ZK_PUBLIC) { - return PSA_ERROR_BAD_STATE; - } + case PSA_PAKE_STEP_X2S: + computation_stage->state = PSA_PAKE_INPUT_X4S; break; - - case PSA_PAKE_X1_STEP_ZK_PROOF: - case PSA_PAKE_X2_STEP_ZK_PROOF: - if (step != PSA_PAKE_STEP_ZK_PROOF) { - return PSA_ERROR_BAD_STATE; - } - break; - default: return PSA_ERROR_BAD_STATE; } + + computation_stage->sequence = PSA_PAKE_X1_STEP_KEY_SHARE; + } + + /* Check if step matches current sequence */ + switch (computation_stage->sequence) { + case PSA_PAKE_X1_STEP_KEY_SHARE: + case PSA_PAKE_X2_STEP_KEY_SHARE: + if (step != PSA_PAKE_STEP_KEY_SHARE) { + return PSA_ERROR_BAD_STATE; + } + break; + + case PSA_PAKE_X1_STEP_ZK_PUBLIC: + case PSA_PAKE_X2_STEP_ZK_PUBLIC: + if (step != PSA_PAKE_STEP_ZK_PUBLIC) { + return PSA_ERROR_BAD_STATE; + } + break; + + case PSA_PAKE_X1_STEP_ZK_PROOF: + case PSA_PAKE_X2_STEP_ZK_PROOF: + if (step != PSA_PAKE_STEP_ZK_PROOF) { + return PSA_ERROR_BAD_STATE; + } + break; + + default: + return PSA_ERROR_BAD_STATE; } return PSA_SUCCESS; @@ -7793,20 +7787,18 @@ static psa_status_t psa_jpake_input_prologue( static psa_status_t psa_jpake_input_epilogue( psa_pake_operation_t *operation) { - if (operation->alg == PSA_ALG_JPAKE) { - psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; + psa_jpake_computation_stage_t *computation_stage = + &operation->computation_stage.jpake; - if ((computation_stage->state == PSA_PAKE_INPUT_X1_X2 && - computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || - (computation_stage->state == PSA_PAKE_INPUT_X4S && - computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { - computation_stage->state = PSA_PAKE_STATE_READY; - computation_stage->input_step++; - computation_stage->sequence = PSA_PAKE_SEQ_INVALID; - } else { - computation_stage->sequence++; - } + if ((computation_stage->state == PSA_PAKE_INPUT_X1_X2 && + computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || + (computation_stage->state == PSA_PAKE_INPUT_X4S && + computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { + computation_stage->state = PSA_PAKE_STATE_READY; + computation_stage->input_step++; + computation_stage->sequence = PSA_PAKE_SEQ_INVALID; + } else { + computation_stage->sequence++; } return PSA_SUCCESS; From 6445912d9cc3bdc71e261ecb1ac55c65bec8dfc3 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Feb 2023 12:35:16 +0100 Subject: [PATCH 276/440] test: enable ssl-opt in test_psa_crypto_config_[accel/reference]_ecdsa_use_psa Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7d91fa27d..24b1eda00 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2158,7 +2158,8 @@ component_test_psa_crypto_config_accel_ecdsa_use_psa () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA" make test - # TODO: ssl-opt.sh (currently doesn't pass) - #6861 + msg "test: ssl-opt.sh" + tests/ssl-opt.sh } # Keep in sync with component_test_psa_crypto_config_accel_ecdsa_use_psa. @@ -2177,7 +2178,8 @@ component_test_psa_crypto_config_reference_ecdsa_use_psa () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA" make test - # TODO: ssl-opt.sh (when the accel component is ready) - #6861 + msg "test: ssl-opt.sh" + tests/ssl-opt.sh } component_test_psa_crypto_config_accel_ecdh () { From 59200a22aa4b7c32559affb41ab89f3c0c573e93 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 21 Feb 2023 15:07:40 +0000 Subject: [PATCH 277/440] Improve psa_wipe_output_buffer Change name and document to ensure suitability only for "tags" is explicit. Add support for output size of zero in PSA_SUCCESS case. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 49 +++++++++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 21 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3ec9273de..fa6991e9f 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2684,34 +2684,41 @@ static psa_status_t psa_sign_verify_check_alg(int input_is_message, } /** - * \brief Fill the unused part of the output buffer (the - * whole buffer on error, the trailing part on - * success) with something that isn't a valid - * signature (barring an attack on the signature - * and deliberately-crafted input), in case the - * caller doesn't check the return status properly. + * \brief For output buffers which contain "tags" + * (outputs that may be checked for validity like + * Hashes, MACs and signatures), fill the unused + * part of the output buffer (the whole buffer on + * error, the trailing part on success) with + * something that isn't a valid tag (barring an + * attack on the tag and deliberately-crafted + * input), in case the caller doesn't check the + * return status properly. * * \param output_buffer pointer to buffer to wipe. May not be NULL * unless \p output_buffer_size is zero. * \param status status of function called to generate * output_buffer originally * \param output_buffer_size Size of output buffer. If zero, \p output_buffer - * could be NULL + * could be NULL. * \param output_buffer_length Length of data written to output_buffer, must be * less than \p output_buffer_size */ -static void psa_wipe_output_buffer(uint8_t *output_buffer, psa_status_t status, - size_t output_buffer_size, size_t output_buffer_length) +static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t status, + size_t output_buffer_size, size_t output_buffer_length) { - if (status == PSA_SUCCESS) { - memset(output_buffer + output_buffer_length, '!', - output_buffer_size - output_buffer_length); - } else if (output_buffer_size > 0) { - memset(output_buffer, '!', output_buffer_size); + size_t offset = 0; + + if (output_buffer_size == 0) { + /* If output_buffer_size is 0 then we have nothing to do. We must not + call memset because output_buffer may be NULL in this case */ + return; } - /* If output_buffer_size is 0 then we have nothing to do. We must - * not call memset because output_buffer may be NULL in this - * case.*/ + + if (status == PSA_SUCCESS) { + offset = output_buffer_length; + } + + memset(output_buffer + offset, '!', output_buffer_size - offset); } static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key, @@ -2776,8 +2783,8 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key, exit: - psa_wipe_output_buffer(signature, status, signature_size, - *signature_length); + psa_wipe_tag_output_buffer(signature, status, signature_size, + *signature_length); unlock_status = psa_unlock_key_slot(slot); @@ -3293,8 +3300,8 @@ psa_status_t psa_sign_hash_complete( exit: - psa_wipe_output_buffer(signature, status, signature_size, - *signature_length); + psa_wipe_tag_output_buffer(signature, status, signature_size, + *signature_length); if (status != PSA_OPERATION_INCOMPLETE) { if (status != PSA_SUCCESS) { From b1176f2583407bb80838f8760e0824eae50cc0fb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Feb 2023 22:07:28 +0100 Subject: [PATCH 278/440] Allow alternative names for overridden PSA headers Integrators of Mbed TLS may override the header files "psa/crypto_platform.h" and "psa/crypto_struct.h" by overwriting the files or by placing alternative versions earlier in the include file search path. These two methods are sometimes inconvenient, so allow a third method which doesn't require overwriting files or having a precise order for the include path: integrators can now specify alternative names for the headers. Signed-off-by: Gilles Peskine --- ChangeLog.d/psa-alt-headers.txt | 4 +++ include/mbedtls/mbedtls_config.h | 47 ++++++++++++++++++++++++++++++++ include/psa/crypto.h | 8 ++++++ include/psa/crypto_types.h | 4 +++ 4 files changed, 63 insertions(+) create mode 100644 ChangeLog.d/psa-alt-headers.txt diff --git a/ChangeLog.d/psa-alt-headers.txt b/ChangeLog.d/psa-alt-headers.txt new file mode 100644 index 000000000..95556290a --- /dev/null +++ b/ChangeLog.d/psa-alt-headers.txt @@ -0,0 +1,4 @@ +Features + * The configuration macros MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and + MBEDTLS_PSA_CRYPTO_STRUCT_FILE specify alternative locations for + the headers "psa/crypto_platform.h" and "psa/crypto_struct.h". diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 9ae51c964..f596417ff 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3537,6 +3537,53 @@ */ //#define MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE "/dev/null" +/** + * \def MBEDTLS_PSA_CRYPTO_PLATFORM_FILE + * + * If defined, this is a header which will be included instead of + * `"psa/crypto_platform.h"`. This file should declare the same identifiers + * as the one in Mbed TLS, but with definitions adapted to the platform on + * which the library code will run. + * + * \note The required content of this header can vary from one version of + * Mbed TLS to the next. Integrators who provide an alternative file + * should review the changes in the original file whenever they + * upgrade Mbed TLS. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_PSA_CRYPTO_PLATFORM_FILE "psa/crypto_platform_alt.h" + +/** + * \def MBEDTLS_PSA_CRYPTO_STRUCT_FILE + * + * If defined, this is a header which will be included instead of + * `"psa/crypto_struct.h"`. This file should declare the same identifiers + * as the one in Mbed TLS, but with definitions adapted to the environment + * in which the library code will run. The typical use for this feature + * is to provide alternative type definitions on the client side in + * client-server integrations of PSA crypto, where operation structures + * contain handles instead of cryptographic data. + * + * \note The required content of this header can vary from one version of + * Mbed TLS to the next. Integrators who provide an alternative file + * should review the changes in the original file whenever they + * upgrade Mbed TLS. + * + * This macro is expanded after an \#include directive. This is a popular but + * non-standard feature of the C language, so this feature is only available + * with compilers that perform macro expansion on an \#include line. + * + * The value of this symbol is typically a path in double quotes, either + * absolute or relative to a directory on the include search path. + */ +//#define MBEDTLS_PSA_CRYPTO_STRUCT_FILE "psa/crypto_struct_alt.h" + /** \} name SECTION: General configuration options */ /** diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 80bf5c969..bd544224d 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -22,7 +22,11 @@ #ifndef PSA_CRYPTO_H #define PSA_CRYPTO_H +#if defined(MBEDTLS_PSA_CRYPTO_PLATFORM_FILE) +#include MBEDTLS_PSA_CRYPTO_PLATFORM_FILE +#else #include "crypto_platform.h" +#endif #include @@ -4677,7 +4681,11 @@ psa_status_t psa_verify_hash_abort( /* The file "crypto_struct.h" contains definitions for * implementation-specific structs that are declared above. */ +#if defined(MBEDTLS_PSA_CRYPTO_STRUCT_FILE) +#include MBEDTLS_PSA_CRYPTO_STRUCT_FILE +#else #include "crypto_struct.h" +#endif /* The file "crypto_extra.h" contains vendor-specific definitions. This * can include vendor-defined algorithms, extra functions, etc. */ diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 95bf32fd9..dd4d4fca3 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -34,7 +34,11 @@ #define PSA_CRYPTO_TYPES_H #include "mbedtls/private_access.h" +#if defined(MBEDTLS_PSA_CRYPTO_PLATFORM_FILE) +#include MBEDTLS_PSA_CRYPTO_PLATFORM_FILE +#else #include "crypto_platform.h" +#endif /* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT * is defined as well to include all PSA code. From fac5a54f8ad5ae52ea10f22b86faa1ffea9db4ef Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Feb 2023 10:13:40 +0800 Subject: [PATCH 279/440] fix code style issues Signed-off-by: Jerry Yu --- library/aesce.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index 64811227c..356d0a3af 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -193,7 +193,7 @@ static void aesce_setkey_enc(unsigned char *rk, /* Require max(key_len_in_words, round_key_len_len_in_words) + 7 */ const size_t round_keys_needed = key_len_in_words + 7; const size_t key_expansion_size_in_words = - round_keys_needed * round_key_len_in_words; + round_keys_needed * round_key_len_in_words; const uint32_t *rko_end = (uint32_t *) rk + key_expansion_size_in_words; memcpy(rk, key, key_len_in_words * 4); @@ -202,7 +202,7 @@ static void aesce_setkey_enc(unsigned char *rk, rki + key_len_in_words < rko_end; rki += key_len_in_words) { - size_t iteration = (rki- (uint32_t *) rk)/key_len_in_words; + size_t iteration = (rki - (uint32_t *) rk) / key_len_in_words; uint32_t *rko; rko = rki + key_len_in_words; rko[0] = aes_rot_word(aes_sub_word(rki[key_len_in_words - 1])); @@ -210,7 +210,7 @@ static void aesce_setkey_enc(unsigned char *rk, rko[1] = rko[0] ^ rki[1]; rko[2] = rko[1] ^ rki[2]; rko[3] = rko[2] ^ rki[3]; - if (rko+key_len_in_words > rko_end) { + if (rko + key_len_in_words > rko_end) { /* Do not write overflow words.*/ continue; } From 947bf969e0b40e11b187c92557672bc07064975f Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Thu, 23 Feb 2023 11:07:57 +0800 Subject: [PATCH 280/440] Improve readability of expansion size Signed-off-by: Jerry Yu --- library/aesce.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index 356d0a3af..e47665a50 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -185,15 +185,17 @@ static void aesce_setkey_enc(unsigned char *rk, const unsigned char *key, const size_t key_bit_length) { - - const uint32_t key_len_in_words = key_bit_length / 32; - const size_t round_key_len_in_words = 4; static uint8_t const rcon[] = { 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1b, 0x36 }; - /* Require max(key_len_in_words, round_key_len_len_in_words) + 7 */ - const size_t round_keys_needed = key_len_in_words + 7; + /* See https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf + * - Section 5, Nr = Nk + 6 + * - Section 5.2, the key expansion size is Nb*(Nr+1) + */ + const uint32_t key_len_in_words = key_bit_length / 32; /* Nk */ + const size_t round_key_len_in_words = 4; /* Nb */ + const size_t round_keys_needed = key_len_in_words + 6; /* Nr */ const size_t key_expansion_size_in_words = - round_keys_needed * round_key_len_in_words; + round_key_len_in_words * (round_keys_needed + 1); /* Nb*(Nr+1) */ const uint32_t *rko_end = (uint32_t *) rk + key_expansion_size_in_words; memcpy(rk, key, key_len_in_words * 4); From d59d2a4deeee29089dafce0c682dbc5d7f2c7e43 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 22 Feb 2023 11:02:40 +0100 Subject: [PATCH 281/440] Optimize pake tests Signed-off-by: Przemek Stekiel --- tests/include/test/drivers/pake.h | 11 +- tests/src/drivers/test_driver_pake.c | 15 +- ...test_suite_psa_crypto_driver_wrappers.data | 37 ++- ..._suite_psa_crypto_driver_wrappers.function | 214 +++++++++--------- 4 files changed, 141 insertions(+), 136 deletions(-) diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index 80307248f..99ca8f275 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -33,7 +33,14 @@ typedef struct { pake_output/pake_input (added to distinguish forced statuses). */ psa_status_t forced_setup_status; /* Count the amount of times PAKE driver functions are called. */ - unsigned long hits; + struct { + unsigned long total; + unsigned long setup; + unsigned long input; + unsigned long output; + unsigned long implicit_key; + unsigned long abort; + } hits; /* Status returned by the last PAKE driver function call. */ psa_status_t driver_status; /* Output returned by pake_output */ @@ -41,7 +48,7 @@ typedef struct { size_t forced_output_length; } mbedtls_test_driver_pake_hooks_t; -#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, 0, PSA_SUCCESS, NULL, 0 } +#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, {0, 0, 0, 0, 0, 0}, PSA_SUCCESS, NULL, 0 } static inline mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks_init(void) { diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 03f387fa1..7eafe14d8 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -37,7 +37,8 @@ psa_status_t mbedtls_test_transparent_pake_setup( mbedtls_transparent_test_driver_pake_operation_t *operation, const psa_crypto_driver_pake_inputs_t *inputs) { - mbedtls_test_driver_pake_hooks.hits++; + mbedtls_test_driver_pake_hooks.hits.total++; + mbedtls_test_driver_pake_hooks.hits.setup++; if (mbedtls_test_driver_pake_hooks.forced_setup_status != PSA_SUCCESS) { mbedtls_test_driver_pake_hooks.driver_status = @@ -69,7 +70,8 @@ psa_status_t mbedtls_test_transparent_pake_output( size_t output_size, size_t *output_length) { - mbedtls_test_driver_pake_hooks.hits++; + mbedtls_test_driver_pake_hooks.hits.total++; + mbedtls_test_driver_pake_hooks.hits.output++; if (mbedtls_test_driver_pake_hooks.forced_output != NULL) { if (output_size < mbedtls_test_driver_pake_hooks.forced_output_length) { @@ -116,7 +118,8 @@ psa_status_t mbedtls_test_transparent_pake_input( const uint8_t *input, size_t input_length) { - mbedtls_test_driver_pake_hooks.hits++; + mbedtls_test_driver_pake_hooks.hits.total++; + mbedtls_test_driver_pake_hooks.hits.input++; if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { mbedtls_test_driver_pake_hooks.driver_status = @@ -147,7 +150,8 @@ psa_status_t mbedtls_test_transparent_pake_get_implicit_key( mbedtls_transparent_test_driver_pake_operation_t *operation, uint8_t *output, size_t output_size, size_t *output_length) { - mbedtls_test_driver_pake_hooks.hits++; + mbedtls_test_driver_pake_hooks.hits.total++; + mbedtls_test_driver_pake_hooks.hits.implicit_key++; if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) { mbedtls_test_driver_pake_hooks.driver_status = @@ -177,7 +181,8 @@ psa_status_t mbedtls_test_transparent_pake_get_implicit_key( psa_status_t mbedtls_test_transparent_pake_abort( mbedtls_transparent_test_driver_pake_operation_t *operation) { - mbedtls_test_driver_pake_hooks.hits++; + mbedtls_test_driver_pake_hooks.hits.total++; + mbedtls_test_driver_pake_hooks.hits.abort++; #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index fa7aa7b62..d63371b7c 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -822,48 +822,41 @@ depends_on:PSA_WANT_ALG_GCM:PSA_WANT_KEY_TYPE_AES aead_decrypt_setup:PSA_KEY_TYPE_AES:"a0ec7b0052541d9e9c091fb7fc481409":PSA_ALG_GCM:"00e440846db73a490573deaf3728c94f":"a3cfcb832e935eb5bc3812583b3a1b2e82920c07fda3668a35d939d8f11379bb606d39e6416b2ef336fffb15aec3f47a71e191f4ff6c56ff15913562619765b26ae094713d60bab6ab82bfc36edaaf8c7ce2cf5906554dcc5933acdb9cb42c1d24718efdc4a09256020b024b224cfe602772bd688c6c8f1041a46f7ec7d51208":"3b6de52f6e582d317f904ee768895bd4d0790912efcf27b58651d0eb7eb0b2f07222c6ffe9f7e127d98ccb132025b098a67dc0ec0083235e9f83af1ae1297df4319547cbcb745cebed36abc1f32a059a05ede6c00e0da097521ead901ad6a73be20018bda4c323faa135169e21581e5106ac20853642e9d6b17f1dd925c87281":"4365847fe0b7b7fbed325953df344a96":"5431d93278c35cfcd7ffa9ce2de5c6b922edffd5055a9eaa5b54cae088db007cf2d28efaf9edd1569341889073e87c0a88462d77016744be62132fd14a243ed6e30e12cd2f7d08a8daeec161691f3b27d4996df8745d74402ee208e4055615a8cb069d495cf5146226490ac615d7b17ab39fb4fdd098e4e7ee294d34c1312826":PSA_ERROR_INSUFFICIENT_MEMORY:PSA_ERROR_INSUFFICIENT_MEMORY PSA PAKE transparent driver: setup(via input) in-driver forced status -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -pake_operations:"abcd":PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:"":PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:0 +pake_operations:"abcd":PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:"":PSA_ERROR_GENERIC_ERROR:0 PSA PAKE transparent driver: setup(via output) in-driver forced status -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -pake_operations:"abcd":PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:"":PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1 +pake_operations:"abcd":PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:"":PSA_ERROR_GENERIC_ERROR:1 PSA PAKE transparent driver: input in-driver forced status -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -pake_operations:"abcd":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:"":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:2 +pake_operations:"abcd":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR:2 PSA PAKE transparent driver: output in-driver forced status -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -pake_operations:"abcd":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:"":PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:PSA_SUCCESS:3 +pake_operations:"abcd":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR:3 PSA PAKE transparent driver: output in-driver forced output -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -pake_operations:"abcd":PSA_SUCCESS:PSA_SUCCESS:"1234":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:3 +pake_operations:"abcd":PSA_SUCCESS:PSA_SUCCESS:"1234":PSA_SUCCESS:3 PSA PAKE transparent driver: get_key in-driver forced status -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -pake_operations:"abcd":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:PSA_SUCCESS:4 +pake_operations:"abcd":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR:4 PSA PAKE transparent driver: abort in-driver forced status -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 -pake_operations:"abcd":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:"":PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:5 +pake_operations:"abcd":PSA_SUCCESS:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR:5 PSA PAKE transparent driver: setup(via input) fallback not available -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_PSA_BUILTIN_PAKE -pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:0 +depends_on:!MBEDTLS_PSA_BUILTIN_PAKE +pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:"":PSA_ERROR_NOT_SUPPORTED:0 PSA PAKE transparent driver: setup(via output) fallback not available -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_PSA_BUILTIN_PAKE -pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:"":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:1 +depends_on:!MBEDTLS_PSA_BUILTIN_PAKE +pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:"":PSA_ERROR_NOT_SUPPORTED:1 PSA PAKE transparent driver: input fallback not available -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_PSA_BUILTIN_PAKE -pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:"":PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:2 +depends_on:!MBEDTLS_PSA_BUILTIN_PAKE +pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:"":PSA_ERROR_NOT_SUPPORTED:2 PSA PAKE transparent driver: output fallback not available -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:!MBEDTLS_PSA_BUILTIN_PAKE -pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:"":PSA_SUCCESS:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:PSA_SUCCESS:3 +depends_on:!MBEDTLS_PSA_BUILTIN_PAKE +pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:"":PSA_ERROR_NOT_SUPPORTED:3 PSA PAKE: ecjpake rounds transparent driver: in-driver success depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 0bc0a32ff..b0aac5357 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -52,7 +52,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, 512 - buffer0_off, &s_g1_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_g1_len, expected_size_key_share); s_g1_off = buffer0_off; @@ -60,7 +60,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, 512 - buffer0_off, &s_x1_pk_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_x1_pk_len, expected_size_zk_public); s_x1_pk_off = buffer0_off; @@ -68,7 +68,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, 512 - buffer0_off, &s_x1_pr_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(s_x1_pr_len, max_expected_size_zk_proof); s_x1_pr_off = buffer0_off; @@ -76,7 +76,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, 512 - buffer0_off, &s_g2_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_g2_len, expected_size_key_share); s_g2_off = buffer0_off; @@ -84,7 +84,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, 512 - buffer0_off, &s_x2_pk_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_x2_pk_len, expected_size_zk_public); s_x2_pk_off = buffer0_off; @@ -92,7 +92,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, 512 - buffer0_off, &s_x2_pr_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(s_x2_pr_len, max_expected_size_zk_proof); s_x2_pr_off = buffer0_off; @@ -102,42 +102,42 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, /* Client first round Input */ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_g1_off, s_g1_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x1_pk_off, s_x1_pk_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x1_pr_off, s_x1_pr_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_g2_off, s_g2_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x2_pk_off, s_x2_pk_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x2_pr_off, s_x2_pr_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); } @@ -149,7 +149,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, 512 - buffer1_off, &c_g1_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_g1_len, expected_size_key_share); c_g1_off = buffer1_off; @@ -157,7 +157,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, 512 - buffer1_off, &c_x1_pk_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_x1_pk_len, expected_size_zk_public); c_x1_pk_off = buffer1_off; @@ -165,7 +165,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, 512 - buffer1_off, &c_x1_pr_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(c_x1_pr_len, max_expected_size_zk_proof); c_x1_pr_off = buffer1_off; @@ -173,7 +173,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, 512 - buffer1_off, &c_g2_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_g2_len, expected_size_key_share); c_g2_off = buffer1_off; @@ -181,7 +181,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, 512 - buffer1_off, &c_x2_pk_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_x2_pk_len, expected_size_zk_public); c_x2_pk_off = buffer1_off; @@ -189,7 +189,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, 512 - buffer1_off, &c_x2_pr_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(c_x2_pr_len, max_expected_size_zk_proof); c_x2_pr_off = buffer1_off; @@ -199,42 +199,42 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, /* Client first round Input */ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_g1_off, s_g1_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x1_pk_off, s_x1_pk_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x1_pr_off, s_x1_pr_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_g2_off, s_g2_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x2_pk_off, s_x2_pk_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x2_pr_off, s_x2_pr_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); } @@ -242,37 +242,37 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, /* Server first round Input */ status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, buffer1 + c_g1_off, c_g1_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + c_x1_pk_off, c_x1_pk_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, buffer1 + c_x1_pr_off, c_x1_pr_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, buffer1 + c_g2_off, c_g2_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + c_x2_pk_off, c_x2_pk_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, buffer1 + c_x2_pr_off, c_x2_pr_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); @@ -285,7 +285,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_KEY_SHARE, buffer0 + buffer0_off, 512 - buffer0_off, &s_a_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_a_len, expected_size_key_share); s_a_off = buffer0_off; @@ -293,7 +293,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + buffer0_off, 512 - buffer0_off, &s_x2s_pk_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(s_x2s_pk_len, expected_size_zk_public); s_x2s_pk_off = buffer0_off; @@ -301,7 +301,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(server, PSA_PAKE_STEP_ZK_PROOF, buffer0 + buffer0_off, 512 - buffer0_off, &s_x2s_pr_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(s_x2s_pr_len, max_expected_size_zk_proof); s_x2s_pr_off = buffer0_off; @@ -311,21 +311,21 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, /* Client second round Input */ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_a_off, s_a_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x2s_pk_off, s_x2s_pk_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x2s_pr_off, s_x2s_pr_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); } @@ -336,7 +336,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_KEY_SHARE, buffer1 + buffer1_off, 512 - buffer1_off, &c_a_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_a_len, expected_size_key_share); c_a_off = buffer1_off; @@ -344,7 +344,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + buffer1_off, 512 - buffer1_off, &c_x2s_pk_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(c_x2s_pk_len, expected_size_zk_public); c_x2s_pk_off = buffer1_off; @@ -352,7 +352,7 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, PSA_ASSERT(psa_pake_output(client, PSA_PAKE_STEP_ZK_PROOF, buffer1 + buffer1_off, 512 - buffer1_off, &c_x2s_pr_len)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_LE_U(c_x2s_pr_len, max_expected_size_zk_proof); c_x2s_pr_off = buffer1_off; @@ -362,21 +362,21 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, /* Client second round Input */ status = psa_pake_input(client, PSA_PAKE_STEP_KEY_SHARE, buffer0 + s_a_off, s_a_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PUBLIC, buffer0 + s_x2s_pk_off, s_x2s_pk_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(client, PSA_PAKE_STEP_ZK_PROOF, buffer0 + s_x2s_pr_off, s_x2s_pr_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); } @@ -384,19 +384,19 @@ static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, /* Server second round Input */ status = psa_pake_input(server, PSA_PAKE_STEP_KEY_SHARE, buffer1 + c_a_off, c_a_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PUBLIC, buffer1 + c_x2s_pk_off, c_x2s_pk_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); status = psa_pake_input(server, PSA_PAKE_STEP_ZK_PROOF, buffer1 + c_x2s_pr_off, c_x2s_pr_len); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); TEST_EQUAL(status, PSA_SUCCESS); @@ -2976,70 +2976,57 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_BUILTIN_ALG_JPAKE */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_status_arg, - data_t *forced_output, int expected_status_setup_arg, - int expected_status_input_arg, int expected_status_output_arg, - int expected_status_get_key_arg, int expected_status_abort_arg, + data_t *forced_output, int expected_status_arg, int fut) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_status_t forced_status = forced_status_arg; psa_status_t forced_status_setup = forced_status_setup_arg; - psa_status_t expected_status_setup = expected_status_setup_arg; - psa_status_t expected_status_input = expected_status_input_arg; - psa_status_t expected_status_output = expected_status_output_arg; - psa_status_t expected_status_get_key = expected_status_get_key_arg; - psa_status_t expected_status_abort = expected_status_abort_arg; + psa_status_t expected_status = expected_status_arg; psa_pake_operation_t operation = psa_pake_operation_init(); psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); - psa_key_type_t key_type_pw = PSA_KEY_TYPE_PASSWORD; - psa_key_usage_t key_usage_pw = PSA_KEY_USAGE_DERIVE; - psa_algorithm_t alg = PSA_ALG_JPAKE; - psa_algorithm_t hash_alg = PSA_ALG_SHA_256; - int in_driver = 1; psa_key_derivation_operation_t implicit_key = PSA_KEY_DERIVATION_OPERATION_INIT; psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256); psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); unsigned char *input_buffer = NULL; - const size_t size_key_share = PSA_PAKE_INPUT_SIZE(alg, primitive, + const size_t size_key_share = PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE); unsigned char *output_buffer = NULL; size_t output_len = 0; - size_t output_size = PSA_PAKE_OUTPUT_SIZE(alg, primitive, + size_t output_size = PSA_PAKE_OUTPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE); + int in_driver = (forced_status_setup_arg == PSA_SUCCESS); ASSERT_ALLOC(input_buffer, - PSA_PAKE_INPUT_SIZE(alg, primitive, + PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE)); memset(input_buffer, 0xAA, size_key_share); ASSERT_ALLOC(output_buffer, - PSA_PAKE_INPUT_SIZE(alg, primitive, + PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, PSA_PAKE_STEP_KEY_SHARE)); memset(output_buffer, 0x55, output_size); - if (forced_status_setup_arg == PSA_ERROR_NOT_SUPPORTED) { - in_driver = 0; - } - PSA_INIT(); + mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); + if (pw_data->len > 0) { - psa_set_key_usage_flags(&attributes, key_usage_pw); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, key_type_pw); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); + psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); PSA_ASSERT(psa_import_key(&attributes, pw_data->x, pw_data->len, &key)); } - psa_pake_cs_set_algorithm(&cipher_suite, alg); + psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); psa_pake_cs_set_primitive(&cipher_suite, primitive); - psa_pake_cs_set_hash(&cipher_suite, hash_alg); + psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); mbedtls_test_driver_pake_hooks.forced_status = forced_status_setup; @@ -3054,7 +3041,7 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st TEST_EQUAL(psa_pake_set_password_key(&operation, key), PSA_SUCCESS); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); /* Computation stage (driver entry points) */ @@ -3063,54 +3050,64 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st /* --- psa_pake_input (driver: setup, input) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; - mbedtls_test_driver_pake_hooks.hits = 0; + memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, input_buffer, size_key_share), - expected_status_setup); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 1); + expected_status); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); break; case 1: /* setup (via output) */ - /* --- psa_pake_input (driver: setup, input) --- */ + /* --- psa_pake_output (driver: setup, output) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; - mbedtls_test_driver_pake_hooks.hits = 0; - TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, - input_buffer, size_key_share), - expected_status_setup); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 1); + memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); + TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, + output_buffer, output_size, &output_len), + expected_status); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); break; case 2: /* input */ /* --- psa_pake_input (driver: setup, input, (abort)) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; - mbedtls_test_driver_pake_hooks.hits = 0; + memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, input_buffer, size_key_share), - expected_status_input); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, in_driver ? 3 : 1); + expected_status); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.input, in_driver ? 1 : 0); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); break; case 3: /* output */ - /* --- psa_pake_input (driver: setup, output, (abort)) --- */ + /* --- psa_pake_output (driver: setup, output, (abort)) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; - mbedtls_test_driver_pake_hooks.hits = 0; + memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); if (forced_output->len > 0) { mbedtls_test_driver_pake_hooks.forced_output = forced_output->x; mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len; } TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, output_buffer, output_size, &output_len), - expected_status_output); + expected_status); if (forced_output->len > 0) { - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, in_driver ? 2 : 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 2 : 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); TEST_EQUAL(output_len, forced_output->len); TEST_EQUAL(memcmp(output_buffer, forced_output->x, output_len), 0); } else { - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, in_driver ? 3 : 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, in_driver ? 3 : 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.setup, 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.output, in_driver ? 1 : 0); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, in_driver ? 1 : 0); } break; @@ -3126,10 +3123,12 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st /* --- psa_pake_get_implicit_key --- */ mbedtls_test_driver_pake_hooks.forced_status = forced_status; - mbedtls_test_driver_pake_hooks.hits = 0; + memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key), - expected_status_get_key); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 2); + expected_status); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 2); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.implicit_key, 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); break; @@ -3141,9 +3140,10 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st /* --- psa_pake_abort --- */ mbedtls_test_driver_pake_hooks.forced_status = forced_status; - mbedtls_test_driver_pake_hooks.hits = 0; - TEST_EQUAL(psa_pake_abort(&operation), expected_status_abort); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 1); + memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); + TEST_EQUAL(psa_pake_abort(&operation), expected_status); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); break; default: @@ -3187,8 +3187,6 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, psa_key_derivation_operation_t client_derive = PSA_KEY_DERIVATION_OPERATION_INIT; pake_in_driver = in_driver; - mbedtls_test_driver_pake_hooks.forced_status = PSA_SUCCESS; - mbedtls_test_driver_pake_hooks.hits = 0; /* driver setup is called indirectly through pake_output/pake_input */ if (pake_in_driver) { pake_expected_hit_count = 2; @@ -3198,6 +3196,8 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, PSA_INIT(); + mbedtls_test_driver_pake_hooks = mbedtls_test_driver_pake_hooks_init(); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); @@ -3226,19 +3226,19 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, } PSA_ASSERT(psa_pake_setup(&server, &cipher_suite)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); PSA_ASSERT(psa_pake_setup(&client, &cipher_suite)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); PSA_ASSERT(psa_pake_set_role(&server, PSA_PAKE_ROLE_SERVER)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); PSA_ASSERT(psa_pake_set_role(&client, PSA_PAKE_ROLE_CLIENT)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); PSA_ASSERT(psa_pake_set_password_key(&server, key)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); PSA_ASSERT(psa_pake_set_password_key(&client, key)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, 0); + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 0); /* First round */ ecjpake_do_round(alg, primitive_arg, &server, &client, @@ -3255,7 +3255,7 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, } PSA_ASSERT(psa_pake_get_implicit_key(&server, &server_derive)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); /* After the key is obtained operation is aborted. @@ -3265,7 +3265,7 @@ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, } PSA_ASSERT(psa_pake_get_implicit_key(&client, &client_derive)); - TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits, + TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, pake_in_driver ? pake_expected_hit_count++ : pake_expected_hit_count); exit: psa_key_derivation_abort(&server_derive); From 1ad9ef213206cce3a33f3c97e7bc781fcc4fb2d9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Feb 2023 12:38:07 +0100 Subject: [PATCH 282/440] ssl: use new macros for ECDSA capabilities Signed-off-by: Valerio Setti --- library/ssl_misc.h | 7 ++++--- library/ssl_tls.c | 10 ++++++---- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 2668a05b6..f9a47670a 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -55,6 +55,7 @@ #include "mbedtls/ecjpake.h" #endif +#include "pk_wrap.h" #include "common.h" /* Shorthand for restartable ECC */ @@ -2272,7 +2273,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( const uint16_t sig_alg) { switch (sig_alg) { -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) #if defined(PSA_WANT_ALG_SHA_256) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: break; @@ -2285,7 +2286,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: break; #endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ -#endif /* MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ #if defined(MBEDTLS_PKCS1_V21) #if defined(PSA_WANT_ALG_SHA_256) @@ -2441,7 +2442,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported( break; #endif -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) case MBEDTLS_SSL_SIG_ECDSA: break; #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 86f5c0b55..e1d944c6f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -52,6 +52,8 @@ #include "mbedtls/oid.h" #endif +#include "pk_wrap.h" + #if defined(MBEDTLS_TEST_HOOKS) static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args; @@ -5324,7 +5326,7 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) } #if defined(MBEDTLS_PK_C) && \ - (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)) + (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_CAN_ECDSA_SOME)) /* * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX */ @@ -5335,7 +5337,7 @@ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk) return MBEDTLS_SSL_SIG_RSA; } #endif -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) { return MBEDTLS_SSL_SIG_ECDSA; } @@ -5363,7 +5365,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig) case MBEDTLS_SSL_SIG_RSA: return MBEDTLS_PK_RSA; #endif -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) case MBEDTLS_SSL_SIG_ECDSA: return MBEDTLS_PK_ECDSA; #endif @@ -5371,7 +5373,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig) return MBEDTLS_PK_NONE; } } -#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */ +#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_PK_CAN_ECDSA_SOME ) */ /* * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX From 5ba1d5eb2c6e6a94b1e9aedba4ecd0e1c551c59f Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Feb 2023 12:38:54 +0100 Subject: [PATCH 283/440] programs: use proper macro for ECDSA capabilities in ssl_sever2 Signed-off-by: Valerio Setti --- programs/ssl/ssl_server2.c | 6 ++++-- programs/ssl/ssl_test_common_source.c | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 2fa9a8133..88c2192a0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -69,6 +69,8 @@ int main(void) #include "test/psa_crypto_helpers.h" #endif +#include "mbedtls/pk.h" + /* Size of memory to be allocated for the heap, when using the library's memory * management and MBEDTLS_MEMORY_BUFFER_ALLOC_C is enabled. */ #define MEMORY_HEAP_SIZE 120000 @@ -2652,7 +2654,7 @@ usage: } key_cert_init = 2; #endif /* MBEDTLS_RSA_C */ -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) if ((ret = mbedtls_x509_crt_parse(&srvcert2, (const unsigned char *) mbedtls_test_srv_crt_ec, mbedtls_test_srv_crt_ec_len)) != 0) { @@ -2669,7 +2671,7 @@ usage: goto exit; } key_cert_init2 = 2; -#endif /* MBEDTLS_ECDSA_C */ +#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ } #if defined(MBEDTLS_USE_PSA_CRYPTO) diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 9115cd1b4..0ceffcc10 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -272,7 +272,7 @@ int send_cb(void *ctx, unsigned char const *buf, size_t len) } #if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) /* * When GnuTLS/Openssl server is configured in TLS 1.2 mode with a certificate @@ -289,7 +289,7 @@ int send_cb(void *ctx, unsigned char const *buf, size_t len) #define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), \ ((hash << 8) | MBEDTLS_SSL_SIG_RSA), #endif -#elif defined(MBEDTLS_ECDSA_C) +#elif defined(MBEDTLS_PK_CAN_ECDSA_SOME) #define MBEDTLS_SSL_SIG_ALG(hash) ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA), #elif defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_SSL_PROTO_TLS1_3) From 9e7bb2a92c4db6ebabedac470dcf5fc9048a8e7c Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 23 Feb 2023 15:24:47 +0800 Subject: [PATCH 284/440] Update some comments Signed-off-by: Pengyu Lv --- .travis.yml | 2 +- tests/compat.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 39b742d41..1062d9906 100644 --- a/.travis.yml +++ b/.travis.yml @@ -52,7 +52,7 @@ jobs: - programs/test/selftest - tests/scripts/test_psa_constant_names.py - tests/ssl-opt.sh - # Modern OpenSSL does not support fixed ECDH or null ciphers. + # Modern OpenSSL does not support null ciphers. - tests/compat.sh -p OpenSSL -e 'NULL' - tests/scripts/travis-log-failure.sh # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it. diff --git a/tests/compat.sh b/tests/compat.sh index 5ad48b2e8..12613bfe8 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -614,7 +614,7 @@ setup_arguments() esac case $($OPENSSL ciphers ALL) in - *ECDH-ECDSA*) O_SUPPORT_ECDH="YES";; + *ECDH-ECDSA*|*ECDH-RSA*) O_SUPPORT_ECDH="YES";; *) O_SUPPORT_ECDH="NO";; esac @@ -834,7 +834,7 @@ run_client() { if [ $EXIT -eq 0 ]; then RESULT=0 else - # If the cipher isn't supported... + # If it is NULL cipher ... if grep 'Cipher is (NONE)' $CLI_OUT >/dev/null; then RESULT=1 else From d1f991c8792263932573595bdba18883e1dc10a8 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 22 Feb 2023 12:54:13 +0100 Subject: [PATCH 285/440] ssl-opt: fix required configs in ECDSA related tests Signed-off-by: Valerio Setti --- tests/opt-testcases/tls13-kex-modes.sh | 3 + tests/opt-testcases/tls13-misc.sh | 20 ++ tests/ssl-opt.sh | 297 +++++++++++++++++++------ 3 files changed, 254 insertions(+), 66 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 974d513d8..84a2c1ab8 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -2833,6 +2833,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3: m->O: ephemeral/all, good" \ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ @@ -3064,6 +3065,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3: m->G: ephemeral/all, good" \ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ @@ -3077,6 +3079,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index 46c371fe0..a72a0f49f 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -87,6 +87,7 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKET MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -106,6 +107,7 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKET MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -125,6 +127,7 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKET MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -144,6 +147,7 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKET MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -163,6 +167,7 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKET MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -182,6 +187,7 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKET MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -272,6 +278,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_EARLY_DATA requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \ @@ -295,6 +302,7 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_EARLY_DATA requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ @@ -329,6 +337,7 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/none." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=7" \ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ @@ -345,6 +354,7 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=8" \ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ @@ -357,6 +367,7 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_ephemeral." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=9" \ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ @@ -373,6 +384,7 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=10" \ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ @@ -385,6 +397,7 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/none." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=7" \ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ @@ -401,6 +414,7 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=8" \ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ @@ -417,6 +431,7 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_ephemeral." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=9" \ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ @@ -429,6 +444,7 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_all." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=10" \ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ @@ -442,6 +458,7 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/none." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=7" \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ @@ -459,6 +476,7 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=8" \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ @@ -472,6 +490,7 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_ephemeral." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=9" \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ @@ -485,6 +504,7 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=10" \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c176d0d62..5d2db9998 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -221,6 +221,15 @@ skip_next_test() { SKIP_NEXT="YES" } +# Check if the required configuration ($1) is enabled +is_config_enabled() +{ + case $CONFIGS_ENABLED in + *" $1"[\ =]*) return 0;; + *) return 1;; + esac +} + # skip next test if the flag is not enabled in mbedtls_config.h requires_config_enabled() { case $CONFIGS_ENABLED in @@ -272,6 +281,9 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" +TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ + MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" + requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() { if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2 then @@ -460,12 +472,9 @@ check_for_hash_alg() { CURR_ALG="INVALID"; USE_PSA="NO" - case $CONFIGS_ENABLED in - *" MBEDTLS_USE_PSA_CRYPTO"[\ =]*) - USE_PSA="YES"; - ;; - *) :;; - esac + if is_config_enabled "MBEDTLS_USE_PSA_CRYPTO"; then + USE_PSA="YES"; + fi if [ $USE_PSA = "YES" ]; then CURR_ALG=PSA_WANT_ALG_${1} else @@ -517,6 +526,23 @@ requires_hash_alg() { fi } +# Skip next test if the given pk alg is not enabled +requires_pk_alg() { + case $1 in + ECDSA) + if is_config_enabled MBEDTLS_USE_PSA_CRYPTO; then + requires_config_enabled PSA_WANT_ALG_ECDSA + else + requires_config_enabled MBEDTLS_ECDSA_C + fi + ;; + *) + echo "Unknown/unimplemented case $1 in requires_pk_alg" + exit 1 + ;; + esac +} + # skip next test if OpenSSL doesn't support FALLBACK_SCSV requires_openssl_with_fallback_scsv() { if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then @@ -1813,7 +1839,8 @@ run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_hash_alg SHA_256 run_test "TLS: password protected client key" \ "$P_SRV auth_mode=required" \ @@ -1822,7 +1849,7 @@ run_test "TLS: password protected client key" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_hash_alg SHA_256 run_test "TLS: password protected server key" \ "$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \ @@ -1831,7 +1858,7 @@ run_test "TLS: password protected server key" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "TLS: password protected server key, two certificates" \ @@ -1854,7 +1881,8 @@ run_test "CA callback on client" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_hash_alg SHA_256 run_test "CA callback on server" \ "$P_SRV auth_mode=required" \ @@ -1870,7 +1898,7 @@ run_test "CA callback on server" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for client authentication: ECDHE-ECDSA" \ "$P_SRV auth_mode=required crt_file=data_files/server5.crt \ @@ -1889,7 +1917,6 @@ run_test "Opaque key for client authentication: ECDHE-ECDSA" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "Opaque key for client authentication: ECDHE-RSA" \ @@ -1928,7 +1955,7 @@ run_test "Opaque key for client authentication: DHE-RSA" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for server authentication: ECDHE-ECDSA" \ "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \ @@ -1945,7 +1972,7 @@ run_test "Opaque key for server authentication: ECDHE-ECDSA" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_hash_alg SHA_256 run_test "Opaque key for server authentication: ECDH-" \ "$P_SRV force_version=tls12 auth_mode=required key_opaque=1\ @@ -1963,7 +1990,7 @@ run_test "Opaque key for server authentication: ECDH-" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \ @@ -1998,7 +2025,7 @@ run_test "Opaque key for server authentication: invalid key: ecdh with RSA ke requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \ @@ -2015,7 +2042,6 @@ run_test "Opaque key for server authentication: invalid alg: decrypt with ECC requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 @@ -2033,7 +2059,7 @@ run_test "Opaque key for server authentication: invalid alg: ecdh with RSA ke requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_CCM_C run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \ @@ -2050,7 +2076,7 @@ run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_256 requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Opaque keys for server authentication: EC keys with different algs, force ECDHE-ECDSA" \ @@ -2071,7 +2097,7 @@ run_test "Opaque keys for server authentication: EC keys with different algs, requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED requires_hash_alg SHA_384 requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \ @@ -2092,7 +2118,7 @@ run_test "Opaque keys for server authentication: EC keys with different algs, requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_384 requires_config_enabled MBEDTLS_CCM_C requires_config_disabled MBEDTLS_X509_REMOVE_INFO @@ -2176,7 +2202,6 @@ run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "Opaque key for server authentication: ECDHE-RSA" \ @@ -2194,7 +2219,6 @@ run_test "Opaque key for server authentication: ECDHE-RSA" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "Opaque key for server authentication: DHE-RSA" \ @@ -2246,7 +2270,6 @@ run_test "Opaque key for server authentication: RSA-" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1" \ @@ -2263,7 +2286,6 @@ run_test "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 requires_config_disabled MBEDTLS_X509_REMOVE_INFO @@ -2285,7 +2307,6 @@ run_test "Opaque keys for server authentication: RSA keys with different algs requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_384 requires_config_enabled MBEDTLS_GCM_C @@ -2309,7 +2330,7 @@ run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_256 run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \ "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \ @@ -2330,7 +2351,6 @@ run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "Opaque key for client/server authentication: ECDHE-RSA" \ @@ -2351,7 +2371,6 @@ run_test "Opaque key for client/server authentication: ECDHE-RSA" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "Opaque key for client/server authentication: DHE-RSA" \ @@ -2436,7 +2455,8 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_hash_alg SHA_256 run_test "Single supported algorithm sending: mbedtls client" \ "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ @@ -2446,7 +2466,8 @@ run_test "Single supported algorithm sending: mbedtls client" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_SRV_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_hash_alg SHA_256 run_test "Single supported algorithm sending: openssl client" \ @@ -3684,6 +3705,7 @@ run_test "Session resume using tickets: session copy" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Session resume using tickets: openssl server" \ "$O_SRV -tls1_2" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -3994,6 +4016,7 @@ run_test "Session resume using tickets, DTLS: session copy" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Session resume using tickets, DTLS: openssl server" \ "$O_SRV -dtls" \ "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ @@ -4135,6 +4158,7 @@ run_test "Session resume using cache: openssl client" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CACHE_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Session resume using cache: openssl server" \ "$O_SRV -tls1_2" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -4285,6 +4309,7 @@ run_test "Session resume using cache, DTLS: openssl client" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CACHE_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Session resume using cache, DTLS: openssl server" \ "$O_SRV -dtls" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ @@ -4602,6 +4627,7 @@ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Max fragment length: gnutls server" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ "$P_CLI debug_level=3 max_frag_len=4096" \ @@ -5030,6 +5056,7 @@ run_test "Renegotiation: nbio, server-initiated" \ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renegotiation: openssl server, client-initiated" \ "$O_SRV -www -tls1_2" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -5044,6 +5071,7 @@ run_test "Renegotiation: openssl server, client-initiated" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renegotiation: gnutls server strict, client-initiated" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -5058,6 +5086,7 @@ run_test "Renegotiation: gnutls server strict, client-initiated" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -5072,6 +5101,7 @@ run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ @@ -5087,6 +5117,7 @@ run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ @@ -5148,6 +5179,7 @@ run_test "Renegotiation: DTLS, renego_period overflow" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ "$G_SRV -u --mtu 4096" \ "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -5163,6 +5195,7 @@ run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renego ext: gnutls server strict, client default" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3" \ @@ -5173,6 +5206,7 @@ run_test "Renego ext: gnutls server strict, client default" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renego ext: gnutls server unsafe, client default" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3" \ @@ -5222,6 +5256,7 @@ run_test "Renego ext: gnutls client unsafe, server break legacy" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: no trailing bytes" \ "$P_SRV crt_file=data_files/server5-der0.crt \ key_file=data_files/server5.key" \ @@ -5231,6 +5266,7 @@ run_test "DER format: no trailing bytes" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: with a trailing zero byte" \ "$P_SRV crt_file=data_files/server5-der1a.crt \ key_file=data_files/server5.key" \ @@ -5240,6 +5276,7 @@ run_test "DER format: with a trailing zero byte" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: with a trailing random byte" \ "$P_SRV crt_file=data_files/server5-der1b.crt \ key_file=data_files/server5.key" \ @@ -5249,6 +5286,7 @@ run_test "DER format: with a trailing random byte" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: with 2 trailing random bytes" \ "$P_SRV crt_file=data_files/server5-der2.crt \ key_file=data_files/server5.key" \ @@ -5258,6 +5296,7 @@ run_test "DER format: with 2 trailing random bytes" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: with 4 trailing random bytes" \ "$P_SRV crt_file=data_files/server5-der4.crt \ key_file=data_files/server5.key" \ @@ -5267,6 +5306,7 @@ run_test "DER format: with 4 trailing random bytes" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: with 8 trailing random bytes" \ "$P_SRV crt_file=data_files/server5-der8.crt \ key_file=data_files/server5.key" \ @@ -5276,6 +5316,7 @@ run_test "DER format: with 8 trailing random bytes" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: with 9 trailing random bytes" \ "$P_SRV crt_file=data_files/server5-der9.crt \ key_file=data_files/server5.key" \ @@ -5535,6 +5576,7 @@ run_test "Authentication: openssl client no cert, server optional" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication: client no cert, openssl server optional" \ "$O_SRV -verify 10 -tls1_2" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -5547,6 +5589,7 @@ run_test "Authentication: client no cert, openssl server optional" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication: client no cert, openssl server required" \ "$O_SRV -Verify 10 -tls1_2" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -6502,6 +6545,7 @@ run_test "Not supported version check: cli TLS 1.1" \ -C "Handshake was completed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Not supported version check: srv max TLS 1.0" \ "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" \ "$P_CLI" \ @@ -6512,6 +6556,7 @@ run_test "Not supported version check: srv max TLS 1.0" \ -C "Protocol is TLSv1.0" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Not supported version check: srv max TLS 1.1" \ "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1" \ "$P_CLI" \ @@ -6643,6 +6688,7 @@ run_test "keyUsage srv: RSA, keyAgreement -> fail" \ -C "Ciphersuite is " requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \ "$P_SRV key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ds.crt" \ @@ -6799,6 +6845,7 @@ run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.ku-ds.crt" \ @@ -6811,6 +6858,7 @@ run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.ku-ke.crt" \ @@ -6823,6 +6871,7 @@ run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.ku-ka.crt" \ @@ -6864,6 +6913,8 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ -s "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -6874,6 +6925,8 @@ run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -6908,6 +6961,7 @@ run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ @@ -6920,6 +6974,7 @@ run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ @@ -6961,6 +7016,7 @@ run_test "extKeyUsage srv: codeSign -> fail" \ # Tests for extendedKeyUsage, part 2: client-side checking of server cert requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli: serverAuth -> OK" \ "$O_SRV -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-srv.crt" \ @@ -6971,6 +7027,7 @@ run_test "extKeyUsage cli: serverAuth -> OK" \ -c "Ciphersuite is TLS-" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ "$O_SRV -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-srv_cli.crt" \ @@ -6981,6 +7038,7 @@ run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ -c "Ciphersuite is TLS-" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ "$O_SRV -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cs_any.crt" \ @@ -6991,6 +7049,7 @@ run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ -c "Ciphersuite is TLS-" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli: codeSign -> fail" \ "$O_SRV -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cs.crt" \ @@ -7003,6 +7062,7 @@ run_test "extKeyUsage cli: codeSign -> fail" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli 1.3: serverAuth -> OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.eku-srv.crt" \ @@ -7015,6 +7075,7 @@ run_test "extKeyUsage cli 1.3: serverAuth -> OK" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.eku-srv_cli.crt" \ @@ -7027,6 +7088,7 @@ run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.eku-cs_any.crt" \ @@ -7039,6 +7101,7 @@ run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli 1.3: codeSign -> fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.eku-cs.crt" \ @@ -7051,6 +7114,8 @@ run_test "extKeyUsage cli 1.3: codeSign -> fail" \ # Tests for extendedKeyUsage, part 3: server-side checking of client cert requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" run_test "extKeyUsage cli-auth: clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -7060,6 +7125,8 @@ run_test "extKeyUsage cli-auth: clientAuth -> OK" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -7069,6 +7136,8 @@ run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -7078,6 +7147,8 @@ run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -7087,6 +7158,8 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ "$P_SRV debug_level=1 auth_mode=required" \ "$O_CLI -key data_files/server5.key \ @@ -7131,6 +7204,7 @@ run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ @@ -9044,6 +9118,7 @@ run_test "SSL async private: error in resume then operate correctly" \ # key1: ECDSA, key2: RSA; use key1 through async, then key2 directly requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "SSL async private: cancel after start then fall back to transparent key" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_error=-2 \ @@ -9063,6 +9138,7 @@ run_test "SSL async private: cancel after start then fall back to transparent # key1: ECDSA, key2: RSA; use key1 through async, then key2 directly requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "SSL async private: sign, error in resume then fall back to transparent key" \ "$P_SRV \ async_operations=s async_private_delay1=1 async_private_error=-3 \ @@ -9338,6 +9414,7 @@ run_test "DTLS wrong PSK: badmac alert" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: no fragmentation (gnutls server)" \ "$G_SRV -u --mtu 2048 -a" \ "$P_CLI dtls=1 debug_level=2" \ @@ -9347,6 +9424,7 @@ run_test "DTLS reassembly: no fragmentation (gnutls server)" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: some fragmentation (gnutls server)" \ "$G_SRV -u --mtu 512" \ "$P_CLI dtls=1 debug_level=2" \ @@ -9356,6 +9434,7 @@ run_test "DTLS reassembly: some fragmentation (gnutls server)" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: more fragmentation (gnutls server)" \ "$G_SRV -u --mtu 128" \ "$P_CLI dtls=1 debug_level=2" \ @@ -9365,6 +9444,7 @@ run_test "DTLS reassembly: more fragmentation (gnutls server)" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ "$G_SRV -u --mtu 128" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ @@ -9375,6 +9455,7 @@ run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ "$G_SRV -u --mtu 256" \ "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ @@ -9390,6 +9471,7 @@ run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ "$G_SRV -u --mtu 256" \ "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ @@ -9403,6 +9485,7 @@ run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ -s "Extra-header:" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: no fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 2048" \ "$P_CLI dtls=1 debug_level=2" \ @@ -9411,6 +9494,7 @@ run_test "DTLS reassembly: no fragmentation (openssl server)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: some fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 768" \ "$P_CLI dtls=1 debug_level=2" \ @@ -9419,6 +9503,7 @@ run_test "DTLS reassembly: some fragmentation (openssl server)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: more fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 256" \ "$P_CLI dtls=1 debug_level=2" \ @@ -9427,6 +9512,7 @@ run_test "DTLS reassembly: more fragmentation (openssl server)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ "$O_SRV -dtls -mtu 256" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ @@ -9448,7 +9534,8 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9470,7 +9557,8 @@ run_test "DTLS fragmenting: none (for reference)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9496,7 +9584,8 @@ run_test "DTLS fragmenting: server only (max_frag_len)" \ # `client-initiated, server only (max_frag_len)` below. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9518,7 +9607,8 @@ run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9547,7 +9637,8 @@ run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ # negotiated MFL are sent. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9570,7 +9661,8 @@ run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), pro requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9599,7 +9691,8 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ # negotiated MFL are sent. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9622,7 +9715,8 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: none (for reference) (MTU)" \ @@ -9643,7 +9737,8 @@ run_test "DTLS fragmenting: none (for reference) (MTU)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client (MTU)" \ @@ -9664,7 +9759,8 @@ run_test "DTLS fragmenting: client (MTU)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: server (MTU)" \ @@ -9685,7 +9781,8 @@ run_test "DTLS fragmenting: server (MTU)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: both (MTU=1024)" \ @@ -9708,7 +9805,6 @@ run_test "DTLS fragmenting: both (MTU=1024)" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C @@ -9742,7 +9838,6 @@ run_test "DTLS fragmenting: both (MTU=512)" \ not_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C @@ -9768,7 +9863,6 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ only_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C @@ -9796,7 +9890,8 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ @@ -9824,7 +9919,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C @@ -9852,7 +9946,8 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ @@ -9877,7 +9972,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C @@ -9915,7 +10009,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C @@ -9945,7 +10038,6 @@ run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -9978,7 +10070,6 @@ run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -10012,7 +10103,6 @@ run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -10046,7 +10136,6 @@ run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -10081,7 +10170,6 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION @@ -10113,7 +10201,6 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C @@ -10139,7 +10226,6 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C @@ -10168,7 +10254,7 @@ run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ # pleases other implementations, so we don't need the peer to fragment requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_gnutls requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ @@ -10190,12 +10276,12 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ # GnuTLS continue the connection nonetheless. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_gnutls requires_not_i686 requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ - "$P_SRV dtls=1 debug_level=2 \ + "$P_SRV dtls=1 debug_level=4 \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ mtu=512 force_version=dtls12" \ @@ -10205,7 +10291,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_max_content_len 2048 run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ "$O_SRV -dtls1_2 -verify 10" \ @@ -10219,7 +10305,8 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" requires_max_content_len 2048 run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ @@ -10237,7 +10324,7 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ @@ -10254,7 +10341,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ @@ -10272,7 +10359,7 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ requires_openssl_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ @@ -10291,7 +10378,8 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_ECDSA_C +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT +requires_pk_alg "ECDSA" client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ @@ -10559,6 +10647,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP all profiles supported. openssl server" \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10572,6 +10661,7 @@ run_test "DTLS-SRTP all profiles supported. openssl server" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10585,6 +10675,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -10598,6 +10689,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10611,6 +10703,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -10624,6 +10717,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ @@ -10637,6 +10731,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. opens requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \ "$O_SRV -dtls" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10650,6 +10745,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ @@ -10763,6 +10859,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP all profiles supported. gnutls server" \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10777,6 +10874,7 @@ run_test "DTLS-SRTP all profiles supported. gnutls server" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10791,6 +10889,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -10805,6 +10904,7 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10819,6 +10919,7 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server and Client support only one matching profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -10833,6 +10934,7 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ @@ -10847,6 +10949,7 @@ run_test "DTLS-SRTP server and Client support only one different profile. gnutl requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ "$G_SRV -u" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10861,6 +10964,7 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ @@ -11372,6 +11476,7 @@ requires_openssl_next client_needs_more_time 6 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS proxy: 3d, openssl server" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_NEXT_SRV -dtls1_2 -mtu 2048" \ @@ -11383,6 +11488,7 @@ requires_openssl_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS proxy: 3d, openssl server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_NEXT_SRV -dtls1_2 -mtu 768" \ @@ -11394,6 +11500,7 @@ requires_openssl_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_NEXT_SRV -dtls1_2 -mtu 768" \ @@ -11405,6 +11512,7 @@ requires_gnutls client_needs_more_time 6 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS proxy: 3d, gnutls server" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_SRV -u --mtu 2048 -a" \ @@ -11417,6 +11525,7 @@ requires_gnutls_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_NEXT_SRV -u --mtu 512" \ @@ -11429,6 +11538,7 @@ requires_gnutls_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_NEXT_SRV -u --mtu 512" \ @@ -11473,6 +11583,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: minimal feature sets - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=3" \ @@ -11506,6 +11617,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: minimal feature sets - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=3" \ @@ -11540,6 +11652,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_ALPN requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: alpn - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \ "$P_CLI debug_level=3 alpn=h2" \ @@ -11575,6 +11688,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_ALPN requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: alpn - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \ "$P_CLI debug_level=3 alpn=h2" \ @@ -11609,6 +11723,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_ALPN requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: server alpn - openssl" \ "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 alpn=h2" \ "$O_NEXT_CLI -msg -tls1_3 -no_middlebox -alpn h2" \ @@ -11624,6 +11739,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_ALPN requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: server alpn - gnutls" \ "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 alpn=h2" \ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V --alpn h2" \ @@ -11721,6 +11837,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, no client certificate - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \ "$P_CLI debug_level=4 crt_file=none key_file=none" \ @@ -11737,6 +11854,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -11752,6 +11870,7 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ "$P_CLI debug_level=4 crt_file=data_files/cli2.crt key_file=data_files/cli2.key" \ @@ -11766,6 +11885,7 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 crt_file=data_files/cli2.crt \ @@ -11781,6 +11901,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -11797,6 +11918,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -11812,6 +11934,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -11828,6 +11951,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -11843,6 +11967,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -11859,6 +11984,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -12010,6 +12136,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ "$P_CLI debug_level=4 crt_file=data_files/cli2.crt key_file=data_files/cli2.key key_opaque=1" \ @@ -12025,6 +12152,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 crt_file=data_files/cli2.crt \ @@ -12041,6 +12169,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -12058,6 +12187,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -12074,6 +12204,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -12091,6 +12222,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -12107,6 +12239,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -12124,6 +12257,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -12282,6 +12416,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \ "$O_NEXT_SRV -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=4" \ @@ -12297,6 +12432,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \ "$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=4" \ @@ -12313,6 +12449,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \ "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=4" \ @@ -12329,6 +12466,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \ "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=4" \ @@ -12343,6 +12481,7 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - openssl" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \ @@ -12360,6 +12499,7 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - openssl with client authentication" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$O_NEXT_CLI -msg -debug -cert data_files/server5.crt -key data_files/server5.key -tls1_3 -no_middlebox" \ @@ -12380,6 +12520,7 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - gnutls" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -12399,6 +12540,7 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - gnutls with client authentication" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$G_NEXT_CLI localhost -d 4 --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -12418,6 +12560,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - mbedtls" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$P_CLI debug_level=4 force_version=tls13" \ @@ -12437,6 +12580,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - mbedtls with client authentication" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13" \ @@ -12454,6 +12598,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$P_CLI debug_level=4 crt_file=none key_file=none force_version=tls13" \ @@ -12472,6 +12617,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - mbedtls with optional client authentication" \ "$P_SRV debug_level=4 auth_mode=optional crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=none key_file=none" \ @@ -12518,6 +12664,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - openssl with sni" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ sni=localhost,data_files/server5.crt,data_files/server5.key,data_files/test-ca_cat12.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ @@ -12531,6 +12678,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - gnutls with sni" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ sni=localhost,data_files/server5.crt,data_files/server5.key,data_files/test-ca_cat12.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ @@ -12544,6 +12692,7 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - mbedtls with sni" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ @@ -12619,6 +12768,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3 m->O both with middlebox compat support" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=4" \ @@ -12659,6 +12809,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3 m->G both with middlebox compat support" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=4" \ @@ -12684,6 +12835,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3 O->m server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$O_NEXT_CLI -msg -debug -no_middlebox" \ @@ -12696,6 +12848,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3 O->m both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$O_NEXT_CLI -msg -debug" \ @@ -12726,6 +12879,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3 G->m server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -12742,6 +12896,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3 G->m both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -12811,6 +12966,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3 m->O HRR both with middlebox compat support" \ "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ @@ -12853,6 +13009,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3 m->G HRR both with middlebox compat support" \ "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ @@ -12878,6 +13035,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ @@ -12890,6 +13048,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ "$O_NEXT_CLI -msg -debug -groups P-256:P-384" \ @@ -12920,6 +13079,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -12936,6 +13096,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -13170,6 +13331,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \ "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 4" \ "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \ @@ -13186,6 +13348,7 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \ @@ -13222,6 +13385,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ @@ -13242,6 +13406,7 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +requires_pk_alg "ECDSA" run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ From 82a43942c864d40f243e2832ff7fd274c3c4e764 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 09:36:29 +0100 Subject: [PATCH 286/440] Make it clearer what's part of MD-light or not MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 124 ++++++++++++++++++++++--------------------- 1 file changed, 63 insertions(+), 61 deletions(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index f9349e1d8..013cb6502 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -4,12 +4,15 @@ * \brief This file contains the generic functions for message-digest * (hashing) and HMAC. * - * Availability of function in this modules is controled by two + * Availability of functions in this modules is controled by two * feature macros: * - MBEDTLS_MD_C enables the whole module; - * - MBEDTLS_MD_LIGHT enables only functions for hashing an accessing - * some hash metadata; is it automatically set whenever MBEDTLS_MD_C - * is set. + * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing + * most hash metadata (everything except string names); is it + * automatically set whenever MBEDTLS_MD_C is defined. + * + * The functions that are only available when MBEDTLS_MD_C is defined + * are grouped at the end of the file and guarded by this macro. * * \author Adriaan de Jong */ @@ -115,32 +118,6 @@ typedef struct mbedtls_md_context_t { void *MBEDTLS_PRIVATE(hmac_ctx); } mbedtls_md_context_t; -#if defined(MBEDTLS_MD_C) -/** - * \brief This function returns the list of digests supported by the - * generic digest module. - * - * \note The list starts with the strongest available hashes. - * - * \return A statically allocated array of digests. Each element - * in the returned list is an integer belonging to the - * message-digest enumeration #mbedtls_md_type_t. - * The last entry is 0. - */ -const int *mbedtls_md_list(void); - -/** - * \brief This function returns the message-digest information - * associated with the given digest name. - * - * \param md_name The name of the digest to search for. - * - * \return The message-digest information associated with \p md_name. - * \return NULL if the associated message-digest information is not found. - */ -const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name); -#endif /* MBEDTLS_MD_C */ - /** * \brief This function returns the message-digest information * associated with the given digest type. @@ -152,21 +129,6 @@ const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name); */ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type); -#if defined(MBEDTLS_MD_C) -/** - * \brief This function returns the message-digest information - * from the given context. - * - * \param ctx The context from which to extract the information. - * This must be initialized (or \c NULL). - * - * \return The message-digest information associated with \p ctx. - * \return \c NULL if \p ctx is \c NULL. - */ -const mbedtls_md_info_t *mbedtls_md_info_from_ctx( - const mbedtls_md_context_t *ctx); -#endif /* MBEDTLS_MD_C */ - /** * \brief This function initializes a message-digest context without * binding it to a particular message-digest algorithm. @@ -260,19 +222,6 @@ unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info); */ mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info); -#if defined(MBEDTLS_MD_C) -/** - * \brief This function extracts the message-digest name from the - * message-digest information structure. - * - * \param md_info The information structure of the message-digest algorithm - * to use. - * - * \return The name of the message digest. - */ -const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info); -#endif /* MBEDTLS_MD_C */ - /** * \brief This function starts a message-digest computation. * @@ -351,7 +300,61 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output); -#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_MD_C) +/************************************************************************ + * Functions below this separator are not part of MBEDTLS_MD_LIGHT * + * and require MBEDTLS_MD_C * + ************************************************************************/ + +#if defined(MBEDTLS_MD_C) +/** + * \brief This function returns the list of digests supported by the + * generic digest module. + * + * \note The list starts with the strongest available hashes. + * + * \return A statically allocated array of digests. Each element + * in the returned list is an integer belonging to the + * message-digest enumeration #mbedtls_md_type_t. + * The last entry is 0. + */ +const int *mbedtls_md_list(void); + +/** + * \brief This function returns the message-digest information + * associated with the given digest name. + * + * \param md_name The name of the digest to search for. + * + * \return The message-digest information associated with \p md_name. + * \return NULL if the associated message-digest information is not found. + */ +const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name); + +/** + * \brief This function extracts the message-digest name from the + * message-digest information structure. + * + * \param md_info The information structure of the message-digest algorithm + * to use. + * + * \return The name of the message digest. + */ +const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info); + +/** + * \brief This function returns the message-digest information + * from the given context. + * + * \param ctx The context from which to extract the information. + * This must be initialized (or \c NULL). + * + * \return The message-digest information associated with \p ctx. + * \return \c NULL if \p ctx is \c NULL. + */ +const mbedtls_md_info_t *mbedtls_md_info_from_ctx( + const mbedtls_md_context_t *ctx); + +#if defined(MBEDTLS_FS_IO) /** * \brief This function calculates the message-digest checksum * result of the contents of the provided file. @@ -372,9 +375,8 @@ int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, siz MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output); -#endif /* MBEDTLS_FS_IO && MBEDTLS_MD_C */ +#endif /* MBEDTLS_FS_IO */ -#if defined(MBEDTLS_MD_C) /** * \brief This function sets the HMAC key and prepares to * authenticate a new message. From f3953c878e756fc2f6366787609cf14685648321 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 09:39:05 +0100 Subject: [PATCH 287/440] Clarify relationship between MD_C and MD_LIGHT MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/mbedtls_config.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 41a007ea9..b1c9db945 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2644,6 +2644,7 @@ * \def MBEDTLS_MD_C * * Enable the generic layer for message digest (hashing) and HMAC. + * This will automatically enabled MBEDTLS_MD_LIGHT * * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, @@ -2676,10 +2677,10 @@ * \def MBEDTLS_MD_LIGHT * * Enable the "light" subset of MBEDTLS_MD_C: just hashing and basic - * meta-data. + * meta-data (see md.h for details). * * This is automatically enabled whenever MBEDTLS_MD_C is enabled, but it is - * possible to enable this with MBEDTLS_MD_C if support for HMAC or extra + * possible to enable this without MBEDTLS_MD_C if support for HMAC or extra * metadata functions is not needed. * * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, From 39a4f4285ddcee15fbfcd5076a5e4fed5cc3e0b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 09:40:24 +0100 Subject: [PATCH 288/440] Add links for macros in doxygen documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/mbedtls_config.h | 8 ++++---- include/mbedtls/md.h | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index b1c9db945..3c5a28407 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2644,7 +2644,7 @@ * \def MBEDTLS_MD_C * * Enable the generic layer for message digest (hashing) and HMAC. - * This will automatically enabled MBEDTLS_MD_LIGHT + * This will automatically enable #MBEDTLS_MD_LIGHT * * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, @@ -2676,11 +2676,11 @@ /** * \def MBEDTLS_MD_LIGHT * - * Enable the "light" subset of MBEDTLS_MD_C: just hashing and basic + * Enable the "light" subset of #MBEDTLS_MD_C: just hashing and basic * meta-data (see md.h for details). * - * This is automatically enabled whenever MBEDTLS_MD_C is enabled, but it is - * possible to enable this without MBEDTLS_MD_C if support for HMAC or extra + * This is automatically enabled whenever #MBEDTLS_MD_C is enabled, but it is + * possible to enable this without #MBEDTLS_MD_C if support for HMAC or extra * metadata functions is not needed. * * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 013cb6502..e3561ba9d 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -6,12 +6,12 @@ * * Availability of functions in this modules is controled by two * feature macros: - * - MBEDTLS_MD_C enables the whole module; - * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing + * - #MBEDTLS_MD_C enables the whole module; + * - #MBEDTLS_MD_LIGHT enables only functions for hashing and accessing * most hash metadata (everything except string names); is it - * automatically set whenever MBEDTLS_MD_C is defined. + * automatically set whenever #MBEDTLS_MD_C is defined. * - * The functions that are only available when MBEDTLS_MD_C is defined + * The functions that are only available when #MBEDTLS_MD_C is defined * are grouped at the end of the file and guarded by this macro. * * \author Adriaan de Jong From cacc0ea144c3c455c7d504b9883638bc7f48cfcf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 09:42:37 +0100 Subject: [PATCH 289/440] Fix a couple more typos MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index e3561ba9d..8c77ea0c0 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -4,7 +4,7 @@ * \brief This file contains the generic functions for message-digest * (hashing) and HMAC. * - * Availability of functions in this modules is controled by two + * Availability of functions in this module is controlled by two * feature macros: * - #MBEDTLS_MD_C enables the whole module; * - #MBEDTLS_MD_LIGHT enables only functions for hashing and accessing From 0d4152186dcd62b23d3703fa4e77e6a66ab340d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 13:02:13 +0100 Subject: [PATCH 290/440] Make MBEDTLS_MD_LIGHT private for now. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/mbedtls_config.h | 20 -------------------- include/mbedtls/md.h | 17 ----------------- library/md.c | 14 ++++++++++++++ tests/scripts/all.sh | 6 +++--- 4 files changed, 17 insertions(+), 40 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 3c5a28407..5d3cdb58f 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2644,7 +2644,6 @@ * \def MBEDTLS_MD_C * * Enable the generic layer for message digest (hashing) and HMAC. - * This will automatically enable #MBEDTLS_MD_LIGHT * * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, @@ -2673,25 +2672,6 @@ */ #define MBEDTLS_MD_C -/** - * \def MBEDTLS_MD_LIGHT - * - * Enable the "light" subset of #MBEDTLS_MD_C: just hashing and basic - * meta-data (see md.h for details). - * - * This is automatically enabled whenever #MBEDTLS_MD_C is enabled, but it is - * possible to enable this without #MBEDTLS_MD_C if support for HMAC or extra - * metadata functions is not needed. - * - * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, - * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, - * MBEDTLS_SHA512_C. - * Module: library/md.c - * - * Uncomment to enabled the "light" subsect of MD. - */ -#define MBEDTLS_MD_LIGHT - /** * \def MBEDTLS_MD5_C * diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 8c77ea0c0..3341d1cc0 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -4,16 +4,6 @@ * \brief This file contains the generic functions for message-digest * (hashing) and HMAC. * - * Availability of functions in this module is controlled by two - * feature macros: - * - #MBEDTLS_MD_C enables the whole module; - * - #MBEDTLS_MD_LIGHT enables only functions for hashing and accessing - * most hash metadata (everything except string names); is it - * automatically set whenever #MBEDTLS_MD_C is defined. - * - * The functions that are only available when #MBEDTLS_MD_C is defined - * are grouped at the end of the file and guarded by this macro. - * * \author Adriaan de Jong */ /* @@ -300,12 +290,6 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output); -/************************************************************************ - * Functions below this separator are not part of MBEDTLS_MD_LIGHT * - * and require MBEDTLS_MD_C * - ************************************************************************/ - -#if defined(MBEDTLS_MD_C) /** * \brief This function returns the list of digests supported by the * generic digest module. @@ -487,7 +471,6 @@ MBEDTLS_CHECK_RETURN_TYPICAL int mbedtls_md_hmac(const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen, const unsigned char *input, size_t ilen, unsigned char *output); -#endif /* MBEDTLS_MD_C */ #ifdef __cplusplus } diff --git a/library/md.c b/library/md.c index 8aecd39f0..c1cf67460 100644 --- a/library/md.c +++ b/library/md.c @@ -23,6 +23,20 @@ #include "common.h" +/* + * Availability of functions in this module is controlled by two + * feature macros: + * - MBEDTLS_MD_C enables the whole module; + * - MBEDTLS_MD_LIGHT enables only functions for hashing and accessing + * most hash metadata (everything except string names); is it + * automatically set whenever MBEDTLS_MD_C is defined. + * + * In the future we may want to change the contract of some functions + * (behaviour with NULL arguments) depending on whether MD_C is defined or + * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary. + * + * For these reasons, we're keeping MD_LIGHT internal for now. + */ #if defined(MBEDTLS_MD_LIGHT) #include "mbedtls/md.h" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ad5073574..0758282d6 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1231,11 +1231,11 @@ component_test_crypto_full_md_light_only () { # Disable indirect dependencies of MD scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG # Enable "light" subset of MD - scripts/config.py set MBEDTLS_MD_LIGHT - make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" + make CFLAGS="$ASAN_CFLAGS -DMBEDTLS_MD_LIGHT" LDFLAGS="$ASAN_CFLAGS" - # Make sure we don't have the HMAC functions + # Make sure we don't have the HMAC functions, but the hashing functions not grep mbedtls_md_hmac library/md.o + grep mbedtls_md library/md.o msg "test: crypto_full with only the light subset of MD" make test From 4348a83bc8070ef30ae91976d5a3c37ee20ab0f1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Feb 2023 13:03:30 +0100 Subject: [PATCH 291/440] Further documentation improvements Signed-off-by: Gilles Peskine --- doxygen/mbedtls.doxyfile | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 1077f86db..aa8eb4192 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,17 +28,17 @@ DOT_GRAPH_MAX_NODES = 200 MAX_DOT_GRAPH_DEPTH = 1000 DOT_TRANSPARENT = YES -# Doxygen accepts empty descriptions for commands such as \retval, -# but clang -Wdocumentation doesn't (since Clang 15, for \retval). +# We mostly \retval declarations to document which error codes a function +# can return. The reader can follow the hyperlink to the definition of the +# constant to get the generic documentation of that error code. If we don't +# have anything to say about the specific error code for the specific +# function, we can leave the description part of the \retval command blank. +# This is perfectly valid as far as Doxygen is concerned. However, with +# Clang >=15, the -Wdocumentation option emits a warning for empty +# descriptions. # https://github.com/Mbed-TLS/mbedtls/issues/6960 # https://github.com/llvm/llvm-project/issues/60315 -# We often use \retval declarations with just a constant name to -# document which error codes a function can return. If the documentation -# of the error code is enough to explain the error, then an empty -# description on the \retval statement is ok. However, the source code -# of the description needs to be made non-empty to pacify Clang. -# In such cases, you can write something like +# As a workaround, you can write something like # \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription -# This does not change the documentation generated by Doxygen, but -# it pacifies clang -Wdocumentation. +# This avoids writing redundant text and keeps Clang happy. ALIASES += emptydescription="" From 2fb4e1439755084b23e07d999dcdb3131034829e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 23 Feb 2023 13:37:54 +0100 Subject: [PATCH 292/440] Words. Use them! Signed-off-by: Gilles Peskine --- doxygen/mbedtls.doxyfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index aa8eb4192..c33c7e362 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOT_GRAPH_MAX_NODES = 200 MAX_DOT_GRAPH_DEPTH = 1000 DOT_TRANSPARENT = YES -# We mostly \retval declarations to document which error codes a function +# We mostly use \retval declarations to document which error codes a function # can return. The reader can follow the hyperlink to the definition of the # constant to get the generic documentation of that error code. If we don't # have anything to say about the specific error code for the specific From 3f2309fea6fda523b1f39f07410f8efd8b7b1386 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Feb 2023 13:47:30 +0100 Subject: [PATCH 293/440] ssl-opt: remove redundant requires_config_enabled when force_ciphersuite is set Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5d2db9998..dabfe4136 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2059,7 +2059,6 @@ run_test "Opaque key for server authentication: invalid alg: ecdh with RSA ke requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_256 requires_config_enabled MBEDTLS_CCM_C run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \ @@ -2097,7 +2096,6 @@ run_test "Opaque keys for server authentication: EC keys with different algs, requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED requires_hash_alg SHA_384 requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \ @@ -2118,7 +2116,6 @@ run_test "Opaque keys for server authentication: EC keys with different algs, requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_hash_alg SHA_384 requires_config_enabled MBEDTLS_CCM_C requires_config_disabled MBEDTLS_X509_REMOVE_INFO @@ -9118,6 +9115,9 @@ run_test "SSL async private: error in resume then operate correctly" \ # key1: ECDSA, key2: RSA; use key1 through async, then key2 directly requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +# Note: the function "detect_required_features()" is not able to detect more than +# one "force_ciphersuite" per client/server and it only picks the 2nd one. +# Therefore the 1st one is added explicitly here requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "SSL async private: cancel after start then fall back to transparent key" \ "$P_SRV \ @@ -9138,6 +9138,9 @@ run_test "SSL async private: cancel after start then fall back to transparent # key1: ECDSA, key2: RSA; use key1 through async, then key2 directly requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +# Note: the function "detect_required_features()" is not able to detect more than +# one "force_ciphersuite" per client/server and it only picks the 2nd one. +# Therefore the 1st one is added explicitly here requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED run_test "SSL async private: sign, error in resume then fall back to transparent key" \ "$P_SRV \ @@ -9234,7 +9237,6 @@ run_test "Force a non ECC ciphersuite in the server side" \ requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Force an ECC ciphersuite in the client side" \ "$P_SRV debug_level=3" \ @@ -9248,7 +9250,6 @@ run_test "Force an ECC ciphersuite in the client side" \ requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "Force an ECC ciphersuite in the server side" \ "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ @@ -9806,7 +9807,6 @@ run_test "DTLS fragmenting: both (MTU=1024)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C requires_max_content_len 2048 @@ -9838,7 +9838,6 @@ run_test "DTLS fragmenting: both (MTU=512)" \ not_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C requires_max_content_len 2048 @@ -9863,7 +9862,6 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ only_with_valgrind requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C requires_max_content_len 2048 @@ -9919,7 +9917,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C requires_max_content_len 2048 @@ -9972,7 +9969,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C requires_max_content_len 2048 @@ -10009,7 +10005,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C requires_max_content_len 2048 @@ -10039,7 +10034,6 @@ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_CHACHAPOLY_C requires_max_content_len 2048 @@ -10071,7 +10065,6 @@ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C @@ -10104,7 +10097,6 @@ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CCM_C @@ -10137,7 +10129,6 @@ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC @@ -10171,7 +10162,6 @@ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_CIPHER_MODE_CBC @@ -10201,7 +10191,6 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C client_needs_more_time 2 @@ -10226,7 +10215,6 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \ # Forcing ciphersuite for this test to fit the MTU of 512 with full config. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED requires_config_enabled MBEDTLS_AES_C requires_config_enabled MBEDTLS_GCM_C client_needs_more_time 2 From 1af76d119dd1197db8446f36ecdd2b200aa97676 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Feb 2023 15:55:10 +0100 Subject: [PATCH 294/440] ssl-opt: automatically detect requirements from the specified certificates This moslty focus on tests using "server5*" cerificate. Several cases are taken into account depending on: - TLS version (1.2 or 1.3) - server or client roles Signed-off-by: Valerio Setti --- tests/opt-testcases/tls13-misc.sh | 12 ---- tests/ssl-opt.sh | 114 ++++++++++++------------------ 2 files changed, 46 insertions(+), 80 deletions(-) diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index a72a0f49f..b5535cd3f 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -337,7 +337,6 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/none." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=7" \ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ @@ -354,7 +353,6 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=8" \ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ @@ -367,7 +365,6 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_ephemeral." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=9" \ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ @@ -384,7 +381,6 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=10" \ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \ @@ -397,7 +393,6 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/none." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=7" \ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ @@ -414,7 +409,6 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=8" \ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ @@ -431,7 +425,6 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_ephemeral." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=9" \ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ @@ -444,7 +437,6 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_all." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=10" \ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \ @@ -458,7 +450,6 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/none." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=7" \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ @@ -476,7 +467,6 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=8" \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ @@ -490,7 +480,6 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_ephemeral." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=9" \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ @@ -504,7 +493,6 @@ requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=10" \ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \ diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index dabfe4136..9a27a2f54 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -363,9 +363,12 @@ requires_ciphersuite_enabled() { esac } -# detect_required_features CMD [RUN_TEST_OPTION...] -# If CMD (call to a TLS client or server program) requires certain features, -# arrange to only run the following test case if those features are enabled. +# Automatically detect required features based on command line parameters. +# Parameters are: +# - $1 = command line (call to a TLS client or server program) +# - $2 = client/server +# - $3 = TLS version (TLS12 or TLS13) +# - $4 = run test options detect_required_features() { case "$1" in *\ force_version=*) @@ -390,6 +393,27 @@ detect_required_features() { requires_config_enabled MBEDTLS_SSL_ALPN;; esac + case "$1" in + *server5*) + if [ "$3" = "TLS13" ]; then + # In case of TLS13 the support for ECDSA is enough + requires_pk_alg "ECDSA" + else + # For TLS12 requirements are different between server and client + if [ "$2" = "server" ]; then + # If the server uses "server5*" cerificates, then an ECDSA based + # key exchange is required + requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT + elif [ "$2" = "client" ]; then + # Otherwise for the client it is enough to have any certificate + # based authentication + support for ECDSA + requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT + requires_pk_alg "ECDSA" + fi + fi + ;; + esac + unset tmp } @@ -1416,6 +1440,22 @@ do_run_test_once() { fi } +# Detect if the current test is going to use TLS 1.3. +# $1 and $2 contains the server and client command lines, respectively. +get_tls_version() { + case $1 in + *tls1_3*|*tls13*) + echo "TLS13" + return;; + esac + case $2 in + *tls1_3*|*tls13*) + echo "TLS13" + return;; + esac + echo "TLS12" +} + # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] # Options: -s pattern pattern that must be present in server output # -c pattern pattern that must be present in client output @@ -1474,8 +1514,9 @@ run_test() { # If the client or server requires certain features that can be detected # from their command-line arguments, check that they're enabled. - detect_required_features "$SRV_CMD" "$@" - detect_required_features "$CLI_CMD" "$@" + TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") + detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$@" + detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$@" # If we're in a PSK-only build and the test can be adapted to PSK, do that. maybe_adapt_for_psk "$@" @@ -1839,8 +1880,6 @@ run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_hash_alg SHA_256 run_test "TLS: password protected client key" \ "$P_SRV auth_mode=required" \ @@ -1849,7 +1888,6 @@ run_test "TLS: password protected client key" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_hash_alg SHA_256 run_test "TLS: password protected server key" \ "$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \ @@ -1858,7 +1896,6 @@ run_test "TLS: password protected server key" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_config_enabled MBEDTLS_RSA_C requires_hash_alg SHA_256 run_test "TLS: password protected server key, two certificates" \ @@ -1881,8 +1918,6 @@ run_test "CA callback on client" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_hash_alg SHA_256 run_test "CA callback on server" \ "$P_SRV auth_mode=required" \ @@ -1972,7 +2007,6 @@ run_test "Opaque key for server authentication: ECDHE-ECDSA" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_hash_alg SHA_256 run_test "Opaque key for server authentication: ECDH-" \ "$P_SRV force_version=tls12 auth_mode=required key_opaque=1\ @@ -1990,7 +2024,6 @@ run_test "Opaque key for server authentication: ECDH-" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \ @@ -2025,7 +2058,6 @@ run_test "Opaque key for server authentication: invalid key: ecdh with RSA ke requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE requires_hash_alg SHA_256 run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \ @@ -5253,7 +5285,6 @@ run_test "Renego ext: gnutls client unsafe, server break legacy" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: no trailing bytes" \ "$P_SRV crt_file=data_files/server5-der0.crt \ key_file=data_files/server5.key" \ @@ -5263,7 +5294,6 @@ run_test "DER format: no trailing bytes" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: with a trailing zero byte" \ "$P_SRV crt_file=data_files/server5-der1a.crt \ key_file=data_files/server5.key" \ @@ -5273,7 +5303,6 @@ run_test "DER format: with a trailing zero byte" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: with a trailing random byte" \ "$P_SRV crt_file=data_files/server5-der1b.crt \ key_file=data_files/server5.key" \ @@ -5283,7 +5312,6 @@ run_test "DER format: with a trailing random byte" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: with 2 trailing random bytes" \ "$P_SRV crt_file=data_files/server5-der2.crt \ key_file=data_files/server5.key" \ @@ -5293,7 +5321,6 @@ run_test "DER format: with 2 trailing random bytes" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: with 4 trailing random bytes" \ "$P_SRV crt_file=data_files/server5-der4.crt \ key_file=data_files/server5.key" \ @@ -5303,7 +5330,6 @@ run_test "DER format: with 4 trailing random bytes" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: with 8 trailing random bytes" \ "$P_SRV crt_file=data_files/server5-der8.crt \ key_file=data_files/server5.key" \ @@ -5313,7 +5339,6 @@ run_test "DER format: with 8 trailing random bytes" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DER format: with 9 trailing random bytes" \ "$P_SRV crt_file=data_files/server5-der9.crt \ key_file=data_files/server5.key" \ @@ -5380,7 +5405,6 @@ run_test "Authentication: server goodcert, client required, no trusted CA" \ requires_config_enabled MBEDTLS_ECP_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ka.crt" \ @@ -5392,7 +5416,6 @@ run_test "Authentication: server ECDH p256v1, client required, p256v1 unsuppo requires_config_enabled MBEDTLS_ECP_C requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ka.crt" \ @@ -5403,7 +5426,6 @@ run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsuppo -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server badcert, client none" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -5712,7 +5734,6 @@ run_test "Authentication: do not send CA list in CertificateRequest" \ -S "requested DN" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: send CA list in CertificateRequest, client self signed" \ "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ @@ -5766,7 +5787,6 @@ run_test "Authentication: send alt hs DN hints in CertificateRequest" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: server badcert, client required" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -5780,7 +5800,6 @@ run_test "Authentication, CA callback: server badcert, client required" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: server badcert, client optional" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -5802,7 +5821,6 @@ run_test "Authentication, CA callback: server badcert, client optional" \ requires_config_enabled MBEDTLS_ECP_C requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ka.crt" \ @@ -5816,7 +5834,6 @@ run_test "Authentication, CA callback: server ECDH p256v1, client required, p requires_config_enabled MBEDTLS_ECP_C requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ "$P_SRV debug_level=1 key_file=data_files/server5.key \ crt_file=data_files/server5.ku-ka.crt" \ @@ -5855,7 +5872,6 @@ run_test "Authentication, CA callback: client SHA384, server required" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client badcert, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ @@ -5880,7 +5896,6 @@ run_test "Authentication, CA callback: client badcert, server required" \ requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client cert not trusted, server required" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ @@ -5901,7 +5916,6 @@ run_test "Authentication, CA callback: client cert not trusted, server requir requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication, CA callback: client badcert, server optional" \ "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ @@ -6842,7 +6856,6 @@ run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.ku-ds.crt" \ @@ -6855,7 +6868,6 @@ run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.ku-ke.crt" \ @@ -6868,7 +6880,6 @@ run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.ku-ka.crt" \ @@ -6910,8 +6921,6 @@ run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ -s "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -6922,8 +6931,6 @@ run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -6958,7 +6965,6 @@ run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ @@ -6971,7 +6977,6 @@ run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ @@ -7013,7 +7018,6 @@ run_test "extKeyUsage srv: codeSign -> fail" \ # Tests for extendedKeyUsage, part 2: client-side checking of server cert requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli: serverAuth -> OK" \ "$O_SRV -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-srv.crt" \ @@ -7024,7 +7028,6 @@ run_test "extKeyUsage cli: serverAuth -> OK" \ -c "Ciphersuite is TLS-" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ "$O_SRV -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-srv_cli.crt" \ @@ -7035,7 +7038,6 @@ run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ -c "Ciphersuite is TLS-" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ "$O_SRV -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cs_any.crt" \ @@ -7046,7 +7048,6 @@ run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ -c "Ciphersuite is TLS-" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli: codeSign -> fail" \ "$O_SRV -tls1_2 -key data_files/server5.key \ -cert data_files/server5.eku-cs.crt" \ @@ -7059,7 +7060,6 @@ run_test "extKeyUsage cli: codeSign -> fail" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli 1.3: serverAuth -> OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.eku-srv.crt" \ @@ -7072,7 +7072,6 @@ run_test "extKeyUsage cli 1.3: serverAuth -> OK" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.eku-srv_cli.crt" \ @@ -7085,7 +7084,6 @@ run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.eku-cs_any.crt" \ @@ -7098,7 +7096,6 @@ run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "extKeyUsage cli 1.3: codeSign -> fail" \ "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ -cert data_files/server5.eku-cs.crt" \ @@ -7111,8 +7108,6 @@ run_test "extKeyUsage cli 1.3: codeSign -> fail" \ # Tests for extendedKeyUsage, part 3: server-side checking of client cert requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" run_test "extKeyUsage cli-auth: clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -7122,8 +7117,6 @@ run_test "extKeyUsage cli-auth: clientAuth -> OK" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -7133,8 +7126,6 @@ run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -7144,8 +7135,6 @@ run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ "$P_SRV debug_level=1 auth_mode=optional" \ "$O_CLI -key data_files/server5.key \ @@ -7155,8 +7144,6 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ -S "Processing of the Certificate handshake message failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ "$P_SRV debug_level=1 auth_mode=required" \ "$O_CLI -key data_files/server5.key \ @@ -7201,7 +7188,6 @@ run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \ requires_openssl_tls1_3 requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \ "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ @@ -12652,7 +12638,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - openssl with sni" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ sni=localhost,data_files/server5.crt,data_files/server5.key,data_files/test-ca_cat12.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ @@ -12666,7 +12651,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - gnutls with sni" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ sni=localhost,data_files/server5.crt,data_files/server5.key,data_files/test-ca_cat12.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ @@ -12680,7 +12664,6 @@ requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - mbedtls with sni" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0 \ sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ @@ -13023,7 +13006,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ @@ -13036,7 +13018,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ "$O_NEXT_CLI -msg -debug -groups P-256:P-384" \ @@ -13067,7 +13048,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -13084,7 +13064,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 curves=secp384r1 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -13394,7 +13373,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ From bdc21e623e3da41a3d8d18f942bc08bd4ac7c8cc Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 23 Feb 2023 17:12:19 +0100 Subject: [PATCH 295/440] Disable MBEDTLS_PSA_CRYPTO_SE_C is ecdsa psa builds Signed-off-by: Przemek Stekiel --- tests/scripts/all.sh | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b0d460dd9..a2c0cb756 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2112,6 +2112,9 @@ config_psa_crypto_config_ecdsa_use_psa () { # the future, the following line could be removed (see issues # 6061, 6332 and following ones) scripts/config.py unset MBEDTLS_ECP_RESTARTABLE + # Dynamic secure element support is a deprecated feature and needs to be disabled here. + # This is done to have the same form of psa_key_attributes_s for libdriver and library. + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C } # Keep in sync with component_test_psa_crypto_config_reference_ecdsa_use_psa @@ -2510,7 +2513,7 @@ component_test_psa_crypto_config_accel_pake () { loc_accel_list="ALG_JPAKE" loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" DEBUG=1 + make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -2522,7 +2525,7 @@ component_test_psa_crypto_config_accel_pake () { scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" DEBUG=1 + make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" tests/ssl-opt.sh -f "ECJPAKE" From df6e84a4471e257d6db13986db592c959886ea01 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Feb 2023 22:09:51 +0100 Subject: [PATCH 296/440] Test the PSA alternative header configuration macros Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes after the standard directory in the include file search path. Signed-off-by: Gilles Peskine --- programs/.gitignore | 1 + programs/Makefile | 5 ++++ programs/test/CMakeLists.txt | 1 + programs/test/query_included_headers.c | 41 ++++++++++++++++++++++++++ tests/.gitignore | 2 ++ tests/Makefile | 5 ++++ tests/include/alt-extra/psa/crypto.h | 7 +++++ tests/scripts/all.sh | 21 +++++++++++++ 8 files changed, 83 insertions(+) create mode 100644 programs/test/query_included_headers.c create mode 100644 tests/include/alt-extra/psa/crypto.h diff --git a/programs/.gitignore b/programs/.gitignore index 44e904a95..398152dcb 100644 --- a/programs/.gitignore +++ b/programs/.gitignore @@ -64,6 +64,7 @@ test/cpp_dummy_build.cpp test/dlopen test/ecp-bench test/query_compile_time_config +test/query_included_headers test/selftest test/ssl_cert_test test/udp_proxy diff --git a/programs/Makefile b/programs/Makefile index fdfece72a..3509fc374 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -123,6 +123,7 @@ APPS = \ ssl/ssl_server2 \ test/benchmark \ test/query_compile_time_config \ + test/query_included_headers \ test/selftest \ test/udp_proxy \ test/zeroize \ @@ -403,6 +404,10 @@ test/query_config.o: test/query_config.c test/query_config.h $(DEP) echo " CC test/query_config.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c test/query_config.c -o $@ +test/query_included_headers$(EXEXT): test/query_included_headers.c $(DEP) + echo " CC test/query_included_headers.c" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_included_headers.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + test/selftest$(EXEXT): test/selftest.c $(DEP) echo " CC test/selftest.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/selftest.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index c3e7d2e98..735684ebf 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -3,6 +3,7 @@ set(libs ) set(executables_libs + query_included_headers selftest udp_proxy ) diff --git a/programs/test/query_included_headers.c b/programs/test/query_included_headers.c new file mode 100644 index 000000000..383a2ffc8 --- /dev/null +++ b/programs/test/query_included_headers.c @@ -0,0 +1,41 @@ +/* Ad hoc report on included headers. */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include + +int main(void) +{ + + /* Which PSA platform header? */ +#if defined(PSA_CRYPTO_PLATFORM_H) + mbedtls_printf("PSA_CRYPTO_PLATFORM_H\n"); +#endif +#if defined(PSA_CRYPTO_PLATFORM_ALT_H) + mbedtls_printf("PSA_CRYPTO_PLATFORM_ALT_H\n"); +#endif + + /* Which PSA struct header? */ +#if defined(PSA_CRYPTO_STRUCT_H) + mbedtls_printf("PSA_CRYPTO_STRUCT_H\n"); +#endif +#if defined(PSA_CRYPTO_STRUCT_ALT_H) + mbedtls_printf("PSA_CRYPTO_STRUCT_ALT_H\n"); +#endif + +} diff --git a/tests/.gitignore b/tests/.gitignore index 15fce6888..b85d66aa4 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -13,6 +13,8 @@ data_files/hmac_drbg_seed data_files/ctr_drbg_seed data_files/entropy_seed +include/alt-extra/psa/crypto_platform_alt.h +include/alt-extra/psa/crypto_struct_alt.h include/test/instrument_record_status.h src/*.o diff --git a/tests/Makefile b/tests/Makefile index c9283c984..26947f4b9 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -219,6 +219,7 @@ ifndef WINDOWS rm -rf $(BINARIES) *.c *.datax rm -f src/*.o src/drivers/*.o src/libmbed* rm -f include/test/instrument_record_status.h + rm -f include/alt-extra/*/*_alt.h rm -rf libtestdriver1 rm -f ../library/libtestdriver1.a else @@ -244,6 +245,10 @@ check: $(BINARIES) test: check +# Generate variants of some headers for testing +include/alt-extra/%_alt.h: ../include/%.h + perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@ + # Generate test library # Perl code that is executed to transform each original line from a library diff --git a/tests/include/alt-extra/psa/crypto.h b/tests/include/alt-extra/psa/crypto.h new file mode 100644 index 000000000..005f3aeea --- /dev/null +++ b/tests/include/alt-extra/psa/crypto.h @@ -0,0 +1,7 @@ +/* The goal of the include/alt-extra directory is to test what happens + * if certain files come _after_ the normal include directory. + * Make sure that if the alt-extra directory comes before the normal + * directory (so we wouldn't be achieving our test objective), the build + * will fail. + */ +#error "The normal include directory must come first in the include path" diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7d91fa27d..a851d0e7b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3258,6 +3258,27 @@ component_build_psa_config_file () { rm -f psa_test_config.h psa_user_config.h } +component_build_psa_alt_headers () { + msg "build: make with PSA alt headers" # ~20s + + # Generate alternative versions of the substitutable headers with the + # same content except different include guards. + make -C tests include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h + + # Build the library and some programs. + # Don't build the fuzzers to avoid having to go through hoops to set + # a correct include path for programs/fuzz/Makefile. + make CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib + make -C programs -o fuzz CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" + + # Check that we're getting the alternative include guards and not the + # original include guards. + programs/test/query_included_headers | grep -x PSA_CRYPTO_PLATFORM_ALT_H + programs/test/query_included_headers | grep -x PSA_CRYPTO_STRUCT_ALT_H + programs/test/query_included_headers | not grep -x PSA_CRYPTO_PLATFORM_H + programs/test/query_included_headers | not grep -x PSA_CRYPTO_STRUCT_H +} + component_test_m32_o0 () { # Build without optimization, so as to use portable C code (in a 32-bit # build) and not the i386-specific inline assembly. From 361b5f992ff215af199b7922088fad2ab8907cd9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Feb 2023 22:15:18 +0100 Subject: [PATCH 297/440] Make sure the configuration is always included Before, if psa/crypto_platform.h was overridden and the override didn't include "mbedtls/build_info.h", it was possible to end up with parts of the headers not taking the library configuration into account, if no mbedtls header was included before "psa/crypto.h". Make sure that the mbedtls configuration is visible from the start, no matter what is or is not in the platform header. Signed-off-by: Gilles Peskine --- include/psa/crypto_types.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index dd4d4fca3..5e2e334a1 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -32,6 +32,10 @@ #ifndef PSA_CRYPTO_TYPES_H #define PSA_CRYPTO_TYPES_H + +/* Make sure the Mbed TLS configuration is visible. */ +#include "mbedtls/build_info.h" +/* Define the MBEDTLS_PRIVATE macro. */ #include "mbedtls/private_access.h" #if defined(MBEDTLS_PSA_CRYPTO_PLATFORM_FILE) From 95c915201e76a9bac790722bedf12fe0c3c07948 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 22 Feb 2023 22:20:24 +0100 Subject: [PATCH 298/440] Move the implication of MBEDTLS_PSA_CRYPTO_CLIENT where it belongs If MBEDTLS_PSA_CRYPTO_C is enabled, we always enable MBEDTLS_PSA_CRYPTO_CLIENT, since the client-side functions are part of the full PSA crypto feature set. Historically, we didn't have a good place for configuration modification, so we did this early in the crypto.h include tree. Since Mbed TLS 3.0, we have mbedtls/build_info.h for that. Addresses https://github.com/Mbed-TLS/mbedtls/issues/7144 . Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 7 +++++++ include/psa/crypto_types.h | 7 ------- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index bbfd5d48d..2edf01519 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -80,6 +80,13 @@ #include MBEDTLS_USER_CONFIG_FILE #endif +/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT + * is defined as well to include all PSA code. + */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +#define MBEDTLS_PSA_CRYPTO_CLIENT +#endif /* MBEDTLS_PSA_CRYPTO_C */ + /* The PK wrappers need pk_write functions to format RSA key objects * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO, * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 5e2e334a1..a5154fcd6 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -44,13 +44,6 @@ #include "crypto_platform.h" #endif -/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT - * is defined as well to include all PSA code. - */ -#if defined(MBEDTLS_PSA_CRYPTO_C) -#define MBEDTLS_PSA_CRYPTO_CLIENT -#endif /* MBEDTLS_PSA_CRYPTO_C */ - #include /** \defgroup error Error codes From 083745e09739d06ff13975bdfc1721fe4af9205a Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 23 Feb 2023 17:28:23 +0100 Subject: [PATCH 299/440] Fix code style Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 12 ++++++------ library/psa_crypto_pake.c | 4 ++-- tests/include/test/drivers/pake.h | 3 ++- tests/src/drivers/test_driver_pake.c | 2 +- ...t_suite_psa_crypto_driver_wrappers.function | 18 ++++++++++++------ 5 files changed, 23 insertions(+), 16 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3823f7ad7..4406fcc3b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7609,9 +7609,9 @@ static psa_status_t psa_jpake_output_epilogue( &operation->computation_stage.jpake; if ((computation_stage->state == PSA_PAKE_OUTPUT_X1_X2 && - computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || + computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || (computation_stage->state == PSA_PAKE_OUTPUT_X2S && - computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { + computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { computation_stage->state = PSA_PAKE_STATE_READY; computation_stage->output_step++; computation_stage->sequence = PSA_PAKE_SEQ_INVALID; @@ -7791,9 +7791,9 @@ static psa_status_t psa_jpake_input_epilogue( &operation->computation_stage.jpake; if ((computation_stage->state == PSA_PAKE_INPUT_X1_X2 && - computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || + computation_stage->sequence == PSA_PAKE_X2_STEP_ZK_PROOF) || (computation_stage->state == PSA_PAKE_INPUT_X4S && - computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { + computation_stage->sequence == PSA_PAKE_X1_STEP_ZK_PROOF)) { computation_stage->state = PSA_PAKE_STATE_READY; computation_stage->input_step++; computation_stage->sequence = PSA_PAKE_SEQ_INVALID; @@ -7848,7 +7848,7 @@ psa_status_t psa_pake_input( #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) status = psa_driver_wrapper_pake_input(operation, convert_jpake_computation_stage_to_driver_step( - &operation->computation_stage.jpake), + &operation->computation_stage.jpake), input, input_length); #else @@ -7897,7 +7897,7 @@ psa_status_t psa_pake_get_implicit_key( #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { psa_jpake_computation_stage_t *computation_stage = - &operation->computation_stage.jpake; + &operation->computation_stage.jpake; if (computation_stage->input_step != PSA_PAKE_STEP_DERIVE || computation_stage->output_step != PSA_PAKE_STEP_DERIVE) { status = PSA_ERROR_BAD_STATE; diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 929db5919..062d0bb68 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -169,7 +169,7 @@ static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operati { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_ecjpake_role role = (operation->role == PSA_PAKE_ROLE_CLIENT) ? - MBEDTLS_ECJPAKE_CLIENT : MBEDTLS_ECJPAKE_SERVER; + MBEDTLS_ECJPAKE_CLIENT : MBEDTLS_ECJPAKE_SERVER; mbedtls_ecjpake_init(&operation->ctx.pake); @@ -220,7 +220,7 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, } status = psa_crypto_driver_pake_get_password(inputs, operation->password, - password_len, &actual_password_len); + password_len, &actual_password_len); if (status != PSA_SUCCESS) { goto error; } diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h index 99ca8f275..331ee49da 100644 --- a/tests/include/test/drivers/pake.h +++ b/tests/include/test/drivers/pake.h @@ -48,7 +48,8 @@ typedef struct { size_t forced_output_length; } mbedtls_test_driver_pake_hooks_t; -#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, {0, 0, 0, 0, 0, 0}, PSA_SUCCESS, NULL, 0 } +#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, { 0, 0, 0, 0, 0, 0 }, PSA_SUCCESS, \ + NULL, 0 } static inline mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks_init(void) { diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index 7eafe14d8..9c7248308 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -185,7 +185,7 @@ psa_status_t mbedtls_test_transparent_pake_abort( mbedtls_test_driver_pake_hooks.hits.abort++; #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \ - defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) + defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE) mbedtls_test_driver_pake_hooks.driver_status = libtestdriver1_mbedtls_psa_pake_abort( operation); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index b0aac5357..a32da21ce 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -3050,7 +3050,8 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st /* --- psa_pake_input (driver: setup, input) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; - memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); + memset(&mbedtls_test_driver_pake_hooks.hits, 0, + sizeof(mbedtls_test_driver_pake_hooks.hits)); TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, input_buffer, size_key_share), expected_status); @@ -3062,7 +3063,8 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st /* --- psa_pake_output (driver: setup, output) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; - memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); + memset(&mbedtls_test_driver_pake_hooks.hits, 0, + sizeof(mbedtls_test_driver_pake_hooks.hits)); TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, output_buffer, output_size, &output_len), expected_status); @@ -3074,7 +3076,8 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st /* --- psa_pake_input (driver: setup, input, (abort)) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; - memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); + memset(&mbedtls_test_driver_pake_hooks.hits, 0, + sizeof(mbedtls_test_driver_pake_hooks.hits)); TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, input_buffer, size_key_share), expected_status); @@ -3088,7 +3091,8 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st /* --- psa_pake_output (driver: setup, output, (abort)) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; - memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); + memset(&mbedtls_test_driver_pake_hooks.hits, 0, + sizeof(mbedtls_test_driver_pake_hooks.hits)); if (forced_output->len > 0) { mbedtls_test_driver_pake_hooks.forced_output = forced_output->x; mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len; @@ -3123,7 +3127,8 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st /* --- psa_pake_get_implicit_key --- */ mbedtls_test_driver_pake_hooks.forced_status = forced_status; - memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); + memset(&mbedtls_test_driver_pake_hooks.hits, 0, + sizeof(mbedtls_test_driver_pake_hooks.hits)); TEST_EQUAL(psa_pake_get_implicit_key(&operation, &implicit_key), expected_status); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 2); @@ -3140,7 +3145,8 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st /* --- psa_pake_abort --- */ mbedtls_test_driver_pake_hooks.forced_status = forced_status; - memset(&mbedtls_test_driver_pake_hooks.hits, 0, sizeof(mbedtls_test_driver_pake_hooks.hits)); + memset(&mbedtls_test_driver_pake_hooks.hits, 0, + sizeof(mbedtls_test_driver_pake_hooks.hits)); TEST_EQUAL(psa_pake_abort(&operation), expected_status); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.total, 1); TEST_EQUAL(mbedtls_test_driver_pake_hooks.hits.abort, 1); From 623c73b46d3aa91ac8b767a46a110a3aea5a0c53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 20:36:05 +0100 Subject: [PATCH 300/440] Remove config.py call on now-internal option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It turns out config.py wouldn't complain, but it's still confusing. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0758282d6..7c89e7fa3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2354,7 +2354,6 @@ config_psa_crypto_hash_use_psa () { # Also unset MD_C and things that depend on it. if [ "$DRIVER_ONLY" -eq 1 ]; then scripts/config.py unset MBEDTLS_MD_C - scripts/config.py unset MBEDTLS_MD_LIGHT fi scripts/config.py unset MBEDTLS_HKDF_C # has independent PSA implementation scripts/config.py unset MBEDTLS_HMAC_DRBG_C From 1e57abd3eca2cdaed8b5bcda0e016394d6fb0298 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 23 Feb 2023 20:45:26 +0100 Subject: [PATCH 301/440] Group MD_LIGHT and MD_C parts of md.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/md.c | 246 ++++++++++++++++++++++++++------------------------- 1 file changed, 124 insertions(+), 122 deletions(-) diff --git a/library/md.c b/library/md.c index c1cf67460..6681f9aa0 100644 --- a/library/md.c +++ b/library/md.c @@ -31,6 +31,8 @@ * most hash metadata (everything except string names); is it * automatically set whenever MBEDTLS_MD_C is defined. * + * In this file, functions from MD_LIGHT are at the top, MD_C at the end. + * * In the future we may want to change the contract of some functions * (behaviour with NULL arguments) depending on whether MD_C is defined or * only MD_LIGHT. Also, the exact scope of MD_LIGHT might vary. @@ -121,93 +123,6 @@ const mbedtls_md_info_t mbedtls_sha512_info = { }; #endif -/* - * Reminder: update profiles in x509_crt.c when adding a new hash! - */ -#if defined(MBEDTLS_MD_C) -static const int supported_digests[] = { - -#if defined(MBEDTLS_SHA512_C) - MBEDTLS_MD_SHA512, -#endif - -#if defined(MBEDTLS_SHA384_C) - MBEDTLS_MD_SHA384, -#endif - -#if defined(MBEDTLS_SHA256_C) - MBEDTLS_MD_SHA256, -#endif -#if defined(MBEDTLS_SHA224_C) - MBEDTLS_MD_SHA224, -#endif - -#if defined(MBEDTLS_SHA1_C) - MBEDTLS_MD_SHA1, -#endif - -#if defined(MBEDTLS_RIPEMD160_C) - MBEDTLS_MD_RIPEMD160, -#endif - -#if defined(MBEDTLS_MD5_C) - MBEDTLS_MD_MD5, -#endif - - MBEDTLS_MD_NONE -}; - -const int *mbedtls_md_list(void) -{ - return supported_digests; -} - -const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) -{ - if (NULL == md_name) { - return NULL; - } - - /* Get the appropriate digest information */ -#if defined(MBEDTLS_MD5_C) - if (!strcmp("MD5", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_MD5); - } -#endif -#if defined(MBEDTLS_RIPEMD160_C) - if (!strcmp("RIPEMD160", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160); - } -#endif -#if defined(MBEDTLS_SHA1_C) - if (!strcmp("SHA1", md_name) || !strcmp("SHA", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); - } -#endif -#if defined(MBEDTLS_SHA224_C) - if (!strcmp("SHA224", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA224); - } -#endif -#if defined(MBEDTLS_SHA256_C) - if (!strcmp("SHA256", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); - } -#endif -#if defined(MBEDTLS_SHA384_C) - if (!strcmp("SHA384", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); - } -#endif -#if defined(MBEDTLS_SHA512_C) - if (!strcmp("SHA512", md_name)) { - return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); - } -#endif - return NULL; -} -#endif /* MBEDTLS_MD_C */ - const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) { switch (md_type) { @@ -244,18 +159,6 @@ const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type) } } -#if defined(MBEDTLS_MD_C) -const mbedtls_md_info_t *mbedtls_md_info_from_ctx( - const mbedtls_md_context_t *ctx) -{ - if (ctx == NULL) { - return NULL; - } - - return ctx->MBEDTLS_PRIVATE(md_info); -} -#endif /* MBEDTLS_MD_C */ - void mbedtls_md_init(mbedtls_md_context_t *ctx) { memset(ctx, 0, sizeof(mbedtls_md_context_t)); @@ -604,7 +507,126 @@ int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, siz } } -#if defined(MBEDTLS_FS_IO) && defined(MBEDTLS_MD_C) +unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) +{ + if (md_info == NULL) { + return 0; + } + + return md_info->size; +} + +mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) +{ + if (md_info == NULL) { + return MBEDTLS_MD_NONE; + } + + return md_info->type; +} + +/************************************************************************ + * Functions above this separator are part of MBEDTLS_MD_LIGHT, * + * functions below are only available when MBEDTLS_MD_C is set. * + ************************************************************************/ +#if defined(MBEDTLS_MD_C) + +/* + * Reminder: update profiles in x509_crt.c when adding a new hash! + */ +static const int supported_digests[] = { + +#if defined(MBEDTLS_SHA512_C) + MBEDTLS_MD_SHA512, +#endif + +#if defined(MBEDTLS_SHA384_C) + MBEDTLS_MD_SHA384, +#endif + +#if defined(MBEDTLS_SHA256_C) + MBEDTLS_MD_SHA256, +#endif +#if defined(MBEDTLS_SHA224_C) + MBEDTLS_MD_SHA224, +#endif + +#if defined(MBEDTLS_SHA1_C) + MBEDTLS_MD_SHA1, +#endif + +#if defined(MBEDTLS_RIPEMD160_C) + MBEDTLS_MD_RIPEMD160, +#endif + +#if defined(MBEDTLS_MD5_C) + MBEDTLS_MD_MD5, +#endif + + MBEDTLS_MD_NONE +}; + +const int *mbedtls_md_list(void) +{ + return supported_digests; +} + +const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name) +{ + if (NULL == md_name) { + return NULL; + } + + /* Get the appropriate digest information */ +#if defined(MBEDTLS_MD5_C) + if (!strcmp("MD5", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_MD5); + } +#endif +#if defined(MBEDTLS_RIPEMD160_C) + if (!strcmp("RIPEMD160", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_RIPEMD160); + } +#endif +#if defined(MBEDTLS_SHA1_C) + if (!strcmp("SHA1", md_name) || !strcmp("SHA", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA1); + } +#endif +#if defined(MBEDTLS_SHA224_C) + if (!strcmp("SHA224", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA224); + } +#endif +#if defined(MBEDTLS_SHA256_C) + if (!strcmp("SHA256", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); + } +#endif +#if defined(MBEDTLS_SHA384_C) + if (!strcmp("SHA384", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA384); + } +#endif +#if defined(MBEDTLS_SHA512_C) + if (!strcmp("SHA512", md_name)) { + return mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); + } +#endif + return NULL; +} + +const mbedtls_md_info_t *mbedtls_md_info_from_ctx( + const mbedtls_md_context_t *ctx) +{ + if (ctx == NULL) { + return NULL; + } + + return ctx->MBEDTLS_PRIVATE(md_info); +} + +#if defined(MBEDTLS_FS_IO) int mbedtls_md_file(const mbedtls_md_info_t *md_info, const char *path, unsigned char *output) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -653,9 +675,8 @@ cleanup: return ret; } -#endif /* MBEDTLS_FS_IO && MBEDTLS_MD_C */ +#endif /* MBEDTLS_FS_IO */ -#if defined(MBEDTLS_MD_C) int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx, const unsigned char *key, size_t keylen) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -792,27 +813,7 @@ cleanup: return ret; } -#endif /* MBEDTLS_MD_C */ -unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info) -{ - if (md_info == NULL) { - return 0; - } - - return md_info->size; -} - -mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info) -{ - if (md_info == NULL) { - return MBEDTLS_MD_NONE; - } - - return md_info->type; -} - -#if defined(MBEDTLS_MD_C) const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) { if (md_info == NULL) { @@ -821,6 +822,7 @@ const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info) return md_info->name; } + #endif /* MBEDTLS_MD_C */ #endif /* MBEDTLS_MD_LIGHT */ From ba1e78f1c206d1fabc21394c0fffbda9896f028d Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 24 Feb 2023 11:18:16 +0800 Subject: [PATCH 302/440] fix code style and comment issues Signed-off-by: Jerry Yu --- library/aesce.c | 9 +++++---- library/aesce.h | 1 - 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/aesce.c b/library/aesce.c index e47665a50..ee0c8e12c 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -60,7 +60,7 @@ int mbedtls_aesce_has_support(void) return (auxval & (HWCAP_ASIMD | HWCAP_AES)) == (HWCAP_ASIMD | HWCAP_AES); #else - /* Suppose aes instructions are supported. */ + /* Assume AES instructions are supported. */ return 1; #endif } @@ -143,7 +143,6 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, return 0; } - /* * Compute decryption round keys from encryption round keys */ @@ -244,8 +243,10 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk, case 128: case 192: case 256: - aesce_setkey_enc(rk, key, bits); break; - default: return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; + aesce_setkey_enc(rk, key, bits); + break; + default: + return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; } return 0; diff --git a/library/aesce.h b/library/aesce.h index 0d6d09e50..1e72e5ba4 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -64,7 +64,6 @@ int mbedtls_aesce_crypt_ecb(mbedtls_aes_context *ctx, const unsigned char input[16], unsigned char output[16]); - /** * \brief Internal round key inversion. This function computes * decryption round keys from the encryption round keys. From aa18c4bf9627204dc0629d9d3fa5e694c2474cba Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 24 Feb 2023 11:18:41 +0800 Subject: [PATCH 303/440] Add comments about travis test. Signed-off-by: Jerry Yu --- .travis.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3d735bb5c..2e9bdb4ed 100644 --- a/.travis.yml +++ b/.travis.yml @@ -89,7 +89,9 @@ jobs: packages: - gcc script: - # See above + # Do a manual build+test sequence rather than using all.sh, because + # there's no all.sh component that does what we want. We should set + # CFLAGS for arm64 host CC. - scripts/config.py full - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY @@ -115,7 +117,9 @@ jobs: - clang - gnutls-bin script: - # See above + # Do a manual build+test sequence rather than using all.sh, because + # there's no all.sh component that does what we want. We should set + # CFLAGS for arm64 host CC. - scripts/config.py full - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY @@ -128,7 +132,6 @@ jobs: - tests/scripts/travis-log-failure.sh - tests/context-info.sh - after_failure: - tests/scripts/travis-log-failure.sh From c66deda4c59d23e07f9e8d850d980021190b0c45 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 24 Feb 2023 11:42:07 +0800 Subject: [PATCH 304/440] Add explanation for aesce limitation Signed-off-by: Jerry Yu --- include/mbedtls/mbedtls_config.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index cba133c4f..774fc948a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2079,6 +2079,10 @@ * of \c -march=armv8-a+crypto . * * \warning `MBEDTLS_SHA512_USE_A64_CRYPTO_*` should be disabled when enabled + * because unexpected instruction will be generated in AESCE module. + * `MBEDTLS_SHA512_USE_A64_CRYPTO_*` requires \c -march=armv8.2-a+sha3, + * compiler optimizes the code with `eor3` that is part of sha3 + * extension and unexpected in AESCE. * * \warning Runtime detection only works on linux. For non-linux operation * system, crypto extension MUST be supported by CPU. From d93de32267a8e33d365c8e84d428c767b175a655 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 24 Feb 2023 08:39:04 +0100 Subject: [PATCH 305/440] Move to computation stage only on successfull setup Signed-off-by: Przemek Stekiel --- library/psa_crypto.c | 3 +-- library/psa_crypto_pake.c | 8 +++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 4406fcc3b..8752bffe5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7503,8 +7503,6 @@ static psa_status_t psa_pake_complete_inputs( status = psa_driver_wrapper_pake_setup(operation, &inputs); - operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; - /* Driver is responsible for creating its own copy of the password. */ mbedtls_platform_zeroize(inputs.password, inputs.password_len); mbedtls_free(inputs.password); @@ -7512,6 +7510,7 @@ static psa_status_t psa_pake_complete_inputs( if (status == PSA_SUCCESS) { #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { + operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; computation_stage->state = PSA_PAKE_STATE_READY; diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 062d0bb68..63d08303d 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -257,9 +257,11 @@ psa_status_t mbedtls_psa_pake_setup(mbedtls_psa_pake_operation_t *operation, { status = PSA_ERROR_NOT_SUPPORTED; } error: - /* When driver fails with PSA_ERROR_NOT_SUPPORTED the built-in implementation is executed (if available) - and it will reallocate the password leading to the memory leak. - Call abort explicitly to clean up allocated memory for password on failure. */ + /* In case of failure of the setup of a multipart operation, the PSA driver interface + * specifies that the core does not call any other driver entry point thus does not + * call mbedtls_psa_pake_abort(). Therefore call it here to do the needed clean + * up like freeing the memory that may have been allocated to store the password. + */ mbedtls_psa_pake_abort(operation); return status; } From 6f2d1f419a700cf10fd4898eafde5c2cc7e78091 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Fri, 24 Feb 2023 08:41:39 +0100 Subject: [PATCH 306/440] Further pake tests optimizations Signed-off-by: Przemek Stekiel --- ..._suite_psa_crypto_driver_wrappers.function | 10 +- tests/suites/test_suite_psa_crypto_pake.data | 31 ++-- .../test_suite_psa_crypto_pake.function | 136 ++++++++++++------ 3 files changed, 119 insertions(+), 58 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index a32da21ce..6522fe5d0 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -3050,8 +3050,6 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st /* --- psa_pake_input (driver: setup, input) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; - memset(&mbedtls_test_driver_pake_hooks.hits, 0, - sizeof(mbedtls_test_driver_pake_hooks.hits)); TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, input_buffer, size_key_share), expected_status); @@ -3063,8 +3061,6 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st /* --- psa_pake_output (driver: setup, output) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; - memset(&mbedtls_test_driver_pake_hooks.hits, 0, - sizeof(mbedtls_test_driver_pake_hooks.hits)); TEST_EQUAL(psa_pake_output(&operation, PSA_PAKE_STEP_KEY_SHARE, output_buffer, output_size, &output_len), expected_status); @@ -3073,11 +3069,9 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st break; case 2: /* input */ - /* --- psa_pake_input (driver: setup, input, (abort)) --- */ + /* --- psa_pake_input (driver: setup, input, abort) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; - memset(&mbedtls_test_driver_pake_hooks.hits, 0, - sizeof(mbedtls_test_driver_pake_hooks.hits)); TEST_EQUAL(psa_pake_input(&operation, PSA_PAKE_STEP_KEY_SHARE, input_buffer, size_key_share), expected_status); @@ -3091,8 +3085,6 @@ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_st /* --- psa_pake_output (driver: setup, output, (abort)) --- */ mbedtls_test_driver_pake_hooks.forced_setup_status = forced_status_setup; mbedtls_test_driver_pake_hooks.forced_status = forced_status; - memset(&mbedtls_test_driver_pake_hooks.hits, 0, - sizeof(mbedtls_test_driver_pake_hooks.hits)); if (forced_output->len > 0) { mbedtls_test_driver_pake_hooks.forced_output = forced_output->x; mbedtls_test_driver_pake_hooks.forced_output_length = forced_output->len; diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 3be249fda..1a25a8c71 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -194,14 +194,29 @@ PSA PAKE: ecjpake size macros depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 ecjpake_size_macros: -PSA PAKE: input getters: ok #1 -pake_input_getters:"aabbccddee":PSA_PAKE_ROLE_SERVER:5:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS +PSA PAKE: input getters password: ok #1 +pake_input_getters_password:"aabbccddee":5:PSA_SUCCESS:PSA_SUCCESS -PSA PAKE: input getters: ok #2 -pake_input_getters:"ddccbbaa":PSA_PAKE_ROLE_CLIENT:5:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_512:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS +PSA PAKE: input getters password: ok #2 +pake_input_getters_password:"11223344556677889900":10:PSA_SUCCESS:PSA_SUCCESS -PSA PAKE: input getters: buffer for password to small -pake_input_getters:"aabbccddee":PSA_PAKE_ROLE_SERVER:4:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ERROR_BUFFER_TOO_SMALL:PSA_SUCCESS:PSA_SUCCESS:PSA_SUCCESS +PSA PAKE: input getters password: buffer to small +pake_input_getters_password:"aabbccddee":4:PSA_ERROR_BUFFER_TOO_SMALL:PSA_SUCCESS -PSA PAKE: input getters: inputs not ready -pake_input_getters:"":0:5:0:0:0:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE +PSA PAKE: input getters password: not set +pake_input_getters_password:"":0:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE + +PSA PAKE: input getters cipher suite: ok +pake_input_getters_cipher_suite:PSA_SUCCESS:1 + +PSA PAKE: input getters cipher suite: not set +pake_input_getters_cipher_suite:PSA_ERROR_BAD_STATE:0 + +PSA PAKE: input getters role client: ok +pake_input_getters_role:PSA_PAKE_ROLE_CLIENT:PSA_SUCCESS + +PSA PAKE: input getters role server: ok +pake_input_getters_role:PSA_PAKE_ROLE_SERVER:PSA_SUCCESS + +PSA PAKE: input getters role: not set +pake_input_getters_role:PSA_PAKE_ROLE_NONE:PSA_ERROR_BAD_STATE diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 1c3b3289a..3bb441fb6 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -909,71 +909,54 @@ void ecjpake_size_macros() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_BUILTIN_ALG_JPAKE */ -void pake_input_getters(data_t *password, int role_arg, int password_buffer_size, - int alg_arg, int primitive_arg, int hash_arg, - int expected_status_pass, int expected_status_pass_len, - int expected_status_role, int expected_status_cs) +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +void pake_input_getters_password(data_t *password, int password_buffer_size, + int expected_status_pass, int expected_status_pass_len) { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t operation = psa_pake_operation_init(); - psa_pake_role_t role = role_arg; - psa_algorithm_t alg = alg_arg; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_pake_role_t role_ret = PSA_PAKE_ROLE_NONE; uint8_t password_ret[20] = { 0 }; // max key length is 20 bytes size_t password_len_ret = 0; - psa_pake_cipher_suite_t cipher_suite_ret = psa_pake_cipher_suite_init(); size_t buffer_len_ret = 0; + psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, + PSA_ECC_FAMILY_SECP_R1, 256); + PSA_INIT(); - /* alg equal to 0 indicates case when inputs are not set yet. */ - if (alg != 0) { - psa_pake_cs_set_algorithm(&cipher_suite, alg); - psa_pake_cs_set_primitive(&cipher_suite, primitive_arg); - psa_pake_cs_set_hash(&cipher_suite, hash_arg); + psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); + psa_pake_cs_set_primitive(&cipher_suite, primitive); + psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); + psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE); + psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD); + PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); + + if (password_buffer_size > 0) { PSA_ASSERT(psa_import_key(&attributes, password->x, password->len, &key)); - - PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); PSA_ASSERT(psa_pake_set_password_key(&operation, key)); - PSA_ASSERT(psa_pake_set_role(&operation, role)); } TEST_EQUAL(psa_crypto_driver_pake_get_password_len(&operation.data.inputs, &password_len_ret), expected_status_pass_len); - TEST_EQUAL(psa_crypto_driver_pake_get_password(&operation.data.inputs, - (uint8_t *) &password_ret, - password_buffer_size, &buffer_len_ret), - expected_status_pass); - - TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret), - expected_status_role); - - TEST_EQUAL(psa_crypto_driver_pake_get_cipher_suite(&operation.data.inputs, &cipher_suite_ret), - expected_status_cs); - if (expected_status_pass_len == PSA_SUCCESS) { TEST_EQUAL(password_len_ret, password->len); - } - if (expected_status_pass == PSA_SUCCESS) { - PSA_ASSERT(memcmp(password_ret, password->x, password->len)); - } + TEST_EQUAL(psa_crypto_driver_pake_get_password(&operation.data.inputs, + (uint8_t *) &password_ret, + password_buffer_size, &buffer_len_ret), + expected_status_pass); - if (expected_status_role == PSA_SUCCESS) { - TEST_EQUAL(role_ret, role); - } - - if (expected_status_pass == PSA_SUCCESS) { - PSA_ASSERT(memcmp(&cipher_suite_ret, &cipher_suite, sizeof(cipher_suite))); + if (expected_status_pass == PSA_SUCCESS) { + TEST_EQUAL(buffer_len_ret, password->len); + PSA_ASSERT(memcmp(password_ret, password->x, buffer_len_ret)); + } } exit: @@ -982,3 +965,74 @@ exit: PSA_DONE(); } /* END_CASE */ + +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +void pake_input_getters_cipher_suite(int expected_status, int setup_done) +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t operation = psa_pake_operation_init(); + psa_pake_cipher_suite_t cipher_suite_ret = psa_pake_cipher_suite_init(); + + psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, + PSA_ECC_FAMILY_SECP_R1, 256); + + PSA_INIT(); + + if (setup_done == 1) { + psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); + psa_pake_cs_set_primitive(&cipher_suite, primitive); + psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); + + PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); + } + + TEST_EQUAL(psa_crypto_driver_pake_get_cipher_suite(&operation.data.inputs, &cipher_suite_ret), + expected_status); + + if (expected_status == PSA_SUCCESS) { + PSA_ASSERT(memcmp(&cipher_suite_ret, &cipher_suite, sizeof(cipher_suite))); + } + +exit: + PSA_ASSERT(psa_pake_abort(&operation)); + PSA_DONE(); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +void pake_input_getters_role(int role_arg, int expected_status) +{ + psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); + psa_pake_operation_t operation = psa_pake_operation_init(); + psa_pake_role_t role_ret = PSA_PAKE_ROLE_NONE; + psa_pake_role_t role = role_arg; + + psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( + PSA_PAKE_PRIMITIVE_TYPE_ECC, + PSA_ECC_FAMILY_SECP_R1, 256); + + PSA_INIT(); + + psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); + psa_pake_cs_set_primitive(&cipher_suite, primitive); + psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); + + PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); + + if (role != PSA_PAKE_ROLE_NONE) { + PSA_ASSERT(psa_pake_set_role(&operation, role)); + } + + TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret), + expected_status); + + if (expected_status == PSA_SUCCESS) { + TEST_EQUAL(role_ret, role); + } + +exit: + PSA_ASSERT(psa_pake_abort(&operation)); + PSA_DONE(); +} +/* END_CASE */ From 0ac71c0d92bc8bb32360744a5b2f3d0b4ab14b45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Feb 2023 12:13:55 +0100 Subject: [PATCH 307/440] Make debug statement more portable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There's little reason for accessing the hash implementation's internal state, its output contains most of the same information. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 441089f16..778b00638 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7675,17 +7675,14 @@ static int ssl_calc_finished_tls_sha256( * Hash( handshake ) )[0.11] */ -#if !defined(MBEDTLS_SHA256_ALT) - MBEDTLS_SSL_DEBUG_BUF(4, "finished sha2 state", (unsigned char *) - sha256.state, sizeof(sha256.state)); -#endif - ret = mbedtls_sha256_finish(&sha256, padbuf); if (ret != 0) { goto exit; } #endif /* MBEDTLS_USE_PSA_CRYPTO */ + MBEDTLS_SSL_DEBUG_BUF(4, "finished sha256 output", padbuf, 32); + ssl->handshake->tls_prf(session->master, 48, sender, padbuf, 32, buf, len); @@ -7760,16 +7757,14 @@ static int ssl_calc_finished_tls_sha384( * Hash( handshake ) )[0.11] */ -#if !defined(MBEDTLS_SHA512_ALT) - MBEDTLS_SSL_DEBUG_BUF(4, "finished sha512 state", (unsigned char *) - sha512.state, sizeof(sha512.state)); -#endif ret = mbedtls_sha512_finish(&sha512, padbuf); if (ret != 0) { goto exit; } #endif + MBEDTLS_SSL_DEBUG_BUF(4, "finished sha384 output", padbuf, 48); + ssl->handshake->tls_prf(session->master, 48, sender, padbuf, 48, buf, len); From 2cd751465c1fb25a7438e6da777d9ce883d1bb73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Feb 2023 12:37:07 +0100 Subject: [PATCH 308/440] Use MD, not low-level SHA1, in X.509 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X.509 already depends on MD_C || USE_PSA_CRYPTO, and this is for the !USE_PSA_CRYPTO branch, so we're free to use MD. This change supports our ability to use MBEDTLS_MD_CAN_xxx macros everywhere in the future, once they have been introduced. Signed-off-by: Manuel Pégourié-Gonnard --- library/x509write_crt.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 4f233953c..f481155e9 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -32,7 +32,7 @@ #include "mbedtls/error.h" #include "mbedtls/oid.h" #include "mbedtls/platform_util.h" -#include "mbedtls/sha1.h" +#include "mbedtls/md.h" #include @@ -229,8 +229,9 @@ static int mbedtls_x509write_crt_set_key_identifier(mbedtls_x509write_cert *ctx, return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } #else - ret = mbedtls_sha1(buf + sizeof(buf) - len, len, - buf + sizeof(buf) - 20); + ret = mbedtls_md(mbedtls_md_info_from_type(MBEDTLS_MD_SHA1), + buf + sizeof(buf) - len, len, + buf + sizeof(buf) - 20); if (ret != 0) { return ret; } From f057ecfedfea1e0a43e16a9134c7941c12534fd4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Feb 2023 13:19:17 +0100 Subject: [PATCH 309/440] Use MD not low-level sha256/512 in TLS MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Same reasoning as in previous commit. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_misc.h | 4 +- library/ssl_tls.c | 137 +++++++++++++++++++++++++++++++-------------- 2 files changed, 97 insertions(+), 44 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7385c6ee3..7abbffb5b 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -905,14 +905,14 @@ struct mbedtls_ssl_handshake_params { #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_operation_t fin_sha256_psa; #else - mbedtls_sha256_context fin_sha256; + mbedtls_md_context_t fin_sha256; #endif #endif #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_operation_t fin_sha384_psa; #else - mbedtls_sha512_context fin_sha384; + mbedtls_md_context_t fin_sha384; #endif #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 778b00638..7798d78cb 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -839,7 +839,13 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) return mbedtls_md_error_from_psa(status); } #else - ret = mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0); + ret = mbedtls_md_setup(&ssl->handshake->fin_sha256, + mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), + 0); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_starts(&ssl->handshake->fin_sha256); if (ret != 0) { return ret; } @@ -856,7 +862,12 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) return mbedtls_md_error_from_psa(status); } #else - ret = mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1); + ret = mbedtls_md_setup(&ssl->handshake->fin_sha384, + mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + if (ret != 0) { + return ret; + } + ret = mbedtls_md_starts(&ssl->handshake->fin_sha384); if (ret != 0) { return ret; } @@ -887,7 +898,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, return mbedtls_md_error_from_psa(status); } #else - ret = mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); + ret = mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); if (ret != 0) { return ret; } @@ -900,7 +911,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, return mbedtls_md_error_from_psa(status); } #else - ret = mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); + ret = mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); if (ret != 0) { return ret; } @@ -917,7 +928,7 @@ static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, return mbedtls_md_error_from_psa(psa_hash_update( &ssl->handshake->fin_sha256_psa, buf, len)); #else - return mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); + return mbedtls_md_update(&ssl->handshake->fin_sha256, buf, len); #endif } #endif @@ -930,7 +941,7 @@ static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, return mbedtls_md_error_from_psa(psa_hash_update( &ssl->handshake->fin_sha384_psa, buf, len)); #else - return mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); + return mbedtls_md_update(&ssl->handshake->fin_sha384, buf, len); #endif } #endif @@ -943,14 +954,14 @@ static void ssl_handshake_params_init(mbedtls_ssl_handshake_params *handshake) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha256_psa = psa_hash_operation_init(); #else - mbedtls_sha256_init(&handshake->fin_sha256); + mbedtls_md_init(&handshake->fin_sha256); #endif #endif #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) handshake->fin_sha384_psa = psa_hash_operation_init(); #else - mbedtls_sha512_init(&handshake->fin_sha384); + mbedtls_md_init(&handshake->fin_sha384); #endif #endif @@ -4081,14 +4092,14 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&handshake->fin_sha256_psa); #else - mbedtls_sha256_free(&handshake->fin_sha256); + mbedtls_md_free(&handshake->fin_sha256); #endif #endif #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&handshake->fin_sha384_psa); #else - mbedtls_sha512_free(&handshake->fin_sha384); + mbedtls_md_free(&handshake->fin_sha384); #endif #endif @@ -5771,17 +5782,24 @@ static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl, size_t *olen) { int ret; - mbedtls_sha512_context sha512; + mbedtls_md_context_t sha512; if (dst_len < 48) { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - mbedtls_sha512_init(&sha512); - mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384); + mbedtls_md_init(&sha512); + ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + if (ret != 0) { + goto exit; + } - if ((ret = mbedtls_sha512_finish(&sha512, dst)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha512_finish", ret); + if ((ret = mbedtls_md_finish(&sha512, dst)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); goto exit; } @@ -5789,7 +5807,7 @@ static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl, exit: - mbedtls_sha512_free(&sha512); + mbedtls_md_free(&sha512); return ret; } #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ @@ -5802,17 +5820,24 @@ static int ssl_get_handshake_transcript_sha256(mbedtls_ssl_context *ssl, size_t *olen) { int ret; - mbedtls_sha256_context sha256; + mbedtls_md_context_t sha256; if (dst_len < 32) { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - mbedtls_sha256_init(&sha256); - mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); + mbedtls_md_init(&sha256); + ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256); + if (ret != 0) { + goto exit; + } - if ((ret = mbedtls_sha256_finish(&sha256, dst)) != 0) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_sha256_finish", ret); + if ((ret = mbedtls_md_finish(&sha256, dst)) != 0) { + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); goto exit; } @@ -5820,7 +5845,7 @@ static int ssl_get_handshake_transcript_sha256(mbedtls_ssl_context *ssl, exit: - mbedtls_sha256_free(&sha256); + mbedtls_md_free(&sha256); return ret; } #endif /* MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ @@ -6603,15 +6628,22 @@ exit: return mbedtls_md_error_from_psa(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_sha256_context sha256; + mbedtls_md_context_t sha256; - mbedtls_sha256_init(&sha256); + mbedtls_md_init(&sha256); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha256")); - mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); + ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256); + if (ret != 0) { + goto exit; + } - ret = mbedtls_sha256_finish(&sha256, hash); + ret = mbedtls_md_finish(&sha256, hash); if (ret != 0) { goto exit; } @@ -6622,7 +6654,7 @@ exit: MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); exit: - mbedtls_sha256_free(&sha256); + mbedtls_md_free(&sha256); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } @@ -6658,15 +6690,22 @@ exit: return mbedtls_md_error_from_psa(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_sha512_context sha512; + mbedtls_md_context_t sha512; - mbedtls_sha512_init(&sha512); + mbedtls_md_init(&sha512); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha384")); - mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384); + ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + if (ret != 0) { + goto exit; + } - ret = mbedtls_sha512_finish(&sha512, hash); + ret = mbedtls_md_finish(&sha512, hash); if (ret != 0) { goto exit; } @@ -6677,7 +6716,7 @@ exit: MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); exit: - mbedtls_sha512_free(&sha512); + mbedtls_md_free(&sha512); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } @@ -7634,7 +7673,7 @@ static int ssl_calc_finished_tls_sha256( psa_status_t status; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_sha256_context sha256; + mbedtls_md_context_t sha256; #endif mbedtls_ssl_session *session = ssl->session_negotiate; @@ -7663,11 +7702,18 @@ static int ssl_calc_finished_tls_sha256( MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 32); #else - mbedtls_sha256_init(&sha256); + mbedtls_md_init(&sha256); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha256")); - mbedtls_sha256_clone(&sha256, &ssl->handshake->fin_sha256); + ret = mbedtls_md_setup(&sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha256, &ssl->handshake->fin_sha256); + if (ret != 0) { + goto exit; + } /* * TLSv1.2: @@ -7675,7 +7721,7 @@ static int ssl_calc_finished_tls_sha256( * Hash( handshake ) )[0.11] */ - ret = mbedtls_sha256_finish(&sha256, padbuf); + ret = mbedtls_md_finish(&sha256, padbuf); if (ret != 0) { goto exit; } @@ -7697,7 +7743,7 @@ exit: psa_hash_abort(&sha256_psa); return mbedtls_md_error_from_psa(status); #else - mbedtls_sha256_free(&sha256); + mbedtls_md_free(&sha256); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } @@ -7717,7 +7763,7 @@ static int ssl_calc_finished_tls_sha384( psa_status_t status; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_sha512_context sha512; + mbedtls_md_context_t sha512; #endif mbedtls_ssl_session *session = ssl->session_negotiate; @@ -7745,11 +7791,18 @@ static int ssl_calc_finished_tls_sha384( } MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48); #else - mbedtls_sha512_init(&sha512); + mbedtls_md_init(&sha512); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha384")); - mbedtls_sha512_clone(&sha512, &ssl->handshake->fin_sha384); + ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + if (ret != 0) { + goto exit; + } + ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + if (ret != 0) { + goto exit; + } /* * TLSv1.2: @@ -7757,7 +7810,7 @@ static int ssl_calc_finished_tls_sha384( * Hash( handshake ) )[0.11] */ - ret = mbedtls_sha512_finish(&sha512, padbuf); + ret = mbedtls_md_finish(&sha512, padbuf); if (ret != 0) { goto exit; } @@ -7779,7 +7832,7 @@ exit: psa_hash_abort(&sha384_psa); return mbedtls_md_error_from_psa(status); #else - mbedtls_sha512_free(&sha512); + mbedtls_md_free(&sha512); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } From 02d55d5825038a1ef93191f01f7b9cee2b6fc163 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 24 Feb 2023 13:21:16 +0100 Subject: [PATCH 310/440] Rename some local variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The name sha512 might have made sense when it was an mbedtls_sha512_context, but now it's weird to see things like mbedtls_md_setup(&sha512, ...MBEDTLS_MD_SHA384...); Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7798d78cb..9070f208d 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -5782,23 +5782,23 @@ static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl, size_t *olen) { int ret; - mbedtls_md_context_t sha512; + mbedtls_md_context_t sha384; if (dst_len < 48) { return MBEDTLS_ERR_SSL_INTERNAL_ERROR; } - mbedtls_md_init(&sha512); - ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + mbedtls_md_init(&sha384); + ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); if (ret != 0) { goto exit; } - ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384); if (ret != 0) { goto exit; } - if ((ret = mbedtls_md_finish(&sha512, dst)) != 0) { + if ((ret = mbedtls_md_finish(&sha384, dst)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_md_finish", ret); goto exit; } @@ -5807,7 +5807,7 @@ static int ssl_get_handshake_transcript_sha384(mbedtls_ssl_context *ssl, exit: - mbedtls_md_free(&sha512); + mbedtls_md_free(&sha384); return ret; } #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */ @@ -6690,22 +6690,22 @@ exit: return mbedtls_md_error_from_psa(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_context_t sha512; + mbedtls_md_context_t sha384; - mbedtls_md_init(&sha512); + mbedtls_md_init(&sha384); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc verify sha384")); - ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); if (ret != 0) { goto exit; } - ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384); if (ret != 0) { goto exit; } - ret = mbedtls_md_finish(&sha512, hash); + ret = mbedtls_md_finish(&sha384, hash); if (ret != 0) { goto exit; } @@ -6716,7 +6716,7 @@ exit: MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc verify")); exit: - mbedtls_md_free(&sha512); + mbedtls_md_free(&sha384); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } @@ -7763,7 +7763,7 @@ static int ssl_calc_finished_tls_sha384( psa_status_t status; #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - mbedtls_md_context_t sha512; + mbedtls_md_context_t sha384; #endif mbedtls_ssl_session *session = ssl->session_negotiate; @@ -7791,15 +7791,15 @@ static int ssl_calc_finished_tls_sha384( } MBEDTLS_SSL_DEBUG_BUF(3, "PSA calculated padbuf", padbuf, 48); #else - mbedtls_md_init(&sha512); + mbedtls_md_init(&sha384); MBEDTLS_SSL_DEBUG_MSG(2, ("=> calc finished tls sha384")); - ret = mbedtls_md_setup(&sha512, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); + ret = mbedtls_md_setup(&sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); if (ret != 0) { goto exit; } - ret = mbedtls_md_clone(&sha512, &ssl->handshake->fin_sha384); + ret = mbedtls_md_clone(&sha384, &ssl->handshake->fin_sha384); if (ret != 0) { goto exit; } @@ -7810,7 +7810,7 @@ static int ssl_calc_finished_tls_sha384( * Hash( handshake ) )[0.11] */ - ret = mbedtls_md_finish(&sha512, padbuf); + ret = mbedtls_md_finish(&sha384, padbuf); if (ret != 0) { goto exit; } @@ -7832,7 +7832,7 @@ exit: psa_hash_abort(&sha384_psa); return mbedtls_md_error_from_psa(status); #else - mbedtls_md_free(&sha512); + mbedtls_md_free(&sha384); return ret; #endif /* MBEDTLS_USE_PSA_CRYPTO */ } From 86f30ff626655fa9c7fa6dec62b74ca9ea4359a1 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 24 Feb 2023 07:44:57 -0500 Subject: [PATCH 311/440] Reduce the default MBEDTLS_ECP_WINDOW_SIZE value to 2 As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790, after introducing side-channel counter-measures to bignum, the performance of RSA decryption in correlation to the MBEDTLS_ECP_WINDOW_SIZE has changed. The default value of 2 has been chosen as it provides best or close-to-best results for tests on Cortex-M4 and Intel i7. Signed-off-by: Andrzej Kurek --- ChangeLog.d/mpi-window-perf | 7 +++++++ include/mbedtls/bignum.h | 4 ++-- include/mbedtls/mbedtls_config.h | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/mpi-window-perf diff --git a/ChangeLog.d/mpi-window-perf b/ChangeLog.d/mpi-window-perf new file mode 100644 index 000000000..0f75d6af1 --- /dev/null +++ b/ChangeLog.d/mpi-window-perf @@ -0,0 +1,7 @@ +Changes + * Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2. + As tested in issue 6790, the correlation between this define and + RSA decryption performance has changed lately due to security fixes. + To fix the performance degradation when using default values the + window was reduced from 6 to 2, a value that gives the best or close + to best results when tested on Cortex-M4 and Intel i7. diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index e8fb2de4b..b1d4b88ba 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -63,7 +63,7 @@ #if !defined(MBEDTLS_MPI_WINDOW_SIZE) /* - * Maximum window size used for modular exponentiation. Default: 6 + * Maximum window size used for modular exponentiation. Default: 2 * Minimum value: 1. Maximum value: 6. * * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used @@ -71,7 +71,7 @@ * * Reduction in size, reduces speed. */ -#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ +#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */ #endif /* !MBEDTLS_MPI_WINDOW_SIZE */ #if !defined(MBEDTLS_MPI_MAX_SIZE) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 9ae51c964..b874995f4 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3559,7 +3559,7 @@ * comment in the specific module. */ /* MPI / BIGNUM options */ -//#define MBEDTLS_MPI_WINDOW_SIZE 6 /**< Maximum window size used. */ +//#define MBEDTLS_MPI_WINDOW_SIZE 2 /**< Maximum window size used. */ //#define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ /* CTR_DRBG options */ From 248971348b36d0dc5473499f19981ee51f877de0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Thu, 19 Jan 2023 20:57:44 +0100 Subject: [PATCH 312/440] Replace fuzzer-generated PKCS7 regression tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit adds well-formed reproducers for the memory management issues fixed in the following commits: 290f01b3f54a16045be201699becda8f500eebd5 e7f8c616d0b9388fd20ffd6c9730ea8188f27716 f7641544eafeaf0c71d109fbbec1d9f8aa2e74d8 Signed-off-by: Bence Szépkúti --- tests/data_files/Makefile | 12 ++++++++++++ ...info_set-leak-fuzz_pkcs7-4541044530479104.der | Bin 108 -> 0 bytes ...-missing_free-fuzz_pkcs7-6213931373035520.der | Bin 108 -> 0 bytes ...Info_1_serial_invalid_tag_after_long_name.der | Bin 0 -> 810 bytes .../pkcs7_signerInfo_2_invalid_tag.der | Bin 0 -> 1185 bytes tests/suites/test_suite_pkcs7.data | 12 ++++++------ 6 files changed, 18 insertions(+), 6 deletions(-) delete mode 100644 tests/data_files/pkcs7_get_signers_info_set-leak-fuzz_pkcs7-4541044530479104.der delete mode 100644 tests/data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-6213931373035520.der create mode 100644 tests/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der create mode 100644 tests/data_files/pkcs7_signerInfo_2_invalid_tag.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 622a28977..a7517bf78 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1369,6 +1369,18 @@ pkcs7_data_signed_badsigner.der: pkcs7_data_cert_signed_sha256.der echo -en '\xa1' | dd of=$@ bs=1 seek=918 conv=notrunc all_final += pkcs7_data_signed_badsigner.der +# pkcs7 signature file with invalid tag in signerInfo[1].serial after long issuer name +pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der: pkcs7_data_multiple_signed.der + cp $< $@ + echo -en '\xa1' | dd of=$@ bs=1 seek=498 conv=notrunc +all_final += pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der + +# pkcs7 signature file with invalid tag in signerInfo[2] +pkcs7_signerInfo_2_invalid_tag.der: pkcs7_data_3_signed.der + cp $< $@ + echo -en '\xa1' | dd of=$@ bs=1 seek=810 conv=notrunc +all_final += pkcs7_signerInfo_2_invalid_tag.der + # pkcs7 file with version 2 pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der cp pkcs7_data_cert_signed_sha256.der $@ diff --git a/tests/data_files/pkcs7_get_signers_info_set-leak-fuzz_pkcs7-4541044530479104.der b/tests/data_files/pkcs7_get_signers_info_set-leak-fuzz_pkcs7-4541044530479104.der deleted file mode 100644 index 51aef0d0929043a6c080846758c96bf08a945216..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 108 zcmXrWVq#=8FQ)N1o+`_9YA&S+?7APZDrz-_=`$Y#L8#=yhC l!~mq36ch}Y*cezCVA3LnLJ(;XDFadhBo)BmKZH_H004ib3yc5& diff --git a/tests/data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-6213931373035520.der b/tests/data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-6213931373035520.der deleted file mode 100644 index ce4fb3bd49fdaf0ccd10069af549eb55ec9554fe..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 108 zcmXrWVq#=8FQ)N1o+`_9YA&S>avAPZDrz-_=`$Y#L8#=y+L V!~mq36ch}Y*cezC2uLd+0|0Qt3R(aF diff --git a/tests/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der b/tests/data_files/pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der new file mode 100644 index 0000000000000000000000000000000000000000..fe5539006c9ec85d67bb841a63c2767a643c1179 GIT binary patch literal 810 zcmXqLVpe10)N1o+`_9YA&a|M3S=^wBS(u5D(U9MOmyI)_&4V$OnT3gwmBD};p^(wA ziRqm|6Js$@p@ENqi6OTECmVAp3!5;LpN}D*0S}17#lsrl?Hp`wC~6=K;xqH`fcXl} zsYN9UhD;*W_wHVD@ws^RUyS1l0iDk6_w{o2qgx7e1JrelKsT^7F)~EIxluUv;JyD7 z4*5(}n;p9OL*^c(7^56RAF05K{C^@R4EFhXAGg_McCxH|i(`iR?3Z#i_iH3AvK~n! z70wl2yx{+b23t4Iq)%s8n2WTu8wDM{&g#2E#7>(-%0lcd2g|8|nd{=;ys(YYF>l^D zqubl<&XlL2?F-poiMs7qy41y4pQ`1Mc1JT+Z9?XH{lK!_Jugq?3jRzF|6s)OJ*>dA z{Q}n&mCBq+f2v;Rd%76ToOjD$CZB(JakAc}h<{9F>83Mp<)1S>yS7|y!EPp>wKKCj z9-N-h>hn5=JMXy1&7bG8a;})ScCXnXlGvrL|9Oe%u?O|G8)meZ|9#UEHGO}rfbIp# zg57ALNSJS^gX;Roc}4}5n~L~8@P4lOT|+q7SrTU4iPxU_c#qz-6y18R#P_QY##kIr zHr{jQ-8-{c{$9~{SGiufEP22YUvi1{cFwg3#x2dhuO0V4g zu_IChH$WOk=G!d%3Z2+p)Uqhct5budx5I zF#Y(RLe6#1uRokH`*O?gKZ%q3{w$U0oP1n%vv@JT*z@OQZBDcuZZyRM%7_+Yxjn=Du9|G|F06a(g4FRyN7+$p#GY3%KPB8-6r r>DM<%X>nA3=!og`YCpfN$G7gqganVqbvtX6E`BzDKgo_cDun?6%%4K* literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der b/tests/data_files/pkcs7_signerInfo_2_invalid_tag.der new file mode 100644 index 0000000000000000000000000000000000000000..3a4287426c1758419224ca36729255bee68c32c5 GIT binary patch literal 1185 zcmXqLVwuavsnzDu_MMlJooPW6OP@g#OBWL(qanWmFB@k(-%0lcd2g|8|nd{=;ys(YYF>l^D zqubl<&XlL2?F-poiMs7qy41y4pQ`1Mc1JT+Z9?XH{lK!_Jugq?3jRzF|6s)OJ*>dA z{Q}n&mCBq+f2v;Rd%76ToOjD$CZB(JakAc}h<{9F>83Mp<)1S>yS7|y!EPp>wKKCj z9-N-h>hn5=JMXy1&7bG8a;})ScCXnXlGvrL|9Oe%u?O|G8)meZ|9#UEHGO}rfbIp# zg58KoB+NI|L3MrPJfnijO+|bkct6+tt|1)kED1C2#B0xdyhra^if%nu;``MHV=Rs* z8}B*u?w#2zf3N7fD_%vaIjTI-{Lp5UVS9UF^?o(orfvIvS^J4Jm}m9W+tk)+rC09$ z*p#%Ywf4m!E}?CU&h`1$8{Uv^Xk1bi{OewV&VC<6HM)LV`!*x}7yj7eAZ7pJc}zmBO%)qSS88B$DJ_G^2E0 zA4_4^(`33vX}Q9+54o_a4zHC=QW;J zd&MqqdMTrq_`<+u@%6WhE9-A;j#;j~(OYzpci8TNJHj5WsSS++|6{lIgneJ&9LE0m zaM15BUjx}b&EUU$*2%JVf1&xidO4%B4U4z07TS^{Hc3Ifw_JRCmyPQ+%P3*4?uZtd zJ(_&}jkS-L{1ba~q5PEbf>o-IOwZJ(g|6UUvF=U#gy>DnLn62DIl9pJ(@c}eTjc+I fv$?)_;^SxE8>XCc(P Date: Tue, 21 Feb 2023 14:19:23 +0000 Subject: [PATCH 313/440] Remove driver entry points for {get|set}_max_ops(). Move the global variable to the PSA layer, and just set that when calling PSA level functions. Move the internal ecp set to before each ecp call. Signed-off-by: Paul Elliott --- include/psa/crypto.h | 3 ++ library/psa_crypto.c | 34 +++++++------------ library/psa_crypto_driver_wrappers.h | 4 --- .../psa_crypto_driver_wrappers.c.jinja | 18 ---------- 4 files changed, 15 insertions(+), 44 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 80bf5c969..48c45dfa3 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4217,6 +4217,9 @@ uint32_t psa_interruptible_get_max_ops(void); * \c psa_sign_hash_interruptible_abort() on * the operation, a value of 0 will be returned. * + * \note This interface is guaranteed re-entrant and + * thus may be called from driver code. + * * \warning This is a beta API, and thus subject to change * at any point. It is not bound by the usual * interface stability promises. diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 3ec9273de..8e2cecc68 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3153,17 +3153,18 @@ exit: /* Asymmetric interruptible cryptography */ /****************************************************************/ +static uint32_t psa_interruptible_max_ops = PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; + void psa_interruptible_set_max_ops(uint32_t max_ops) { - psa_driver_wrapper_interruptible_set_max_ops(max_ops); + psa_interruptible_max_ops = max_ops; } uint32_t psa_interruptible_get_max_ops(void) { - return psa_driver_wrapper_interruptible_get_max_ops(); + return psa_interruptible_max_ops; } - uint32_t psa_sign_hash_get_num_ops( const psa_sign_hash_interruptible_operation_t *operation) { @@ -3458,12 +3459,8 @@ psa_status_t psa_verify_hash_abort( /* implementations */ /****************************************************************/ -static uint32_t mbedtls_psa_interruptible_max_ops = - PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED; - void mbedtls_psa_interruptible_set_max_ops(uint32_t max_ops) { - mbedtls_psa_interruptible_max_ops = max_ops; #if (defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)) && \ @@ -3476,16 +3473,13 @@ void mbedtls_psa_interruptible_set_max_ops(uint32_t max_ops) } mbedtls_ecp_set_max_ops(max_ops); +#else + (void) max_ops; #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || * defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) && * defined( MBEDTLS_ECP_RESTARTABLE ) */ } -uint32_t mbedtls_psa_interruptible_get_max_ops(void) -{ - return mbedtls_psa_interruptible_max_ops; -} - uint32_t mbedtls_psa_sign_hash_get_num_ops( const mbedtls_psa_sign_hash_interruptible_operation_t *operation) { @@ -3544,11 +3538,6 @@ psa_status_t mbedtls_psa_sign_hash_start( /* Ensure num_ops is zero'ed in case of context re-use. */ operation->num_ops = 0; - /* Ensure default is set even if - * mbedtls_psa_interruptible_set_max_ops() has not been called. */ - mbedtls_psa_interruptible_set_max_ops( - mbedtls_psa_interruptible_get_max_ops()); - status = mbedtls_psa_ecp_load_representation(attributes->core.type, attributes->core.bits, key_buffer, @@ -3613,6 +3602,9 @@ psa_status_t mbedtls_psa_sign_hash_complete( mbedtls_mpi_init(&r); mbedtls_mpi_init(&s); + /* Ensure max_ops is set to the current value (or default). */ + mbedtls_psa_interruptible_set_max_ops(psa_interruptible_get_max_ops()); + if (signature_size < 2 * operation->coordinate_bytes) { status = PSA_ERROR_BUFFER_TOO_SMALL; goto exit; @@ -3764,11 +3756,6 @@ psa_status_t mbedtls_psa_verify_hash_start( /* Ensure num_ops is zero'ed in case of context re-use. */ operation->num_ops = 0; - /* Ensure default is set even if - * mbedtls_psa_interruptible_set_max_ops() has not been called. */ - mbedtls_psa_interruptible_set_max_ops( - mbedtls_psa_interruptible_get_max_ops()); - status = mbedtls_psa_ecp_load_representation(attributes->core.type, attributes->core.bits, key_buffer, @@ -3853,6 +3840,9 @@ psa_status_t mbedtls_psa_verify_hash_complete( psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + /* Ensure max_ops is set to the current value (or default). */ + mbedtls_psa_interruptible_set_max_ops(psa_interruptible_get_max_ops()); + status = mbedtls_to_psa_error( mbedtls_ecdsa_verify_restartable(&operation->ctx->grp, operation->hash, diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index e3edec791..b16750658 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -70,10 +70,6 @@ psa_status_t psa_driver_wrapper_verify_hash( * Interruptible Signature functions */ -void psa_driver_wrapper_interruptible_set_max_ops(uint32_t max_ops); - -uint32_t psa_driver_wrapper_interruptible_get_max_ops(void); - uint32_t psa_driver_wrapper_sign_hash_get_num_ops( psa_sign_hash_interruptible_operation_t *operation); diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index b35e726a0..e1a20784c 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -433,24 +433,6 @@ psa_status_t psa_driver_wrapper_verify_hash( } } -void psa_driver_wrapper_interruptible_set_max_ops( uint32_t max_ops ) -{ - /* TODO - dispatch to drivers dynamically registered for this - * service when registering is implemented. For now, fall - * through to internal implementation. */ - - mbedtls_psa_interruptible_set_max_ops( max_ops ); -} - -uint32_t psa_driver_wrapper_interruptible_get_max_ops( void ) -{ - /* TODO - dispatch to drivers dynamically registered for this - * service when registering is implemented. For now, fall - * through to internal implementation. */ - - return mbedtls_psa_interruptible_get_max_ops( ); -} - uint32_t psa_driver_wrapper_sign_hash_get_num_ops( psa_sign_hash_interruptible_operation_t *operation ) { From 358f94a71c81bdaf95c5cab0e5ce79c541bf2cf9 Mon Sep 17 00:00:00 2001 From: Ashley Duncan Date: Fri, 11 Feb 2022 09:57:18 +1300 Subject: [PATCH 314/440] Fixed undefined behavior in ssl_read if buf parameter is NULL. Signed-off-by: Ashley Duncan --- library/ssl_msg.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index d26d95086..1162cca02 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5593,8 +5593,10 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) n = (len < ssl->in_msglen) ? len : ssl->in_msglen; - memcpy(buf, ssl->in_offt, n); - ssl->in_msglen -= n; + if (buf) { + memcpy(buf, ssl->in_offt, n); + ssl->in_msglen -= n; + } /* Zeroising the plaintext buffer to erase unused application data from the memory. */ From 937d6d5eab6b28769cae2c8e5fbd41c94c9919ee Mon Sep 17 00:00:00 2001 From: ashesman Date: Thu, 17 Feb 2022 11:08:27 +1300 Subject: [PATCH 315/440] Update library/ssl_msg.c Co-authored-by: Gilles Peskine Signed-off-by: Dave Rodgman --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 1162cca02..5deaedacc 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5593,7 +5593,7 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len) n = (len < ssl->in_msglen) ? len : ssl->in_msglen; - if (buf) { + if (len != 0) { memcpy(buf, ssl->in_offt, n); ssl->in_msglen -= n; } From 88240e769f974f506f4f5f78fa6acd66d7ae4447 Mon Sep 17 00:00:00 2001 From: Ashley Duncan Date: Thu, 17 Feb 2022 11:10:33 +1300 Subject: [PATCH 316/440] Added changelog entry. Signed-off-by: Ashley Duncan --- ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt diff --git a/ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt b/ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt new file mode 100644 index 000000000..392a91b72 --- /dev/null +++ b/ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt @@ -0,0 +1,2 @@ +Bugfix + * Fixed undefined behavior in mbedtls_ssl_read if len argument is 0 From f68402565ab0d52e556c0bbfa89feec292133cb9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 24 Feb 2023 15:41:34 +0000 Subject: [PATCH 317/440] Add corresponding fix for mbedtls_ssl_write Signed-off-by: Dave Rodgman --- library/ssl_msg.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 5deaedacc..4ed67b707 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -5672,7 +5672,9 @@ static int ssl_write_real(mbedtls_ssl_context *ssl, */ ssl->out_msglen = len; ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA; - memcpy(ssl->out_msg, buf, len); + if (len > 0) { + memcpy(ssl->out_msg, buf, len); + } if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) { MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret); From fd8929cfd112b8c40f9d48c02fa3658520767bd1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 24 Feb 2023 15:43:43 +0000 Subject: [PATCH 318/440] Improve changelog Signed-off-by: Dave Rodgman --- ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt b/ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt index 392a91b72..1f2c563be 100644 --- a/ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt +++ b/ChangeLog.d/mbedtls_ssl_read_undefined_behavior.txt @@ -1,2 +1,3 @@ Bugfix - * Fixed undefined behavior in mbedtls_ssl_read if len argument is 0 + * Fix undefined behavior in mbedtls_ssl_read() and mbedtls_ssl_write() if + len argument is 0 and buffer is NULL. From a4e8fb0041191e75970cb2e2b1ea70b915b87afb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 24 Feb 2023 15:41:55 +0000 Subject: [PATCH 319/440] Add tests Signed-off-by: Dave Rodgman --- tests/suites/test_suite_ssl.function | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 15246cb1a..f92048596 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1159,6 +1159,12 @@ int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, int buf_len, int *written, const int expected_fragments) { + /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is + * a valid no-op for TLS connections. */ + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0); + } + int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written); if (ret > 0) { *written += ret; @@ -1197,6 +1203,12 @@ int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf, int buf_len, int *read, int *fragments, const int expected_fragments) { + /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is + * a valid no-op for TLS connections. */ + if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) { + TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0); + } + int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read); if (ret > 0) { (*fragments)++; From f55182d2bf1ede94f716697f8672e5156e6f761d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 24 Feb 2023 17:42:43 +0000 Subject: [PATCH 320/440] Use platform-provided secure zeroization call Signed-off-by: Dave Rodgman --- library/platform_util.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/library/platform_util.c b/library/platform_util.c index f935b900e..47feb645a 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -33,8 +33,27 @@ #include "mbedtls/threading.h" #include + +#ifndef __STDC_WANT_LIB_EXT1__ +#define __STDC_WANT_LIB_EXT1__ 1 +#endif #include +#if defined(_WIN32) +#include +#endif + +// Detect platforms known to support explicit_bzero() +#if defined(__GLIBC__) && (__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 25) +#define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 +#endif +#if defined(__FreeBSD__) && __FreeBSD_version >= 1100037 +#define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 +#endif +#if defined(__NEWLIB__) +#define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 +#endif + #if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT) /* * This implementation should never be optimized out by the compiler @@ -69,7 +88,15 @@ void mbedtls_platform_zeroize(void *buf, size_t len) MBEDTLS_INTERNAL_VALIDATE(len == 0 || buf != NULL); if (len > 0) { +#if defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) + explicit_bzero(buf, len); +#elif(__STDC_LIB_EXT1__) + memset_s(buf, len, 0, len); +#elif defined(_WIN32) + SecureZeroMemory(buf, len); +#else memset_func(buf, 0, len); +#endif } } #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ From 4daca637340e033c2d7fb2043b050a2977ec6182 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 24 Feb 2023 17:43:00 +0000 Subject: [PATCH 321/440] Documentation Signed-off-by: Dave Rodgman --- library/platform_util.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/library/platform_util.c b/library/platform_util.c index 47feb645a..60b77e84e 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -56,7 +56,12 @@ #if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT) /* - * This implementation should never be optimized out by the compiler + * Where possible, we try to detect the presence of a platform-provided + * secure memset, such as explicit_bzero(), that is safe against being optimized + * out, and use that. + * + * For other platforms, we provide an implementation that aims not to be + * optimized out by the compiler. * * This implementation for mbedtls_platform_zeroize() was inspired from Colin * Percival's blog article at: @@ -71,11 +76,11 @@ * (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for * details), optimizations of the following form are still possible: * - * if( memset_func != memset ) - * memset_func( buf, 0, len ); + * if(memset_func != memset) + * memset_func(buf, 0, len); * * Note that it is extremely difficult to guarantee that - * mbedtls_platform_zeroize() will not be optimized out by aggressive compilers + * the memset() call will not be optimized out by aggressive compilers * in a portable way. For this reason, Mbed TLS also provides the configuration * option MBEDTLS_PLATFORM_ZEROIZE_ALT, which allows users to configure * mbedtls_platform_zeroize() to use a suitable implementation for their From bf0597f804701ca11a089354339a022a71a8a556 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 24 Feb 2023 17:45:41 +0000 Subject: [PATCH 322/440] Changelog Signed-off-by: Dave Rodgman --- ChangeLog.d/platform-zeroization.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/platform-zeroization.txt diff --git a/ChangeLog.d/platform-zeroization.txt b/ChangeLog.d/platform-zeroization.txt new file mode 100644 index 000000000..f17fbbb96 --- /dev/null +++ b/ChangeLog.d/platform-zeroization.txt @@ -0,0 +1,3 @@ +Security + * Use platform-provided secure zeroization function where possible, such as + explicit_bzero(). From 7bc24cc512518a2d21a652a19caee835c4228820 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 24 Feb 2023 18:04:16 +0000 Subject: [PATCH 323/440] Fix typos in documentation. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fa6991e9f..9dddb8f88 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -2686,7 +2686,7 @@ static psa_status_t psa_sign_verify_check_alg(int input_is_message, /** * \brief For output buffers which contain "tags" * (outputs that may be checked for validity like - * Hashes, MACs and signatures), fill the unused + * hashes, MACs and signatures), fill the unused * part of the output buffer (the whole buffer on * error, the trailing part on success) with * something that isn't a valid tag (barring an @@ -2694,9 +2694,9 @@ static psa_status_t psa_sign_verify_check_alg(int input_is_message, * input), in case the caller doesn't check the * return status properly. * - * \param output_buffer pointer to buffer to wipe. May not be NULL + * \param output_buffer Pointer to buffer to wipe. May not be NULL * unless \p output_buffer_size is zero. - * \param status status of function called to generate + * \param status Status of function called to generate * output_buffer originally * \param output_buffer_size Size of output buffer. If zero, \p output_buffer * could be NULL. From 8b6eded03dc40986861c03f31897abc06d9cb872 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 24 Feb 2023 18:07:05 +0000 Subject: [PATCH 324/440] Tidy-up comment Co-authored-by: Tom Cosgrove Signed-off-by: Dave Rodgman --- library/platform_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index 60b77e84e..35e29ae88 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -76,7 +76,7 @@ * (refer to http://www.daemonology.net/blog/2014-09-05-erratum.html for * details), optimizations of the following form are still possible: * - * if(memset_func != memset) + * if (memset_func != memset) * memset_func(buf, 0, len); * * Note that it is extremely difficult to guarantee that From dc42ca8a7eb8774bb58b0669766b732556eec36c Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 24 Feb 2023 18:11:59 +0000 Subject: [PATCH 325/440] Use psa_wipe_tag_buffer() for MAC and aead code. Signed-off-by: Paul Elliott --- library/psa_crypto.c | 95 ++++++++++++++++++++------------------------ 1 file changed, 43 insertions(+), 52 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9dddb8f88..9cc2aa924 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -322,6 +322,43 @@ psa_status_t mbedtls_to_psa_error(int ret) } } +/** + * \brief For output buffers which contain "tags" + * (outputs that may be checked for validity like + * hashes, MACs and signatures), fill the unused + * part of the output buffer (the whole buffer on + * error, the trailing part on success) with + * something that isn't a valid tag (barring an + * attack on the tag and deliberately-crafted + * input), in case the caller doesn't check the + * return status properly. + * + * \param output_buffer Pointer to buffer to wipe. May not be NULL + * unless \p output_buffer_size is zero. + * \param status Status of function called to generate + * output_buffer originally + * \param output_buffer_size Size of output buffer. If zero, \p output_buffer + * could be NULL. + * \param output_buffer_length Length of data written to output_buffer, must be + * less than \p output_buffer_size + */ +static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t status, + size_t output_buffer_size, size_t output_buffer_length) { + size_t offset = 0; + + if (output_buffer_size == 0) { + /* If output_buffer_size is 0 then we have nothing to do. We must not + call memset because output_buffer may be NULL in this case */ + return; + } + + if (status == PSA_SUCCESS) { + offset = output_buffer_length; + } + + memset(output_buffer + offset, '!', output_buffer_size - offset); +} + @@ -2504,10 +2541,7 @@ exit: operation->mac_size = 0; } - if (mac_size > operation->mac_size) { - memset(&mac[operation->mac_size], '!', - mac_size - operation->mac_size); - } + psa_wipe_tag_output_buffer(mac, status, mac_size, *mac_length); abort_status = psa_mac_abort(operation); @@ -2601,9 +2635,8 @@ exit: *mac_length = mac_size; operation_mac_size = 0; } - if (mac_size > operation_mac_size) { - memset(&mac[operation_mac_size], '!', mac_size - operation_mac_size); - } + + psa_wipe_tag_output_buffer(mac, status, mac_size, *mac_length); unlock_status = psa_unlock_key_slot(slot); @@ -2683,44 +2716,6 @@ static psa_status_t psa_sign_verify_check_alg(int input_is_message, return PSA_SUCCESS; } -/** - * \brief For output buffers which contain "tags" - * (outputs that may be checked for validity like - * hashes, MACs and signatures), fill the unused - * part of the output buffer (the whole buffer on - * error, the trailing part on success) with - * something that isn't a valid tag (barring an - * attack on the tag and deliberately-crafted - * input), in case the caller doesn't check the - * return status properly. - * - * \param output_buffer Pointer to buffer to wipe. May not be NULL - * unless \p output_buffer_size is zero. - * \param status Status of function called to generate - * output_buffer originally - * \param output_buffer_size Size of output buffer. If zero, \p output_buffer - * could be NULL. - * \param output_buffer_length Length of data written to output_buffer, must be - * less than \p output_buffer_size - */ -static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t status, - size_t output_buffer_size, size_t output_buffer_length) -{ - size_t offset = 0; - - if (output_buffer_size == 0) { - /* If output_buffer_size is 0 then we have nothing to do. We must not - call memset because output_buffer may be NULL in this case */ - return; - } - - if (status == PSA_SUCCESS) { - offset = output_buffer_length; - } - - memset(output_buffer + offset, '!', output_buffer_size - offset); -} - static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key, int input_is_message, psa_algorithm_t alg, @@ -4917,18 +4912,14 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation, tag, tag_size, tag_length); exit: + + /* In case the operation fails and the user fails to check for failure or * the zero tag size, make sure the tag is set to something implausible. * Even if the operation succeeds, make sure we clear the rest of the * buffer to prevent potential leakage of anything previously placed in * the same buffer.*/ - if (tag != NULL) { - if (status != PSA_SUCCESS) { - memset(tag, '!', tag_size); - } else if (*tag_length < tag_size) { - memset(tag + *tag_length, '!', (tag_size - *tag_length)); - } - } + psa_wipe_tag_output_buffer(tag, status, tag_size, *tag_length); psa_aead_abort(operation); From 8a7d26f12c21ce80ffe32133f174cd04353b6f1a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 24 Feb 2023 18:19:08 +0000 Subject: [PATCH 326/440] Typo fix Signed-off-by: Dave Rodgman --- library/platform_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index 35e29ae88..25f5c575f 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -95,7 +95,7 @@ void mbedtls_platform_zeroize(void *buf, size_t len) if (len > 0) { #if defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) explicit_bzero(buf, len); -#elif(__STDC_LIB_EXT1__) +#elif defined(__STDC_LIB_EXT1__) memset_s(buf, len, 0, len); #elif defined(_WIN32) SecureZeroMemory(buf, len); From a6fda16a41d92ec3a591f281cfe0a2f7126c7b26 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 24 Feb 2023 19:00:38 +0000 Subject: [PATCH 327/440] Fix re-definition of __STDC_WANT_LIB_EXT1__ Signed-off-by: Dave Rodgman --- library/platform_util.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/platform_util.c b/library/platform_util.c index 25f5c575f..d0abc179f 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -35,7 +35,7 @@ #include #ifndef __STDC_WANT_LIB_EXT1__ -#define __STDC_WANT_LIB_EXT1__ 1 +#define __STDC_WANT_LIB_EXT1__ 1 /* Ask for the C11 gmtime_s() and memset_s() if available */ #endif #include @@ -107,7 +107,6 @@ void mbedtls_platform_zeroize(void *buf, size_t len) #endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */ #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT) -#define __STDC_WANT_LIB_EXT1__ 1 /* Ask for the C11 gmtime_s() if it's available */ #include #if !defined(_WIN32) && (defined(unix) || \ defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \ From f0a0e43053d9741a7531a4063c7abce56a7c042e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 24 Feb 2023 19:01:48 +0000 Subject: [PATCH 328/440] explicit_bzero is not available on arm-none-eabi Signed-off-by: Dave Rodgman --- library/platform_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index d0abc179f..8141dd84b 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -44,7 +44,7 @@ #endif // Detect platforms known to support explicit_bzero() -#if defined(__GLIBC__) && (__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 25) +#if defined(__GLIBC__) && (__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 25) && defined(__unix__) #define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 #endif #if defined(__FreeBSD__) && __FreeBSD_version >= 1100037 From 828ec905dbbeeb01d93f5cf847aec0508ee07a72 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 25 Feb 2023 13:32:26 +0000 Subject: [PATCH 329/440] Improve explicit_bzero detection Signed-off-by: Dave Rodgman --- library/platform_util.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index 8141dd84b..69d3d7a22 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -44,7 +44,8 @@ #endif // Detect platforms known to support explicit_bzero() -#if defined(__GLIBC__) && (__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 25) && defined(__unix__) +#if defined(__GLIBC__) && (__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 25) \ + && !defined(__ARM_EABI__) #define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 #endif #if defined(__FreeBSD__) && __FreeBSD_version >= 1100037 From 82f3de55b22b7edd16e032747747d38da91c43b1 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 25 Feb 2023 14:08:22 +0000 Subject: [PATCH 330/440] tidy up brackets Signed-off-by: Dave Rodgman --- library/platform_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index 69d3d7a22..288444434 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -48,7 +48,7 @@ && !defined(__ARM_EABI__) #define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 #endif -#if defined(__FreeBSD__) && __FreeBSD_version >= 1100037 +#if defined(__FreeBSD__) && (__FreeBSD_version >= 1100037) #define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 #endif #if defined(__NEWLIB__) From fe57a2e008bd724d3ac98e95efc9bc9bf0b3ea67 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 25 Feb 2023 14:16:34 +0000 Subject: [PATCH 331/440] Remove newlib detection Signed-off-by: Dave Rodgman --- library/platform_util.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/platform_util.c b/library/platform_util.c index 288444434..9ac57e141 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -51,9 +51,6 @@ #if defined(__FreeBSD__) && (__FreeBSD_version >= 1100037) #define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 #endif -#if defined(__NEWLIB__) -#define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 -#endif #if !defined(MBEDTLS_PLATFORM_ZEROIZE_ALT) /* From 703f805f0990e8c4a661aa2d7d1d30cdd2601934 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 25 Feb 2023 15:19:52 +0000 Subject: [PATCH 332/440] Improve explicit_bzero detection Signed-off-by: Dave Rodgman --- library/platform_util.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/platform_util.c b/library/platform_util.c index 9ac57e141..d8499bddc 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -26,6 +26,11 @@ #define _POSIX_C_SOURCE 200112L #endif +#if !defined (_GNU_SOURCE) +/* Clang requires this to get support for explicit_bzero */ +#define _GNU_SOURCE +#endif + #include "common.h" #include "mbedtls/platform_util.h" @@ -84,7 +89,10 @@ * mbedtls_platform_zeroize() to use a suitable implementation for their * platform and needs. */ + #if !defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) && !defined(__STDC_LIB_EXT1__) \ + && !defined(_WIN32) static void *(*const volatile memset_func)(void *, int, size_t) = memset; +#endif void mbedtls_platform_zeroize(void *buf, size_t len) { From 21dfce7a5c336e42ba00e95ab341d48061f4c787 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 25 Feb 2023 17:10:38 +0000 Subject: [PATCH 333/440] Add tests Signed-off-by: Dave Rodgman --- tests/suites/test_suite_platform_util.data | 23 +++++++++++ .../suites/test_suite_platform_util.function | 41 +++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100644 tests/suites/test_suite_platform_util.data create mode 100644 tests/suites/test_suite_platform_util.function diff --git a/tests/suites/test_suite_platform_util.data b/tests/suites/test_suite_platform_util.data new file mode 100644 index 000000000..948543a6f --- /dev/null +++ b/tests/suites/test_suite_platform_util.data @@ -0,0 +1,23 @@ +Zeroize len 0, null +mbedtls_platform_zeroize:0:1 + +Zeroize len 0, non-null +mbedtls_platform_zeroize:0:0 + +Zeroize len 1 +mbedtls_platform_zeroize:1:0 + +Zeroize len 4 +mbedtls_platform_zeroize:1:0 + +Zeroize len 5 +mbedtls_platform_zeroize:1:0 + +Zeroize len 32 +mbedtls_platform_zeroize:32:0 + +Zeroize len 127 +mbedtls_platform_zeroize:127:0 + +Zeroize len 128 +mbedtls_platform_zeroize:128:0 diff --git a/tests/suites/test_suite_platform_util.function b/tests/suites/test_suite_platform_util.function new file mode 100644 index 000000000..e5464e0ec --- /dev/null +++ b/tests/suites/test_suite_platform_util.function @@ -0,0 +1,41 @@ +/* BEGIN_HEADER */ +#include "mbedtls/platform_util.h" +/* END_HEADER */ + +/* BEGIN_CASE */ +void mbedtls_platform_zeroize(int len, int null) +{ + char buf[130]; + char *p = NULL; + + TEST_ASSERT(len <= 128); + + /* Write sentinel values */ + buf[0] = 2; + buf[len + 1] = 2; + + /* Write non-zero content */ + if (!null) { + p = &buf[1]; + for (int i = 0; i < len; i++) { + p[i] = 1; + } + } + + /* Check content is non-zero */ + TEST_EQUAL(buf[0], 2); + for (int i = 0; i < len; i++) { + TEST_ASSERT(p[i] == 1); + } + TEST_EQUAL(buf[len + 1], 2); + + mbedtls_platform_zeroize(p, len); + + /* Check content is zero and sentinels un-changed */ + TEST_EQUAL(buf[0], 2); + for (int i = 0; i < len; i++) { + TEST_ASSERT(p[i] == 0); + } + TEST_EQUAL(buf[len + 1], 2); +} +/* END_CASE */ From f5e531a87b34f17f46e789456a05fb75655da14b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 25 Feb 2023 17:17:15 +0000 Subject: [PATCH 334/440] Fix code style Signed-off-by: Dave Rodgman --- library/platform_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index d8499bddc..9878cc2e1 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -26,7 +26,7 @@ #define _POSIX_C_SOURCE 200112L #endif -#if !defined (_GNU_SOURCE) +#if !defined(_GNU_SOURCE) /* Clang requires this to get support for explicit_bzero */ #define _GNU_SOURCE #endif From 096e72959b640d7ef71ae3c06642833796117a38 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 25 Feb 2023 17:17:35 +0000 Subject: [PATCH 335/440] Fix case of include header for mingw Signed-off-by: Dave Rodgman --- library/platform_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index 9878cc2e1..f9fe4f5ab 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -45,7 +45,7 @@ #include #if defined(_WIN32) -#include +#include #endif // Detect platforms known to support explicit_bzero() From 7118d17df148cbf2d67ea8f90ccef4feaa6e5e45 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 26 Feb 2023 16:57:05 +0000 Subject: [PATCH 336/440] Pacify code style checker Signed-off-by: Paul Elliott --- library/psa_crypto.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9cc2aa924..f5bd65b03 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -343,7 +343,8 @@ psa_status_t mbedtls_to_psa_error(int ret) * less than \p output_buffer_size */ static void psa_wipe_tag_output_buffer(uint8_t *output_buffer, psa_status_t status, - size_t output_buffer_size, size_t output_buffer_length) { + size_t output_buffer_size, size_t output_buffer_length) +{ size_t offset = 0; if (output_buffer_size == 0) { From c7f6882995ac0df0a82a6ee694ee219682e255a9 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 24 Feb 2023 17:37:04 +0000 Subject: [PATCH 337/440] Add comments to each test case to show intent Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 104 ++++++++++++++++++++ 1 file changed, 104 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 20e43c6ac..884295828 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6473,6 +6473,24 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +/** + * sign_hash_interruptible() test intentions: + * + * Note: This test can currently only handle ECDSA. + * + * 1. Test interruptible sign hash with known outcomes (deterministic ECDSA + * only). + * + * 2. Test the number of calls to psa_sign_hash_complete() required are as + * expected for different max_ops values. + * + * 3. Test that the number of ops done prior to start and after abort is zero + * and that each successful stage completes some ops (this is not mandated by + * the PSA specification, but is currently the case). + * + * 4. Test that calling psa_sign_hash_get_num_ops() multiple times between + * complete() calls does not alter the number of ops returned. + */ void sign_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, data_t *output_data, int max_ops_arg) @@ -6629,6 +6647,22 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +/** + * sign_hash_fail_interruptible() test intentions: + * + * Note: This test can currently only handle ECDSA. + * + * 1. Test that various failure cases for interruptible sign hash fail with the + * correct error codes, and at the correct point (at start or during + * complete). + * + * 2. Test the number of calls to psa_sign_hash_complete() required are as + * expected for different max_ops values. + * + * 3. Test that the number of ops done prior to start and after abort is zero + * and that each successful stage completes some ops (this is not mandated by + * the PSA specification, but is currently the case). + */ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, int signature_size_arg, @@ -6816,6 +6850,21 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +/** + * sign_verify_hash_interruptible() test intentions: + * + * Note: This test can currently only handle ECDSA. + * + * 1. Test that we can sign an input hash with the given key and then afterwards + * verify that signature. This is currently the only way to test non + * deterministic ECDSA, but this test can also handle deterministic. + * + * 2. Test that after corrupting the hash, the verification detects an invalid + * signature. + * + * 3. Test the number of calls to psa_sign_hash_complete() required are as + * expected for different max_ops values. + */ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, int max_ops_arg) @@ -6979,6 +7028,21 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +/** + * verify_hash_interruptible() test intentions: + * + * Note: This test can currently only handle ECDSA. + * + * 1. Test interruptible verify hash with known outcomes (deterministic ECDSA + * only). + * + * 2. Test the number of calls to psa_verify_hash_complete() required are as + * expected for different max_ops values. + * + * 3. Test that the number of ops done prior to start and after abort is zero + * and that each successful stage completes some ops (this is not mandated by + * the PSA specification, but is currently the case). + */ void verify_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, data_t *signature_data, int max_ops_arg) @@ -7104,6 +7168,22 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +/** + * verify_hash_fail_interruptible() test intentions: + * + * Note: This test can currently only handle ECDSA. + * + * 1. Test that various failure cases for interruptible verify hash fail with + * the correct error codes, and at the correct point (at start or during + * complete). + * + * 2. Test the number of calls to psa_verify_hash_complete() required are as + * expected for different max_ops values. + * + * 3. Test that the number of ops done prior to start and after abort is zero + * and that each successful stage completes some ops (this is not mandated by + * the PSA specification, but is currently the case). + */ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, data_t *signature_data, @@ -7207,6 +7287,14 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +/** + * interruptible_signverify_hash_state_test() test intentions: + * + * Note: This test can currently only handle ECDSA. + * + * 1. Test that calling the various interruptible sign and verify hash functions + * in incorrect orders returns BAD_STATE errors. + */ void interruptible_signverify_hash_state_test(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data) { @@ -7354,6 +7442,14 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +/** + * interruptible_signverify_hash_negative_tests() test intentions: + * + * Note: This test can currently only handle ECDSA. + * + * 1. Test various edge cases in the interruptible sign and verify hash + * interfaces. + */ void interruptible_signverify_hash_negative_tests(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data) { @@ -7505,6 +7601,14 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ +/** + * interruptible_signverify_hash_maxops_tests() test intentions: + * + * Note: This test can currently only handle ECDSA. + * + * 1. Test that setting max ops is reflected in both interruptible sign and + * verify hash + */ void interruptible_signverify_hash_maxops_tests(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data) { From c2033502f5c2eaf1a6d9db9ab02cba366572ffca Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 26 Feb 2023 17:09:14 +0000 Subject: [PATCH 338/440] Give edge case tests a better name Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 4 ++-- tests/suites/test_suite_psa_crypto.function | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 697cdd7b7..bbeef601c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4557,9 +4557,9 @@ PSA sign/vrfy hash int state test: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 interruptible_signverify_hash_state_test:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" -PSA sign/vrfy hash int neg tests: randomized ECDSA SECP256R1 SHA-256 +PSA sign/vrfy hash int edge case tests: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -interruptible_signverify_hash_negative_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +interruptible_signverify_hash_edgecase_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign/vrfy hash int max ops tests: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 884295828..994bd6b54 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7443,14 +7443,14 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ /** - * interruptible_signverify_hash_negative_tests() test intentions: + * interruptible_signverify_hash_edgecase_tests() test intentions: * * Note: This test can currently only handle ECDSA. * * 1. Test various edge cases in the interruptible sign and verify hash * interfaces. */ -void interruptible_signverify_hash_negative_tests(int key_type_arg, +void interruptible_signverify_hash_edgecase_tests(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; From fc2e128fc9a858d04fd6dc8624fd07ef5f04f6b7 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 27 Feb 2023 11:16:56 +0800 Subject: [PATCH 339/440] Fix grammar issues and remove useless code Signed-off-by: Jerry Yu --- library/sha256.c | 11 ++++++----- library/sha512.c | 20 ++++++-------------- 2 files changed, 12 insertions(+), 19 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index d18f22848..23cd406c3 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -26,12 +26,13 @@ defined(__clang__) && __clang_major__ < 18 && __clang_major__ > 3 /* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged. * - * The intrinsic declaration are guarded with ACLE predefined macros in clang, - * and those macros are only enabled with command line. Define the macros can - * enable those declaration and avoid compile error on it. + * The intrinsic declaration are guarded by predefined ACLE macros in clang: + * these are normally only enabled by the -march option on the command line. + * By defining the macros ourselves we gain access to those declarations without + * requiring -march on the command line. * - * `arm_neon.h` might be included in any head files. On the top of this file, we - * can guarantee this workaround always work. + * `arm_neon.h` could be included by any header file, so we put these defines + * at the top of this file, before any includes. */ #define __ARM_FEATURE_CRYPTO 1 #define NEED_TARGET_OPTIONS diff --git a/library/sha512.c b/library/sha512.c index 919cf2041..bc92a8de2 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -27,12 +27,13 @@ __clang_major__ >= 13 && __clang_minor__ > 0 && __clang_patchlevel__ > 0 /* TODO: Re-consider above after https://reviews.llvm.org/D131064 merged. * - * The intrinsic declaration are guarded with ACLE predefined macros in clang, - * and those macros are only enabled with command line. Define the macros can - * enable those declaration and avoid compile error on it. + * The intrinsic declaration are guarded by predefined ACLE macros in clang: + * these are normally only enabled by the -march option on the command line. + * By defining the macros ourselves we gain access to those declarations without + * requiring -march on the command line. * - * `arm_neon.h` might be included in any head files. On the top of this file, we - * can guarantee this workaround always work. + * `arm_neon.h` could be included by any header file, so we put these defines + * at the top of this file, before any includes. */ #define __ARM_FEATURE_SHA512 1 #define NEED_TARGET_OPTIONS @@ -43,15 +44,6 @@ #include "common.h" -#if defined(MBEDTLS_POP_TARGET_PRAGMA) && \ - !(defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) || \ - defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)) -#if defined(__clang__) -#pragma clang attribute pop -#endif -#undef MBEDTLS_POP_TARGET_PRAGMA -#endif - #if defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA384_C) #include "mbedtls/sha512.h" From 10c0f770ce5388234b4f5d9ff8ab910804e27219 Mon Sep 17 00:00:00 2001 From: oberon-sk Date: Mon, 13 Feb 2023 13:42:02 +0100 Subject: [PATCH 340/440] asymmetric_encrypt: check output length only if return code is PSA_SUCCESS. Signed-off-by: Stephan Koch --- tests/suites/test_suite_psa_crypto.function | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 20e43c6ac..4304811ae 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7853,7 +7853,9 @@ void asymmetric_encrypt(int key_type_arg, output, output_size, &output_length); TEST_EQUAL(actual_status, expected_status); - TEST_EQUAL(output_length, expected_output_length); + if (actual_status == PSA_SUCCESS) { + TEST_EQUAL(output_length, expected_output_length); + } /* If the label is empty, the test framework puts a non-null pointer * in label->x. Test that a null pointer works as well. */ @@ -7868,7 +7870,9 @@ void asymmetric_encrypt(int key_type_arg, output, output_size, &output_length); TEST_EQUAL(actual_status, expected_status); - TEST_EQUAL(output_length, expected_output_length); + if (actual_status == PSA_SUCCESS) { + TEST_EQUAL(output_length, expected_output_length); + } } exit: From 5819d2c14156cf155a2247ac3fc074d48ab604fe Mon Sep 17 00:00:00 2001 From: Stephan Koch Date: Wed, 22 Feb 2023 13:39:21 +0100 Subject: [PATCH 341/440] Feedback from Arm: guarantee that output_length <= output_size even on error, to reduce the risk that a missing error check escalates into a buffer overflow in the application code Signed-off-by: Stephan Koch --- tests/suites/test_suite_psa_crypto.function | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 4304811ae..8f0ea253c 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7855,6 +7855,8 @@ void asymmetric_encrypt(int key_type_arg, TEST_EQUAL(actual_status, expected_status); if (actual_status == PSA_SUCCESS) { TEST_EQUAL(output_length, expected_output_length); + } else { + TEST_LE_U(output_length, output_size); } /* If the label is empty, the test framework puts a non-null pointer @@ -7872,6 +7874,8 @@ void asymmetric_encrypt(int key_type_arg, TEST_EQUAL(actual_status, expected_status); if (actual_status == PSA_SUCCESS) { TEST_EQUAL(output_length, expected_output_length); + } else { + TEST_LE_U(output_length, output_size); } } From cd7e8bce030b39807eba1cbde33fc31dc9b55ddb Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 27 Feb 2023 12:21:36 +0000 Subject: [PATCH 342/440] Change max_ops=min tests to use zero Zero is the minimum value defined by the spec, just because the internal implementation treats zero and one as the same thing does not mean that other implementations will also do so. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 28 ++++++++++++------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 697cdd7b7..17984c80c 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4151,7 +4151,7 @@ sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab454 PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":1 +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0 PSA sign hash int (ops=inf) det ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 @@ -4159,7 +4159,7 @@ sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 -sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":1 +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":0 PSA sign hash int (ops=inf): det ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 @@ -4167,7 +4167,7 @@ sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8 PSA sign hash int (ops=min): det ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":1 +sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":0 PSA sign hash: RSA PKCS#1 v1.5 SHA-256, wrong hash size depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C @@ -4239,7 +4239,7 @@ sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):" PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-256, out buf too small depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:1 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:0 PSA sign hash int (ops=inf): det ECDSA SECP256R1 SHA-256, empty out buf depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 @@ -4247,7 +4247,7 @@ sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):" PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-256, empty out buf depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:1 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:0 PSA sign hash int (ops=inf): det ECDSA SECP256R1, invld hash alg (0) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 @@ -4255,7 +4255,7 @@ sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):" PSA sign hash int (ops=min): det ECDSA SECP256R1, invld hash alg (0) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:1 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:0 PSA sign hash int: det ECDSA SECP256R1, invld hash alg (wildcard) depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 @@ -4275,7 +4275,7 @@ sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):" PSA sign hash int (ops=min): det ECDSA not supported depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:1 +sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:0 PSA sign/verify hash: RSA PKCS#1 v1.5, raw depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C @@ -4323,7 +4323,7 @@ sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) PSA sign/vrfy hash int (ops=min): rand ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0 PSA sign/vrfy hash int (ops=inf): det ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 @@ -4331,7 +4331,7 @@ sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) PSA sign/vrfy hash int (ops=min): det ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0 PSA sign/vrfy hash int (ops=inf): rand ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA @@ -4339,7 +4339,7 @@ sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) PSA sign/vrfy hash int (ops=min): rand ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":1 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":0 PSA sign/vrfy hash int (ops=inf): det ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA @@ -4347,7 +4347,7 @@ sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) PSA sign/vrfy hash int (ops=min): det ECDSA SECP256R1 SHA-384 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":1 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":0 PSA sign/vrfy hash int (ops=inf): rand ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 @@ -4355,7 +4355,7 @@ sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) PSA sign/vrfy hash int (ops=min): rand ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0 PSA sign/vrfy hash int (ops=inf): det ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 @@ -4363,7 +4363,7 @@ sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) PSA sign/vrfy hash int (ops=min): det ECDSA SECP384R1 SHA-256 depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 -sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":1 +sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0 PSA verify hash: RSA PKCS#1 v1.5 SHA-256, good signature depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C @@ -4531,7 +4531,7 @@ verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R PSA vrfy hash int (ops=min): ECDSA SECP256R1, wrong sig of correct size depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:1 +verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:0 PSA vrfy hash int: ECDSA SECP256R1, wrong sig (empty) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 From a835d20cde0c08bd20640cf08e4069d13f329c01 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Thu, 23 Feb 2023 17:38:00 +0100 Subject: [PATCH 343/440] Add documentation Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 10 +++++----- library/ecp_invasive.h | 15 +++++++++++++++ 2 files changed, 20 insertions(+), 5 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index e1e3537e7..54fd26b57 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5077,20 +5077,20 @@ int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn) RESET; - SUB_LAST; NEXT; // A0 + /* Use 2^224 = P + 2^96 - 1 to modulo reduce the final carry */ + SUB_LAST; NEXT; // A0 += -last_c NEXT; // A1 NEXT; // A2 - ADD_LAST; NEXT; // A3 + ADD_LAST; NEXT; // A3 += last_c NEXT; // A4 NEXT; // A5 // A6 - RESET; - SUB_LAST; NEXT; // A0 + SUB_LAST; NEXT; // A0 += -last_c NEXT; // A1 NEXT; // A2 - ADD_LAST; NEXT; // A3 + ADD_LAST; NEXT; // A3 += last_c NEXT; // A4 NEXT; // A5 // A6 diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 2669aec42..ff11876c8 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -96,6 +96,21 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +/** Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2) + * + * \param[in,out] Np The address of the MPI to be converted. + * Must have exact limb size that stores a 448-bit MPI + * (double the bitlength of the modulus). + * Upon return holds the reduced value which is + * in range `0 <= X < 2 * N` (where N is the modulus). + * The bitlength of the reduced value is the same as + * that of the modulus (224 bits). + * \param[in] Nn The length of \p Nn in limbs. + * + * \return \c 0 on success. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p Nn is not the limb + * size that sores a 448-bit MPI. + */ MBEDTLS_STATIC_TESTABLE int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn); From 98791e778153bdf2a940f8370d047aba22a6e34d Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 27 Feb 2023 15:59:34 +0100 Subject: [PATCH 344/440] Add more test cases for P224 testing Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/ecp.py | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index da0ae3741..4f529d15c 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -90,6 +90,21 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon, input_values = [ "0", "1", + # Modulus - 1 + "ffffffffffffffffffffffffffffffff000000000000000000000000", + + # Maximum canonical P224 multiplication result + ("ffffffffffffffffffffffffffffffffffffffffffffffffffffffff" + "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff"), + + # Generate an overflow during reduction + ("00000000000000000000000000010000000070000000002000001000" + "FFFFFFFFFFFF9FFFFFFFFFE00000EFFF000070000000002000001003"), + + # Generate an underflow during reduction + ("00000001000000000000000000000000000000000000000000000000" + "00000000000DC0000000000000000001000000010000000100000003"), + # First 8 number generated by random.getrandbits(448) - seed(2,2) ("da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337" "15ba2bdd177219d30e7a269fd95bafc8f2a4d27bdcf4bb99f4bea973"), From 73e855327370372d0d1619126700d542d1ac1cfb Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 27 Feb 2023 16:05:53 +0100 Subject: [PATCH 345/440] Add comments to illustrate the second round of carry reduction is unnecessary The first round of carry reduction can not generate a carry thus the secound round is not needed. The comments illustrating when the carry is 1. The reduction is simmetric so the case when the carry is -1 is similar. The illustration is trying to calculate the input value starting with setting the carry to 1 before the second round of the carry reduction. It calculates backwords and tries to determine the value range of each word. It ends up with a contradiction that A10 must have the value of 0 and UINT32_MAX. Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 51 +++++++++++++++++++++++++++++++++----------- 1 file changed, 39 insertions(+), 12 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 54fd26b57..fd7701afa 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5070,22 +5070,49 @@ int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn) SUB( 7); SUB(11); NEXT; // A0 += -A7 - A11 SUB( 8); SUB(12); NEXT; // A1 += -A8 - A12 SUB( 9); SUB(13); NEXT; // A2 += -A9 - A13 - SUB(10); ADD( 7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 - SUB(11); ADD( 8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 - SUB(12); ADD( 9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 - SUB(13); ADD(10); // A6 += -A13 + A10 + // 2^32 + MAX32 = 2 * MAX32 + 1 = A3 + A7 - A10 + c + // A3 = MAX32, A7 = MAX32, A10 = 0, c = 1 + SUB( 10 ); ADD( 7 ); ADD( 11 ); NEXT; // A3 += -A10 + A7 + A11 + // 2^32 + MAX32 = 2 * MAX32 + 1 = A4 + A8 - A11 + c + // A4 = MAX32, A8 = MAX32, A11 = 0, c = 1 + SUB( 11 ); ADD( 8 ); ADD( 12 ); NEXT; // A4 += -A11 + A8 + A12 + // 2^32 + MAX32 = 2 * MAX32 + 1 = A5 + A9 - A12 + c + // A5 = MAX32, A9 = MAX32, A12 = 0, c = 1 + SUB( 12 ); ADD( 9 ); ADD( 13 ); NEXT; // A5 += -A12 + A9 + A13 + // 2^32 + MAX32 = 2 * MAX32 + 1 = A6 + A10 - A13 + c + // A6 = MAX32, A10 = MAX32, A13 = 0, c = 1 + SUB( 13 ); ADD( 10 ); // A6 += -A13 + A10 + // A6 = MAX32, c = 1 + // c =1 RESET; + // c = 0 - /* Use 2^224 = P + 2^96 - 1 to modulo reduce the final carry */ - SUB_LAST; NEXT; // A0 += -last_c - NEXT; // A1 - NEXT; // A2 - ADD_LAST; NEXT; // A3 += last_c - NEXT; // A4 - NEXT; // A5 - // A6 + // Use 2^224 = P + 2^96 - 1 to modulo reduce the final carry + + // last_c = 1, c = 0, A0 anything + SUB_LAST; NEXT; // A0 + // last_c = 1, c anything, A1 anything + NEXT; // A1 + // last_c = 1, c = -1, A2 > 0 + // last_c = 1, c = 0, A2 anything + // last_c = 1, c = 1 -> can't be because SUB_LAST + NEXT; // A2 + // 1a. last_c = 1, c = 0, A3 = MAX32 + // 1b. last_c = 1, c = -1, A3 = MAX32 -> cancel/ no carry + // 2. last_c = -1, c = 1, A3 = MAX32 -> cancel/ no carry + ADD_LAST; + // c = 1, A4 = MAX32 + NEXT; // A3 + // c = 1, A5 = MAX32 + NEXT; // A4 + // c = 1, A6 = MAX32 + NEXT; // A5 + // A6 + + // c = 1 RESET; + // last_c = 1 SUB_LAST; NEXT; // A0 += -last_c NEXT; // A1 From bf506361c4f0068c2e5ceae2f38e21f8744fb3e8 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 27 Feb 2023 16:33:30 +0100 Subject: [PATCH 346/440] Revert the illustration and remove unnecessary code This reverts commit 73e855327370372d0d1619126700d542d1ac1cfb. Removes the second round of carry reduction from p224. Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 46 +++++--------------------------------------- 1 file changed, 5 insertions(+), 41 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index fd7701afa..545ff04ea 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5070,50 +5070,14 @@ int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn) SUB( 7); SUB(11); NEXT; // A0 += -A7 - A11 SUB( 8); SUB(12); NEXT; // A1 += -A8 - A12 SUB( 9); SUB(13); NEXT; // A2 += -A9 - A13 - // 2^32 + MAX32 = 2 * MAX32 + 1 = A3 + A7 - A10 + c - // A3 = MAX32, A7 = MAX32, A10 = 0, c = 1 - SUB( 10 ); ADD( 7 ); ADD( 11 ); NEXT; // A3 += -A10 + A7 + A11 - // 2^32 + MAX32 = 2 * MAX32 + 1 = A4 + A8 - A11 + c - // A4 = MAX32, A8 = MAX32, A11 = 0, c = 1 - SUB( 11 ); ADD( 8 ); ADD( 12 ); NEXT; // A4 += -A11 + A8 + A12 - // 2^32 + MAX32 = 2 * MAX32 + 1 = A5 + A9 - A12 + c - // A5 = MAX32, A9 = MAX32, A12 = 0, c = 1 - SUB( 12 ); ADD( 9 ); ADD( 13 ); NEXT; // A5 += -A12 + A9 + A13 - // 2^32 + MAX32 = 2 * MAX32 + 1 = A6 + A10 - A13 + c - // A6 = MAX32, A10 = MAX32, A13 = 0, c = 1 - SUB( 13 ); ADD( 10 ); // A6 += -A13 + A10 - // A6 = MAX32, c = 1 + SUB(10); ADD( 7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 + SUB(11); ADD( 8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 + SUB(12); ADD( 9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 + SUB(13); ADD(10); // A6 += -A13 + A10 - // c =1 RESET; - // c = 0 - - // Use 2^224 = P + 2^96 - 1 to modulo reduce the final carry - - // last_c = 1, c = 0, A0 anything - SUB_LAST; NEXT; // A0 - // last_c = 1, c anything, A1 anything - NEXT; // A1 - // last_c = 1, c = -1, A2 > 0 - // last_c = 1, c = 0, A2 anything - // last_c = 1, c = 1 -> can't be because SUB_LAST - NEXT; // A2 - // 1a. last_c = 1, c = 0, A3 = MAX32 - // 1b. last_c = 1, c = -1, A3 = MAX32 -> cancel/ no carry - // 2. last_c = -1, c = 1, A3 = MAX32 -> cancel/ no carry - ADD_LAST; - // c = 1, A4 = MAX32 - NEXT; // A3 - // c = 1, A5 = MAX32 - NEXT; // A4 - // c = 1, A6 = MAX32 - NEXT; // A5 - // A6 - - // c = 1 - RESET; - // last_c = 1 + /* Use 2^224 = P + 2^96 - 1 to modulo reduce the final carry */ SUB_LAST; NEXT; // A0 += -last_c NEXT; // A1 NEXT; // A2 From 804cfd32eacab0b7638c4ecc905f8474d38a5641 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 27 Feb 2023 16:50:09 +0100 Subject: [PATCH 347/440] Follow the naming convention Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 6 +++--- library/ecp_invasive.h | 2 +- tests/suites/test_suite_ecp.function | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 545ff04ea..8a90e8027 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4576,7 +4576,7 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) static int ecp_mod_p224(mbedtls_mpi *); MBEDTLS_STATIC_TESTABLE -int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn); +int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn); #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) static int ecp_mod_p256(mbedtls_mpi *); @@ -5053,13 +5053,13 @@ static int ecp_mod_p224(mbedtls_mpi *N) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t expected_width = 2 * 224 / biL; MBEDTLS_MPI_CHK(mbedtls_mpi_grow(N, expected_width)); - ret = ecp_mod_p224_raw(N->p, expected_width); + ret = mbedtls_ecp_mod_p224_raw(N->p, expected_width); cleanup: return ret; } MBEDTLS_STATIC_TESTABLE -int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn) +int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn) { if (Nn != 2 * 224 / biL) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index ff11876c8..8ea6ece9a 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -112,7 +112,7 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); * size that sores a 448-bit MPI. */ MBEDTLS_STATIC_TESTABLE -int ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn); +int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn); #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 40bcd1793..726ca4695 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1373,7 +1373,7 @@ void ecp_mod_p224_raw(char *input_N, &m, N, limbs, MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0); - TEST_EQUAL(ecp_mod_p224_raw(X, limbs_X), 0); + TEST_EQUAL(mbedtls_ecp_mod_p224_raw(X, limbs_X), 0); TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), 224); mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); ASSERT_COMPARE(X, bytes, res, bytes); From 5afb80e00ad97a957399bcdb20899f5b89c82ca3 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 27 Feb 2023 17:00:34 +0100 Subject: [PATCH 348/440] Fix coding style issues Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 8a90e8027..977f140d7 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4982,8 +4982,10 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn) #else /* 64 bit */ #define MAX32 Nn * 2 -#define A(j) (j) % 2 ? (uint32_t) (Np[(j) / 2] >> 32) : \ - (uint32_t) (Np[(j) / 2]) +#define A(j) \ + (j) % 2 ? \ + (uint32_t) (Np[(j) / 2] >> 32) : \ + (uint32_t) (Np[(j) / 2]) #define STORE32 \ if (i % 2) { \ Np[i/2] &= 0x00000000FFFFFFFF; \ @@ -5067,23 +5069,23 @@ int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn) INIT(224); - SUB( 7); SUB(11); NEXT; // A0 += -A7 - A11 - SUB( 8); SUB(12); NEXT; // A1 += -A8 - A12 - SUB( 9); SUB(13); NEXT; // A2 += -A9 - A13 - SUB(10); ADD( 7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 - SUB(11); ADD( 8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 - SUB(12); ADD( 9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 + SUB(7); SUB(11); NEXT; // A0 += -A7 - A11 + SUB(8); SUB(12); NEXT; // A1 += -A8 - A12 + SUB(9); SUB(13); NEXT; // A2 += -A9 - A13 + SUB(10); ADD(7); ADD(11); NEXT; // A3 += -A10 + A7 + A11 + SUB(11); ADD(8); ADD(12); NEXT; // A4 += -A11 + A8 + A12 + SUB(12); ADD(9); ADD(13); NEXT; // A5 += -A12 + A9 + A13 SUB(13); ADD(10); // A6 += -A13 + A10 RESET; /* Use 2^224 = P + 2^96 - 1 to modulo reduce the final carry */ SUB_LAST; NEXT; // A0 += -last_c - NEXT; // A1 - NEXT; // A2 + ; NEXT; // A1 + ; NEXT; // A2 ADD_LAST; NEXT; // A3 += last_c - NEXT; // A4 - NEXT; // A5 + ; NEXT; // A4 + ; NEXT; // A5 // A6 LAST; From 15d7d43904ec0f247621224bb1fed0a61e76a72d Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 27 Feb 2023 17:17:56 +0000 Subject: [PATCH 349/440] Pacify Clang 15 Changes for interruptible {sign|verify} hash were not merged at the time of the previous clang 15 /retval fixes, thus this fixes code added at that time. Signed-off-by: Paul Elliott --- include/psa/crypto.h | 90 +++++++++++++++++++-------------------- library/psa_crypto_core.h | 16 +++---- 2 files changed, 53 insertions(+), 53 deletions(-) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 5394eeef5..8dd89fa99 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -4310,23 +4310,23 @@ uint32_t psa_verify_hash_get_num_ops( * The operation started successfully - call \c psa_sign_hash_complete() * with the same context to complete the operation * - * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription * \retval #PSA_ERROR_NOT_PERMITTED * The key does not have the #PSA_KEY_USAGE_SIGN_HASH flag, or it does * not permit the requested algorithm. * \retval #PSA_ERROR_BAD_STATE * An operation has previously been started on this context, and is * still in progress. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -4408,19 +4408,19 @@ psa_status_t psa_sign_hash_start( * An operation was not previously started on this context via * \c psa_sign_hash_start(). * - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has either not been previously initialized by - * psa_crypto_init() or you did not previously call + * psa_crypto_init() or you did not previously call * psa_sign_hash_start() with this operation object. It is * implementation-dependent whether a failure to initialize results in * this error code. @@ -4461,7 +4461,7 @@ psa_status_t psa_sign_hash_complete( * \retval #PSA_SUCCESS * The operation was aborted successfully. * - * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -4530,15 +4530,15 @@ psa_status_t psa_sign_hash_abort( * The key does not have the #PSA_KEY_USAGE_VERIFY_HASH flag, or it does * not permit the requested algorithm. * - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval PSA_ERROR_DATA_CORRUPT - * \retval PSA_ERROR_DATA_INVALID + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval PSA_ERROR_DATA_INVALID \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize @@ -4597,23 +4597,23 @@ psa_status_t psa_verify_hash_start( * psa_interruptible_set_max_ops(). There is still work to be done. * Call this function again with the same operation object. * - * \retval #PSA_ERROR_INVALID_HANDLE + * \retval #PSA_ERROR_INVALID_HANDLE \emptydescription * \retval #PSA_ERROR_INVALID_SIGNATURE * The calculation was performed successfully, but the passed * signature is not a valid signature. - *\retval #PSA_ERROR_BAD_STATE + * \retval #PSA_ERROR_BAD_STATE * An operation was not previously started on this context via * \c psa_verify_hash_start(). - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_COMMUNICATION_FAILURE - * \retval #PSA_ERROR_HARDWARE_FAILURE - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_STORAGE_FAILURE - * \retval #PSA_ERROR_DATA_CORRUPT - * \retval #PSA_ERROR_DATA_INVALID - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_COMMUNICATION_FAILURE \emptydescription + * \retval #PSA_ERROR_HARDWARE_FAILURE \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_STORAGE_FAILURE \emptydescription + * \retval #PSA_ERROR_DATA_CORRUPT \emptydescription + * \retval #PSA_ERROR_DATA_INVALID \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has either not been previously initialized by * psa_crypto_init() or you did not previously call @@ -4655,7 +4655,7 @@ psa_status_t psa_verify_hash_complete( * \retval #PSA_SUCCESS * The operation was aborted successfully. * - * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription * \retval #PSA_ERROR_BAD_STATE * The library has not been previously initialized by psa_crypto_init(). * It is implementation-dependent whether a failure to initialize diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 4acd7aa24..5260cf7a7 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -752,11 +752,11 @@ psa_status_t mbedtls_psa_sign_hash_start( * where \c key_type and \c key_bits are the type and bit-size * respectively of \p key. * - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY - * \retval #PSA_ERROR_CORRUPTION_DETECTED - * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription + * \retval #PSA_ERROR_CORRUPTION_DETECTED \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_ENTROPY \emptydescription */ psa_status_t mbedtls_psa_sign_hash_complete( mbedtls_psa_sign_hash_interruptible_operation_t *operation, @@ -849,9 +849,9 @@ psa_status_t mbedtls_psa_verify_hash_start( * The calculation was performed successfully, but the passed * signature is not a valid signature. * - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_INVALID_ARGUMENT - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_NOT_SUPPORTED \emptydescription + * \retval #PSA_ERROR_INVALID_ARGUMENT \emptydescription + * \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription */ psa_status_t mbedtls_psa_verify_hash_complete( mbedtls_psa_verify_hash_interruptible_operation_t *operation); From 608e1093de045e927f8af8fa261a0e33581edd34 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Tue, 28 Feb 2023 12:50:00 +0800 Subject: [PATCH 350/440] Improve comment about conflicts between aesce and sha512-crypto Signed-off-by: Jerry Yu --- include/mbedtls/mbedtls_config.h | 12 +++++++----- library/aesce.h | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 774fc948a..4f51d0a9f 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -2078,11 +2078,13 @@ * \note The code uses Neon intrinsics, so \c CFLAGS must be set to a minimum * of \c -march=armv8-a+crypto . * - * \warning `MBEDTLS_SHA512_USE_A64_CRYPTO_*` should be disabled when enabled - * because unexpected instruction will be generated in AESCE module. - * `MBEDTLS_SHA512_USE_A64_CRYPTO_*` requires \c -march=armv8.2-a+sha3, - * compiler optimizes the code with `eor3` that is part of sha3 - * extension and unexpected in AESCE. + * \warning If the target architecture is set to something that includes the + * SHA3 feature (e.g. `-march=armv8.2-a+sha3`), for example because + * `MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT` is desired, compilers + * generate code for `MBEDTLS_AESCE_C` that includes instructions + * only present with the (optional) SHA3 feature. This will lead to an + * undefined instruction exception if the code is run on a CPU without + * that feature. * * \warning Runtime detection only works on linux. For non-linux operation * system, crypto extension MUST be supported by CPU. diff --git a/library/aesce.h b/library/aesce.h index 1e72e5ba4..da4244699 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -31,7 +31,7 @@ #include "mbedtls/aes.h" -#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \ +#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \ defined(__aarch64__) && !defined(MBEDTLS_HAVE_ARM64) #define MBEDTLS_HAVE_ARM64 #endif From 4a2fff6369545191fd9e6ff82b4076c9aa1b0347 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 28 Feb 2023 16:40:27 +0100 Subject: [PATCH 351/440] Fix expected error code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This was overlooked during the rebase. Signed-off-by: Bence Szépkúti --- tests/suites/test_suite_pkcs7.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index 2a71e7a45..da8146bc1 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -80,7 +80,7 @@ pkcs7_parse:"data_files/pkcs7_signerInfo_serial_invalid_size.der":MBEDTLS_ERR_PK PKCS7 Signed Data Parse Fail Corrupt signerInfos[2] (6213931373035520) depends_on:MBEDTLS_SHA256_C -pkcs7_parse:"data_files/pkcs7_signerInfo_2_invalid_tag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +pkcs7_parse:"data_files/pkcs7_signerInfo_2_invalid_tag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) PKCS7 Signed Data Parse Fail Corrupt signerInfos[1].issuerAndSerialNumber.serialNumber, after multi-element .name (4541044530479104) depends_on:MBEDTLS_SHA256_C From 35d674a6eec5da754519effca8239a3c852b4b41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 28 Feb 2023 16:59:50 +0100 Subject: [PATCH 352/440] Replace usage of echo -e in pkcs7 data Makefile MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This use of the shell builtin is not portable. Signed-off-by: Bence Szépkúti --- tests/data_files/Makefile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index a7517bf78..2029f4f1c 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1272,7 +1272,7 @@ pkcs7_test_cert_3 = pkcs7-rsa-sha256-3.crt pkcs7_test_file = pkcs7_data.bin $(pkcs7_test_file): - echo -e "Hello\xd" > $@ + printf "Hello\15\n" > $@ all_final += $(pkcs7_test_file) pkcs7_zerolendata.bin: @@ -1280,7 +1280,7 @@ pkcs7_zerolendata.bin: all_final += pkcs7_zerolendata.bin pkcs7_data_1.bin: - echo -e "2\xd" > $@ + printf "2\15\n" > $@ all_final += pkcs7_data_1.bin # Generate signing cert @@ -1360,31 +1360,31 @@ all_final += pkcs7_data_multiple_certs_signed.der # pkcs7 signature file with corrupted CERT pkcs7_data_signed_badcert.der: pkcs7_data_cert_signed_sha256.der cp pkcs7_data_cert_signed_sha256.der $@ - echo -en '\xa1' | dd of=$@ bs=1 seek=547 conv=notrunc + echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=547 conv=notrunc all_final += pkcs7_data_signed_badcert.der # pkcs7 signature file with corrupted signer info pkcs7_data_signed_badsigner.der: pkcs7_data_cert_signed_sha256.der cp pkcs7_data_cert_signed_sha256.der $@ - echo -en '\xa1' | dd of=$@ bs=1 seek=918 conv=notrunc + echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=918 conv=notrunc all_final += pkcs7_data_signed_badsigner.der # pkcs7 signature file with invalid tag in signerInfo[1].serial after long issuer name pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der: pkcs7_data_multiple_signed.der cp $< $@ - echo -en '\xa1' | dd of=$@ bs=1 seek=498 conv=notrunc + echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=498 conv=notrunc all_final += pkcs7_signerInfo_1_serial_invalid_tag_after_long_name.der # pkcs7 signature file with invalid tag in signerInfo[2] pkcs7_signerInfo_2_invalid_tag.der: pkcs7_data_3_signed.der cp $< $@ - echo -en '\xa1' | dd of=$@ bs=1 seek=810 conv=notrunc + echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=810 conv=notrunc all_final += pkcs7_signerInfo_2_invalid_tag.der # pkcs7 file with version 2 pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der cp pkcs7_data_cert_signed_sha256.der $@ - echo -en '\x02' | dd of=$@ bs=1 seek=25 conv=notrunc + echo '02' | xxd -r -p | dd of=$@ bs=1 seek=25 conv=notrunc all_final += pkcs7_data_cert_signed_v2.der pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) @@ -1395,12 +1395,12 @@ all_final += pkcs7_data_cert_encrypted.der # For some interesting sizes, what happens if we make them off-by-one? pkcs7_signerInfo_issuer_invalid_size.der: pkcs7_data_cert_signed_sha256.der cp $< $@ - echo -en '\x35' | dd of=$@ seek=919 bs=1 conv=notrunc + echo '35' | xxd -r -p | dd of=$@ seek=919 bs=1 conv=notrunc all_final += pkcs7_signerInfo_issuer_invalid_size.der pkcs7_signerInfo_serial_invalid_size.der: pkcs7_data_cert_signed_sha256.der cp $< $@ - echo -en '\x15' | dd of=$@ seek=973 bs=1 conv=notrunc + echo '15' | xxd -r -p | dd of=$@ seek=973 bs=1 conv=notrunc all_final += pkcs7_signerInfo_serial_invalid_size.der # pkcs7 signature file just with signed data From 587e7808127221e4242016b2a925fbacdcc48174 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 27 Feb 2023 09:53:08 +0000 Subject: [PATCH 353/440] Test calling complete() after {sign|verify}_hash_start fails Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 28 +++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ab39fba55..cbe0b1963 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6662,6 +6662,12 @@ exit: * 3. Test that the number of ops done prior to start and after abort is zero * and that each successful stage completes some ops (this is not mandated by * the PSA specification, but is currently the case). + * + * 4. Check that calling complete() when start() fails and complete() + * after completion results in a BAD_STATE error. + * + * 5. Check that calling start() again after start fails results in a BAD_STATE + * error. */ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, @@ -6718,6 +6724,15 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, TEST_EQUAL(actual_status, expected_start_status); if (expected_start_status != PSA_SUCCESS) { + /* Emulate poor implementation, and call complete anyway, even though + * start failed. */ + actual_status = psa_sign_hash_complete(&operation, signature, + signature_size, + &signature_length); + + TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); + + /* Test that calling start again after failure also causes BAD_STATE. */ actual_status = psa_sign_hash_start(&operation, key, alg, input_data->x, input_data->len); @@ -7183,6 +7198,12 @@ exit: * 3. Test that the number of ops done prior to start and after abort is zero * and that each successful stage completes some ops (this is not mandated by * the PSA specification, but is currently the case). + * + * 4. Check that calling complete() when start() fails and complete() + * after completion results in a BAD_STATE error. + * + * 5. Check that calling start() again after start fails results in a BAD_STATE + * error. */ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, @@ -7235,6 +7256,13 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, TEST_EQUAL(actual_status, expected_start_status); if (expected_start_status != PSA_SUCCESS) { + /* Emulate poor implementation, and call complete anyway, even though + * start failed. */ + actual_status = psa_verify_hash_complete(&operation); + + TEST_EQUAL(actual_status, PSA_ERROR_BAD_STATE); + + /* Test that calling start again after failure also causes BAD_STATE. */ actual_status = psa_verify_hash_start(&operation, key, alg, hash_data->x, hash_data->len, signature_data->x, From 5770224ef3372b0cb505793003ced75d7c31d68f Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 26 Feb 2023 20:36:10 +0000 Subject: [PATCH 354/440] Rename max ops tests to ops tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 4 ++-- tests/suites/test_suite_psa_crypto.function | 8 +++++--- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index f340a7ff2..cfcdac102 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4561,9 +4561,9 @@ PSA sign/vrfy hash int edge case tests: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 interruptible_signverify_hash_edgecase_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" -PSA sign/vrfy hash int max ops tests: randomized ECDSA SECP256R1 SHA-256 +PSA sign/vrfy hash int ops tests: randomized ECDSA SECP256R1 SHA-256 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 -interruptible_signverify_hash_maxops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +interruptible_signverify_hash_ops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign message: RSA PKCS#1 v1.5 SHA-256 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ab39fba55..f3ccac01b 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7602,15 +7602,17 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ /** - * interruptible_signverify_hash_maxops_tests() test intentions: + * interruptible_signverify_hash_ops_tests() test intentions: * * Note: This test can currently only handle ECDSA. * * 1. Test that setting max ops is reflected in both interruptible sign and * verify hash + */ -void interruptible_signverify_hash_maxops_tests(int key_type_arg, - data_t *key_data, int alg_arg, data_t *input_data) +void interruptible_signverify_hash_ops_tests(int key_type_arg, + data_t *key_data, int alg_arg, + data_t *input_data) { mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_type_t key_type = key_type_arg; From 9e8819f356f296cb8f062ce2207f6e690220ebce Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 26 Feb 2023 19:01:35 +0000 Subject: [PATCH 355/440] Move 'change max_ops' test into ops tests Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 74 +++++++++++---------- 1 file changed, 38 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index f3ccac01b..ce531e1b0 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7487,41 +7487,6 @@ void interruptible_signverify_hash_edgecase_tests(int key_type_arg, TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE); ASSERT_ALLOC(signature, signature_size); - /* --- Ensure changing the max ops mid operation works (operation should - * complete successfully after setting max ops to unlimited --- */ - psa_interruptible_set_max_ops(1); - - PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, - input_data->x, input_data->len)); - - TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, - signature_size, - &signature_length), - PSA_OPERATION_INCOMPLETE); - - psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); - - PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature, - signature_size, - &signature_length)); - - PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); - - psa_interruptible_set_max_ops(1); - - PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, - input_data->x, input_data->len, - signature, signature_length)); - - TEST_EQUAL(psa_verify_hash_complete(&verify_operation), - PSA_OPERATION_INCOMPLETE); - - psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); - - PSA_ASSERT(psa_verify_hash_complete(&verify_operation)); - - PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); - /* --- Change function inputs mid run, to cause an error (sign only, * verify passes all inputs to start. --- */ @@ -7608,7 +7573,8 @@ exit: * * 1. Test that setting max ops is reflected in both interruptible sign and * verify hash - + * 2. Test that changing the value of max_ops to unlimited during an operation + * causes that operation to complete in the next call. */ void interruptible_signverify_hash_ops_tests(int key_type_arg, data_t *key_data, int alg_arg, @@ -7621,6 +7587,7 @@ void interruptible_signverify_hash_ops_tests(int key_type_arg, size_t key_bits; unsigned char *signature = NULL; size_t signature_size; + size_t signature_length = 0xdeadbeef; psa_sign_hash_interruptible_operation_t sign_operation = psa_sign_hash_interruptible_operation_init(); psa_verify_hash_interruptible_operation_t verify_operation = @@ -7669,6 +7636,41 @@ void interruptible_signverify_hash_ops_tests(int key_type_arg, TEST_EQUAL(psa_interruptible_get_max_ops(), 0xbeef); + /* --- Ensure changing the max ops mid operation works (operation should + * complete successfully after setting max ops to unlimited --- */ + psa_interruptible_set_max_ops(1); + + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + TEST_EQUAL(psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length), + PSA_OPERATION_INCOMPLETE); + + psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); + + PSA_ASSERT(psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length)); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + psa_interruptible_set_max_ops(1); + + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length)); + + TEST_EQUAL(psa_verify_hash_complete(&verify_operation), + PSA_OPERATION_INCOMPLETE); + + psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED); + + PSA_ASSERT(psa_verify_hash_complete(&verify_operation)); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + exit: /* * Key attributes may have been returned by psa_get_key_attributes() From c1e0400bac3e409e85b44739a5037c24912fe261 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 26 Feb 2023 20:27:23 +0000 Subject: [PATCH 356/440] Add test to check not calling get_num_ops() Make sure that not calling get_num_ops() inbetweeen calls to complete() does not mean that ops get lost (Regression test for previous fix). Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 76 +++++++++++++++++++++ 1 file changed, 76 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ce531e1b0..62f2fbf68 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7575,6 +7575,9 @@ exit: * verify hash * 2. Test that changing the value of max_ops to unlimited during an operation * causes that operation to complete in the next call. + * + * 3. Test that calling get_num_ops() between complete calls gives the same + * result as calling get_num_ops() once at the end of the operation. */ void interruptible_signverify_hash_ops_tests(int key_type_arg, data_t *key_data, int alg_arg, @@ -7588,6 +7591,9 @@ void interruptible_signverify_hash_ops_tests(int key_type_arg, unsigned char *signature = NULL; size_t signature_size; size_t signature_length = 0xdeadbeef; + uint32_t num_ops = 0; + psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_sign_hash_interruptible_operation_t sign_operation = psa_sign_hash_interruptible_operation_init(); psa_verify_hash_interruptible_operation_t verify_operation = @@ -7671,6 +7677,76 @@ void interruptible_signverify_hash_ops_tests(int key_type_arg, PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + /* --- Test that not calling get_num_ops inbetween complete calls does not + * result in lost ops. ---*/ + + psa_interruptible_set_max_ops(1); + + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + /* Continue performing the signature until complete. */ + do { + status = psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length); + + num_ops = psa_sign_hash_get_num_ops(&sign_operation); + + } while (status == PSA_OPERATION_INCOMPLETE); + + PSA_ASSERT(status); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, + input_data->x, input_data->len)); + + /* Continue performing the signature until complete. */ + do { + status = psa_sign_hash_complete(&sign_operation, signature, + signature_size, + &signature_length); + } while (status == PSA_OPERATION_INCOMPLETE); + + PSA_ASSERT(status); + + TEST_EQUAL(num_ops, psa_sign_hash_get_num_ops(&sign_operation)); + + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length)); + + /* Continue performing the verification until complete. */ + do { + status = psa_verify_hash_complete(&verify_operation); + + num_ops = psa_verify_hash_get_num_ops(&verify_operation); + + } while (status == PSA_OPERATION_INCOMPLETE); + + PSA_ASSERT(status); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + + PSA_ASSERT(psa_verify_hash_start(&verify_operation, key, alg, + input_data->x, input_data->len, + signature, signature_length)); + + /* Continue performing the verification until complete. */ + do { + status = psa_verify_hash_complete(&verify_operation); + + } while (status == PSA_OPERATION_INCOMPLETE); + + PSA_ASSERT(status); + + TEST_EQUAL(num_ops, psa_verify_hash_get_num_ops(&verify_operation)); + + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); + exit: /* * Key attributes may have been returned by psa_get_key_attributes() From 8359c14c14d5ac9b8a6e163319650a8751e0c926 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 24 Feb 2023 18:40:10 +0000 Subject: [PATCH 357/440] Add hash corruption test to interruptible verify test Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 25 +++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ab39fba55..844d9bcba 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -7042,6 +7042,12 @@ exit: * 3. Test that the number of ops done prior to start and after abort is zero * and that each successful stage completes some ops (this is not mandated by * the PSA specification, but is currently the case). + * + * 4. Test that calling psa_sign_hash_get_num_ops() multiple times between + * complete() calls does not alter the number of ops returned. + * + * 5. Test that after corrupting the hash, the verification detects an invalid + * signature. */ void verify_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *hash_data, @@ -7126,6 +7132,25 @@ void verify_hash_interruptible(int key_type_arg, data_t *key_data, num_ops = psa_verify_hash_get_num_ops(&operation); TEST_ASSERT(num_ops == 0); + if (hash_data->len != 0) { + /* Flip a bit in the hash and verify that the signature is now detected + * as invalid. Flip a bit at the beginning, not at the end, because + * ECDSA may ignore the last few bits of the input. */ + hash_data->x[0] ^= 1; + + /* Start verification. */ + PSA_ASSERT(psa_verify_hash_start(&operation, key, alg, + hash_data->x, hash_data->len, + signature_data->x, signature_data->len)); + + /* Continue performing the signature until complete. */ + do { + status = psa_verify_hash_complete(&operation); + } while (status == PSA_OPERATION_INCOMPLETE); + + TEST_ASSERT(status == PSA_ERROR_INVALID_SIGNATURE); + } + exit: psa_reset_key_attributes(&attributes); psa_destroy_key(key); From 7c173082532b2014cfce0295104fc5be7357a65a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Sun, 26 Feb 2023 18:44:45 +0000 Subject: [PATCH 358/440] Add num_ops tests to sign and verify interruptible hash This is the only test usable for non-deterministic ECDSA, thus needs this code path testing as well. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 26 +++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 844d9bcba..0cf1f53da 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6864,6 +6864,10 @@ exit: * * 3. Test the number of calls to psa_sign_hash_complete() required are as * expected for different max_ops values. + * + * 4. Test that the number of ops done prior to starting signing and after abort + * is zero and that each successful signing stage completes some ops (this is + * not mandated by the PSA specification, but is currently the case). */ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, int alg_arg, data_t *input_data, @@ -6879,6 +6883,8 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_status_t status = PSA_OPERATION_INCOMPLETE; uint32_t max_ops = max_ops_arg; + uint32_t num_ops = 0; + uint32_t num_ops_prior = 0; size_t num_completes = 0; size_t min_completes = 0; size_t max_completes = 0; @@ -6913,10 +6919,16 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, interruptible_signverify_get_minmax_completes(max_ops, PSA_SUCCESS, &min_completes, &max_completes); + num_ops_prior = psa_sign_hash_get_num_ops(&sign_operation); + TEST_ASSERT(num_ops_prior == 0); + /* Start performing the signature. */ PSA_ASSERT(psa_sign_hash_start(&sign_operation, key, alg, input_data->x, input_data->len)); + num_ops_prior = psa_sign_hash_get_num_ops(&sign_operation); + TEST_ASSERT(num_ops_prior == 0); + /* Continue performing the signature until complete. */ do { @@ -6925,6 +6937,17 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, &signature_length); num_completes++; + + if (status == PSA_SUCCESS || status == PSA_OPERATION_INCOMPLETE) { + num_ops = psa_sign_hash_get_num_ops(&sign_operation); + /* We are asserting here that every complete makes progress + * (completes some ops), which is true of the internal + * implementation and probably any implementation, however this is + * not mandated by the PSA specification. */ + TEST_ASSERT(num_ops > num_ops_prior); + + num_ops_prior = num_ops; + } } while (status == PSA_OPERATION_INCOMPLETE); TEST_ASSERT(status == PSA_SUCCESS); @@ -6934,6 +6957,9 @@ void sign_verify_hash_interruptible(int key_type_arg, data_t *key_data, PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); + num_ops = psa_sign_hash_get_num_ops(&sign_operation); + TEST_ASSERT(num_ops == 0); + /* Check that the signature length looks sensible. */ TEST_LE_U(signature_length, signature_size); TEST_ASSERT(signature_length > 0); From e47899df2004b8f15f12b293b1bf80fb8f8f05d6 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 28 Feb 2023 17:39:03 +0000 Subject: [PATCH 359/440] Fix macro redefinition warning from armcc Signed-off-by: Dave Rodgman --- library/alignment.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/library/alignment.h b/library/alignment.h index aa09ff856..57ddaa53c 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -155,13 +155,13 @@ inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x) * Detect Clang built-in byteswap routines */ #if defined(__clang__) && defined(__has_builtin) -#if __has_builtin(__builtin_bswap16) +#if __has_builtin(__builtin_bswap16) && !defined(MBEDTLS_BSWAP16) #define MBEDTLS_BSWAP16 __builtin_bswap16 #endif /* __has_builtin(__builtin_bswap16) */ -#if __has_builtin(__builtin_bswap32) +#if __has_builtin(__builtin_bswap32) && !defined(MBEDTLS_BSWAP32) #define MBEDTLS_BSWAP32 __builtin_bswap32 #endif /* __has_builtin(__builtin_bswap32) */ -#if __has_builtin(__builtin_bswap64) +#if __has_builtin(__builtin_bswap64) && !defined(MBEDTLS_BSWAP64) #define MBEDTLS_BSWAP64 __builtin_bswap64 #endif /* __has_builtin(__builtin_bswap64) */ #endif /* defined(__clang__) && defined(__has_builtin) */ @@ -170,13 +170,19 @@ inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x) * Detect MSVC built-in byteswap routines */ #if defined(_MSC_VER) +#if !defined(MBEDTLS_BSWAP16) #define MBEDTLS_BSWAP16 _byteswap_ushort +#endif +#if !defined(MBEDTLS_BSWAP32) #define MBEDTLS_BSWAP32 _byteswap_ulong +#endif +#if !defined(MBEDTLS_BSWAP64) #define MBEDTLS_BSWAP64 _byteswap_uint64 +#endif #endif /* defined(_MSC_VER) */ /* Detect armcc built-in byteswap routine */ -#if defined(__ARMCC_VERSION) && (__ARMCC_VERSION >= 410000) +#if defined(__ARMCC_VERSION) && (__ARMCC_VERSION >= 410000) && !defined(MBEDTLS_BSWAP32) #define MBEDTLS_BSWAP32 __rev #endif From 08a94953e1fe7f82050c7a9ddff6939719d7de9a Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 28 Feb 2023 18:40:57 +0100 Subject: [PATCH 360/440] Apply naming convention for p224 Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 30 +++++++++++++++--------------- library/ecp_invasive.h | 22 +++++++++++----------- 2 files changed, 26 insertions(+), 26 deletions(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 977f140d7..ee211af2f 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4974,32 +4974,32 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn) #if defined(MBEDTLS_HAVE_INT32) /* 32 bit */ -#define MAX32 Nn -#define A(j) Np[j] -#define STORE32 Np[i] = cur; -#define STORE0 Np[i] = 0; +#define MAX32 X_limbs +#define A(j) X[j] +#define STORE32 X[i] = cur; +#define STORE0 X[i] = 0; #else /* 64 bit */ -#define MAX32 Nn * 2 +#define MAX32 X_limbs * 2 #define A(j) \ (j) % 2 ? \ - (uint32_t) (Np[(j) / 2] >> 32) : \ - (uint32_t) (Np[(j) / 2]) + (uint32_t) (X[(j) / 2] >> 32) : \ + (uint32_t) (X[(j) / 2]) #define STORE32 \ if (i % 2) { \ - Np[i/2] &= 0x00000000FFFFFFFF; \ - Np[i/2] |= (uint64_t) (cur) << 32; \ + X[i/2] &= 0x00000000FFFFFFFF; \ + X[i/2] |= (uint64_t) (cur) << 32; \ } else { \ - Np[i/2] &= 0xFFFFFFFF00000000; \ - Np[i/2] |= (uint32_t) cur; \ + X[i/2] &= 0xFFFFFFFF00000000; \ + X[i/2] |= (uint32_t) cur; \ } #define STORE0 \ if (i % 2) { \ - Np[i/2] &= 0x00000000FFFFFFFF; \ + X[i/2] &= 0x00000000FFFFFFFF; \ } else { \ - Np[i/2] &= 0xFFFFFFFF00000000; \ + X[i/2] &= 0xFFFFFFFF00000000; \ } #endif @@ -5061,9 +5061,9 @@ cleanup: } MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn) +int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs) { - if (Nn != 2 * 224 / biL) { + if (X_limbs != 2 * 224 / biL) { return MBEDTLS_ERR_ECP_BAD_INPUT_DATA; } diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h index 8ea6ece9a..be9b3994c 100644 --- a/library/ecp_invasive.h +++ b/library/ecp_invasive.h @@ -98,21 +98,21 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); /** Fast quasi-reduction modulo p224 (FIPS 186-3 D.2.2) * - * \param[in,out] Np The address of the MPI to be converted. - * Must have exact limb size that stores a 448-bit MPI - * (double the bitlength of the modulus). - * Upon return holds the reduced value which is - * in range `0 <= X < 2 * N` (where N is the modulus). - * The bitlength of the reduced value is the same as - * that of the modulus (224 bits). - * \param[in] Nn The length of \p Nn in limbs. + * \param[in,out] X The address of the MPI to be converted. + * Must have exact limb size that stores a 448-bit MPI + * (double the bitlength of the modulus). + * Upon return holds the reduced value which is + * in range `0 <= X < 2 * N` (where N is the modulus). + * The bitlength of the reduced value is the same as + * that of the modulus (224 bits). + * \param[in] X_limbs The length of \p X in limbs. * * \return \c 0 on success. - * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p Nn is not the limb - * size that sores a 448-bit MPI. + * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p X_limbs is not the + * limb size that sores a 448-bit MPI. */ MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn); +int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ From 620f0dc850dc80adabd129d4641e86d8cbac17e0 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Tue, 28 Feb 2023 18:42:33 +0100 Subject: [PATCH 361/440] Fix for 32-bit Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index ee211af2f..6dd7ed3d0 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4976,7 +4976,7 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn) #define MAX32 X_limbs #define A(j) X[j] -#define STORE32 X[i] = cur; +#define STORE32 X[i] = (mbedtls_mpi_uint) cur; #define STORE0 X[i] = 0; #else /* 64 bit */ From 914c632646ff24eb5435d97021478f649eb07d6a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 1 Mar 2023 09:30:14 +0000 Subject: [PATCH 362/440] Whitespace Signed-off-by: Dave Rodgman --- library/alignment.h | 86 ++++++++++++++++++++++----------------------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/library/alignment.h b/library/alignment.h index 57ddaa53c..f7330c989 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -130,7 +130,7 @@ inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x) * byte from x, where byte 0 is the least significant byte. */ #define MBEDTLS_BYTE_0(x) ((uint8_t) ((x) & 0xff)) -#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) +#define MBEDTLS_BYTE_1(x) ((uint8_t) (((x) >> 8) & 0xff)) #define MBEDTLS_BYTE_2(x) ((uint8_t) (((x) >> 16) & 0xff)) #define MBEDTLS_BYTE_3(x) ((uint8_t) (((x) >> 24) & 0xff)) #define MBEDTLS_BYTE_4(x) ((uint8_t) (((x) >> 32) & 0xff)) @@ -245,8 +245,8 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * byte of the four bytes to build the 32 bits unsigned * integer from. */ -#define MBEDTLS_GET_UINT32_BE(data, offset) \ - ((MBEDTLS_IS_BIG_ENDIAN) \ +#define MBEDTLS_GET_UINT32_BE(data, offset) \ + ((MBEDTLS_IS_BIG_ENDIAN) \ ? mbedtls_get_unaligned_uint32((data) + (offset)) \ : MBEDTLS_BSWAP32(mbedtls_get_unaligned_uint32((data) + (offset))) \ ) @@ -260,11 +260,11 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * \param offset Offset from \p data where to put the most significant * byte of the 32 bits unsigned integer \p n. */ -#define MBEDTLS_PUT_UINT32_BE(n, data, offset) \ +#define MBEDTLS_PUT_UINT32_BE(n, data, offset) \ { \ - if (MBEDTLS_IS_BIG_ENDIAN) \ + if (MBEDTLS_IS_BIG_ENDIAN) \ { \ - mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ + mbedtls_put_unaligned_uint32((data) + (offset), (uint32_t) (n)); \ } \ else \ { \ @@ -281,8 +281,8 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * byte of the four bytes to build the 32 bits unsigned * integer from. */ -#define MBEDTLS_GET_UINT32_LE(data, offset) \ - ((MBEDTLS_IS_BIG_ENDIAN) \ +#define MBEDTLS_GET_UINT32_LE(data, offset) \ + ((MBEDTLS_IS_BIG_ENDIAN) \ ? MBEDTLS_BSWAP32(mbedtls_get_unaligned_uint32((data) + (offset))) \ : mbedtls_get_unaligned_uint32((data) + (offset)) \ ) @@ -297,15 +297,15 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * \param offset Offset from \p data where to put the least significant * byte of the 32 bits unsigned integer \p n. */ -#define MBEDTLS_PUT_UINT32_LE(n, data, offset) \ +#define MBEDTLS_PUT_UINT32_LE(n, data, offset) \ { \ - if (MBEDTLS_IS_BIG_ENDIAN) \ + if (MBEDTLS_IS_BIG_ENDIAN) \ { \ mbedtls_put_unaligned_uint32((data) + (offset), MBEDTLS_BSWAP32((uint32_t) (n))); \ } \ else \ { \ - mbedtls_put_unaligned_uint32((data) + (offset), ((uint32_t) (n))); \ + mbedtls_put_unaligned_uint32((data) + (offset), ((uint32_t) (n))); \ } \ } @@ -318,8 +318,8 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * byte of the two bytes to build the 16 bits unsigned * integer from. */ -#define MBEDTLS_GET_UINT16_LE(data, offset) \ - ((MBEDTLS_IS_BIG_ENDIAN) \ +#define MBEDTLS_GET_UINT16_LE(data, offset) \ + ((MBEDTLS_IS_BIG_ENDIAN) \ ? MBEDTLS_BSWAP16(mbedtls_get_unaligned_uint16((data) + (offset))) \ : mbedtls_get_unaligned_uint16((data) + (offset)) \ ) @@ -333,15 +333,15 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * \param offset Offset from \p data where to put the least significant * byte of the 16 bits unsigned integer \p n. */ -#define MBEDTLS_PUT_UINT16_LE(n, data, offset) \ +#define MBEDTLS_PUT_UINT16_LE(n, data, offset) \ { \ - if (MBEDTLS_IS_BIG_ENDIAN) \ + if (MBEDTLS_IS_BIG_ENDIAN) \ { \ mbedtls_put_unaligned_uint16((data) + (offset), MBEDTLS_BSWAP16((uint16_t) (n))); \ } \ else \ { \ - mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ + mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ } \ } @@ -354,8 +354,8 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * byte of the two bytes to build the 16 bits unsigned * integer from. */ -#define MBEDTLS_GET_UINT16_BE(data, offset) \ - ((MBEDTLS_IS_BIG_ENDIAN) \ +#define MBEDTLS_GET_UINT16_BE(data, offset) \ + ((MBEDTLS_IS_BIG_ENDIAN) \ ? mbedtls_get_unaligned_uint16((data) + (offset)) \ : MBEDTLS_BSWAP16(mbedtls_get_unaligned_uint16((data) + (offset))) \ ) @@ -369,11 +369,11 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * \param offset Offset from \p data where to put the most significant * byte of the 16 bits unsigned integer \p n. */ -#define MBEDTLS_PUT_UINT16_BE(n, data, offset) \ +#define MBEDTLS_PUT_UINT16_BE(n, data, offset) \ { \ - if (MBEDTLS_IS_BIG_ENDIAN) \ + if (MBEDTLS_IS_BIG_ENDIAN) \ { \ - mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ + mbedtls_put_unaligned_uint16((data) + (offset), (uint16_t) (n)); \ } \ else \ { \ @@ -390,11 +390,11 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * byte of the three bytes to build the 24 bits unsigned * integer from. */ -#define MBEDTLS_GET_UINT24_BE(data, offset) \ - ( \ - ((uint32_t) (data)[(offset)] << 16) \ - | ((uint32_t) (data)[(offset) + 1] << 8) \ - | ((uint32_t) (data)[(offset) + 2]) \ +#define MBEDTLS_GET_UINT24_BE(data, offset) \ + ( \ + ((uint32_t) (data)[(offset)] << 16) \ + | ((uint32_t) (data)[(offset) + 1] << 8) \ + | ((uint32_t) (data)[(offset) + 2]) \ ) /** @@ -407,8 +407,8 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * byte of the 24 bits unsigned integer \p n. */ #define MBEDTLS_PUT_UINT24_BE(n, data, offset) \ - { \ - (data)[(offset)] = MBEDTLS_BYTE_2(n); \ + { \ + (data)[(offset)] = MBEDTLS_BYTE_2(n); \ (data)[(offset) + 1] = MBEDTLS_BYTE_1(n); \ (data)[(offset) + 2] = MBEDTLS_BYTE_0(n); \ } @@ -422,9 +422,9 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * byte of the three bytes to build the 24 bits unsigned * integer from. */ -#define MBEDTLS_GET_UINT24_LE(data, offset) \ - ( \ - ((uint32_t) (data)[(offset)]) \ +#define MBEDTLS_GET_UINT24_LE(data, offset) \ + ( \ + ((uint32_t) (data)[(offset)]) \ | ((uint32_t) (data)[(offset) + 1] << 8) \ | ((uint32_t) (data)[(offset) + 2] << 16) \ ) @@ -439,8 +439,8 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * byte of the 24 bits unsigned integer \p n. */ #define MBEDTLS_PUT_UINT24_LE(n, data, offset) \ - { \ - (data)[(offset)] = MBEDTLS_BYTE_0(n); \ + { \ + (data)[(offset)] = MBEDTLS_BYTE_0(n); \ (data)[(offset) + 1] = MBEDTLS_BYTE_1(n); \ (data)[(offset) + 2] = MBEDTLS_BYTE_2(n); \ } @@ -454,8 +454,8 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * byte of the eight bytes to build the 64 bits unsigned * integer from. */ -#define MBEDTLS_GET_UINT64_BE(data, offset) \ - ((MBEDTLS_IS_BIG_ENDIAN) \ +#define MBEDTLS_GET_UINT64_BE(data, offset) \ + ((MBEDTLS_IS_BIG_ENDIAN) \ ? mbedtls_get_unaligned_uint64((data) + (offset)) \ : MBEDTLS_BSWAP64(mbedtls_get_unaligned_uint64((data) + (offset))) \ ) @@ -469,11 +469,11 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * \param offset Offset from \p data where to put the most significant * byte of the 64 bits unsigned integer \p n. */ -#define MBEDTLS_PUT_UINT64_BE(n, data, offset) \ +#define MBEDTLS_PUT_UINT64_BE(n, data, offset) \ { \ - if (MBEDTLS_IS_BIG_ENDIAN) \ + if (MBEDTLS_IS_BIG_ENDIAN) \ { \ - mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t) (n)); \ + mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t) (n)); \ } \ else \ { \ @@ -490,8 +490,8 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * byte of the eight bytes to build the 64 bits unsigned * integer from. */ -#define MBEDTLS_GET_UINT64_LE(data, offset) \ - ((MBEDTLS_IS_BIG_ENDIAN) \ +#define MBEDTLS_GET_UINT64_LE(data, offset) \ + ((MBEDTLS_IS_BIG_ENDIAN) \ ? MBEDTLS_BSWAP64(mbedtls_get_unaligned_uint64((data) + (offset))) \ : mbedtls_get_unaligned_uint64((data) + (offset)) \ ) @@ -505,15 +505,15 @@ static const uint16_t mbedtls_byte_order_detector = { 0x100 }; * \param offset Offset from \p data where to put the least significant * byte of the 64 bits unsigned integer \p n. */ -#define MBEDTLS_PUT_UINT64_LE(n, data, offset) \ +#define MBEDTLS_PUT_UINT64_LE(n, data, offset) \ { \ - if (MBEDTLS_IS_BIG_ENDIAN) \ + if (MBEDTLS_IS_BIG_ENDIAN) \ { \ mbedtls_put_unaligned_uint64((data) + (offset), MBEDTLS_BSWAP64((uint64_t) (n))); \ } \ else \ { \ - mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t) (n)); \ + mbedtls_put_unaligned_uint64((data) + (offset), (uint64_t) (n)); \ } \ } From f5dcb8886a24128bedd99ef24c5562a21f68eba6 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 27 Feb 2023 07:53:14 +0100 Subject: [PATCH 363/440] Rework pake input getters tests Signed-off-by: Przemek Stekiel --- tests/suites/test_suite_psa_crypto_pake.data | 30 ++---- .../test_suite_psa_crypto_pake.function | 91 ++++++++++--------- 2 files changed, 54 insertions(+), 67 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_pake.data b/tests/suites/test_suite_psa_crypto_pake.data index 1a25a8c71..7640e3a89 100644 --- a/tests/suites/test_suite_psa_crypto_pake.data +++ b/tests/suites/test_suite_psa_crypto_pake.data @@ -194,29 +194,11 @@ PSA PAKE: ecjpake size macros depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 ecjpake_size_macros: -PSA PAKE: input getters password: ok #1 -pake_input_getters_password:"aabbccddee":5:PSA_SUCCESS:PSA_SUCCESS +PSA PAKE: input getters: password +pake_input_getters_password -PSA PAKE: input getters password: ok #2 -pake_input_getters_password:"11223344556677889900":10:PSA_SUCCESS:PSA_SUCCESS +PSA PAKE: input getters: cipher suite +pake_input_getters_cipher_suite -PSA PAKE: input getters password: buffer to small -pake_input_getters_password:"aabbccddee":4:PSA_ERROR_BUFFER_TOO_SMALL:PSA_SUCCESS - -PSA PAKE: input getters password: not set -pake_input_getters_password:"":0:PSA_ERROR_BAD_STATE:PSA_ERROR_BAD_STATE - -PSA PAKE: input getters cipher suite: ok -pake_input_getters_cipher_suite:PSA_SUCCESS:1 - -PSA PAKE: input getters cipher suite: not set -pake_input_getters_cipher_suite:PSA_ERROR_BAD_STATE:0 - -PSA PAKE: input getters role client: ok -pake_input_getters_role:PSA_PAKE_ROLE_CLIENT:PSA_SUCCESS - -PSA PAKE: input getters role server: ok -pake_input_getters_role:PSA_PAKE_ROLE_SERVER:PSA_SUCCESS - -PSA PAKE: input getters role: not set -pake_input_getters_role:PSA_PAKE_ROLE_NONE:PSA_ERROR_BAD_STATE +PSA PAKE: input getters: role +pake_input_getters_role diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index 3bb441fb6..f094eb977 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -909,14 +909,14 @@ void ecjpake_size_macros() } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ -void pake_input_getters_password(data_t *password, int password_buffer_size, - int expected_status_pass, int expected_status_pass_len) +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_ALG_SHA_256 */ +void pake_input_getters_password() { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t operation = psa_pake_operation_init(); mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + const char *password = "password"; uint8_t password_ret[20] = { 0 }; // max key length is 20 bytes size_t password_len_ret = 0; size_t buffer_len_ret = 0; @@ -937,28 +937,37 @@ void pake_input_getters_password(data_t *password, int password_buffer_size, PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); - if (password_buffer_size > 0) { - PSA_ASSERT(psa_import_key(&attributes, password->x, password->len, &key)); - PSA_ASSERT(psa_pake_set_password_key(&operation, key)); - } + PSA_ASSERT(psa_import_key(&attributes, (uint8_t *) password, strlen(password), &key)); + + TEST_EQUAL(psa_crypto_driver_pake_get_password(&operation.data.inputs, + (uint8_t *) &password_ret, + 10, &buffer_len_ret), + PSA_ERROR_BAD_STATE); TEST_EQUAL(psa_crypto_driver_pake_get_password_len(&operation.data.inputs, &password_len_ret), - expected_status_pass_len); + PSA_ERROR_BAD_STATE); - if (expected_status_pass_len == PSA_SUCCESS) { - TEST_EQUAL(password_len_ret, password->len); + PSA_ASSERT(psa_pake_set_password_key(&operation, key)); - TEST_EQUAL(psa_crypto_driver_pake_get_password(&operation.data.inputs, - (uint8_t *) &password_ret, - password_buffer_size, &buffer_len_ret), - expected_status_pass); + TEST_EQUAL(psa_crypto_driver_pake_get_password_len(&operation.data.inputs, &password_len_ret), + PSA_SUCCESS); - if (expected_status_pass == PSA_SUCCESS) { - TEST_EQUAL(buffer_len_ret, password->len); - PSA_ASSERT(memcmp(password_ret, password->x, buffer_len_ret)); - } - } + TEST_EQUAL(password_len_ret, strlen(password)); + TEST_EQUAL(psa_crypto_driver_pake_get_password(&operation.data.inputs, + (uint8_t *) &password_ret, + password_len_ret - 1, + &buffer_len_ret), + PSA_ERROR_BUFFER_TOO_SMALL); + + TEST_EQUAL(psa_crypto_driver_pake_get_password(&operation.data.inputs, + (uint8_t *) &password_ret, + password_len_ret, + &buffer_len_ret), + PSA_SUCCESS); + + TEST_EQUAL(buffer_len_ret, strlen(password)); + PSA_ASSERT(memcmp(password_ret, password, buffer_len_ret)); exit: PSA_ASSERT(psa_destroy_key(key)); PSA_ASSERT(psa_pake_abort(&operation)); @@ -966,8 +975,8 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ -void pake_input_getters_cipher_suite(int expected_status, int setup_done) +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_ALG_SHA_256 */ +void pake_input_getters_cipher_suite() { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t operation = psa_pake_operation_init(); @@ -979,20 +988,19 @@ void pake_input_getters_cipher_suite(int expected_status, int setup_done) PSA_INIT(); - if (setup_done == 1) { - psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); - psa_pake_cs_set_primitive(&cipher_suite, primitive); - psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); - - PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); - } + psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE); + psa_pake_cs_set_primitive(&cipher_suite, primitive); + psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256); TEST_EQUAL(psa_crypto_driver_pake_get_cipher_suite(&operation.data.inputs, &cipher_suite_ret), - expected_status); + PSA_ERROR_BAD_STATE); - if (expected_status == PSA_SUCCESS) { - PSA_ASSERT(memcmp(&cipher_suite_ret, &cipher_suite, sizeof(cipher_suite))); - } + PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); + + TEST_EQUAL(psa_crypto_driver_pake_get_cipher_suite(&operation.data.inputs, &cipher_suite_ret), + PSA_SUCCESS); + + PSA_ASSERT(memcmp(&cipher_suite_ret, &cipher_suite, sizeof(cipher_suite))); exit: PSA_ASSERT(psa_pake_abort(&operation)); @@ -1000,13 +1008,12 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ -void pake_input_getters_role(int role_arg, int expected_status) +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_ALG_SHA_256 */ +void pake_input_getters_role() { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); psa_pake_operation_t operation = psa_pake_operation_init(); psa_pake_role_t role_ret = PSA_PAKE_ROLE_NONE; - psa_pake_role_t role = role_arg; psa_pake_primitive_t primitive = PSA_PAKE_PRIMITIVE( PSA_PAKE_PRIMITIVE_TYPE_ECC, @@ -1020,17 +1027,15 @@ void pake_input_getters_role(int role_arg, int expected_status) PSA_ASSERT(psa_pake_setup(&operation, &cipher_suite)); - if (role != PSA_PAKE_ROLE_NONE) { - PSA_ASSERT(psa_pake_set_role(&operation, role)); - } + TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret), + PSA_ERROR_BAD_STATE); + + PSA_ASSERT(psa_pake_set_role(&operation, PSA_PAKE_ROLE_SERVER)); TEST_EQUAL(psa_crypto_driver_pake_get_role(&operation.data.inputs, &role_ret), - expected_status); - - if (expected_status == PSA_SUCCESS) { - TEST_EQUAL(role_ret, role); - } + PSA_SUCCESS); + TEST_EQUAL(role_ret, PSA_PAKE_ROLE_SERVER); exit: PSA_ASSERT(psa_pake_abort(&operation)); PSA_DONE(); From de7c31e08281692143f0fdb27a01570320ebb3eb Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 1 Mar 2023 14:37:48 +0000 Subject: [PATCH 364/440] Improve comment wording Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index cbe0b1963..4113c97a7 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6724,7 +6724,7 @@ void sign_hash_fail_interruptible(int key_type_arg, data_t *key_data, TEST_EQUAL(actual_status, expected_start_status); if (expected_start_status != PSA_SUCCESS) { - /* Emulate poor implementation, and call complete anyway, even though + /* Emulate poor application code, and call complete anyway, even though * start failed. */ actual_status = psa_sign_hash_complete(&operation, signature, signature_size, @@ -7256,7 +7256,7 @@ void verify_hash_fail_interruptible(int key_type_arg, data_t *key_data, TEST_EQUAL(actual_status, expected_start_status); if (expected_start_status != PSA_SUCCESS) { - /* Emulate poor implementation, and call complete anyway, even though + /* Emulate poor application code, and call complete anyway, even though * start failed. */ actual_status = psa_verify_hash_complete(&operation); From 6d6a720603f6051ea04d0c578098e1d88055cedd Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 1 Mar 2023 15:09:40 +0000 Subject: [PATCH 365/440] Protect against possible macro redefinition warning Signed-off-by: Dave Rodgman --- library/platform_util.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/platform_util.c b/library/platform_util.c index f9fe4f5ab..0ff7e1d6a 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -52,8 +52,7 @@ #if defined(__GLIBC__) && (__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 25) \ && !defined(__ARM_EABI__) #define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 -#endif -#if defined(__FreeBSD__) && (__FreeBSD_version >= 1100037) +#elif defined(__FreeBSD__) && (__FreeBSD_version >= 1100037) #define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 #endif From 931fd646ffaf5d3997af37c5d6e485816f34c04c Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 1 Mar 2023 16:50:00 +0100 Subject: [PATCH 366/440] Use lower case hex number Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/ecp.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 4f529d15c..e01b80fbc 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -99,11 +99,11 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon, # Generate an overflow during reduction ("00000000000000000000000000010000000070000000002000001000" - "FFFFFFFFFFFF9FFFFFFFFFE00000EFFF000070000000002000001003"), + "ffffffffffff9fffffffffe00000efff000070000000002000001003"), # Generate an underflow during reduction ("00000001000000000000000000000000000000000000000000000000" - "00000000000DC0000000000000000001000000010000000100000003"), + "00000000000dc0000000000000000001000000010000000100000003"), # First 8 number generated by random.getrandbits(448) - seed(2,2) ("da94e3e8ab73738fcf1822ffbc6887782b491044d5e341245c6e4337" @@ -140,6 +140,7 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon, @property def is_valid(self) -> bool: return True + class EcpP521R1Raw(bignum_common.ModOperationCommon, EcpTarget): """Test cases for ecp quasi_reduction().""" From aeadc2d731613f9cbc8856a2ad4dc13032f3380d Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Wed, 1 Mar 2023 16:53:03 +0100 Subject: [PATCH 367/440] Apply naming convention Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 6dd7ed3d0..8f79880b8 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -4576,7 +4576,7 @@ int mbedtls_ecp_mod_p192_raw(mbedtls_mpi_uint *Np, size_t Nn); #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) static int ecp_mod_p224(mbedtls_mpi *); MBEDTLS_STATIC_TESTABLE -int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *Np, size_t Nn); +int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs); #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) static int ecp_mod_p256(mbedtls_mpi *); From 7d3186d18ad9e1ad9755514ded08dd79670db7e3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Aug 2022 22:43:18 +0200 Subject: [PATCH 368/440] Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration There's no renegotiation in TLS 1.3, so this option should have no effect. Insist on having it disabled, to avoid the risk of accidentally having different behavior in TLS 1.3 if the option is enabled (as happened in https://github.com/Mbed-TLS/mbedtls/issues/6200). Signed-off-by: Gilles Peskine --- include/mbedtls/check_config.h | 5 +++++ tests/configs/tls13-only.h | 1 + 2 files changed, 6 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index ac374d2a4..2d2fae581 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -936,6 +936,11 @@ #error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites" #endif +#if defined(MBEDTLS_SSL_RENEGOTIATION) && \ + !defined(MBEDTLS_SSL_PROTO_TLS1_2) +#error "MBEDTLS_SSL_RENEGOTIATION defined, but not all prerequisites" +#endif + #if defined(MBEDTLS_SSL_TICKET_C) && ( !defined(MBEDTLS_CIPHER_C) && \ !defined(MBEDTLS_USE_PSA_CRYPTO) ) #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites" diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index 963086f31..1f212e7d8 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -29,6 +29,7 @@ /* Disable TLS 1.2 and 1.2-specific features */ #undef MBEDTLS_SSL_ENCRYPT_THEN_MAC #undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET +#undef MBEDTLS_SSL_RENEGOTIATION #undef MBEDTLS_SSL_PROTO_TLS1_2 #undef MBEDTLS_SSL_PROTO_DTLS #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY From 136d25c416e2364b433e4b894fa5fb225624a42f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Aug 2022 22:49:12 +0200 Subject: [PATCH 369/440] Explicitly disable all DTLS options in tls13-only.h This makes no difference when starting from the default configuration. It allows tls13-only.h to be used with other base configurations such as `full`. Signed-off-by: Gilles Peskine --- tests/configs/tls13-only.h | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h index 1f212e7d8..38286d1fd 100644 --- a/tests/configs/tls13-only.h +++ b/tests/configs/tls13-only.h @@ -34,6 +34,7 @@ #undef MBEDTLS_SSL_PROTO_DTLS #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY +#undef MBEDTLS_SSL_DTLS_SRTP #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE #undef MBEDTLS_SSL_DTLS_CONNECTION_ID #undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT From cc29bfd92aaa586ff681757f0f9c9b23e478e575 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 12 Aug 2022 23:12:35 +0200 Subject: [PATCH 370/440] Bug fixes from the split of ssl_handle_hs_message_post_handshake The split of ssl_handle_hs_message_post_handshake() into ssl_tls12_handle_hs_message_post_handshake() and ssl_tls13_handle_hs_message_post_handshake() fixed some user-visible bugs. Add a changelog entry for those bugs. Signed-off-by: Gilles Peskine --- ChangeLog.d/tls13-only-renegotiation.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/tls13-only-renegotiation.txt diff --git a/ChangeLog.d/tls13-only-renegotiation.txt b/ChangeLog.d/tls13-only-renegotiation.txt new file mode 100644 index 000000000..f463de1af --- /dev/null +++ b/ChangeLog.d/tls13-only-renegotiation.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix the handling of renegotiation attempts in TLS 1.3. They are now + systematically rejected. + * Fix an unused-variable warning in TLS 1.3-only builds if + MBEDTLS_SSL_RENEGOTIATION was enabled. Fixes #6200. From 8c2830a06a70c62b4e0dd4a4a029390623ceef8f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Aug 2022 23:37:51 +0200 Subject: [PATCH 371/440] Document what "TLS 1.3 depends on PSA" entails Explicitly document that when using TLS 1.3, you must initialize PSA crypto before starting a handshake. Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 13 ++++++++----- include/mbedtls/ssl.h | 5 +++++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 5aff9c5b6..2dd370601 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1578,11 +1578,14 @@ * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE * Requires: MBEDTLS_PSA_CRYPTO_C * - * Note: even though TLS 1.3 depends on PSA Crypto, and uses it unconditionally - * for most operations, if you want it to only use PSA for all crypto - * operations, you need to also enable MBEDTLS_USE_PSA_CRYPTO; otherwise X.509 - * operations, and functions that are common with TLS 1.2 (record protection, - * running handshake hash) will still use non-PSA crypto. + * \note TLS 1.3 uses PSA crypto for cryptographic operations that are + * directly performed by TLS 1.3 code. As a consequence, you must + * call psa_crypto_init() before the first TLS 1.3 handshake. + * + * \note Cryptographic operations performed indirectly via another module + * (X.509, PK) or by code shared with TLS 1.2 (record protection, + * running handshake hash) only use PSA crypto if + * #MBEDTLS_USE_PSA_CRYPTO is enabled. * * Uncomment this macro to enable the support for TLS 1.3. */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4b954bb45..2594964e1 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -4684,6 +4684,11 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl, * in which case the datagram of the underlying transport that is * currently being processed might or might not contain further * DTLS records. + * + * \note If the context is configured to allow TLS 1.3, or if + * #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. */ int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl); From a8d7e438e6b1cdc08160d312433e4d587ec5f375 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Aug 2022 23:39:41 +0200 Subject: [PATCH 372/440] Move non-boolean config options to the proper section Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 78 ++++++++++++++++---------------- 1 file changed, 39 insertions(+), 39 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 2dd370601..677670a18 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1654,45 +1654,6 @@ */ #define MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -/** - * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE - * - * Maximum time difference in milliseconds tolerated between the age of a - * ticket from the server and client point of view. - * From the client point of view, the age of a ticket is the time difference - * between the time when the client proposes to the server to use the ticket - * (time of writing of the Pre-Shared Key Extension including the ticket) and - * the time the client received the ticket from the server. - * From the server point of view, the age of a ticket is the time difference - * between the time when the server receives a proposition from the client - * to use the ticket and the time when the ticket was created by the server. - * The server age is expected to be always greater than the client one and - * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the - * maximum difference tolerated for the server to accept the ticket. - * This is not used in TLS 1.2. - * - */ -#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 - -/** - * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH - * - * Size in bytes of a ticket nonce. This is not used in TLS 1.2. - * - * This must be less than 256. - */ -#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 - -/** - * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS - * - * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server - * after handshake completion. This is not used in TLS 1.2 and relevant only if - * the MBEDTLS_SSL_SESSION_TICKETS option is enabled. - * - */ -#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 - /** * \def MBEDTLS_SSL_EARLY_DATA * @@ -3809,6 +3770,45 @@ */ //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +/** + * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE + * + * Maximum time difference in milliseconds tolerated between the age of a + * ticket from the server and client point of view. + * From the client point of view, the age of a ticket is the time difference + * between the time when the client proposes to the server to use the ticket + * (time of writing of the Pre-Shared Key Extension including the ticket) and + * the time the client received the ticket from the server. + * From the server point of view, the age of a ticket is the time difference + * between the time when the server receives a proposition from the client + * to use the ticket and the time when the ticket was created by the server. + * The server age is expected to be always greater than the client one and + * MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE defines the + * maximum difference tolerated for the server to accept the ticket. + * This is not used in TLS 1.2. + * + */ +#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 + +/** + * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH + * + * Size in bytes of a ticket nonce. This is not used in TLS 1.2. + * + * This must be less than 256. + */ +#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 + +/** + * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS + * + * Default number of NewSessionTicket messages to be sent by a TLS 1.3 server + * after handshake completion. This is not used in TLS 1.2 and relevant only if + * the MBEDTLS_SSL_SESSION_TICKETS option is enabled. + * + */ +#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 + /* X509 options */ //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ From 5b7e1644a7100468b7313ff3054c8bed7980f861 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Aug 2022 23:44:59 +0200 Subject: [PATCH 373/440] Document the need to call psa_crypto_init() with USE_PSA_CRYPTO When MBEDTLS_USE_PSA_CRYPTO is enabled, the application must call psa_crypto_init() before directly or indirectly calling cipher or PK code that will use PSA under the hood. Document this explicitly for some functions. To avoid clutter, this commit only documents the need to call psa_crypto_init() in common, non-obvious cases: parsing a public key directly or via X.509, or setting up an SSL context. Functions that are normally only called after such a function (for example, using an already constructed PK object), or where the need for PSA is obvious because they take a key ID as argument, do not need more explicit documentaion. Signed-off-by: Gilles Peskine --- include/mbedtls/pk.h | 12 ++++++++++++ include/mbedtls/ssl.h | 4 ++++ include/mbedtls/x509_crl.h | 12 ++++++++++++ include/mbedtls/x509_crt.h | 20 ++++++++++++++++++++ include/mbedtls/x509_csr.h | 8 ++++++++ 5 files changed, 56 insertions(+) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 0e4ee3844..3de7a8fa0 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -796,6 +796,10 @@ static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk) /** * \brief Parse a private key in PEM or DER format * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param ctx The PK context to fill. It must have been initialized * but not set up. * \param key Input buffer to parse. @@ -832,6 +836,10 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *ctx, /** * \brief Parse a public key in PEM or DER format * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param ctx The PK context to fill. It must have been initialized * but not set up. * \param key Input buffer to parse. @@ -861,6 +869,10 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx, /** * \brief Load and parse a private key * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param ctx The PK context to fill. It must have been initialized * but not set up. * \param path filename to read the private key from diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2594964e1..29ba85a39 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1869,6 +1869,10 @@ void mbedtls_ssl_init(mbedtls_ssl_context *ssl); * Calling mbedtls_ssl_setup again is not supported, even * if no session is active. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param ssl SSL context * \param conf SSL configuration to use * diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index 49bbf6164..62694ae7f 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -107,6 +107,10 @@ mbedtls_x509_crl; /** * \brief Parse a DER-encoded CRL and append it to the chained list * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain points to the start of the chain * \param buf buffer holding the CRL data in DER format * \param buflen size of the buffer @@ -121,6 +125,10 @@ int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain, * * \note Multiple CRLs are accepted only if using PEM format * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain points to the start of the chain * \param buf buffer holding the CRL data in PEM or DER format * \param buflen size of the buffer @@ -136,6 +144,10 @@ int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain, const unsigned char *buf, si * * \note Multiple CRLs are accepted only if using PEM format * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain points to the start of the chain * \param path filename to read the CRLs from (in PEM or DER encoding) * diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 036282f7c..11e5951f6 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -341,6 +341,10 @@ extern const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_none; * \brief Parse a single DER formatted certificate and add it * to the end of the provided chained list. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain The pointer to the start of the CRT chain to attach to. * When parsing the first CRT in a chain, this should point * to an instance of ::mbedtls_x509_crt initialized through @@ -402,6 +406,10 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx, * \brief Parse a single DER formatted certificate and add it * to the end of the provided chained list. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain The pointer to the start of the CRT chain to attach to. * When parsing the first CRT in a chain, this should point * to an instance of ::mbedtls_x509_crt initialized through @@ -452,6 +460,10 @@ int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, * temporary ownership of the CRT buffer until the CRT * is destroyed. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain The pointer to the start of the CRT chain to attach to. * When parsing the first CRT in a chain, this should point * to an instance of ::mbedtls_x509_crt initialized through @@ -492,6 +504,10 @@ int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain, * long as the certificates are enclosed in the PEM specific * '-----{BEGIN/END} CERTIFICATE-----' delimiters. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain The chain to which to add the parsed certificates. * \param buf The buffer holding the certificate data in PEM or DER format. * For certificates in PEM encoding, this may be a concatenation @@ -516,6 +532,10 @@ int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain, const unsigned char *buf, si * of failed certificates it encountered. If none complete * correctly, the first error is returned. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param chain points to the start of the chain * \param path filename to read the certificates from * diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 0c204be06..e376000a4 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -89,6 +89,10 @@ mbedtls_x509write_csr; * * \note CSR attributes (if any) are currently silently ignored. * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param csr CSR context to fill * \param buf buffer holding the CRL data * \param buflen size of the buffer @@ -103,6 +107,10 @@ int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr, * * \note See notes for \c mbedtls_x509_csr_parse_der() * + * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto + * subsystem must have been initialized by calling + * psa_crypto_init() before calling this function. + * * \param csr CSR context to fill * \param buf buffer holding the CRL data * \param buflen size of the buffer From 2f386c55ffde293c9e51e77e8f6b0d6c29637408 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Mar 2023 13:38:33 +0000 Subject: [PATCH 374/440] Disable MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT for armclang Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 353ec6907..7bac408cb 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3479,6 +3479,10 @@ component_build_armcc () { scripts/config.py baremetal # armc[56] don't support SHA-512 intrinsics scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT + + # stop armclang warning about feature detection for A64_CRYPTO + scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT + scripts/config.py set MBEDTLS_HAVE_ASM make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib From 1c232a831116f7f5584cc36e5a178fbfc9bebd5b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Mar 2023 13:39:04 +0000 Subject: [PATCH 375/440] Enable -Werror for armclang Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7bac408cb..865e18bef 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -388,7 +388,7 @@ armc6_build_test() msg "build: ARM Compiler 6 ($FLAGS)" ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ - WARNING_CFLAGS='-xc -std=c99' make lib + WARNING_CFLAGS='-Werror -xc -std=c99' make lib msg "size: ARM Compiler 6 ($FLAGS)" "$ARMC6_FROMELF" -z library/*.o From 528bfa640c50835e70ecc22bf986ffe8c8fa40ef Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Mar 2023 13:54:43 +0000 Subject: [PATCH 376/440] Whitespace fix Signed-off-by: Dave Rodgman --- library/platform_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index 0ff7e1d6a..4e1af31dc 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -88,7 +88,7 @@ * mbedtls_platform_zeroize() to use a suitable implementation for their * platform and needs. */ - #if !defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) && !defined(__STDC_LIB_EXT1__) \ +#if !defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO) && !defined(__STDC_LIB_EXT1__) \ && !defined(_WIN32) static void *(*const volatile memset_func)(void *, int, size_t) = memset; #endif From 0fddf829d529b396dc829a4aa4ab152c5782b12d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 2 Mar 2023 15:32:12 +0000 Subject: [PATCH 377/440] Add more detailed comment Signed-off-by: Dave Rodgman --- tests/scripts/all.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 865e18bef..61233f877 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3480,7 +3480,12 @@ component_build_armcc () { # armc[56] don't support SHA-512 intrinsics scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT - # stop armclang warning about feature detection for A64_CRYPTO + # Stop armclang warning about feature detection for A64_CRYPTO. + # With this enabled, the library does build correctly under armclang, + # but in baremetal builds (as tested here), feature detection is + # unavailable, and the user is notified via a #warning. So enabling + # this feature would prevent us from building with -Werror on + # armclang. Tracked in #7198. scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT scripts/config.py set MBEDTLS_HAVE_ASM From ddbc6ed6cd1157f7f2b65d8496138d6b594d73a0 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 2 Mar 2023 16:00:18 +0000 Subject: [PATCH 378/440] Enable all keys for interruptible op fail tests Due to a misunderstanding about the purpose of the test, I had limited this to ECC keys only, however this defeats the purpose of the test, and left gaps in test coverage. Signed-off-by: Paul Elliott --- .../test_suite_psa_crypto_op_fail.function | 22 ++++++++----------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_op_fail.function b/tests/suites/test_suite_psa_crypto_op_fail.function index 970be84b4..55dce8931 100644 --- a/tests/suites/test_suite_psa_crypto_op_fail.function +++ b/tests/suites/test_suite_psa_crypto_op_fail.function @@ -245,13 +245,11 @@ void sign_fail(int key_type_arg, data_t *key_data, input, sizeof(input), output, sizeof(output), &length)); - if (PSA_KEY_TYPE_IS_ECC(key_type)) { - TEST_STATUS(expected_status, - psa_sign_hash_start(&sign_operation, key_id, alg, - input, sizeof(input))); + TEST_STATUS(expected_status, + psa_sign_hash_start(&sign_operation, key_id, alg, + input, sizeof(input))); - PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); - } + PSA_ASSERT(psa_sign_hash_abort(&sign_operation)); if (!private_only) { /* Determine a plausible signature size to avoid an INVALID_SIGNATURE @@ -270,14 +268,12 @@ void sign_fail(int key_type_arg, data_t *key_data, input, sizeof(input), output, output_length)); - if (PSA_KEY_TYPE_IS_ECC(key_type)) { - TEST_STATUS(expected_status, - psa_verify_hash_start(&verify_operation, key_id, alg, - input, sizeof(input), - output, output_length)); + TEST_STATUS(expected_status, + psa_verify_hash_start(&verify_operation, key_id, alg, + input, sizeof(input), + output, output_length)); - PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); - } + PSA_ASSERT(psa_verify_hash_abort(&verify_operation)); } exit: From 194e2bdb6af4fcc8edb3287227965bcb5d875105 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 2 Mar 2023 17:18:10 +0100 Subject: [PATCH 379/440] fix typos Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9a27a2f54..eb0ac8645 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -401,7 +401,7 @@ detect_required_features() { else # For TLS12 requirements are different between server and client if [ "$2" = "server" ]; then - # If the server uses "server5*" cerificates, then an ECDSA based + # If the server uses "server5*" certificates, then an ECDSA based # key exchange is required requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT elif [ "$2" = "client" ]; then @@ -1441,7 +1441,7 @@ do_run_test_once() { } # Detect if the current test is going to use TLS 1.3. -# $1 and $2 contains the server and client command lines, respectively. +# $1 and $2 contain the server and client command lines, respectively. get_tls_version() { case $1 in *tls1_3*|*tls13*) From 8a045ce5e669045c8ef374374d4d3f19ecd5def5 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 23 Dec 2022 11:00:06 -0500 Subject: [PATCH 380/440] Unify PSA to Mbed TLS error translation Move all error translation utilities to psa_util.c. Introduce macros and functions to avoid having a local copy of the error translating function in each place. Identify overlapping errors and introduce a generic function. Provide a single macro for all error translations (unless one file needs a couple of different ones). Signed-off-by: Andrzej Kurek --- include/mbedtls/psa_util.h | 37 ++++++- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/constant_time.c | 7 +- library/ecjpake.c | 7 +- library/hash_info.c | 2 + library/hash_info.h | 6 +- library/lmots.c | 15 ++- library/lmots.h | 5 +- library/lms.c | 10 +- library/pem.c | 9 +- library/pk.c | 17 ++- library/pk_wrap.c | 63 ++++++----- library/pk_wrap.h | 20 ++-- library/pkcs12.c | 9 +- library/pkcs5.c | 8 +- library/psa_util.c | 150 +++++++++++++++++++++++++++ library/rsa.c | 11 +- library/ssl_cookie.c | 28 +++-- library/ssl_misc.h | 4 +- library/ssl_msg.c | 38 ++++--- library/ssl_ticket.c | 18 ++-- library/ssl_tls.c | 22 ++-- library/ssl_tls12_client.c | 11 +- library/ssl_tls12_server.c | 22 ++-- library/ssl_tls13_client.c | 6 +- library/ssl_tls13_generic.c | 13 ++- library/ssl_tls13_keys.c | 40 +++---- tests/suites/test_suite_ssl.function | 26 +++-- 29 files changed, 459 insertions(+), 147 deletions(-) create mode 100644 library/psa_util.c diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index f6070dcba..b0ad310f8 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -344,6 +344,41 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ -#endif /* MBEDTLS_PSA_CRYPTO_C */ +/* PSA errors use int32_t, while Mbed TLS ones use int16_t. psa_status_t + * is enough to store either of them. */ +#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) +extern psa_status_t psa_to_md_errors[8]; +#endif +#if defined(MBEDTLS_LMS_C) +extern psa_status_t psa_to_lms_errors[6]; +#endif + +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +extern psa_status_t psa_to_ssl_errors[14]; +#endif + +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ + defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) +extern psa_status_t psa_to_pk_rsa_errors[16]; +#endif + +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +extern psa_status_t psa_to_pk_ecdsa_errors[14]; +#endif + +int psa_generic_status_to_mbedtls(psa_status_t status); + +int psa_status_to_mbedtls(psa_status_t status, + psa_status_t *local_translations, + size_t local_errors_num, + int (*fallback_f)(psa_status_t)); + +int psa_pk_status_to_mbedtls(psa_status_t status); + +#define PSA_TO_MBEDTLS_ERR_LIST(status, error_list, fallback_f) \ + psa_status_to_mbedtls(status, error_list, sizeof(error_list), fallback_f) + +#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PSA_UTIL_H */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index bef2e1c4b..06b0131db 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -77,6 +77,7 @@ set(src_crypto psa_crypto_slot_management.c psa_crypto_storage.c psa_its_file.c + psa_util.c ripemd160.c rsa.c rsa_alt_helpers.c diff --git a/library/Makefile b/library/Makefile index ed5e1e172..ceb9c0d16 100644 --- a/library/Makefile +++ b/library/Makefile @@ -142,6 +142,7 @@ OBJS_CRYPTO= \ psa_crypto_slot_management.o \ psa_crypto_storage.o \ psa_its_file.o \ + psa_util.o \ ripemd160.o \ rsa.o \ rsa_alt_helpers.o \ diff --git a/library/constant_time.c b/library/constant_time.c index b3bf8744d..552a918f4 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -46,6 +46,11 @@ #endif #include +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) +#endif /* * Define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS where assembly is present to @@ -620,7 +625,7 @@ cleanup: psa_hash_abort(&operation); psa_hash_abort(&aux_operation); - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } #undef MAX_HASH_BLOCK_LENGTH diff --git a/library/ecjpake.c b/library/ecjpake.c index 1a683d569..36c1327bd 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -35,6 +35,11 @@ #if !defined(MBEDTLS_MD_C) #include "psa/crypto.h" #include "mbedtls/psa_util.h" +#if !defined(MBEDTLS_ECJPAKE_ALT) +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_md_errors, \ + psa_generic_status_to_mbedtls) +#endif /* !MBEDTLS_ECJPAKE_ALT */ #endif /* !MBEDTLS_MD_C */ #include "hash_info.h" @@ -72,7 +77,7 @@ static int mbedtls_ecjpake_compute_hash(mbedtls_md_type_t md_type, status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len); - return mbedtls_md_error_from_psa(status); + return PSA_TO_MBEDTLS_ERR(status); #endif /* !MBEDTLS_MD_C */ } diff --git a/library/hash_info.c b/library/hash_info.c index f8b41a5cb..0e445b6cf 100644 --- a/library/hash_info.c +++ b/library/hash_info.c @@ -104,6 +104,7 @@ mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg) return entry->md_type; } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) int mbedtls_md_error_from_psa(psa_status_t status) { switch (status) { @@ -119,3 +120,4 @@ int mbedtls_md_error_from_psa(psa_status_t status) return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } } +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/library/hash_info.h b/library/hash_info.h index 47da934de..f984c8242 100644 --- a/library/hash_info.h +++ b/library/hash_info.h @@ -34,6 +34,7 @@ #include "mbedtls/md.h" #include "psa/crypto.h" +#include "mbedtls/platform_util.h" /** \def MBEDTLS_HASH_MAX_SIZE * @@ -88,12 +89,13 @@ psa_algorithm_t mbedtls_hash_info_psa_from_md(mbedtls_md_type_t md_type); */ mbedtls_md_type_t mbedtls_hash_info_md_from_psa(psa_algorithm_t psa_alg); +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /** Convert PSA status to MD error code. * * \param status PSA status. * * \return The corresponding MD error code, */ -int mbedtls_md_error_from_psa(psa_status_t status); - +int MBEDTLS_DEPRECATED mbedtls_md_error_from_psa(psa_status_t status); +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_HASH_INFO_H */ diff --git a/library/lmots.c b/library/lmots.c index c6b45ed59..4061edde0 100644 --- a/library/lmots.c +++ b/library/lmots.c @@ -41,9 +41,14 @@ #include "mbedtls/lms.h" #include "mbedtls/platform_util.h" #include "mbedtls/error.h" +#include "mbedtls/psa_util.h" #include "psa/crypto.h" +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_lms_errors, \ + psa_generic_status_to_mbedtls) + #define PUBLIC_KEY_TYPE_OFFSET (0) #define PUBLIC_KEY_I_KEY_ID_OFFSET (PUBLIC_KEY_TYPE_OFFSET + \ MBEDTLS_LMOTS_TYPE_LEN) @@ -198,7 +203,7 @@ static int create_digit_array_with_checksum(const mbedtls_lmots_parameters_t *pa exit: psa_hash_abort(&op); - return mbedtls_lms_error_from_psa(status); + return PSA_TO_MBEDTLS_ERR(status); } /* Hash each element of the string of digits (+ checksum), producing a hash @@ -321,7 +326,7 @@ exit: psa_hash_abort(&op); mbedtls_platform_zeroize(tmp_hash, sizeof(tmp_hash)); - return mbedtls_lms_error_from_psa(status); + return PSA_TO_MBEDTLS_ERR(status); } /* Combine the hashes of the digit array into a public key. This is used in @@ -386,9 +391,10 @@ exit: psa_hash_abort(&op); } - return mbedtls_lms_error_from_psa(status); + return PSA_TO_MBEDTLS_ERR(status); } +#if !defined(MBEDTLS_DEPRECATED_REMOVED) int mbedtls_lms_error_from_psa(psa_status_t status) { switch (status) { @@ -406,6 +412,7 @@ int mbedtls_lms_error_from_psa(psa_status_t status) return MBEDTLS_ERR_ERROR_GENERIC_ERROR; } } +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ void mbedtls_lmots_public_init(mbedtls_lmots_public_t *ctx) { @@ -682,7 +689,7 @@ int mbedtls_lmots_generate_private_key(mbedtls_lmots_private_t *ctx, exit: psa_hash_abort(&op); - return mbedtls_lms_error_from_psa(status); + return PSA_TO_MBEDTLS_ERR(status); } int mbedtls_lmots_calculate_public_key(mbedtls_lmots_public_t *ctx, diff --git a/library/lmots.h b/library/lmots.h index deeeacea8..98d1941d5 100644 --- a/library/lmots.h +++ b/library/lmots.h @@ -79,6 +79,7 @@ void mbedtls_lms_unsigned_int_to_network_bytes(unsigned int val, size_t len, unsigned int mbedtls_lms_network_bytes_to_unsigned_int(size_t len, const unsigned char *bytes); +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /** * \brief This function converts a \ref psa_status_t to a * low-level LMS error code. @@ -87,8 +88,8 @@ unsigned int mbedtls_lms_network_bytes_to_unsigned_int(size_t len, * * \return The corresponding LMS error code. */ -int mbedtls_lms_error_from_psa(psa_status_t status); - +int MBEDTLS_DEPRECATED mbedtls_lms_error_from_psa(psa_status_t status); +#endif /** * \brief This function initializes a public LMOTS context diff --git a/library/lms.c b/library/lms.c index 76bcc19af..acc352331 100644 --- a/library/lms.c +++ b/library/lms.c @@ -39,13 +39,17 @@ #include "lmots.h" #include "psa/crypto.h" - +#include "mbedtls/psa_util.h" #include "mbedtls/lms.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include "mbedtls/platform.h" +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_lms_errors, \ + psa_generic_status_to_mbedtls) + #define SIG_Q_LEAF_ID_OFFSET (0) #define SIG_OTS_SIG_OFFSET (SIG_Q_LEAF_ID_OFFSET + \ MBEDTLS_LMOTS_Q_LEAF_ID_LEN) @@ -140,7 +144,7 @@ static int create_merkle_leaf_value(const mbedtls_lms_parameters_t *params, exit: psa_hash_abort(&op); - return mbedtls_lms_error_from_psa(status); + return PSA_TO_MBEDTLS_ERR(status); } /* Calculate the value of an internal node of the Merkle tree (which is a hash @@ -220,7 +224,7 @@ static int create_merkle_internal_value(const mbedtls_lms_parameters_t *params, exit: psa_hash_abort(&op); - return mbedtls_lms_error_from_psa(status); + return PSA_TO_MBEDTLS_ERR(status); } void mbedtls_lms_public_init(mbedtls_lms_public_t *ctx) diff --git a/library/pem.c b/library/pem.c index 8044ed644..9f14052e5 100644 --- a/library/pem.c +++ b/library/pem.c @@ -39,6 +39,13 @@ #include "psa/crypto.h" #endif +#if !defined(MBEDTLS_MD5_C) +#include "mbedtls/psa_util.h" +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_md_errors, \ + psa_generic_status_to_mbedtls) +#endif + #include "mbedtls/legacy_or_psa.h" #if defined(MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \ @@ -236,7 +243,7 @@ static int pem_pbkdf1(unsigned char *key, size_t keylen, exit: mbedtls_platform_zeroize(md5sum, 16); - return mbedtls_md_error_from_psa(status); + return PSA_TO_MBEDTLS_ERR(status); } #endif /* MBEDTLS_MD5_C */ diff --git a/library/pk.c b/library/pk.c index 05afdbc4e..5e18ad298 100644 --- a/library/pk.c +++ b/library/pk.c @@ -41,6 +41,13 @@ #if defined(MBEDTLS_PSA_CRYPTO_C) #include "mbedtls/psa_util.h" +#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status) +#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_pk_rsa_errors, \ + psa_pk_status_to_mbedtls) +#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_pk_ecdsa_errors, \ + psa_pk_status_to_mbedtls) #endif #include @@ -540,7 +547,7 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, &key_id); if (status != PSA_SUCCESS) { psa_destroy_key(key_id); - return mbedtls_pk_error_from_psa(status); + return PSA_PK_TO_MBEDTLS_ERR(status); } /* This function requires returning MBEDTLS_ERR_PK_SIG_LEN_MISMATCH @@ -562,7 +569,7 @@ int mbedtls_pk_verify_ext(mbedtls_pk_type_t type, const void *options, status = destruction_status; } - return mbedtls_pk_error_from_psa_rsa(status); + return PSA_PK_RSA_TO_MBEDTLS_ERR(status); } else #endif { @@ -700,7 +707,7 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type, status = psa_sign_hash(*key, PSA_ALG_RSA_PSS(psa_md_alg), hash, hash_len, sig, sig_size, sig_len); - return mbedtls_pk_error_from_psa_rsa(status); + return PSA_PK_RSA_TO_MBEDTLS_ERR(status); } return mbedtls_pk_psa_rsa_sign_ext(PSA_ALG_RSA_PSS(psa_md_alg), @@ -896,7 +903,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, /* import private key into PSA */ status = psa_import_key(&attributes, d, d_len, key); if (status != PSA_SUCCESS) { - return mbedtls_pk_error_from_psa(status); + return PSA_PK_TO_MBEDTLS_ERR(status); } /* make PK context wrap the key slot */ @@ -936,7 +943,7 @@ int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk, mbedtls_platform_zeroize(buf, sizeof(buf)); if (status != PSA_SUCCESS) { - return mbedtls_pk_error_from_psa(status); + return PSA_PK_TO_MBEDTLS_ERR(status); } /* make PK context wrap the key slot */ diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 45cf807c6..039621044 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -40,9 +40,19 @@ #include "pkwrite.h" #endif +#if defined(MBEDTLS_PSA_CRYPTO_C) +#include "mbedtls/psa_util.h" +#define PSA_PK_TO_MBEDTLS_ERR(status) psa_pk_status_to_mbedtls(status) +#define PSA_PK_RSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_pk_rsa_errors, \ + psa_pk_status_to_mbedtls) +#define PSA_PK_ECDSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_pk_ecdsa_errors, \ + psa_pk_status_to_mbedtls) +#endif + #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "psa/crypto.h" -#include "mbedtls/psa_util.h" #include "hash_info.h" #if defined(MBEDTLS_PK_CAN_ECDSA_SOME) @@ -57,6 +67,7 @@ #include #include +#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(MBEDTLS_PSA_CRYPTO_C) int mbedtls_pk_error_from_psa(psa_status_t status) { @@ -113,11 +124,9 @@ int mbedtls_pk_error_from_psa_rsa(psa_status_t status) } } #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */ - #endif /* MBEDTLS_PSA_CRYPTO_C */ #if defined(MBEDTLS_USE_PSA_CRYPTO) - #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status) { @@ -138,8 +147,8 @@ int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status) } } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_RSA_C) static int rsa_can_do(mbedtls_pk_type_t type) @@ -196,14 +205,14 @@ static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, buf + sizeof(buf) - key_len, key_len, &key_id); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa(status); + ret = PSA_PK_TO_MBEDTLS_ERR(status); goto cleanup; } status = psa_verify_hash(key_id, psa_alg_md, hash, hash_len, sig, sig_len); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa_rsa(status); + ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status); goto cleanup; } ret = 0; @@ -211,7 +220,7 @@ static int rsa_verify_wrap(void *ctx, mbedtls_md_type_t md_alg, cleanup: status = psa_destroy_key(key_id); if (ret == 0 && status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa(status); + ret = PSA_PK_TO_MBEDTLS_ERR(status); } return ret; @@ -289,13 +298,13 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg, buf + sizeof(buf) - key_len, key_len, &key_id); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa(status); + ret = PSA_PK_TO_MBEDTLS_ERR(status); goto cleanup; } status = psa_sign_hash(key_id, alg, hash, hash_len, sig, sig_size, sig_len); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa_rsa(status); + ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status); goto cleanup; } @@ -304,7 +313,7 @@ int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg, cleanup: status = psa_destroy_key(key_id); if (ret == 0 && status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa(status); + ret = PSA_PK_TO_MBEDTLS_ERR(status); } return ret; } @@ -398,7 +407,7 @@ static int rsa_decrypt_wrap(void *ctx, buf + sizeof(buf) - key_len, key_len, &key_id); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa(status); + ret = PSA_PK_TO_MBEDTLS_ERR(status); goto cleanup; } @@ -407,7 +416,7 @@ static int rsa_decrypt_wrap(void *ctx, NULL, 0, output, osize, olen); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa_rsa(status); + ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status); goto cleanup; } @@ -417,7 +426,7 @@ cleanup: mbedtls_platform_zeroize(buf, sizeof(buf)); status = psa_destroy_key(key_id); if (ret == 0 && status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa(status); + ret = PSA_PK_TO_MBEDTLS_ERR(status); } return ret; @@ -484,7 +493,7 @@ static int rsa_encrypt_wrap(void *ctx, buf + sizeof(buf) - key_len, key_len, &key_id); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa(status); + ret = PSA_PK_TO_MBEDTLS_ERR(status); goto cleanup; } @@ -493,7 +502,7 @@ static int rsa_encrypt_wrap(void *ctx, NULL, 0, output, osize, olen); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa_rsa(status); + ret = PSA_PK_RSA_TO_MBEDTLS_ERR(status); goto cleanup; } @@ -502,7 +511,7 @@ static int rsa_encrypt_wrap(void *ctx, cleanup: status = psa_destroy_key(key_id); if (ret == 0 && status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa(status); + ret = PSA_PK_TO_MBEDTLS_ERR(status); } return ret; @@ -716,7 +725,7 @@ static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, buf, key_len, &key_id); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa(status); + ret = PSA_PK_TO_MBEDTLS_ERR(status); goto cleanup; } @@ -737,7 +746,7 @@ static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, hash, hash_len, buf, 2 * signature_part_size); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa_ecdsa(status); + ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); goto cleanup; } @@ -750,7 +759,7 @@ static int ecdsa_verify_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, cleanup: status = psa_destroy_key(key_id); if (ret == 0 && status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa(status); + ret = PSA_PK_TO_MBEDTLS_ERR(status); } return ret; @@ -908,14 +917,14 @@ static int ecdsa_sign_wrap(void *ctx_arg, mbedtls_md_type_t md_alg, buf, key_len, &key_id); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa(status); + ret = PSA_PK_TO_MBEDTLS_ERR(status); goto cleanup; } status = psa_sign_hash(key_id, psa_sig_md, hash, hash_len, sig, sig_size, sig_len); if (status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa_ecdsa(status); + ret = PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); goto cleanup; } @@ -925,7 +934,7 @@ cleanup: mbedtls_platform_zeroize(buf, sizeof(buf)); status = psa_destroy_key(key_id); if (ret == 0 && status != PSA_SUCCESS) { - ret = mbedtls_pk_error_from_psa(status); + ret = PSA_PK_TO_MBEDTLS_ERR(status); } return ret; @@ -1448,7 +1457,7 @@ static int pk_opaque_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, status = psa_get_key_attributes(*key, &attributes); if (status != PSA_SUCCESS) { - return mbedtls_pk_error_from_psa(status); + return PSA_PK_TO_MBEDTLS_ERR(status); } type = psa_get_key_type(&attributes); @@ -1472,15 +1481,15 @@ static int pk_opaque_sign_wrap(void *ctx, mbedtls_md_type_t md_alg, if (status != PSA_SUCCESS) { #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) { - return mbedtls_pk_error_from_psa_ecdsa(status); + return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status); } else #endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */ #if defined(MBEDTLS_RSA_C) if (PSA_KEY_TYPE_IS_RSA(type)) { - return mbedtls_pk_error_from_psa_rsa(status); + return PSA_PK_RSA_TO_MBEDTLS_ERR(status); } else #endif /* MBEDTLS_RSA_C */ - return mbedtls_pk_error_from_psa(status); + return PSA_PK_TO_MBEDTLS_ERR(status); } #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN) @@ -1535,7 +1544,7 @@ static int pk_opaque_rsa_decrypt(void *ctx, NULL, 0, output, osize, olen); if (status != PSA_SUCCESS) { - return mbedtls_pk_error_from_psa_rsa(status); + return PSA_PK_RSA_TO_MBEDTLS_ERR(status); } return 0; diff --git a/library/pk_wrap.h b/library/pk_wrap.h index 7df96089d..c5cd4df15 100644 --- a/library/pk_wrap.h +++ b/library/pk_wrap.h @@ -137,26 +137,30 @@ extern const mbedtls_pk_info_t mbedtls_rsa_alt_info; extern const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info; extern const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info; +#if !defined(MBEDTLS_DEPRECATED_REMOVED) #if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status); +int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_ecdsa(psa_status_t status); +#endif #endif #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_PSA_CRYPTO_C) -int mbedtls_pk_error_from_psa(psa_status_t status); +#if !defined(MBEDTLS_DEPRECATED_REMOVED) +int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa(psa_status_t status); #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) -int mbedtls_pk_error_from_psa_rsa(psa_status_t status); +int MBEDTLS_DEPRECATED mbedtls_pk_error_from_psa_rsa(psa_status_t status); #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */ +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #if defined(MBEDTLS_RSA_C) -int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md, - mbedtls_rsa_context *rsa_ctx, - const unsigned char *hash, size_t hash_len, - unsigned char *sig, size_t sig_size, - size_t *sig_len); +int mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t psa_alg_md, + mbedtls_rsa_context *rsa_ctx, + const unsigned char *hash, size_t hash_len, + unsigned char *sig, size_t sig_size, + size_t *sig_len); #endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/pkcs12.c b/library/pkcs12.c index f5ab742c5..852148394 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -35,6 +35,13 @@ #include +#if !defined(MBEDTLS_MD_C) +#include "mbedtls/psa_util.h" +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_md_errors, \ + psa_generic_status_to_mbedtls) +#endif + #if defined(MBEDTLS_DES_C) #include "mbedtls/des.h" #endif @@ -328,7 +335,7 @@ exit: if (status == PSA_SUCCESS) { status = status_abort; } - return mbedtls_md_error_from_psa(status); + return PSA_TO_MBEDTLS_ERR(status); #endif /* !MBEDTLS_MD_C */ } diff --git a/library/pkcs5.c b/library/pkcs5.c index 4e71dd396..f471b6378 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -47,6 +47,12 @@ #include "hash_info.h" #include "mbedtls/psa_util.h" +#if !defined(MBEDTLS_MD_C) +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_md_errors, \ + psa_generic_status_to_mbedtls) +#endif + #if defined(MBEDTLS_ASN1_PARSE_C) static int pkcs5_parse_pbkdf2_params(const mbedtls_asn1_buf *params, mbedtls_asn1_buf *salt, int *iterations, @@ -452,7 +458,7 @@ cleanup: status = status_destruction; } - return mbedtls_md_error_from_psa(status); + return PSA_TO_MBEDTLS_ERR(status); #endif /* !MBEDTLS_MD_C */ } diff --git a/library/psa_util.c b/library/psa_util.c new file mode 100644 index 000000000..7d0b8a2b1 --- /dev/null +++ b/library/psa_util.c @@ -0,0 +1,150 @@ +/* + * PSA hashing layer on top of Mbed TLS software crypto + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "common.h" + +#if defined(MBEDTLS_PSA_CRYPTO_C) + +#include + +#include "psa_crypto_core.h" +#include +#include +#include +#include +#include + +/* PSA_SUCCESS is kept at the top of each error table since + * it's the most common status when everything functions properly. */ +#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) +psa_status_t psa_to_md_errors[] = +{ + PSA_SUCCESS, 0, + PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE, + PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_MD_BAD_INPUT_DATA, + PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_MD_ALLOC_FAILED +}; +#endif +#if defined(MBEDTLS_LMS_C) +psa_status_t psa_to_lms_errors[] = +{ + PSA_SUCCESS, 0, + PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL, + PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_LMS_BAD_INPUT_DATA +}; +#endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +psa_status_t psa_to_ssl_errors[] = +{ + PSA_SUCCESS, 0, + PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_SSL_ALLOC_FAILED, + PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE, + PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_SSL_INVALID_MAC, + PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_SSL_BAD_INPUT_DATA, + PSA_ERROR_BAD_STATE, MBEDTLS_ERR_SSL_INTERNAL_ERROR, + PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL +}; +#endif + +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ + defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) +psa_status_t psa_to_pk_rsa_errors[] = +{ + PSA_SUCCESS, 0, + PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + PSA_ERROR_INVALID_HANDLE, MBEDTLS_ERR_RSA_BAD_INPUT_DATA, + PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE, + PSA_ERROR_INSUFFICIENT_ENTROPY, MBEDTLS_ERR_RSA_RNG_FAILED, + PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_RSA_VERIFY_FAILED, + PSA_ERROR_INVALID_PADDING, MBEDTLS_ERR_RSA_INVALID_PADDING +}; +#endif + +#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +psa_status_t psa_to_pk_ecdsa_errors[] = +{ + PSA_SUCCESS, 0, + PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + PSA_ERROR_INVALID_HANDLE, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE, + PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL, + PSA_ERROR_INSUFFICIENT_ENTROPY, MBEDTLS_ERR_ECP_RANDOM_FAILED, + PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_ECP_VERIFY_FAILED +}; +#endif + +int psa_generic_status_to_mbedtls(psa_status_t status) +{ + switch (status) { + case PSA_SUCCESS: + return 0; + case PSA_ERROR_NOT_SUPPORTED: + return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; + case PSA_ERROR_CORRUPTION_DETECTED: + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + case PSA_ERROR_COMMUNICATION_FAILURE: + case PSA_ERROR_HARDWARE_FAILURE: + return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + case PSA_ERROR_NOT_PERMITTED: + default: + return MBEDTLS_ERR_ERROR_GENERIC_ERROR; + } +} + +int psa_status_to_mbedtls(psa_status_t status, + psa_status_t *local_translations, + size_t local_errors_size, + int (*fallback_f)(psa_status_t)) +{ + size_t local_errors_num = (size_t) local_errors_size / 2; + for (size_t i = 0; i < local_errors_num; i++) { + if (status == local_translations[2 * i]) { + return local_translations[2 * i + 1]; + } + } + return fallback_f(status); +} + +int psa_pk_status_to_mbedtls(psa_status_t status) +{ + switch (status) { + case PSA_ERROR_INVALID_HANDLE: + return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + case PSA_ERROR_BUFFER_TOO_SMALL: + return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; + case PSA_ERROR_NOT_SUPPORTED: + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + case PSA_ERROR_INVALID_ARGUMENT: + return MBEDTLS_ERR_PK_INVALID_ALG; + case PSA_ERROR_INSUFFICIENT_MEMORY: + return MBEDTLS_ERR_PK_ALLOC_FAILED; + case PSA_ERROR_BAD_STATE: + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + case PSA_ERROR_DATA_CORRUPT: + case PSA_ERROR_DATA_INVALID: + case PSA_ERROR_STORAGE_FAILURE: + return MBEDTLS_ERR_PK_FILE_IO_ERROR; + default: + return psa_generic_status_to_mbedtls(status); + } +} +#endif /* MBEDTLS_PSA_CRYPTO_C */ diff --git a/library/rsa.c b/library/rsa.c index df7d7975c..7159588e7 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -60,7 +60,10 @@ #if !defined(MBEDTLS_MD_C) #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#endif /* MBEDTLS_MD_C */ +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_md_errors, \ + psa_generic_status_to_mbedtls) +#endif /* !MBEDTLS_MD_C */ #endif /* MBEDTLS_PKCS1_V21 */ #include "mbedtls/platform.h" @@ -1156,7 +1159,7 @@ exit: #else psa_hash_abort(&op); - return mbedtls_md_error_from_psa(status); + return PSA_TO_MBEDTLS_ERR(status); #endif } @@ -1236,7 +1239,7 @@ exit: exit: psa_hash_abort(&op); - return mbedtls_md_error_from_psa(status); + return PSA_TO_MBEDTLS_ERR(status); #endif /* !MBEDTLS_MD_C */ } @@ -1269,7 +1272,7 @@ static int compute_hash(mbedtls_md_type_t md_alg, status = psa_hash_compute(alg, input, ilen, output, out_size, &out_len); - return mbedtls_md_error_from_psa(status); + return PSA_TO_MBEDTLS_ERR(status); #endif /* !MBEDTLS_MD_C */ } #endif /* MBEDTLS_PKCS1_V21 */ diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index b7eead402..ef4d1886d 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -37,6 +37,12 @@ #include +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) +#endif + /* * If DTLS is in use, then at least one of SHA-256 or SHA-384 is * available. Try SHA-256 first as 384 wastes resources @@ -126,7 +132,7 @@ int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx, if ((status = psa_generate_key(&attributes, &ctx->psa_hmac_key)) != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -215,26 +221,26 @@ int mbedtls_ssl_cookie_write(void *p_ctx, status = psa_mac_sign_setup(&operation, ctx->psa_hmac_key, ctx->psa_hmac_alg); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto exit; } status = psa_mac_update(&operation, *p - 4, 4); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto exit; } status = psa_mac_update(&operation, cli_id, cli_id_len); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto exit; } status = psa_mac_sign_finish(&operation, *p, COOKIE_MD_OUTLEN, &sign_mac_length); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto exit; } @@ -263,7 +269,7 @@ int mbedtls_ssl_cookie_write(void *p_ctx, exit: status = psa_mac_abort(&operation); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ return ret; @@ -299,27 +305,27 @@ int mbedtls_ssl_cookie_check(void *p_ctx, status = psa_mac_verify_setup(&operation, ctx->psa_hmac_key, ctx->psa_hmac_alg); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto exit; } status = psa_mac_update(&operation, cookie, 4); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto exit; } status = psa_mac_update(&operation, cli_id, cli_id_len); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto exit; } status = psa_mac_verify_finish(&operation, cookie + 4, COOKIE_HMAC_LEN); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto exit; } @@ -374,7 +380,7 @@ exit: #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_mac_abort(&operation); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); } #else mbedtls_platform_zeroize(ref_hmac, sizeof(ref_hmac)); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 7385c6ee3..7d08ef420 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -2514,6 +2514,7 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type psa_key_type_t *key_type, size_t *key_size); +#if !defined(MBEDTLS_DEPRECATED_REMOVED) /** * \brief Convert given PSA status to mbedtls error code. * @@ -2521,7 +2522,7 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type * * \return corresponding mbedtls error code */ -static inline int psa_ssl_status_to_mbedtls(psa_status_t status) +static inline MBEDTLS_DEPRECATED int psa_ssl_status_to_mbedtls(psa_status_t status) { switch (status) { case PSA_SUCCESS: @@ -2542,6 +2543,7 @@ static inline int psa_ssl_status_to_mbedtls(psa_status_t status) return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; } } +#endif /* !MBEDTLS_DEPRECATED_REMOVED */ #endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index d26d95086..1cad58807 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -48,6 +48,12 @@ #include "mbedtls/oid.h" #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) +#endif + static uint32_t ssl_get_hs_total_len(mbedtls_ssl_context const *ssl); /* @@ -879,10 +885,10 @@ int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl, hmac_failed_etm_disabled: mbedtls_platform_zeroize(mac, transform->maclen); #if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); status = psa_mac_abort(&operation); if (ret == 0 && status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ if (ret != 0) { @@ -979,7 +985,7 @@ hmac_failed_etm_disabled: &rec->data_len); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_encrypt_buf", ret); return ret; } @@ -1089,7 +1095,7 @@ hmac_failed_etm_disabled: transform->psa_key_enc, transform->psa_alg); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_encrypt_setup", ret); return ret; } @@ -1097,7 +1103,7 @@ hmac_failed_etm_disabled: status = psa_cipher_set_iv(&cipher_op, transform->iv_enc, transform->ivlen); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret); return ret; @@ -1108,7 +1114,7 @@ hmac_failed_etm_disabled: data, rec->data_len, &olen); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret); return ret; @@ -1119,7 +1125,7 @@ hmac_failed_etm_disabled: &part_len); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret); return ret; @@ -1222,10 +1228,10 @@ hmac_failed_etm_disabled: hmac_failed_etm_enabled: mbedtls_platform_zeroize(mac, transform->maclen); #if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); status = psa_mac_abort(&operation); if (ret == 0 && status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ if (ret != 0) { @@ -1399,7 +1405,7 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, &olen); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_aead_decrypt", ret); return ret; } @@ -1571,10 +1577,10 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, hmac_failed_etm_enabled: #if defined(MBEDTLS_USE_PSA_CRYPTO) - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); status = psa_mac_abort(&operation); if (ret == 0 && status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); } #else mbedtls_platform_zeroize(mac_expect, transform->maclen); @@ -1621,7 +1627,7 @@ hmac_failed_etm_enabled: transform->psa_key_dec, transform->psa_alg); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_decrypt_setup", ret); return ret; } @@ -1629,7 +1635,7 @@ hmac_failed_etm_enabled: status = psa_cipher_set_iv(&cipher_op, transform->iv_dec, transform->ivlen); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_set_iv", ret); return ret; } @@ -1639,7 +1645,7 @@ hmac_failed_etm_enabled: data, rec->data_len, &olen); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_update", ret); return ret; } @@ -1649,7 +1655,7 @@ hmac_failed_etm_enabled: &part_len); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_cipher_finish", ret); return ret; } diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index ba9dbd512..7d07d191f 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -30,6 +30,12 @@ #include +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) +#endif + /* * Initialize context */ @@ -91,7 +97,7 @@ static int ssl_ticket_gen_key(mbedtls_ssl_ticket_context *ctx, psa_set_key_type(&attributes, key->key_type); psa_set_key_bits(&attributes, key->key_bits); - ret = psa_ssl_status_to_mbedtls( + ret = PSA_TO_MBEDTLS_ERR( psa_import_key(&attributes, buf, PSA_BITS_TO_BYTES(key->key_bits), &key->key)); @@ -133,7 +139,7 @@ static int ssl_ticket_update_keys(mbedtls_ssl_ticket_context *ctx) #if defined(MBEDTLS_USE_PSA_CRYPTO) if ((status = psa_destroy_key(ctx->keys[ctx->active].key)) != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -169,7 +175,7 @@ int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, #if defined(MBEDTLS_USE_PSA_CRYPTO) if ((status = psa_destroy_key(key->key)) != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); return ret; } @@ -182,7 +188,7 @@ int mbedtls_ssl_ticket_rotate(mbedtls_ssl_ticket_context *ctx, if ((status = psa_import_key(&attributes, k, PSA_BITS_TO_BYTES(key->key_bits), &key->key)) != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); return ret; } #else @@ -355,7 +361,7 @@ int mbedtls_ssl_ticket_write(void *p_ticket, state, clear_len, state, end - state, &ciph_len)) != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto cleanup; } #else @@ -465,7 +471,7 @@ int mbedtls_ssl_ticket_parse(void *p_ticket, key_name, TICKET_ADD_DATA_LEN, ticket, enc_len + TICKET_AUTH_TAG_BYTES, ticket, enc_len, &clear_len)) != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto cleanup; } #else diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 441089f16..e8f175012 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -52,6 +52,12 @@ #include "mbedtls/oid.h" #endif +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) +#endif + #if defined(MBEDTLS_TEST_HOOKS) static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args; @@ -5759,7 +5765,7 @@ exit: !defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) (void) ssl; #endif - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } #else /* MBEDTLS_USE_PSA_CRYPTO */ @@ -8230,7 +8236,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, &alg, &key_type, &key_bits)) != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", ret); goto end; } @@ -8478,7 +8484,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, PSA_BITS_TO_BYTES(key_bits), &transform->psa_key_enc)) != PSA_SUCCESS) { MBEDTLS_SSL_DEBUG_RET(3, "psa_import_key", (int) status); - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret); goto end; } @@ -8489,7 +8495,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, key2, PSA_BITS_TO_BYTES(key_bits), &transform->psa_key_dec)) != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", ret); goto end; } @@ -8552,7 +8558,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, if ((status = psa_import_key(&attributes, mac_enc, mac_key_len, &transform->psa_mac_enc)) != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret); goto end; } @@ -8573,7 +8579,7 @@ static int ssl_tls12_populate_transform(mbedtls_ssl_transform *transform, if ((status = psa_import_key(&attributes, mac_dec, mac_key_len, &transform->psa_mac_dec)) != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_import_mac_key", ret); goto end; } @@ -8628,7 +8634,7 @@ int mbedtls_psa_ecjpake_read_round( status = psa_pake_input(pake_ctx, step, buf + input_offset, length); if (status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } input_offset += length; @@ -8670,7 +8676,7 @@ int mbedtls_psa_ecjpake_write_round( len - output_offset - 1, &output_len); if (status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } *(buf + output_offset) = (uint8_t) output_len; diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index fc99fdebe..890e9a906 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -33,6 +33,9 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" #include "psa/crypto.h" +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) #endif /* MBEDTLS_USE_PSA_CRYPTO */ #include @@ -2951,7 +2954,7 @@ ecdh_calc_secret: status = psa_generate_key(&key_attributes, &handshake->ecdh_psa_privkey); if (status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } /* Export the public part of the ECDH private key from PSA. @@ -2968,7 +2971,7 @@ ecdh_calc_secret: if (status != PSA_SUCCESS) { psa_destroy_key(handshake->ecdh_psa_privkey); handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } *p = (unsigned char) own_pubkey_len; @@ -3000,9 +3003,9 @@ ecdh_calc_secret: handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; if (status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } else if (destruction_status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(destruction_status); + return PSA_TO_MBEDTLS_ERR(destruction_status); } /* Write the ECDH computation length before the ECDH computation */ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index d5c8b7ce4..0806f7f5c 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -34,6 +34,12 @@ #include +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) +#endif + #if defined(MBEDTLS_ECP_C) #include "mbedtls/ecp.h" #endif @@ -2588,7 +2594,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) &key_attributes); if (status != PSA_SUCCESS) { ssl->handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } ssl->handshake->ecdh_psa_type = psa_get_key_type(&key_attributes); @@ -2635,7 +2641,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl) status = psa_import_key(&key_attributes, buf, key_len, &ssl->handshake->ecdh_psa_privkey); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto cleanup; } @@ -2956,7 +2962,7 @@ curve_matching_done: status = psa_generate_key(&key_attributes, &handshake->ecdh_psa_privkey); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret); return ret; } @@ -2980,7 +2986,7 @@ curve_matching_done: own_pubkey, own_pubkey_max_len, &len); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret); (void) psa_destroy_key(handshake->ecdh_psa_privkey); handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; @@ -3688,7 +3694,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) handshake->premaster, sizeof(handshake->premaster), &handshake->pmslen); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret); if (handshake->ecdh_psa_privkey_is_external == 0) { (void) psa_destroy_key(handshake->ecdh_psa_privkey); @@ -3701,7 +3707,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) status = psa_destroy_key(handshake->ecdh_psa_privkey); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret); return ret; } @@ -3894,9 +3900,9 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl) handshake->ecdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT; if (status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } else if (destruction_status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(destruction_status); + return PSA_TO_MBEDTLS_ERR(destruction_status); } /* Write the ECDH computation length before the ECDH computation */ diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 0dd762ef3..05c736424 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -34,6 +34,10 @@ #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) + /* Write extensions */ /* @@ -188,7 +192,7 @@ static int ssl_tls13_reset_key_share(mbedtls_ssl_context *ssl) /* Destroy generated private key. */ status = psa_destroy_key(ssl->handshake->ecdh_psa_privkey); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret); return ret; } diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f607e364c..512656e34 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -36,6 +36,13 @@ #include "ssl_tls13_keys.h" #include "ssl_debug_helpers.h" +#include "psa/crypto.h" +#include "mbedtls/psa_util.h" + +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) + const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[ MBEDTLS_SERVER_HELLO_RANDOM_LEN] = { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, @@ -1016,7 +1023,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl, verify_hash, sizeof(verify_hash), &verify_hash_len); if (status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len); @@ -1482,7 +1489,7 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( status = psa_generate_key(&key_attributes, &handshake->ecdh_psa_privkey); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_key", ret); return ret; @@ -1493,7 +1500,7 @@ int mbedtls_ssl_tls13_generate_and_write_ecdh_key_exchange( buf, (size_t) (end - buf), &own_pubkey_len); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_export_public_key", ret); return ret; diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index a95d2fd90..6edce50bc 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -35,6 +35,10 @@ #include "psa/crypto.h" +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) + #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ .name = string, @@ -215,7 +219,7 @@ cleanup: abort_status = psa_key_derivation_abort(&operation); status = (status == PSA_SUCCESS ? abort_status : status); mbedtls_platform_zeroize(hkdf_label, hkdf_label_len); - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } MBEDTLS_CHECK_RETURN_CRITICAL @@ -309,7 +313,7 @@ int mbedtls_ssl_tls13_derive_secret( status = psa_hash_compute(hash_alg, ctx, ctx_len, hashed_context, PSA_HASH_LENGTH(hash_alg), &ctx_len); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); return ret; } } else { @@ -416,7 +420,7 @@ int mbedtls_ssl_tls13_evolve_secret( cleanup: abort_status = psa_key_derivation_abort(&operation); status = (status == PSA_SUCCESS ? abort_status : status); - ret = (ret == 0 ? psa_ssl_status_to_mbedtls(status) : ret); + ret = (ret == 0 ? PSA_TO_MBEDTLS_ERR(status) : ret); mbedtls_platform_zeroize(tmp_secret, sizeof(tmp_secret)); return ret; } @@ -740,19 +744,19 @@ static int ssl_tls13_calc_finished_core(psa_algorithm_t hash_alg, status = psa_import_key(&attributes, finished_key, hash_len, &key); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto exit; } status = psa_mac_compute(key, alg, transcript, hash_len, dst, hash_len, dst_len); - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); exit: status = psa_destroy_key(key); if (ret == 0) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); } mbedtls_platform_zeroize(finished_key, sizeof(finished_key)); @@ -1040,8 +1044,8 @@ int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform, &alg, &key_type, &key_bits)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", psa_ssl_status_to_mbedtls(status)); - return psa_ssl_status_to_mbedtls(status); + MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_cipher_to_psa", PSA_TO_MBEDTLS_ERR(status)); + return PSA_TO_MBEDTLS_ERR(status); } transform->psa_alg = alg; @@ -1055,8 +1059,8 @@ int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform, key_enc, PSA_BITS_TO_BYTES(key_bits), &transform->psa_key_enc)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", psa_ssl_status_to_mbedtls(status)); - return psa_ssl_status_to_mbedtls(status); + MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status)); + return PSA_TO_MBEDTLS_ERR(status); } psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); @@ -1065,8 +1069,8 @@ int mbedtls_ssl_tls13_populate_transform(mbedtls_ssl_transform *transform, key_dec, PSA_BITS_TO_BYTES(key_bits), &transform->psa_key_dec)) != PSA_SUCCESS) { - MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", psa_ssl_status_to_mbedtls(status)); - return psa_ssl_status_to_mbedtls(status); + MBEDTLS_SSL_DEBUG_RET(1, "psa_import_key", PSA_TO_MBEDTLS_ERR(status)); + return PSA_TO_MBEDTLS_ERR(status); } } #endif /* MBEDTLS_USE_PSA_CRYPTO */ @@ -1094,7 +1098,7 @@ static int ssl_tls13_get_cipher_key_info( status = mbedtls_ssl_cipher_to_psa(ciphersuite_info->cipher, taglen, &alg, &key_type, &key_bits); if (status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } *key_len = PSA_BITS_TO_BYTES(key_bits); @@ -1467,7 +1471,7 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) status = psa_get_key_attributes(handshake->ecdh_psa_privkey, &key_attributes); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); } shared_secret_len = PSA_BITS_TO_BYTES( @@ -1482,14 +1486,14 @@ static int ssl_tls13_key_schedule_stage_handshake(mbedtls_ssl_context *ssl) handshake->ecdh_psa_peerkey, handshake->ecdh_psa_peerkey_len, shared_secret, shared_secret_len, &shared_secret_len); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_raw_key_agreement", ret); goto cleanup; } status = psa_destroy_key(handshake->ecdh_psa_privkey); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); MBEDTLS_SSL_DEBUG_RET(1, "psa_destroy_key", ret); goto cleanup; } @@ -1826,7 +1830,7 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, status = psa_get_key_attributes(ssl->handshake->psk_opaque, &key_attributes); if (status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } *psk_len = PSA_BITS_TO_BYTES(psa_get_key_bits(&key_attributes)); @@ -1840,7 +1844,7 @@ int mbedtls_ssl_tls13_export_handshake_psk(mbedtls_ssl_context *ssl, if (status != PSA_SUCCESS) { mbedtls_free((void *) *psk); *psk = NULL; - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } return 0; #else diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 15246cb1a..9e37259a7 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -18,6 +18,12 @@ #include #include +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_ssl_errors, \ + psa_generic_status_to_mbedtls) +#endif + #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) @@ -1299,27 +1305,27 @@ static int psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform, transform->psa_key_enc, transform->psa_alg); if (status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } status = psa_cipher_set_iv(&cipher_op, iv, iv_len); if (status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } status = psa_cipher_update(&cipher_op, input, ilen, output, ilen, olen); if (status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } status = psa_cipher_finish(&cipher_op, output + *olen, ilen - *olen, &part_len); if (status != PSA_SUCCESS) { - return psa_ssl_status_to_mbedtls(status); + return PSA_TO_MBEDTLS_ERR(status); } *olen += part_len; @@ -1614,7 +1620,7 @@ static int build_transforms(mbedtls_ssl_transform *t_in, &key_bits); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto cleanup; } @@ -1633,7 +1639,7 @@ static int build_transforms(mbedtls_ssl_transform *t_in, &t_in->psa_key_enc); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto cleanup; } @@ -1643,7 +1649,7 @@ static int build_transforms(mbedtls_ssl_transform *t_in, &t_out->psa_key_enc); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto cleanup; } @@ -1655,7 +1661,7 @@ static int build_transforms(mbedtls_ssl_transform *t_in, &t_in->psa_key_dec); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto cleanup; } @@ -1665,7 +1671,7 @@ static int build_transforms(mbedtls_ssl_transform *t_in, &t_out->psa_key_dec); if (status != PSA_SUCCESS) { - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); goto cleanup; } } @@ -1735,7 +1741,7 @@ static int ssl_tls12_populate_session(mbedtls_ssl_session *session, session->peer_cert_digest, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN, &hash_size); - ret = psa_ssl_status_to_mbedtls(status); + ret = PSA_TO_MBEDTLS_ERR(status); #else ret = mbedtls_md(mbedtls_md_info_from_type( MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE), From ba24138e0ffcc3162a6f0f137b995b5df8bd89a4 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 27 Dec 2022 09:17:33 -0500 Subject: [PATCH 381/440] Duplicate error logic in pk_wrap deprecated functions GCC 4.6+ complains if a deprecated function calls another. Working around this universally would require a lot of preprocessing, this seems to be an easier solution. Copy mbedtls_pk_error_from_psa code without duplicates instead of calling the function. Signed-off-by: Andrzej Kurek --- library/pk_wrap.c | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index 039621044..4d91f22b2 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -119,8 +119,25 @@ int mbedtls_pk_error_from_psa_rsa(psa_status_t status) return MBEDTLS_ERR_RSA_VERIFY_FAILED; case PSA_ERROR_INVALID_PADDING: return MBEDTLS_ERR_RSA_INVALID_PADDING; + case PSA_SUCCESS: + return 0; + case PSA_ERROR_NOT_SUPPORTED: + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + case PSA_ERROR_INSUFFICIENT_MEMORY: + return MBEDTLS_ERR_PK_ALLOC_FAILED; + case PSA_ERROR_BAD_STATE: + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + case PSA_ERROR_COMMUNICATION_FAILURE: + case PSA_ERROR_HARDWARE_FAILURE: + return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + case PSA_ERROR_DATA_CORRUPT: + case PSA_ERROR_DATA_INVALID: + case PSA_ERROR_STORAGE_FAILURE: + return MBEDTLS_ERR_PK_FILE_IO_ERROR; + case PSA_ERROR_CORRUPTION_DETECTED: + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; default: - return mbedtls_pk_error_from_psa(status); + return MBEDTLS_ERR_ERROR_GENERIC_ERROR; } } #endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */ @@ -142,8 +159,25 @@ int mbedtls_pk_error_from_psa_ecdsa(psa_status_t status) return MBEDTLS_ERR_ECP_RANDOM_FAILED; case PSA_ERROR_INVALID_SIGNATURE: return MBEDTLS_ERR_ECP_VERIFY_FAILED; + case PSA_SUCCESS: + return 0; + case PSA_ERROR_NOT_SUPPORTED: + return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; + case PSA_ERROR_INSUFFICIENT_MEMORY: + return MBEDTLS_ERR_PK_ALLOC_FAILED; + case PSA_ERROR_BAD_STATE: + return MBEDTLS_ERR_PK_BAD_INPUT_DATA; + case PSA_ERROR_COMMUNICATION_FAILURE: + case PSA_ERROR_HARDWARE_FAILURE: + return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED; + case PSA_ERROR_DATA_CORRUPT: + case PSA_ERROR_DATA_INVALID: + case PSA_ERROR_STORAGE_FAILURE: + return MBEDTLS_ERR_PK_FILE_IO_ERROR; + case PSA_ERROR_CORRUPTION_DETECTED: + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; default: - return mbedtls_pk_error_from_psa(status); + return MBEDTLS_ERR_ERROR_GENERIC_ERROR; } } #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ From 138b30ac62fde9f222112b9bf3f364f4f4faa5d1 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 28 Feb 2023 10:06:42 -0500 Subject: [PATCH 382/440] Add missing const qualifiers Also improve documentation Signed-off-by: Andrzej Kurek --- include/mbedtls/psa_util.h | 24 +++++++++++++++++------- library/psa_util.c | 12 ++++++------ 2 files changed, 23 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index b0ad310f8..1d9828dfa 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -345,38 +345,48 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ /* PSA errors use int32_t, while Mbed TLS ones use int16_t. psa_status_t - * is enough to store either of them. */ + * is enough to store either of them. The arrays below consist + * of corresponding pairs: [psa_error1, mbedtls_error1, psa_error2, + * mbedtls_error2, ...]*/ #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) -extern psa_status_t psa_to_md_errors[8]; +extern const psa_status_t psa_to_md_errors[8]; #endif #if defined(MBEDTLS_LMS_C) -extern psa_status_t psa_to_lms_errors[6]; +extern const psa_status_t psa_to_lms_errors[6]; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -extern psa_status_t psa_to_ssl_errors[14]; +extern const psa_status_t psa_to_ssl_errors[14]; #endif #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) -extern psa_status_t psa_to_pk_rsa_errors[16]; +extern const psa_status_t psa_to_pk_rsa_errors[16]; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -extern psa_status_t psa_to_pk_ecdsa_errors[14]; +extern const psa_status_t psa_to_pk_ecdsa_errors[14]; #endif +/* Generic fallback function for error translation, + * when the received state was not module-specific. */ int psa_generic_status_to_mbedtls(psa_status_t status); +/* This function iterates over provided local error translations, + * and if no match was found - calls the fallback error translation function. */ int psa_status_to_mbedtls(psa_status_t status, - psa_status_t *local_translations, + const psa_status_t *local_translations, size_t local_errors_num, int (*fallback_f)(psa_status_t)); +/* The second out of three-stage error handling functions of the pk module, + * acts as a fallback after RSA / ECDSA error translation, and if no match + * is found, it itself calls psa_generic_status_to_mbedtls. */ int psa_pk_status_to_mbedtls(psa_status_t status); +/* Utility macro to shorten the defines of error translator in modules. */ #define PSA_TO_MBEDTLS_ERR_LIST(status, error_list, fallback_f) \ psa_status_to_mbedtls(status, error_list, sizeof(error_list), fallback_f) diff --git a/library/psa_util.c b/library/psa_util.c index 7d0b8a2b1..d854e9927 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -34,7 +34,7 @@ /* PSA_SUCCESS is kept at the top of each error table since * it's the most common status when everything functions properly. */ #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) -psa_status_t psa_to_md_errors[] = +const psa_status_t psa_to_md_errors[] = { PSA_SUCCESS, 0, PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE, @@ -43,7 +43,7 @@ psa_status_t psa_to_md_errors[] = }; #endif #if defined(MBEDTLS_LMS_C) -psa_status_t psa_to_lms_errors[] = +const psa_status_t psa_to_lms_errors[] = { PSA_SUCCESS, 0, PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL, @@ -51,7 +51,7 @@ psa_status_t psa_to_lms_errors[] = }; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -psa_status_t psa_to_ssl_errors[] = +const psa_status_t psa_to_ssl_errors[] = { PSA_SUCCESS, 0, PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_SSL_ALLOC_FAILED, @@ -65,7 +65,7 @@ psa_status_t psa_to_ssl_errors[] = #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) -psa_status_t psa_to_pk_rsa_errors[] = +const psa_status_t psa_to_pk_rsa_errors[] = { PSA_SUCCESS, 0, PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_RSA_BAD_INPUT_DATA, @@ -80,7 +80,7 @@ psa_status_t psa_to_pk_rsa_errors[] = #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -psa_status_t psa_to_pk_ecdsa_errors[] = +const psa_status_t psa_to_pk_ecdsa_errors[] = { PSA_SUCCESS, 0, PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_ECP_BAD_INPUT_DATA, @@ -111,7 +111,7 @@ int psa_generic_status_to_mbedtls(psa_status_t status) } int psa_status_to_mbedtls(psa_status_t status, - psa_status_t *local_translations, + const psa_status_t *local_translations, size_t local_errors_size, int (*fallback_f)(psa_status_t)) { From 747ab4ea5e711604a9150212ccf7bc4a21df93c7 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Tue, 28 Feb 2023 10:32:47 -0500 Subject: [PATCH 383/440] Introduce error_pair_t to psa utils This way error handling can be written in a cleaner way. Signed-off-by: Andrzej Kurek --- include/mbedtls/psa_util.h | 21 +++++------ library/psa_util.c | 74 +++++++++++++++++++------------------- 2 files changed, 48 insertions(+), 47 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 1d9828dfa..9c7557cd1 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -344,30 +344,31 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; #endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */ -/* PSA errors use int32_t, while Mbed TLS ones use int16_t. psa_status_t - * is enough to store either of them. The arrays below consist - * of corresponding pairs: [psa_error1, mbedtls_error1, psa_error2, - * mbedtls_error2, ...]*/ +typedef struct { + psa_status_t psa_status; + int16_t mbedtls_error; +} error_pair_t; + #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) -extern const psa_status_t psa_to_md_errors[8]; +extern const error_pair_t psa_to_md_errors[4]; #endif #if defined(MBEDTLS_LMS_C) -extern const psa_status_t psa_to_lms_errors[6]; +extern const error_pair_t psa_to_lms_errors[3]; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -extern const psa_status_t psa_to_ssl_errors[14]; +extern const error_pair_t psa_to_ssl_errors[7]; #endif #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) -extern const psa_status_t psa_to_pk_rsa_errors[16]; +extern const error_pair_t psa_to_pk_rsa_errors[8]; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -extern const psa_status_t psa_to_pk_ecdsa_errors[14]; +extern const error_pair_t psa_to_pk_ecdsa_errors[7]; #endif /* Generic fallback function for error translation, @@ -377,7 +378,7 @@ int psa_generic_status_to_mbedtls(psa_status_t status); /* This function iterates over provided local error translations, * and if no match was found - calls the fallback error translation function. */ int psa_status_to_mbedtls(psa_status_t status, - const psa_status_t *local_translations, + const error_pair_t *local_translations, size_t local_errors_num, int (*fallback_f)(psa_status_t)); diff --git a/library/psa_util.c b/library/psa_util.c index d854e9927..797daa048 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -34,61 +34,61 @@ /* PSA_SUCCESS is kept at the top of each error table since * it's the most common status when everything functions properly. */ #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) -const psa_status_t psa_to_md_errors[] = +const error_pair_t psa_to_md_errors[] = { - PSA_SUCCESS, 0, - PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE, - PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_MD_BAD_INPUT_DATA, - PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_MD_ALLOC_FAILED + { PSA_SUCCESS, 0 }, + { PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE }, + { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_MD_BAD_INPUT_DATA }, + { PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_MD_ALLOC_FAILED } }; #endif #if defined(MBEDTLS_LMS_C) -const psa_status_t psa_to_lms_errors[] = +const error_pair_t psa_to_lms_errors[] = { - PSA_SUCCESS, 0, - PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL, - PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_LMS_BAD_INPUT_DATA + { PSA_SUCCESS, 0 }, + { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL }, + { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_LMS_BAD_INPUT_DATA } }; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -const psa_status_t psa_to_ssl_errors[] = +const error_pair_t psa_to_ssl_errors[] = { - PSA_SUCCESS, 0, - PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_SSL_ALLOC_FAILED, - PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE, - PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_SSL_INVALID_MAC, - PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_SSL_BAD_INPUT_DATA, - PSA_ERROR_BAD_STATE, MBEDTLS_ERR_SSL_INTERNAL_ERROR, - PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL + { PSA_SUCCESS, 0 }, + { PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_SSL_ALLOC_FAILED }, + { PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE }, + { PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_SSL_INVALID_MAC }, + { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_SSL_BAD_INPUT_DATA }, + { PSA_ERROR_BAD_STATE, MBEDTLS_ERR_SSL_INTERNAL_ERROR }, + { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL } }; #endif #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) -const psa_status_t psa_to_pk_rsa_errors[] = +const error_pair_t psa_to_pk_rsa_errors[] = { - PSA_SUCCESS, 0, - PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - PSA_ERROR_INVALID_HANDLE, MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE, - PSA_ERROR_INSUFFICIENT_ENTROPY, MBEDTLS_ERR_RSA_RNG_FAILED, - PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_RSA_VERIFY_FAILED, - PSA_ERROR_INVALID_PADDING, MBEDTLS_ERR_RSA_INVALID_PADDING + { PSA_SUCCESS, 0 }, + { PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_RSA_BAD_INPUT_DATA }, + { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_RSA_BAD_INPUT_DATA }, + { PSA_ERROR_INVALID_HANDLE, MBEDTLS_ERR_RSA_BAD_INPUT_DATA }, + { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE }, + { PSA_ERROR_INSUFFICIENT_ENTROPY, MBEDTLS_ERR_RSA_RNG_FAILED }, + { PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_RSA_VERIFY_FAILED }, + { PSA_ERROR_INVALID_PADDING, MBEDTLS_ERR_RSA_INVALID_PADDING } }; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -const psa_status_t psa_to_pk_ecdsa_errors[] = +const error_pair_t psa_to_pk_ecdsa_errors[] = { - PSA_SUCCESS, 0, - PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - PSA_ERROR_INVALID_HANDLE, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE, - PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL, - PSA_ERROR_INSUFFICIENT_ENTROPY, MBEDTLS_ERR_ECP_RANDOM_FAILED, - PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_ECP_VERIFY_FAILED + { PSA_SUCCESS, 0 }, + { PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_ECP_BAD_INPUT_DATA }, + { PSA_ERROR_INVALID_ARGUMENT, MBEDTLS_ERR_ECP_BAD_INPUT_DATA }, + { PSA_ERROR_INVALID_HANDLE, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE }, + { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL }, + { PSA_ERROR_INSUFFICIENT_ENTROPY, MBEDTLS_ERR_ECP_RANDOM_FAILED }, + { PSA_ERROR_INVALID_SIGNATURE, MBEDTLS_ERR_ECP_VERIFY_FAILED } }; #endif @@ -111,14 +111,14 @@ int psa_generic_status_to_mbedtls(psa_status_t status) } int psa_status_to_mbedtls(psa_status_t status, - const psa_status_t *local_translations, + const error_pair_t *local_translations, size_t local_errors_size, int (*fallback_f)(psa_status_t)) { size_t local_errors_num = (size_t) local_errors_size / 2; for (size_t i = 0; i < local_errors_num; i++) { - if (status == local_translations[2 * i]) { - return local_translations[2 * i + 1]; + if (status == local_translations[i].psa_status) { + return local_translations[i].mbedtls_error; } } return fallback_f(status); From daf5b56b02e25e69e6a3d21aba125e562b08ff25 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 3 Mar 2023 05:52:28 -0500 Subject: [PATCH 384/440] Translate to MD errors in ssl-tls.c With the introduction of #7047, ssl_tls.c uses mbedtls_md_error_from_psa. This complicates the dependencies for compiling in psa_to_md_errors, since now these should be ifdeffed also by MBEDTLS_USE_PSA_CRYPTO followed by a series of or'ed MBEDTLS_HAS_ALG_SHA_XXX_VIA_MD_OR_PSA_BASED_ON_USE_PSA. Since this mechanism will be removed soon, we can simplify it to just MBEDTLS_USE_PSA_CRYPTO. Signed-off-by: Andrzej Kurek --- include/mbedtls/psa_util.h | 2 +- library/psa_util.c | 2 +- library/ssl_tls.c | 31 +++++++++++++++++-------------- 3 files changed, 19 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 9c7557cd1..aa6c4613c 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -349,7 +349,7 @@ typedef struct { int16_t mbedtls_error; } error_pair_t; -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) +#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO) extern const error_pair_t psa_to_md_errors[4]; #endif diff --git a/library/psa_util.c b/library/psa_util.c index 797daa048..f18664e6f 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -33,7 +33,7 @@ /* PSA_SUCCESS is kept at the top of each error table since * it's the most common status when everything functions properly. */ -#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) +#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO) const error_pair_t psa_to_md_errors[] = { { PSA_SUCCESS, 0 }, diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e8f175012..f7357a9cc 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -56,6 +56,9 @@ #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ psa_to_ssl_errors, \ psa_generic_status_to_mbedtls) +#define PSA_TO_MD_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \ + psa_to_md_errors, \ + psa_generic_status_to_mbedtls) #endif #if defined(MBEDTLS_TEST_HOOKS) @@ -838,11 +841,11 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_abort(&ssl->handshake->fin_sha256_psa); if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); + return PSA_TO_MD_ERR(status); } status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256); if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); + return PSA_TO_MD_ERR(status); } #else ret = mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0); @@ -855,11 +858,11 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_abort(&ssl->handshake->fin_sha384_psa); if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); + return PSA_TO_MD_ERR(status); } status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384); if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); + return PSA_TO_MD_ERR(status); } #else ret = mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1); @@ -890,7 +893,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len); if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); + return PSA_TO_MD_ERR(status); } #else ret = mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); @@ -903,7 +906,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_USE_PSA_CRYPTO) status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len); if (status != PSA_SUCCESS) { - return mbedtls_md_error_from_psa(status); + return PSA_TO_MD_ERR(status); } #else ret = mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); @@ -920,8 +923,8 @@ static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - return mbedtls_md_error_from_psa(psa_hash_update( - &ssl->handshake->fin_sha256_psa, buf, len)); + return PSA_TO_MD_ERR(psa_hash_update( + &ssl->handshake->fin_sha256_psa, buf, len)); #else return mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len); #endif @@ -933,8 +936,8 @@ static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len) { #if defined(MBEDTLS_USE_PSA_CRYPTO) - return mbedtls_md_error_from_psa(psa_hash_update( - &ssl->handshake->fin_sha384_psa, buf, len)); + return PSA_TO_MD_ERR(psa_hash_update( + &ssl->handshake->fin_sha384_psa, buf, len)); #else return mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len); #endif @@ -6606,7 +6609,7 @@ int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl, exit: psa_hash_abort(&sha256_psa); - return mbedtls_md_error_from_psa(status); + return PSA_TO_MD_ERR(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha256_context sha256; @@ -6661,7 +6664,7 @@ int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl, exit: psa_hash_abort(&sha384_psa); - return mbedtls_md_error_from_psa(status); + return PSA_TO_MD_ERR(status); #else int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_sha512_context sha512; @@ -7704,7 +7707,7 @@ static int ssl_calc_finished_tls_sha256( exit: #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&sha256_psa); - return mbedtls_md_error_from_psa(status); + return PSA_TO_MD_ERR(status); #else mbedtls_sha256_free(&sha256); return ret; @@ -7788,7 +7791,7 @@ static int ssl_calc_finished_tls_sha384( exit: #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_hash_abort(&sha384_psa); - return mbedtls_md_error_from_psa(status); + return PSA_TO_MD_ERR(status); #else mbedtls_sha512_free(&sha512); return ret; From 270b3f9790367663106ae5ddd6c2dd644c92c698 Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 3 Mar 2023 05:54:13 -0500 Subject: [PATCH 385/440] Rename error_pair_t to mbedtls_error_pair_t Required by our coding standards. Signed-off-by: Andrzej Kurek --- include/mbedtls/psa_util.h | 14 +++++++------- library/psa_util.c | 12 ++++++------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index aa6c4613c..6d5843d01 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -347,28 +347,28 @@ extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state; typedef struct { psa_status_t psa_status; int16_t mbedtls_error; -} error_pair_t; +} mbedtls_error_pair_t; #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO) -extern const error_pair_t psa_to_md_errors[4]; +extern const mbedtls_error_pair_t psa_to_md_errors[4]; #endif #if defined(MBEDTLS_LMS_C) -extern const error_pair_t psa_to_lms_errors[3]; +extern const mbedtls_error_pair_t psa_to_lms_errors[3]; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -extern const error_pair_t psa_to_ssl_errors[7]; +extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; #endif #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) -extern const error_pair_t psa_to_pk_rsa_errors[8]; +extern const mbedtls_error_pair_t psa_to_pk_rsa_errors[8]; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -extern const error_pair_t psa_to_pk_ecdsa_errors[7]; +extern const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[7]; #endif /* Generic fallback function for error translation, @@ -378,7 +378,7 @@ int psa_generic_status_to_mbedtls(psa_status_t status); /* This function iterates over provided local error translations, * and if no match was found - calls the fallback error translation function. */ int psa_status_to_mbedtls(psa_status_t status, - const error_pair_t *local_translations, + const mbedtls_error_pair_t *local_translations, size_t local_errors_num, int (*fallback_f)(psa_status_t)); diff --git a/library/psa_util.c b/library/psa_util.c index f18664e6f..fefeea56d 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -34,7 +34,7 @@ /* PSA_SUCCESS is kept at the top of each error table since * it's the most common status when everything functions properly. */ #if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO) -const error_pair_t psa_to_md_errors[] = +const mbedtls_error_pair_t psa_to_md_errors[] = { { PSA_SUCCESS, 0 }, { PSA_ERROR_NOT_SUPPORTED, MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE }, @@ -43,7 +43,7 @@ const error_pair_t psa_to_md_errors[] = }; #endif #if defined(MBEDTLS_LMS_C) -const error_pair_t psa_to_lms_errors[] = +const mbedtls_error_pair_t psa_to_lms_errors[] = { { PSA_SUCCESS, 0 }, { PSA_ERROR_BUFFER_TOO_SMALL, MBEDTLS_ERR_LMS_BUFFER_TOO_SMALL }, @@ -51,7 +51,7 @@ const error_pair_t psa_to_lms_errors[] = }; #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) -const error_pair_t psa_to_ssl_errors[] = +const mbedtls_error_pair_t psa_to_ssl_errors[] = { { PSA_SUCCESS, 0 }, { PSA_ERROR_INSUFFICIENT_MEMORY, MBEDTLS_ERR_SSL_ALLOC_FAILED }, @@ -65,7 +65,7 @@ const error_pair_t psa_to_ssl_errors[] = #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) || \ defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR) -const error_pair_t psa_to_pk_rsa_errors[] = +const mbedtls_error_pair_t psa_to_pk_rsa_errors[] = { { PSA_SUCCESS, 0 }, { PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_RSA_BAD_INPUT_DATA }, @@ -80,7 +80,7 @@ const error_pair_t psa_to_pk_rsa_errors[] = #if defined(MBEDTLS_USE_PSA_CRYPTO) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -const error_pair_t psa_to_pk_ecdsa_errors[] = +const mbedtls_error_pair_t psa_to_pk_ecdsa_errors[] = { { PSA_SUCCESS, 0 }, { PSA_ERROR_NOT_PERMITTED, MBEDTLS_ERR_ECP_BAD_INPUT_DATA }, @@ -111,7 +111,7 @@ int psa_generic_status_to_mbedtls(psa_status_t status) } int psa_status_to_mbedtls(psa_status_t status, - const error_pair_t *local_translations, + const mbedtls_error_pair_t *local_translations, size_t local_errors_size, int (*fallback_f)(psa_status_t)) { From 6eb73113b184a6935a624aee9de67ccc26140c2d Mon Sep 17 00:00:00 2001 From: Stephan Koch Date: Fri, 3 Mar 2023 17:48:40 +0100 Subject: [PATCH 386/440] Fix codestyle with uncrustify. Signed-off-by: Stephan Koch --- tests/src/psa_exercise_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 6c04c3b54..5f9f767e7 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -778,10 +778,10 @@ int mbedtls_test_psa_exported_key_sanity_check( /* The representation of an ECC Montgomery public key is * the raw compressed point */ TEST_EQUAL(PSA_BITS_TO_BYTES(bits), exported_length); - } else if(PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_TWISTED_EDWARDS) { + } else if (PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_TWISTED_EDWARDS) { /* The representation of an ECC Edwards public key is * the raw compressed point */ - TEST_EQUAL(PSA_BITS_TO_BYTES(bits + 1), exported_length); + TEST_EQUAL(PSA_BITS_TO_BYTES(bits + 1), exported_length); } else { /* The representation of an ECC Weierstrass public key is: * - The byte 0x04; From b0d96a23a9c8af854154929509e2a594bc792827 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 3 Mar 2023 17:06:09 +0000 Subject: [PATCH 387/440] Remove not-needed EABI exclusion Signed-off-by: Dave Rodgman --- library/platform_util.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/platform_util.c b/library/platform_util.c index 4e1af31dc..d525acc84 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -49,8 +49,7 @@ #endif // Detect platforms known to support explicit_bzero() -#if defined(__GLIBC__) && (__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 25) \ - && !defined(__ARM_EABI__) +#if defined(__GLIBC__) && (__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 25) #define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 #elif defined(__FreeBSD__) && (__FreeBSD_version >= 1100037) #define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 From 947cee18a16378c2cb5b9e84f81684a2a1f6ee58 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Mar 2023 11:59:59 +0100 Subject: [PATCH 388/440] Fix memory leak. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The function reset_checksum() can be called more than once with the same handshake context (this happens with DTLS clients, and perhaps in other cases as well). When that happens, we need to free the old MD contexts before setting them up again. Note: the PSA path was already doing the right thing by calling abort, we just needed to do the same on the MD path. Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 9070f208d..8ee1ddc21 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -839,6 +839,8 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) return mbedtls_md_error_from_psa(status); } #else + mbedtls_md_free(&ssl->handshake->fin_sha256); + mbedtls_md_init(&ssl->handshake->fin_sha256); ret = mbedtls_md_setup(&ssl->handshake->fin_sha256, mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), 0); @@ -862,6 +864,8 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl) return mbedtls_md_error_from_psa(status); } #else + mbedtls_md_free(&ssl->handshake->fin_sha384); + mbedtls_md_init(&ssl->handshake->fin_sha384); ret = mbedtls_md_setup(&ssl->handshake->fin_sha384, mbedtls_md_info_from_type(MBEDTLS_MD_SHA384), 0); if (ret != 0) { From 0d1f5be6885737e6dffe570e117e9666f5aa3c12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Mar 2023 13:35:21 +0100 Subject: [PATCH 389/440] Add comment about shared config function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f90c27ea2..70a578398 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2228,7 +2228,13 @@ component_test_psa_crypto_config_accel_ecdh () { make test } -# Auxiliary function to build config for ECDH with and without drivers +# Auxiliary function to build config for ECDH with and without drivers. +# +# This is used by the two following components to ensure they always use the +# same config, except for the use of driver or built-in ECDH: +# - component_test_psa_crypto_config_accel_ecdh_use_psa; +# - component_test_psa_crypto_config_reference_ecdh_use_psa. +# This support comparing their test coverage with analyze_outcomes.py. config_psa_crypto_config_ecdh_use_psa () { DRIVER_ONLY="$1" # start with config full for maximum coverage (also enables USE_PSA) @@ -2240,7 +2246,7 @@ config_psa_crypto_config_ecdh_use_psa () { # Disable the module that's accelerated scripts/config.py unset MBEDTLS_ECDH_C fi - # Disable things that depend on it + # Disable things that depend on it (regardless of driver or built-in) scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED @@ -2296,7 +2302,8 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # ------------- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH" - make test + #make test + tests/ssl-opt.sh # ssl-opt.sh later (probably doesn't pass right now) } From 07d92620d4dba04c7f3a2b1f35c5740ed0b958d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Mar 2023 13:37:21 +0100 Subject: [PATCH 390/440] Fix some message strings and comments in all.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 70a578398..fdf3e2cdc 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2214,7 +2214,7 @@ component_test_psa_crypto_config_accel_ecdh () { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED - # Build the library + # Build the main library loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" @@ -2291,7 +2291,7 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # Use the same config as reference, only without built-in ECDH config_psa_crypto_config_ecdh_use_psa 1 - # Build the library + # Build the main library loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" @@ -2301,7 +2301,7 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # Run the tests # ------------- - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH" + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" #make test tests/ssl-opt.sh @@ -2311,7 +2311,7 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # Keep in sync with component_test_psa_crypto_config_accel_ecdh_use_psa. # Used by tests/scripts/analyze_outcomes.py for comparison purposes. component_test_psa_crypto_config_reference_ecdh_use_psa () { - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECDH + USE_PSA" # To be aligned with the accel component that needs this scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER @@ -2321,7 +2321,7 @@ component_test_psa_crypto_config_reference_ecdh_use_psa () { make - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECDH + USE_PSA" make test # ssl-opt.sh later when the accel component is ready From 23e50b9042a9400da9032a1bab8d51516aefaace Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 6 Mar 2023 14:48:39 +0100 Subject: [PATCH 391/440] ssl-opt: remove redundant ECDSA dependencies in TLS1.3 tests Signed-off-by: Valerio Setti --- tests/opt-testcases/tls13-kex-modes.sh | 3 --- tests/opt-testcases/tls13-misc.sh | 8 -------- 2 files changed, 11 deletions(-) diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh index 84a2c1ab8..974d513d8 100755 --- a/tests/opt-testcases/tls13-kex-modes.sh +++ b/tests/opt-testcases/tls13-kex-modes.sh @@ -2833,7 +2833,6 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3: m->O: ephemeral/all, good" \ "$O_NEXT_SRV -msg -debug -tls1_3 -psk_identity 0a0b0c -psk 010203 -allow_no_dhe_kex" \ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ @@ -3065,7 +3064,6 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3: m->G: ephemeral/all, good" \ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK --pskpasswd=data_files/simplepass.psk" \ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ @@ -3079,7 +3077,6 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3: m->G: ephemeral/ephemeral_all, good" \ "$G_NEXT_SRV -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-KX-ALL:+ECDHE-PSK:+DHE-PSK:-PSK --pskpasswd=data_files/simplepass.psk" \ "$P_CLI debug_level=4 force_version=tls13 psk=010203 psk_identity=0a0b0c tls13_kex_modes=ephemeral" \ diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh index b5535cd3f..46c371fe0 100755 --- a/tests/opt-testcases/tls13-misc.sh +++ b/tests/opt-testcases/tls13-misc.sh @@ -87,7 +87,6 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKET MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Session resumption failure, ticket authentication failed." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=1" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -107,7 +106,6 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKET MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Session resumption failure, ticket expired." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=2" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -127,7 +125,6 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKET MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Session resumption failure, invalid start time." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=3" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -147,7 +144,6 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKET MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Session resumption failure, ticket expired. too old" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=4" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -167,7 +163,6 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKET MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too young." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=5" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -187,7 +182,6 @@ requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_SESSION_TICKET MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->m: Session resumption failure, age outside tolerance window, too old." \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=8 dummy_ticket=6" \ "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ @@ -278,7 +272,6 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_EARLY_DATA requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->G: EarlyData: basic check, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --earlydata --disable-client-cert" \ "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1 reco_delay=900" \ @@ -302,7 +295,6 @@ requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_EARLY_DATA requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -requires_pk_alg ECDSA run_test "TLS 1.3 m->G: EarlyData: no early_data in NewSessionTicket, good" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:+ECDHE-PSK:+PSK --disable-client-cert" \ "$P_CLI debug_level=4 early_data=1 reco_mode=1 reconnect=1" \ From 86393db84da2bdb1ca0dabc702202fa22ef72fa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 6 Mar 2023 16:19:05 +0100 Subject: [PATCH 392/440] Revert local experiment. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This was never meant to be committed here. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fdf3e2cdc..85fd1d847 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2302,8 +2302,7 @@ component_test_psa_crypto_config_accel_ecdh_use_psa () { # ------------- msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH + USE_PSA" - #make test - tests/ssl-opt.sh + make test # ssl-opt.sh later (probably doesn't pass right now) } From 5e33e6f5d4005775de638be9fc5ab42572af94a3 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 6 Mar 2023 16:13:42 +0100 Subject: [PATCH 393/440] Remove unnecessary function override Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/ecp.py | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index e01b80fbc..6440ba05d 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -72,10 +72,6 @@ class EcpP192R1Raw(bignum_common.ModOperationCommon, result = self.int_a % self.int_n return [self.format_result(result)] - @property - def is_valid(self) -> bool: - return True - class EcpP224R1Raw(bignum_common.ModOperationCommon, EcpTarget): """Test cases for ecp quasi_reduction().""" @@ -137,10 +133,6 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon, result = self.int_a % self.int_n return [self.format_result(result)] - @property - def is_valid(self) -> bool: - return True - class EcpP521R1Raw(bignum_common.ModOperationCommon, EcpTarget): """Test cases for ecp quasi_reduction().""" @@ -227,7 +219,3 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon, def result(self) -> List[str]: result = self.int_a % self.int_n return [self.format_result(result)] - - @property - def is_valid(self) -> bool: - return True From d034b3d0d2f2217a31a35ab885a178d235a29929 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 6 Mar 2023 16:15:43 +0100 Subject: [PATCH 394/440] Code style: have two empty lines before and after class definitions Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/ecp.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 6440ba05d..ff31baedc 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -19,11 +19,13 @@ from typing import List from . import test_data_generation from . import bignum_common + class EcpTarget(test_data_generation.BaseTarget): #pylint: disable=abstract-method, too-few-public-methods """Target for ecp test case generation.""" target_basename = 'test_suite_ecp.generated' + class EcpP192R1Raw(bignum_common.ModOperationCommon, EcpTarget): """Test cases for ecp quasi_reduction().""" @@ -72,6 +74,7 @@ class EcpP192R1Raw(bignum_common.ModOperationCommon, result = self.int_a % self.int_n return [self.format_result(result)] + class EcpP224R1Raw(bignum_common.ModOperationCommon, EcpTarget): """Test cases for ecp quasi_reduction().""" @@ -133,6 +136,7 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon, result = self.int_a % self.int_n return [self.format_result(result)] + class EcpP521R1Raw(bignum_common.ModOperationCommon, EcpTarget): """Test cases for ecp quasi_reduction().""" From 97803abd2a85eae144bfdba63229ce0d2e308266 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 6 Mar 2023 16:17:02 +0100 Subject: [PATCH 395/440] Update comment Signed-off-by: Gabor Mezei --- library/ecp_curves.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 8f79880b8..d0d00e367 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5080,7 +5080,7 @@ int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs) RESET; /* Use 2^224 = P + 2^96 - 1 to modulo reduce the final carry */ - SUB_LAST; NEXT; // A0 += -last_c + SUB_LAST; NEXT; // A0 -= last_c ; NEXT; // A1 ; NEXT; // A2 ADD_LAST; NEXT; // A3 += last_c @@ -5088,6 +5088,9 @@ int mbedtls_ecp_mod_p224_raw(mbedtls_mpi_uint *X, size_t X_limbs) ; NEXT; // A5 // A6 + /* The carry reduction cannot generate a carry + * (see commit 73e8553 for details)*/ + LAST; return 0; From 61ef3603ebb23a78dfd5d79509f3a5867c58f1f4 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 6 Mar 2023 16:26:18 +0100 Subject: [PATCH 396/440] Correct the maximum canonical value in tests Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/ecp.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index ff31baedc..556209f46 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -93,8 +93,8 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon, "ffffffffffffffffffffffffffffffff000000000000000000000000", # Maximum canonical P224 multiplication result - ("ffffffffffffffffffffffffffffffffffffffffffffffffffffffff" - "ffffffffffffffffffffffffffffffffffffffffffffffffffffffff"), + ("fffffffffffffffffffffffffffffffe000000000000000000000000" + "00000001000000000000000000000000000000000000000000000000"), # Generate an overflow during reduction ("00000000000000000000000000010000000070000000002000001000" From a2ef6a8e386124432f0465be98c1ae93100225a0 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 6 Mar 2023 16:57:25 +0100 Subject: [PATCH 397/440] The is_valid() function is needed to not filter out test cases Signed-off-by: Gabor Mezei --- scripts/mbedtls_dev/ecp.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/scripts/mbedtls_dev/ecp.py b/scripts/mbedtls_dev/ecp.py index 556209f46..354b23416 100644 --- a/scripts/mbedtls_dev/ecp.py +++ b/scripts/mbedtls_dev/ecp.py @@ -74,6 +74,10 @@ class EcpP192R1Raw(bignum_common.ModOperationCommon, result = self.int_a % self.int_n return [self.format_result(result)] + @property + def is_valid(self) -> bool: + return True + class EcpP224R1Raw(bignum_common.ModOperationCommon, EcpTarget): @@ -136,6 +140,10 @@ class EcpP224R1Raw(bignum_common.ModOperationCommon, result = self.int_a % self.int_n return [self.format_result(result)] + @property + def is_valid(self) -> bool: + return True + class EcpP521R1Raw(bignum_common.ModOperationCommon, EcpTarget): @@ -223,3 +231,7 @@ class EcpP521R1Raw(bignum_common.ModOperationCommon, def result(self) -> List[str]: result = self.int_a % self.int_n return [self.format_result(result)] + + @property + def is_valid(self) -> bool: + return True From e3ef3a15cd472bdad2d57938a4a1a7855a190259 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 27 Feb 2023 10:20:06 +0100 Subject: [PATCH 398/440] Further pake code optimizations Signed-off-by: Przemek Stekiel --- include/psa/crypto_builtin_composites.h | 2 +- library/psa_crypto.c | 78 ++++++++++--------------- library/psa_crypto_pake.c | 35 +++++------ 3 files changed, 48 insertions(+), 67 deletions(-) diff --git a/include/psa/crypto_builtin_composites.h b/include/psa/crypto_builtin_composites.h index f331ec5f4..932c50366 100644 --- a/include/psa/crypto_builtin_composites.h +++ b/include/psa/crypto_builtin_composites.h @@ -208,7 +208,7 @@ typedef struct { union { unsigned int MBEDTLS_PRIVATE(dummy); #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) - mbedtls_ecjpake_context MBEDTLS_PRIVATE(pake); + mbedtls_ecjpake_context MBEDTLS_PRIVATE(jpake); #endif } MBEDTLS_PRIVATE(ctx); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8752bffe5..1611fc9c4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7238,7 +7238,6 @@ psa_status_t psa_pake_setup( const psa_pake_cipher_suite_t *cipher_suite) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; if (operation->stage != PSA_PAKE_OPERATION_STAGE_SETUP) { status = PSA_ERROR_BAD_STATE; @@ -7266,8 +7265,7 @@ psa_status_t psa_pake_setup( computation_stage->input_step = PSA_PAKE_STEP_X1_X2; computation_stage->output_step = PSA_PAKE_STEP_X1_X2; } else -#else -#endif +#endif /* PSA_WANT_ALG_JPAKE */ { status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -7277,8 +7275,8 @@ psa_status_t psa_pake_setup( return PSA_SUCCESS; exit: - abort_status = psa_pake_abort(operation); - return status == PSA_SUCCESS ? abort_status : status; + psa_pake_abort(operation); + return status; } psa_status_t psa_pake_set_password_key( @@ -7287,7 +7285,6 @@ psa_status_t psa_pake_set_password_key( { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; psa_key_slot_t *slot = NULL; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { @@ -7323,15 +7320,12 @@ psa_status_t psa_pake_set_password_key( memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes); operation->data.inputs.password_len = slot->key.bytes; operation->data.inputs.attributes = attributes; - - unlock_status = psa_unlock_key_slot(slot); - - return unlock_status; exit: + if (status != PSA_SUCCESS) { + psa_pake_abort(operation); + } unlock_status = psa_unlock_key_slot(slot); - abort_status = psa_pake_abort(operation); - status = (status == PSA_SUCCESS) ? unlock_status : status; - return (status == PSA_SUCCESS) ? abort_status : status; + return (status == PSA_SUCCESS) ? unlock_status : status; } psa_status_t psa_pake_set_user( @@ -7340,7 +7334,6 @@ psa_status_t psa_pake_set_user( size_t user_id_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; (void) user_id; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { @@ -7355,8 +7348,8 @@ psa_status_t psa_pake_set_user( return PSA_ERROR_NOT_SUPPORTED; exit: - abort_status = psa_pake_abort(operation); - return status == PSA_SUCCESS ? abort_status : status; + psa_pake_abort(operation); + return status; } psa_status_t psa_pake_set_peer( @@ -7365,7 +7358,6 @@ psa_status_t psa_pake_set_peer( size_t peer_id_len) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; (void) peer_id; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { @@ -7380,8 +7372,8 @@ psa_status_t psa_pake_set_peer( return PSA_ERROR_NOT_SUPPORTED; exit: - abort_status = psa_pake_abort(operation); - return status == PSA_SUCCESS ? abort_status : status; + psa_pake_abort(operation); + return status; } psa_status_t psa_pake_set_role( @@ -7389,7 +7381,6 @@ psa_status_t psa_pake_set_role( psa_pake_role_t role) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = PSA_ERROR_BAD_STATE; @@ -7409,8 +7400,8 @@ psa_status_t psa_pake_set_role( return PSA_SUCCESS; exit: - abort_status = psa_pake_abort(operation); - return status == PSA_SUCCESS ? abort_status : status; + psa_pake_abort(operation); + return status; } /* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */ @@ -7477,7 +7468,7 @@ static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_s } return PSA_JPAKE_STEP_INVALID; } -#endif +#endif /* PSA_WANT_ALG_JPAKE */ static psa_status_t psa_pake_complete_inputs( psa_pake_operation_t *operation) @@ -7518,7 +7509,7 @@ static psa_status_t psa_pake_complete_inputs( computation_stage->input_step = PSA_PAKE_STEP_X1_X2; computation_stage->output_step = PSA_PAKE_STEP_X1_X2; } else -#endif +#endif /* PSA_WANT_ALG_JPAKE */ { status = PSA_ERROR_NOT_SUPPORTED; } @@ -7598,9 +7589,7 @@ static psa_status_t psa_jpake_output_prologue( return PSA_SUCCESS; } -#endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t psa_jpake_output_epilogue( psa_pake_operation_t *operation) { @@ -7620,7 +7609,7 @@ static psa_status_t psa_jpake_output_epilogue( return PSA_SUCCESS; } -#endif +#endif /* PSA_WANT_ALG_JPAKE */ psa_status_t psa_pake_output( psa_pake_operation_t *operation, @@ -7630,7 +7619,6 @@ psa_status_t psa_pake_output( size_t *output_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; *output_length = 0; if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { @@ -7658,7 +7646,7 @@ psa_status_t psa_pake_output( goto exit; } break; -#endif +#endif /* PSA_WANT_ALG_JPAKE */ default: (void) step; status = PSA_ERROR_NOT_SUPPORTED; @@ -7675,7 +7663,7 @@ psa_status_t psa_pake_output( #else (void) output; status = PSA_ERROR_NOT_SUPPORTED; -#endif +#endif /* PSA_WANT_ALG_JPAKE */ if (status != PSA_SUCCESS) { goto exit; @@ -7689,7 +7677,7 @@ psa_status_t psa_pake_output( goto exit; } break; -#endif +#endif /* PSA_WANT_ALG_JPAKE */ default: status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -7697,8 +7685,8 @@ psa_status_t psa_pake_output( return PSA_SUCCESS; exit: - abort_status = psa_pake_abort(operation); - return status == PSA_SUCCESS ? abort_status : status; + psa_pake_abort(operation); + return status; } #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) @@ -7780,9 +7768,7 @@ static psa_status_t psa_jpake_input_prologue( return PSA_SUCCESS; } -#endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) static psa_status_t psa_jpake_input_epilogue( psa_pake_operation_t *operation) { @@ -7802,7 +7788,7 @@ static psa_status_t psa_jpake_input_epilogue( return PSA_SUCCESS; } -#endif +#endif /* PSA_WANT_ALG_JPAKE */ psa_status_t psa_pake_input( psa_pake_operation_t *operation, @@ -7811,7 +7797,6 @@ psa_status_t psa_pake_input( size_t input_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; - psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = psa_pake_complete_inputs(operation); @@ -7838,10 +7823,11 @@ psa_status_t psa_pake_input( goto exit; } break; -#endif +#endif /* PSA_WANT_ALG_JPAKE */ default: (void) step; - return PSA_ERROR_NOT_SUPPORTED; + status = PSA_ERROR_NOT_SUPPORTED; + goto exit; } #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) @@ -7853,7 +7839,7 @@ psa_status_t psa_pake_input( #else (void) input; status = PSA_ERROR_NOT_SUPPORTED; -#endif +#endif /* PSA_WANT_ALG_JPAKE */ if (status != PSA_SUCCESS) { goto exit; @@ -7867,7 +7853,7 @@ psa_status_t psa_pake_input( goto exit; } break; -#endif +#endif /* PSA_WANT_ALG_JPAKE */ default: status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -7875,8 +7861,8 @@ psa_status_t psa_pake_input( return PSA_SUCCESS; exit: - abort_status = psa_pake_abort(operation); - return status == PSA_SUCCESS ? abort_status : status; + psa_pake_abort(operation); + return status; } psa_status_t psa_pake_get_implicit_key( @@ -7903,9 +7889,7 @@ psa_status_t psa_pake_get_implicit_key( goto exit; } } else -#else - -#endif +#endif /* PSA_WANT_ALG_JPAKE */ { status = PSA_ERROR_NOT_SUPPORTED; goto exit; @@ -7925,7 +7909,7 @@ psa_status_t psa_pake_get_implicit_key( shared_key, shared_key_len); - mbedtls_platform_zeroize(shared_key, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(shared_key, sizeof(shared_key)); exit: abort_status = psa_pake_abort(operation); return status == PSA_SUCCESS ? abort_status : status; diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 63d08303d..c6f9e895b 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -171,9 +171,9 @@ static psa_status_t psa_pake_ecjpake_setup(mbedtls_psa_pake_operation_t *operati mbedtls_ecjpake_role role = (operation->role == PSA_PAKE_ROLE_CLIENT) ? MBEDTLS_ECJPAKE_CLIENT : MBEDTLS_ECJPAKE_SERVER; - mbedtls_ecjpake_init(&operation->ctx.pake); + mbedtls_ecjpake_init(&operation->ctx.jpake); - ret = mbedtls_ecjpake_setup(&operation->ctx.pake, + ret = mbedtls_ecjpake_setup(&operation->ctx.jpake, role, MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, @@ -295,9 +295,9 @@ static psa_status_t mbedtls_psa_pake_output_internal( if (operation->alg == PSA_ALG_JPAKE) { /* Initialize & write round on KEY_SHARE sequences */ if (step == PSA_JPAKE_X1_STEP_KEY_SHARE) { - ret = mbedtls_ecjpake_write_round_one(&operation->ctx.pake, + ret = mbedtls_ecjpake_write_round_one(&operation->ctx.jpake, operation->buffer, - MBEDTLS_PSA_JPAKE_BUFFER_SIZE, + sizeof(operation->buffer), &operation->buffer_length, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); @@ -307,9 +307,9 @@ static psa_status_t mbedtls_psa_pake_output_internal( operation->buffer_offset = 0; } else if (step == PSA_JPAKE_X2S_STEP_KEY_SHARE) { - ret = mbedtls_ecjpake_write_round_two(&operation->ctx.pake, + ret = mbedtls_ecjpake_write_round_two(&operation->ctx.jpake, operation->buffer, - MBEDTLS_PSA_JPAKE_BUFFER_SIZE, + sizeof(operation->buffer), &operation->buffer_length, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); @@ -359,7 +359,7 @@ static psa_status_t mbedtls_psa_pake_output_internal( /* Reset buffer after ZK_PROOF sequence */ if ((step == PSA_JPAKE_X2_STEP_ZK_PROOF) || (step == PSA_JPAKE_X2S_STEP_ZK_PROOF)) { - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, sizeof(operation->buffer)); operation->buffer_length = 0; operation->buffer_offset = 0; } @@ -446,22 +446,22 @@ static psa_status_t mbedtls_psa_pake_input_internal( /* Load buffer at each last round ZK_PROOF */ if (step == PSA_JPAKE_X2_STEP_ZK_PROOF) { - ret = mbedtls_ecjpake_read_round_one(&operation->ctx.pake, + ret = mbedtls_ecjpake_read_round_one(&operation->ctx.jpake, operation->buffer, operation->buffer_length); - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, sizeof(operation->buffer)); operation->buffer_length = 0; if (ret != 0) { return mbedtls_ecjpake_to_psa_error(ret); } } else if (step == PSA_JPAKE_X4S_STEP_ZK_PROOF) { - ret = mbedtls_ecjpake_read_round_two(&operation->ctx.pake, + ret = mbedtls_ecjpake_read_round_two(&operation->ctx.jpake, operation->buffer, operation->buffer_length); - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, sizeof(operation->buffer)); operation->buffer_length = 0; if (ret != 0) { @@ -499,19 +499,16 @@ psa_status_t mbedtls_psa_pake_get_implicit_key( #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { - ret = mbedtls_ecjpake_write_shared_key(&operation->ctx.pake, - operation->buffer, + ret = mbedtls_ecjpake_write_shared_key(&operation->ctx.jpake, + output, output_size, - &operation->buffer_length, + output_length, mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE); if (ret != 0) { return mbedtls_ecjpake_to_psa_error(ret); } - memcpy(output, operation->buffer, operation->buffer_length); - *output_length = operation->buffer_length; - return PSA_SUCCESS; } else #else @@ -530,10 +527,10 @@ psa_status_t mbedtls_psa_pake_abort(mbedtls_psa_pake_operation_t *operation) #if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { operation->role = PSA_PAKE_ROLE_NONE; - mbedtls_platform_zeroize(operation->buffer, MBEDTLS_PSA_JPAKE_BUFFER_SIZE); + mbedtls_platform_zeroize(operation->buffer, sizeof(operation->buffer)); operation->buffer_length = 0; operation->buffer_offset = 0; - mbedtls_ecjpake_free(&operation->ctx.pake); + mbedtls_ecjpake_free(&operation->ctx.jpake); } #endif From 8c092052bdc81219c976cfee3c3232d1c2b4b849 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 6 Mar 2023 17:49:14 +0000 Subject: [PATCH 399/440] Add public key verification tests Add public key verification tests, and alter test intent comments to make it obvious that verify_hash_interruptible can do public keys as well as private and keypairs. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto.data | 24 +++++++++++++++++++++ tests/suites/test_suite_psa_crypto.function | 11 +++++----- 2 files changed, 30 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index cfcdac102..034087ef6 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4485,6 +4485,18 @@ PSA verify hash with keypair: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" +PSA verify hash: deterministic ECDSA SECP256R1 SHA-256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" + +PSA verify hash: deterministic ECDSA SECP256R1 SHA-384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"dbf3b9a150a2ec12ec4b16ff7d37be2fe354a357cb267af4296ccfda3acca2d796989f63eb192e4c43a7ff0d0b7f493b1334dfb3c32375351debcdd532f41e13" + +PSA verify hash: deterministic ECDSA SECP384R1 SHA-256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"bed412df472eef873fb0839f91a6867d1c6824d4c5781d4b851faa43c7df904d99dbdd28c0d2fd3a4a006e89d34993a120aff166deb4974e96449a7ffe93c66726ad9443b14b87330c86bdde3faff5fd1cbfdc9afe46f8090376f9664cb116b4" + PSA vrfy hash int: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED @@ -4493,6 +4505,18 @@ PSA vrfy hash int w/keypair: ECDSA SECP256R1, good depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED +PSA vrfy hash: det ECDSA SECP256R1 SHA-256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED + +PSA vrfy hash: det ECDSA SECP256R1 SHA-384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"dbf3b9a150a2ec12ec4b16ff7d37be2fe354a357cb267af4296ccfda3acca2d796989f63eb192e4c43a7ff0d0b7f493b1334dfb3c32375351debcdd532f41e13":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED + +PSA vrfy hash: det ECDSA SECP384R1 SHA-256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"bed412df472eef873fb0839f91a6867d1c6824d4c5781d4b851faa43c7df904d99dbdd28c0d2fd3a4a006e89d34993a120aff166deb4974e96449a7ffe93c66726ad9443b14b87330c86bdde3faff5fd1cbfdc9afe46f8090376f9664cb116b4":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED + PSA verify hash: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 182443a5e..231b47fca 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -6479,7 +6479,7 @@ exit: * Note: This test can currently only handle ECDSA. * * 1. Test interruptible sign hash with known outcomes (deterministic ECDSA - * only). + * and private keys / keypairs only). * * 2. Test the number of calls to psa_sign_hash_complete() required are as * expected for different max_ops values. @@ -6870,9 +6870,9 @@ exit: * * Note: This test can currently only handle ECDSA. * - * 1. Test that we can sign an input hash with the given key and then afterwards - * verify that signature. This is currently the only way to test non - * deterministic ECDSA, but this test can also handle deterministic. + * 1. Test that we can sign an input hash with the given keypair and then + * afterwards verify that signature. This is currently the only way to test + * non deterministic ECDSA, but this test can also handle deterministic. * * 2. Test that after corrupting the hash, the verification detects an invalid * signature. @@ -7075,7 +7075,8 @@ exit: * Note: This test can currently only handle ECDSA. * * 1. Test interruptible verify hash with known outcomes (deterministic ECDSA - * only). + * only). Given this test only does verification it can accept public keys as + * well as private keys / keypairs. * * 2. Test the number of calls to psa_verify_hash_complete() required are as * expected for different max_ops values. From 72b4bcac0374b3fa4e4e5ea275dad99dbe06e14f Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 6 Mar 2023 07:50:43 +0000 Subject: [PATCH 400/440] Add invalid size test case for signer info 1(the second one) Signed-off-by: Xiaokang Qian --- tests/data_files/Makefile | 6 ++++++ tests/suites/test_suite_pkcs7.data | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 1b122ee8d..7e394ef5d 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1384,6 +1384,12 @@ pkcs7_signerInfo_2_invalid_tag.der: pkcs7_data_3_signed.der echo 'a1' | xxd -r -p | dd of=$@ bs=1 seek=810 conv=notrunc all_final += pkcs7_signerInfo_2_invalid_tag.der +# pkcs7 signature file with corrupted signer info[1] +pkcs7_data_signed_badsigner1_badsize.der: pkcs7_data_3_signed.der + cp pkcs7_data_3_signed.der $@ + echo '\x72' | xxd -p -r | dd of=$@ bs=1 seek=438 conv=notrunc +all_final += pkcs7_data_signed_badsigner1_badsize.der + # pkcs7 file with version 2 pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der cp pkcs7_data_cert_signed_sha256.der $@ diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index da8146bc1..8dfef6d49 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -30,6 +30,10 @@ PKCS7 Signed Data Parse Fail with corrupted signer info #6 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pkcs7_parse:"data_files/pkcs7_data_signed_badsigner.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +PKCS7 Signed Data Parse Fail with corrupted signer info[1] invalid size #6.1 +depends_on:MBEDTLS_SHA256_C +pkcs7_parse:"data_files/pkcs7_data_signed_badsigner1_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + PKCS7 Signed Data Parse Fail Version other than 1 #7 depends_on:MBEDTLS_SHA256_C pkcs7_parse:"data_files/pkcs7_data_cert_signed_v2.der":MBEDTLS_ERR_PKCS7_INVALID_VERSION From e8c696ffd10579f0f983eb7a7f8146566f14b8cb Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 6 Mar 2023 07:58:14 +0000 Subject: [PATCH 401/440] Add invalid size test case for signer info[2](The third one) Signed-off-by: Xiaokang Qian --- tests/data_files/Makefile | 6 ++++++ tests/suites/test_suite_pkcs7.data | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 7e394ef5d..341ceb07f 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1390,6 +1390,12 @@ pkcs7_data_signed_badsigner1_badsize.der: pkcs7_data_3_signed.der echo '\x72' | xxd -p -r | dd of=$@ bs=1 seek=438 conv=notrunc all_final += pkcs7_data_signed_badsigner1_badsize.der +# pkcs7 signature file with corrupted signer info[2] +pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der + cp pkcs7_data_3_signed.der $@ + echo '\x72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc +all_final += pkcs7_data_signed_badsigner2_badsize + # pkcs7 file with version 2 pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der cp pkcs7_data_cert_signed_sha256.der $@ diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index 8dfef6d49..478bb9d3f 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -34,6 +34,10 @@ PKCS7 Signed Data Parse Fail with corrupted signer info[1] invalid size #6.1 depends_on:MBEDTLS_SHA256_C pkcs7_parse:"data_files/pkcs7_data_signed_badsigner1_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO +PKCS7 Signed Data Parse Fail with corrupted signer info[2] invalid size #6.2 +depends_on:MBEDTLS_SHA256_C +pkcs7_parse:"data_files/pkcs7_data_signed_badsigner2_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + PKCS7 Signed Data Parse Fail Version other than 1 #7 depends_on:MBEDTLS_SHA256_C pkcs7_parse:"data_files/pkcs7_data_cert_signed_v2.der":MBEDTLS_ERR_PKCS7_INVALID_VERSION From 8993a1456712177d326ce029e8c0c2ff99c55463 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 6 Mar 2023 08:32:20 +0000 Subject: [PATCH 402/440] Add unexpected tag cases for signer info 1 and 2 Signed-off-by: Xiaokang Qian --- tests/data_files/Makefile | 10 ++++++++++ tests/suites/test_suite_pkcs7.data | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 341ceb07f..53d5e1dda 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1390,12 +1390,22 @@ pkcs7_data_signed_badsigner1_badsize.der: pkcs7_data_3_signed.der echo '\x72' | xxd -p -r | dd of=$@ bs=1 seek=438 conv=notrunc all_final += pkcs7_data_signed_badsigner1_badsize.der +pkcs7_data_signed_badsigner1_badtag.der: pkcs7_data_3_signed.der + cp pkcs7_data_3_signed.der $@ + echo '\xa1' | xxd -p -r | dd of=$@ bs=1 seek=442 conv=notrunc +all_final += pkcs7_data_signed_badsigner1_badtag.der + # pkcs7 signature file with corrupted signer info[2] pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ echo '\x72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc all_final += pkcs7_data_signed_badsigner2_badsize +pkcs7_data_signed_badsigner2_badtag.der: pkcs7_data_3_signed.der + cp pkcs7_data_3_signed.der $@ + echo '\xa1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc +all_final += pkcs7_data_signed_badsigner2_badtag + # pkcs7 file with version 2 pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der cp pkcs7_data_cert_signed_sha256.der $@ diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index 478bb9d3f..7df4ac862 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -38,6 +38,14 @@ PKCS7 Signed Data Parse Fail with corrupted signer info[2] invalid size #6.2 depends_on:MBEDTLS_SHA256_C pkcs7_parse:"data_files/pkcs7_data_signed_badsigner2_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO +PKCS7 Signed Data Parse Fail with corrupted signer info[1] unexpected tag #6.3 +depends_on:MBEDTLS_SHA256_C +pkcs7_parse:"data_files/pkcs7_data_signed_badsigner1_badtag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) + +PKCS7 Signed Data Parse Fail with corrupted signer info[2] unexpected tag #6.4 +depends_on:MBEDTLS_SHA256_C +pkcs7_parse:"data_files/pkcs7_data_signed_badsigner2_badtag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) + PKCS7 Signed Data Parse Fail Version other than 1 #7 depends_on:MBEDTLS_SHA256_C pkcs7_parse:"data_files/pkcs7_data_cert_signed_v2.der":MBEDTLS_ERR_PKCS7_INVALID_VERSION From 9c703d80ca351513548eaf535f416707dc330a18 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Mon, 6 Mar 2023 08:44:12 +0000 Subject: [PATCH 403/440] Add fuzz bad cases for signer info 1 and 2 Signed-off-by: Xiaokang Qian --- tests/data_files/Makefile | 10 ++++++++++ tests/suites/test_suite_pkcs7.data | 8 ++++++++ 2 files changed, 18 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 53d5e1dda..9df46aa59 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1395,6 +1395,11 @@ pkcs7_data_signed_badsigner1_badtag.der: pkcs7_data_3_signed.der echo '\xa1' | xxd -p -r | dd of=$@ bs=1 seek=442 conv=notrunc all_final += pkcs7_data_signed_badsigner1_badtag.der +pkcs7_data_signed_badsigner1_fuzzbad.der: pkcs7_data_3_signed.der + cp pkcs7_data_3_signed.der $@ + echo '\xa1' | xxd -p -r | dd of=$@ bs=1 seek=550 conv=notrunc +all_final += pkcs7_data_signed_badsigner1_fuzzbad.der + # pkcs7 signature file with corrupted signer info[2] pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ @@ -1406,6 +1411,11 @@ pkcs7_data_signed_badsigner2_badtag.der: pkcs7_data_3_signed.der echo '\xa1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc all_final += pkcs7_data_signed_badsigner2_badtag +pkcs7_data_signed_badsigner2_fuzzbad.der: pkcs7_data_3_signed.der + cp pkcs7_data_3_signed.der $@ + echo '\xa1'| xxd -p -r | dd of=$@ bs=1 seek=925 conv=notrunc +all_final += pkcs7_data_signed_badsigner2_fuzzbad + # pkcs7 file with version 2 pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der cp pkcs7_data_cert_signed_sha256.der $@ diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index 7df4ac862..d7b248f0e 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -46,6 +46,14 @@ PKCS7 Signed Data Parse Fail with corrupted signer info[2] unexpected tag #6.4 depends_on:MBEDTLS_SHA256_C pkcs7_parse:"data_files/pkcs7_data_signed_badsigner2_badtag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) +PKCS7 Signed Data Parse Fail with corrupted signer info[1] fuzz bad #6.5 +depends_on:MBEDTLS_SHA256_C +pkcs7_parse:"data_files/pkcs7_data_signed_badsigner1_fuzzbad.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + +PKCS7 Signed Data Parse Fail with corrupted signer info[2] fuzz bad #6.6 +depends_on:MBEDTLS_SHA256_C +pkcs7_parse:"data_files/pkcs7_data_signed_badsigner2_fuzzbad.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO + PKCS7 Signed Data Parse Fail Version other than 1 #7 depends_on:MBEDTLS_SHA256_C pkcs7_parse:"data_files/pkcs7_data_cert_signed_v2.der":MBEDTLS_ERR_PKCS7_INVALID_VERSION From d2988adb31c2d9c4ff0e0c66e7d96f8b36f431f5 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Tue, 7 Mar 2023 06:17:29 +0000 Subject: [PATCH 404/440] Add rsa dependencies for pkcs7 corrupt signer info cases Signed-off-by: Xiaokang Qian --- tests/suites/test_suite_pkcs7.data | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index d7b248f0e..ffeec498c 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -31,27 +31,27 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pkcs7_parse:"data_files/pkcs7_data_signed_badsigner.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) PKCS7 Signed Data Parse Fail with corrupted signer info[1] invalid size #6.1 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pkcs7_parse:"data_files/pkcs7_data_signed_badsigner1_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail with corrupted signer info[2] invalid size #6.2 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pkcs7_parse:"data_files/pkcs7_data_signed_badsigner2_badsize.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail with corrupted signer info[1] unexpected tag #6.3 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pkcs7_parse:"data_files/pkcs7_data_signed_badsigner1_badtag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) PKCS7 Signed Data Parse Fail with corrupted signer info[2] unexpected tag #6.4 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pkcs7_parse:"data_files/pkcs7_data_signed_badsigner2_badtag.der":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO,MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) PKCS7 Signed Data Parse Fail with corrupted signer info[1] fuzz bad #6.5 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pkcs7_parse:"data_files/pkcs7_data_signed_badsigner1_fuzzbad.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail with corrupted signer info[2] fuzz bad #6.6 -depends_on:MBEDTLS_SHA256_C +depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pkcs7_parse:"data_files/pkcs7_data_signed_badsigner2_fuzzbad.der":MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO PKCS7 Signed Data Parse Fail Version other than 1 #7 From 4dc83d40af813fd7036198248722864c89f56c1f Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 27 Feb 2023 11:49:35 +0100 Subject: [PATCH 405/440] Add check for pake operation buffer overflow Signed-off-by: Przemek Stekiel --- docs/proposed/psa-driver-interface.md | 4 ++++ library/psa_crypto_pake.c | 15 +++++++++++++++ library/psa_crypto_pake.h | 6 ++++++ 3 files changed, 25 insertions(+) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index ac6b8ded7..c00796a49 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -458,6 +458,10 @@ For `PSA_ALG_JPAKE` the following steps are available for input operation: * `PSA_JPAKE_X4S_STEP_ZK_PUBLIC`    Round 2: input Schnorr NIZKP public key for the X4S key * `PSA_JPAKE_X4S_STEP_ZK_PROOF`     Round 2: input Schnorr NIZKP proof for the X4S key +The core has checked that input_length is smaller than PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step) +where primitive is the JPAKE algorithm primitive and step the PSA API level input step. +Thus no risk of integer overflow while checking operation buffer overflow. + ### PAKE driver get implicit key ``` diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index c6f9e895b..538df8744 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -430,11 +430,26 @@ static psa_status_t mbedtls_psa_pake_input_internal( 3, /* named_curve */ 0, 23 /* secp256r1 */ }; + + if (operation->buffer_length + sizeof(ecparameters) > sizeof(operation->buffer)) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + memcpy(operation->buffer + operation->buffer_length, ecparameters, sizeof(ecparameters)); operation->buffer_length += sizeof(ecparameters); } + /* + * The core has checked that input_length is smaller than + * PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step) + * where primitive is the JPAKE algorithm primitive and step + * the PSA API level input step. Thus no risk of integer overflow here. + */ + if (operation->buffer_length + input_length + 1 > sizeof(operation->buffer)) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + /* Write the length byte */ operation->buffer[operation->buffer_length] = (uint8_t) input_length; operation->buffer_length += 1; diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index 9bdcc3387..eb308813e 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -96,6 +96,12 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, * entry point as defined in the PSA driver interface specification for * transparent drivers. * + * \note The core has checked that input_length is smaller than + PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step) + where primitive is the JPAKE algorithm primitive and step + the PSA API level input step. Thus no risk of integer overflow while + checking operation buffer overflow. + * * \param[in,out] operation Active PAKE operation. * \param step The driver step for which the input is provided. * \param[in] input Buffer containing the input in the format From 4aa99403f419ee8b149f2142ee8afe0448794219 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Mon, 27 Feb 2023 13:00:57 +0100 Subject: [PATCH 406/440] Fix configuration for accelerated jpake Signed-off-by: Przemek Stekiel --- include/mbedtls/config_psa.h | 3 ++ include/psa/crypto_extra.h | 2 +- library/psa_crypto.c | 24 +++++----- .../crypto_config_test_driver_extension.h | 8 ++++ tests/scripts/all.sh | 44 +++---------------- ..._suite_psa_crypto_driver_wrappers.function | 2 +- .../test_suite_psa_crypto_pake.function | 6 +-- 7 files changed, 33 insertions(+), 56 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 48b2d3209..f7de6d1e5 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -147,12 +147,15 @@ extern "C" { #endif #if defined(PSA_WANT_ALG_JPAKE) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) #define MBEDTLS_PSA_BUILTIN_PAKE 1 #define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_BIGNUM_C #define MBEDTLS_ECP_C #define MBEDTLS_ECJPAKE_C +#define MBEDTLS_SHA256_C +#endif /* MBEDTLS_PSA_ACCEL_ALG_JPAKE */ #endif /* PSA_WANT_ALG_JPAKE */ #if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 5f86c3f4f..5cf56158f 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -2042,7 +2042,7 @@ struct psa_pake_operation_s { /* Holds computation stage of the PAKE algorithms. */ union { uint8_t MBEDTLS_PRIVATE(dummy); -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) psa_jpake_computation_stage_t MBEDTLS_PRIVATE(jpake); #endif } MBEDTLS_PRIVATE(computation_stage); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1611fc9c4..d7eeead29 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7255,7 +7255,7 @@ psa_status_t psa_pake_setup( operation->alg = cipher_suite->algorithm; operation->data.inputs.cipher_suite = *cipher_suite; -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; @@ -7405,7 +7405,7 @@ exit: } /* Auxiliary function to convert core computation stage(step, sequence, state) to single driver step. */ -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_step( psa_jpake_computation_stage_t *stage) { @@ -7499,7 +7499,7 @@ static psa_status_t psa_pake_complete_inputs( mbedtls_free(inputs.password); if (status == PSA_SUCCESS) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { operation->stage = PSA_PAKE_OPERATION_STAGE_COMPUTATION; psa_jpake_computation_stage_t *computation_stage = @@ -7517,7 +7517,7 @@ static psa_status_t psa_pake_complete_inputs( return status; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) static psa_status_t psa_jpake_output_prologue( psa_pake_operation_t *operation, psa_pake_step_t step) @@ -7639,7 +7639,7 @@ psa_status_t psa_pake_output( } switch (operation->alg) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) case PSA_ALG_JPAKE: status = psa_jpake_output_prologue(operation, step); if (status != PSA_SUCCESS) { @@ -7653,7 +7653,7 @@ psa_status_t psa_pake_output( goto exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) status = psa_driver_wrapper_pake_output(operation, convert_jpake_computation_stage_to_driver_step( &operation->computation_stage.jpake), @@ -7670,7 +7670,7 @@ psa_status_t psa_pake_output( } switch (operation->alg) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) case PSA_ALG_JPAKE: status = psa_jpake_output_epilogue(operation); if (status != PSA_SUCCESS) { @@ -7689,7 +7689,7 @@ exit: return status; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) static psa_status_t psa_jpake_input_prologue( psa_pake_operation_t *operation, psa_pake_step_t step, @@ -7816,7 +7816,7 @@ psa_status_t psa_pake_input( } switch (operation->alg) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) case PSA_ALG_JPAKE: status = psa_jpake_input_prologue(operation, step, input_length); if (status != PSA_SUCCESS) { @@ -7830,7 +7830,7 @@ psa_status_t psa_pake_input( goto exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) status = psa_driver_wrapper_pake_input(operation, convert_jpake_computation_stage_to_driver_step( &operation->computation_stage.jpake), @@ -7846,7 +7846,7 @@ psa_status_t psa_pake_input( } switch (operation->alg) { -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) case PSA_ALG_JPAKE: status = psa_jpake_input_epilogue(operation); if (status != PSA_SUCCESS) { @@ -7879,7 +7879,7 @@ psa_status_t psa_pake_get_implicit_key( goto exit; } -#if defined(MBEDTLS_PSA_BUILTIN_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) if (operation->alg == PSA_ALG_JPAKE) { psa_jpake_computation_stage_t *computation_stage = &operation->computation_stage.jpake; diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index 393d6326e..26c432cde 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -158,6 +158,14 @@ #endif #endif +#if defined(PSA_WANT_ALG_JPAKE) +#if defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) +#undef MBEDTLS_PSA_ACCEL_ALG_JPAKE +#else +#define MBEDTLS_PSA_ACCEL_ALG_JPAKE 1 +#endif +#endif + #if defined(PSA_WANT_KEY_TYPE_AES) #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a2c0cb756..f20a7dc16 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2500,7 +2500,7 @@ component_test_psa_crypto_config_accel_aead () { make test } -component_test_psa_crypto_config_accel_pake () { +component_test_psa_crypto_config_accel_pake() { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" # Start with full @@ -2518,44 +2518,8 @@ component_test_psa_crypto_config_accel_pake () { scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - scripts/config.py unset MBEDTLS_ECJPAKE_C - - # Dynamic secure element support is a deprecated feature and needs to be disabled here. - # This is done to have the same form of psa_key_attributes_s for libdriver and library. - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - - loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - - msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" - tests/ssl-opt.sh -f "ECJPAKE" - - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" - make test -} - -component_test_psa_crypto_config_accel_pake_no_fallback () { - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE - no fallback" - - # Start with full - scripts/config.py full - - # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having - # partial support for cipher operations in the driver test library. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING - - loc_accel_list="ALG_JPAKE" - loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' ) - make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS" - - scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - - scripts/config.py unset MBEDTLS_ECJPAKE_C - # Make build-in fallback not available - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_JPAKE + scripts/config.py unset MBEDTLS_ECJPAKE_C scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED # Dynamic secure element support is a deprecated feature and needs to be disabled here. @@ -2565,7 +2529,9 @@ component_test_psa_crypto_config_accel_pake_no_fallback () { loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE - no fallback" + not grep mbedtls_ecjpake_init library/ecjpake.o + + msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" make test } diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 6522fe5d0..8a4c007ae 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -2976,7 +2976,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void pake_operations(data_t *pw_data, int forced_status_setup_arg, int forced_status_arg, data_t *forced_output, int expected_status_arg, int fut) diff --git a/tests/suites/test_suite_psa_crypto_pake.function b/tests/suites/test_suite_psa_crypto_pake.function index f094eb977..2bed45ac1 100644 --- a/tests/suites/test_suite_psa_crypto_pake.function +++ b/tests/suites/test_suite_psa_crypto_pake.function @@ -909,7 +909,7 @@ void ecjpake_size_macros() } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void pake_input_getters_password() { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); @@ -975,7 +975,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void pake_input_getters_cipher_suite() { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); @@ -1008,7 +1008,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_ALG_SHA_256 */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ void pake_input_getters_role() { psa_pake_cipher_suite_t cipher_suite = psa_pake_cipher_suite_init(); From 57580f2539251d9f77623f72daf05aa700a0f8c6 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 1 Mar 2023 12:21:26 +0100 Subject: [PATCH 407/440] Use proper enum types for pake state/sequence/step Signed-off-by: Przemek Stekiel --- include/psa/crypto_extra.h | 20 ++++++++++---------- library/psa_crypto.c | 14 ++------------ 2 files changed, 12 insertions(+), 22 deletions(-) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 5cf56158f..252eb7439 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -1974,14 +1974,14 @@ struct psa_crypto_driver_pake_inputs_s { psa_pake_cipher_suite_t MBEDTLS_PRIVATE(cipher_suite); }; -enum psa_jpake_step { +typedef enum psa_jpake_step { PSA_PAKE_STEP_INVALID = 0, PSA_PAKE_STEP_X1_X2 = 1, PSA_PAKE_STEP_X2S = 2, PSA_PAKE_STEP_DERIVE = 3, -}; +} psa_jpake_step_t; -enum psa_jpake_state { +typedef enum psa_jpake_state { PSA_PAKE_STATE_INVALID = 0, PSA_PAKE_STATE_SETUP = 1, PSA_PAKE_STATE_READY = 2, @@ -1989,9 +1989,9 @@ enum psa_jpake_state { PSA_PAKE_OUTPUT_X2S = 4, PSA_PAKE_INPUT_X1_X2 = 5, PSA_PAKE_INPUT_X4S = 6, -}; +} psa_jpake_state_t; -enum psa_jpake_sequence { +typedef enum psa_jpake_sequence { PSA_PAKE_SEQ_INVALID = 0, PSA_PAKE_X1_STEP_KEY_SHARE = 1, /* also X2S & X4S KEY_SHARE */ PSA_PAKE_X1_STEP_ZK_PUBLIC = 2, /* also X2S & X4S ZK_PUBLIC */ @@ -2000,7 +2000,7 @@ enum psa_jpake_sequence { PSA_PAKE_X2_STEP_ZK_PUBLIC = 5, PSA_PAKE_X2_STEP_ZK_PROOF = 6, PSA_PAKE_SEQ_END = 7, -}; +} psa_jpake_sequence_t; typedef enum psa_crypto_driver_pake_step { PSA_JPAKE_STEP_INVALID = 0, /* Invalid step */ @@ -2020,10 +2020,10 @@ typedef enum psa_crypto_driver_pake_step { struct psa_jpake_computation_stage_s { - unsigned int MBEDTLS_PRIVATE(state); - unsigned int MBEDTLS_PRIVATE(sequence); - unsigned int MBEDTLS_PRIVATE(input_step); - unsigned int MBEDTLS_PRIVATE(output_step); + psa_jpake_state_t MBEDTLS_PRIVATE(state); + psa_jpake_sequence_t MBEDTLS_PRIVATE(sequence); + psa_jpake_step_t MBEDTLS_PRIVATE(input_step); + psa_jpake_step_t MBEDTLS_PRIVATE(output_step); }; struct psa_pake_operation_s { diff --git a/library/psa_crypto.c b/library/psa_crypto.c index d7eeead29..115e994bb 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7415,22 +7415,16 @@ static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_s switch (stage->sequence) { case PSA_PAKE_X1_STEP_KEY_SHARE: return PSA_JPAKE_X1_STEP_KEY_SHARE; - break; case PSA_PAKE_X1_STEP_ZK_PUBLIC: return PSA_JPAKE_X1_STEP_ZK_PUBLIC; - break; case PSA_PAKE_X1_STEP_ZK_PROOF: return PSA_JPAKE_X1_STEP_ZK_PROOF; - break; case PSA_PAKE_X2_STEP_KEY_SHARE: return PSA_JPAKE_X2_STEP_KEY_SHARE; - break; case PSA_PAKE_X2_STEP_ZK_PUBLIC: return PSA_JPAKE_X2_STEP_ZK_PUBLIC; - break; case PSA_PAKE_X2_STEP_ZK_PROOF: return PSA_JPAKE_X2_STEP_ZK_PROOF; - break; default: return PSA_JPAKE_STEP_INVALID; } @@ -7439,13 +7433,11 @@ static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_s switch (stage->sequence) { case PSA_PAKE_X1_STEP_KEY_SHARE: return PSA_JPAKE_X2S_STEP_KEY_SHARE; - break; case PSA_PAKE_X1_STEP_ZK_PUBLIC: return PSA_JPAKE_X2S_STEP_ZK_PUBLIC; - break; case PSA_PAKE_X1_STEP_ZK_PROOF: return PSA_JPAKE_X2S_STEP_ZK_PROOF; - break; + default: return PSA_JPAKE_STEP_INVALID; } break; @@ -7453,13 +7445,11 @@ static psa_crypto_driver_pake_step_t convert_jpake_computation_stage_to_driver_s switch (stage->sequence) { case PSA_PAKE_X1_STEP_KEY_SHARE: return PSA_JPAKE_X4S_STEP_KEY_SHARE; - break; case PSA_PAKE_X1_STEP_ZK_PUBLIC: return PSA_JPAKE_X4S_STEP_ZK_PUBLIC; - break; case PSA_PAKE_X1_STEP_ZK_PROOF: return PSA_JPAKE_X4S_STEP_ZK_PROOF; - break; + default: return PSA_JPAKE_STEP_INVALID; } break; From c96d2de569e1247f270e919ee0da280d8c319d86 Mon Sep 17 00:00:00 2001 From: Xiaokang Qian Date: Tue, 7 Mar 2023 10:35:47 +0000 Subject: [PATCH 408/440] Update corrupted char for pkcs7 corrupt signer info cases Signed-off-by: Xiaokang Qian --- tests/data_files/Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 9df46aa59..80bdd2573 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1387,33 +1387,33 @@ all_final += pkcs7_signerInfo_2_invalid_tag.der # pkcs7 signature file with corrupted signer info[1] pkcs7_data_signed_badsigner1_badsize.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ - echo '\x72' | xxd -p -r | dd of=$@ bs=1 seek=438 conv=notrunc + echo '72' | xxd -p -r | dd of=$@ bs=1 seek=438 conv=notrunc all_final += pkcs7_data_signed_badsigner1_badsize.der pkcs7_data_signed_badsigner1_badtag.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ - echo '\xa1' | xxd -p -r | dd of=$@ bs=1 seek=442 conv=notrunc + echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=442 conv=notrunc all_final += pkcs7_data_signed_badsigner1_badtag.der pkcs7_data_signed_badsigner1_fuzzbad.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ - echo '\xa1' | xxd -p -r | dd of=$@ bs=1 seek=550 conv=notrunc + echo 'a1' | xxd -p -r | dd of=$@ bs=1 seek=550 conv=notrunc all_final += pkcs7_data_signed_badsigner1_fuzzbad.der # pkcs7 signature file with corrupted signer info[2] pkcs7_data_signed_badsigner2_badsize.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ - echo '\x72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc + echo '72'| xxd -p -r | dd of=$@ bs=1 seek=813 conv=notrunc all_final += pkcs7_data_signed_badsigner2_badsize pkcs7_data_signed_badsigner2_badtag.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ - echo '\xa1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc + echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=817 conv=notrunc all_final += pkcs7_data_signed_badsigner2_badtag pkcs7_data_signed_badsigner2_fuzzbad.der: pkcs7_data_3_signed.der cp pkcs7_data_3_signed.der $@ - echo '\xa1'| xxd -p -r | dd of=$@ bs=1 seek=925 conv=notrunc + echo 'a1'| xxd -p -r | dd of=$@ bs=1 seek=925 conv=notrunc all_final += pkcs7_data_signed_badsigner2_fuzzbad # pkcs7 file with version 2 From 5c8505f061fc8a67b0db7f7ee967a0c39f9f3a39 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 7 Mar 2023 11:39:52 +0000 Subject: [PATCH 409/440] Fix typos Signed-off-by: Tom Cosgrove --- include/mbedtls/mbedtls_config.h | 2 +- library/aesce.c | 2 +- library/bignum_core.h | 4 ++-- library/ecp_curves.c | 2 +- library/pkcs7.c | 2 +- library/sha256.c | 2 +- library/ssl_tls13_client.c | 2 +- programs/ssl/ssl_client2.c | 2 +- 8 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 4814d50f8..68b1e4024 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -705,7 +705,7 @@ * - Changes the behaviour of TLS 1.2 clients (not servers) when using the * ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC * computations restartable: - * - ECDH operations from the key exchange, only for Short Weierstass + * - ECDH operations from the key exchange, only for Short Weierstrass * curves, only when MBEDTLS_USE_PSA_CRYPTO is not enabled. * - verification of the server's key exchange signature; * - verification of the server's certificate chain; diff --git a/library/aesce.c b/library/aesce.c index ee0c8e12c..0f6c323b8 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -39,7 +39,7 @@ #endif #if !defined(__ARM_FEATURE_CRYPTO) -# error "`crypto` feature moddifier MUST be enabled for MBEDTLS_AESCE_C." +# error "`crypto` feature modifier MUST be enabled for MBEDTLS_AESCE_C." # error "Typical option for GCC and Clang is `-march=armv8-a+crypto`." #endif /* !__ARM_FEATURE_CRYPTO */ diff --git a/library/bignum_core.h b/library/bignum_core.h index 4fb8f658c..05bc923d2 100644 --- a/library/bignum_core.h +++ b/library/bignum_core.h @@ -663,7 +663,7 @@ static inline size_t mbedtls_mpi_core_montmul_working_limbs(size_t AN_limbs) * * \p X may be aliased to \p A, but may not otherwise overlap it. * - * \p X may not alias \p N (it is in canonical form, so must be stricly less + * \p X may not alias \p N (it is in canonical form, so must be strictly less * than \p N). Nor may it alias or overlap \p rr (this is unlikely to be * required in practice.) * @@ -702,7 +702,7 @@ void mbedtls_mpi_core_to_mont_rep(mbedtls_mpi_uint *X, * * \p X may be aliased to \p A, but may not otherwise overlap it. * - * \p X may not alias \p N (it is in canonical form, so must be stricly less + * \p X may not alias \p N (it is in canonical form, so must be strictly less * than \p N). * * This function is a thin wrapper around `mbedtls_mpi_core_montmul()` that is diff --git a/library/ecp_curves.c b/library/ecp_curves.c index 81ad73a6f..f60f8b174 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -5403,7 +5403,7 @@ int mbedtls_ecp_mod_p521_raw(mbedtls_mpi_uint *X, size_t X_limbs) addend += (X[P521_WIDTH - 1] >> 9); X[P521_WIDTH - 1] &= P521_MASK; - /* Resuse the top part of X (already zeroed) as a helper array for + /* Reuse the top part of X (already zeroed) as a helper array for * carrying out the addition. */ mbedtls_mpi_uint *addend_arr = X + P521_WIDTH; addend_arr[0] = addend; diff --git a/library/pkcs7.c b/library/pkcs7.c index 010d7066e..d4059d745 100644 --- a/library/pkcs7.c +++ b/library/pkcs7.c @@ -354,7 +354,7 @@ static int pkcs7_get_signer_info(unsigned char **p, unsigned char *end, goto out; } - /* Asssume authenticatedAttributes is nonexistent */ + /* Assume authenticatedAttributes is nonexistent */ ret = pkcs7_get_digest_algorithm(p, end_signer, &signer->sig_alg_identifier); if (ret != 0) { goto out; diff --git a/library/sha256.c b/library/sha256.c index 23cd406c3..605b2b041 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -63,7 +63,7 @@ # pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) # define MBEDTLS_POP_TARGET_PRAGMA # elif defined(__GNUC__) - /* FIXME: GCC-5 annouce crypto extension, but some intrinsic are missed. + /* FIXME: GCC-5 claims crypto extension, but some intrinsic are missed. * Known miss intrinsic can be workaround. */ # if __GNUC__ < 6 diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 0dd762ef3..290c4c6c0 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -1270,7 +1270,7 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl) ssl->session_negotiate->ciphersuite); ssl->handshake->ciphersuite_info = ciphersuite_info; - /* Enable psk and psk_ephermal to make stage early happy */ + /* Enable psk and psk_ephemeral to make stage early happy */ ssl->handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL; diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 03034d117..43e2d127a 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -425,7 +425,7 @@ int main(void) " reconnect=%%d number of reconnections using session resumption\n" \ " default: 0 (disabled)\n" \ " reco_server_name=%%s default: NULL\n" \ - " reco_delay=%%d default: 0 millionseconds\n" \ + " reco_delay=%%d default: 0 milliseconds\n" \ " reco_mode=%%d 0: copy session, 1: serialize session\n" \ " default: 1\n" \ " reconnect_hard=%%d default: 0 (disabled)\n" \ From 503d71769cce845449b2d1690318a69736d746ac Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 7 Mar 2023 12:51:11 +0000 Subject: [PATCH 410/440] Enable explicit_bzero() on OpenBSD Signed-off-by: Tom Cosgrove --- library/platform_util.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/platform_util.c b/library/platform_util.c index d525acc84..6d4759cbb 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -20,9 +20,10 @@ /* * Ensure gmtime_r is available even with -std=c99; must be defined before - * mbedtls_config.h, which pulls in glibc's features.h. Harmless on other platforms. + * mbedtls_config.h, which pulls in glibc's features.h. Harmless on other platforms + * except OpenBSD, where it stops us accessing explicit_bzero. */ -#if !defined(_POSIX_C_SOURCE) +#if !defined(_POSIX_C_SOURCE) && !defined(__OpenBSD__) #define _POSIX_C_SOURCE 200112L #endif @@ -51,7 +52,7 @@ // Detect platforms known to support explicit_bzero() #if defined(__GLIBC__) && (__GLIBC__ >= 2) && (__GLIBC_MINOR__ >= 25) #define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 -#elif defined(__FreeBSD__) && (__FreeBSD_version >= 1100037) +#elif (defined(__FreeBSD__) && (__FreeBSD_version >= 1100037)) || defined(__OpenBSD__) #define MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO 1 #endif From 2f1d967643b7d5cd7e408fa2f77abadb6ded08bd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 7 Mar 2023 18:14:34 +0100 Subject: [PATCH 411/440] ssl: fix included pk header file Signed-off-by: Valerio Setti --- library/ssl_misc.h | 2 +- library/ssl_tls.c | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f9a47670a..549162ce9 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -55,7 +55,7 @@ #include "mbedtls/ecjpake.h" #endif -#include "pk_wrap.h" +#include "mbedtls/pk.h" #include "common.h" /* Shorthand for restartable ECC */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index e1d944c6f..0f7e61b7f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -52,8 +52,6 @@ #include "mbedtls/oid.h" #endif -#include "pk_wrap.h" - #if defined(MBEDTLS_TEST_HOOKS) static mbedtls_ssl_chk_buf_ptr_args chk_buf_ptr_fail_args; From 213c4eae3a654f22663fa42eef1bf940a729cca6 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 7 Mar 2023 19:29:57 +0100 Subject: [PATCH 412/440] ssl-opt: enhance comment for get_tls_version() function Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index eb0ac8645..08d3800b4 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1442,6 +1442,17 @@ do_run_test_once() { # Detect if the current test is going to use TLS 1.3. # $1 and $2 contain the server and client command lines, respectively. +# +# Note: this function only provides some guess about TLS version by simply +# looking at the server/client command lines. Even thought this works +# for the sake of tests' filtering (especially in conjunction with the +# detect_required_features() function), it does NOT guarantee that the +# result is accurate. It does not check other conditions, such as: +# - MBEDTLS_SSL_PROTO_TLS1_x can be disabled to selectively remove +# TLS 1.2/1.3 suppport +# - we can force a ciphersuite which contains "WITH" in its name, meaning +# that we are going to use TLS 1.2 +# - etc etc get_tls_version() { case $1 in *tls1_3*|*tls13*) From 429e90153cc7ad57d22aaa3cc00d2d73f760f4dd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 7 Mar 2023 20:40:04 +0100 Subject: [PATCH 413/440] Improve pip instructions Our build scripts invoke `python3` in preference to `python`, so make the default instruction use `python3`. On many systems (macOS, some Linux), `python` invokes Python 2 which our scripts do not support. Suggest --user by default. It's usually the right thing outside of venvs. Signed-off-by: Gilles Peskine --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f4bf4e142..288e692ba 100644 --- a/README.md +++ b/README.md @@ -61,10 +61,11 @@ The source code of Mbed TLS includes some files that are automatically generated The following tools are required: * Perl, for some library source files and for Visual Studio build files. -* Python 3 and some Python packages, for some library source files, sample programs and test data. To install the necessary packages, run +* Python 3 and some Python packages, for some library source files, sample programs and test data. To install the necessary packages, run: ``` - python -m pip install -r scripts/basic.requirements.txt + python3 -m pip install --user -r scripts/basic.requirements.txt ``` + Depending on your Python installation, you may need to invoke `python` instead of `python3`. To install the packages system-wide, omit the `--user` option. * A C compiler for the host platform, for some test data. If you are cross-compiling, you must set the `CC` environment variable to a C compiler for the host platform when generating the configuration-independent files. From 691e91adac10c9466f0b84f930b72e277440279b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Tue, 7 Mar 2023 16:26:37 +0100 Subject: [PATCH 414/440] Further pake code optimizations Signed-off-by: Przemek Stekiel --- docs/proposed/psa-driver-interface.md | 4 +-- library/psa_crypto.c | 44 ++++++++------------------- library/psa_crypto_pake.c | 10 +++--- library/psa_crypto_pake.h | 6 +--- 4 files changed, 20 insertions(+), 44 deletions(-) diff --git a/docs/proposed/psa-driver-interface.md b/docs/proposed/psa-driver-interface.md index c00796a49..f681ea60e 100644 --- a/docs/proposed/psa-driver-interface.md +++ b/docs/proposed/psa-driver-interface.md @@ -458,9 +458,7 @@ For `PSA_ALG_JPAKE` the following steps are available for input operation: * `PSA_JPAKE_X4S_STEP_ZK_PUBLIC`    Round 2: input Schnorr NIZKP public key for the X4S key * `PSA_JPAKE_X4S_STEP_ZK_PROOF`     Round 2: input Schnorr NIZKP proof for the X4S key -The core has checked that input_length is smaller than PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step) -where primitive is the JPAKE algorithm primitive and step the PSA API level input step. -Thus no risk of integer overflow while checking operation buffer overflow. +The core checks that input_length is smaller than PSA_PAKE_INPUT_MAX_SIZE. ### PAKE driver get implicit key diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 115e994bb..917a9fae6 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -7609,6 +7609,7 @@ psa_status_t psa_pake_output( size_t *output_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_crypto_driver_pake_step_t driver_step = PSA_JPAKE_STEP_INVALID; *output_length = 0; if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { @@ -7635,6 +7636,8 @@ psa_status_t psa_pake_output( if (status != PSA_SUCCESS) { goto exit; } + driver_step = convert_jpake_computation_stage_to_driver_step( + &operation->computation_stage.jpake); break; #endif /* PSA_WANT_ALG_JPAKE */ default: @@ -7643,17 +7646,8 @@ psa_status_t psa_pake_output( goto exit; } -#if defined(PSA_WANT_ALG_JPAKE) - status = psa_driver_wrapper_pake_output(operation, - convert_jpake_computation_stage_to_driver_step( - &operation->computation_stage.jpake), - output, - output_size, - output_length); -#else - (void) output; - status = PSA_ERROR_NOT_SUPPORTED; -#endif /* PSA_WANT_ALG_JPAKE */ + status = psa_driver_wrapper_pake_output(operation, driver_step, + output, output_size, output_length); if (status != PSA_SUCCESS) { goto exit; @@ -7682,8 +7676,7 @@ exit: #if defined(PSA_WANT_ALG_JPAKE) static psa_status_t psa_jpake_input_prologue( psa_pake_operation_t *operation, - psa_pake_step_t step, - size_t input_length) + psa_pake_step_t step) { if (step != PSA_PAKE_STEP_KEY_SHARE && step != PSA_PAKE_STEP_ZK_PUBLIC && @@ -7698,12 +7691,6 @@ static psa_status_t psa_jpake_input_prologue( return PSA_ERROR_BAD_STATE; } - const psa_pake_primitive_t prim = PSA_PAKE_PRIMITIVE( - PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256); - if (input_length > (size_t) PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, prim, step)) { - return PSA_ERROR_INVALID_ARGUMENT; - } - if (computation_stage->state != PSA_PAKE_STATE_READY && computation_stage->state != PSA_PAKE_INPUT_X1_X2 && computation_stage->state != PSA_PAKE_INPUT_X4S) { @@ -7787,6 +7774,7 @@ psa_status_t psa_pake_input( size_t input_length) { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; + psa_crypto_driver_pake_step_t driver_step = PSA_JPAKE_STEP_INVALID; if (operation->stage == PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) { status = psa_pake_complete_inputs(operation); @@ -7800,7 +7788,7 @@ psa_status_t psa_pake_input( goto exit; } - if (input_length == 0) { + if (input_length == 0 || input_length > PSA_PAKE_INPUT_MAX_SIZE) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } @@ -7808,10 +7796,12 @@ psa_status_t psa_pake_input( switch (operation->alg) { #if defined(PSA_WANT_ALG_JPAKE) case PSA_ALG_JPAKE: - status = psa_jpake_input_prologue(operation, step, input_length); + status = psa_jpake_input_prologue(operation, step); if (status != PSA_SUCCESS) { goto exit; } + driver_step = convert_jpake_computation_stage_to_driver_step( + &operation->computation_stage.jpake); break; #endif /* PSA_WANT_ALG_JPAKE */ default: @@ -7820,16 +7810,8 @@ psa_status_t psa_pake_input( goto exit; } -#if defined(PSA_WANT_ALG_JPAKE) - status = psa_driver_wrapper_pake_input(operation, - convert_jpake_computation_stage_to_driver_step( - &operation->computation_stage.jpake), - input, - input_length); -#else - (void) input; - status = PSA_ERROR_NOT_SUPPORTED; -#endif /* PSA_WANT_ALG_JPAKE */ + status = psa_driver_wrapper_pake_input(operation, driver_step, + input, input_length); if (status != PSA_SUCCESS) { goto exit; diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 538df8744..a53718496 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -431,7 +431,8 @@ static psa_status_t mbedtls_psa_pake_input_internal( 0, 23 /* secp256r1 */ }; - if (operation->buffer_length + sizeof(ecparameters) > sizeof(operation->buffer)) { + if (operation->buffer_length + sizeof(ecparameters) > + sizeof(operation->buffer)) { return PSA_ERROR_BUFFER_TOO_SMALL; } @@ -441,10 +442,9 @@ static psa_status_t mbedtls_psa_pake_input_internal( } /* - * The core has checked that input_length is smaller than - * PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step) - * where primitive is the JPAKE algorithm primitive and step - * the PSA API level input step. Thus no risk of integer overflow here. + * The core checks that input_length is smaller than + * PSA_PAKE_INPUT_MAX_SIZE. + * Thus no risk of integer overflow here. */ if (operation->buffer_length + input_length + 1 > sizeof(operation->buffer)) { return PSA_ERROR_BUFFER_TOO_SMALL; diff --git a/library/psa_crypto_pake.h b/library/psa_crypto_pake.h index eb308813e..001c987a4 100644 --- a/library/psa_crypto_pake.h +++ b/library/psa_crypto_pake.h @@ -96,11 +96,7 @@ psa_status_t mbedtls_psa_pake_output(mbedtls_psa_pake_operation_t *operation, * entry point as defined in the PSA driver interface specification for * transparent drivers. * - * \note The core has checked that input_length is smaller than - PSA_PAKE_INPUT_SIZE(PSA_ALG_JPAKE, primitive, step) - where primitive is the JPAKE algorithm primitive and step - the PSA API level input step. Thus no risk of integer overflow while - checking operation buffer overflow. + * \note The core checks that input_length is smaller than PSA_PAKE_INPUT_MAX_SIZE. * * \param[in,out] operation Active PAKE operation. * \param step The driver step for which the input is provided. From 3b2c02821e723ee2e78400d9e70f8cdf3657cf7b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Mar 2023 10:22:29 +0100 Subject: [PATCH 415/440] ssl-opt: return to previous debug level in test This was a leftover from some debug activity that unfortunately ended up in previous commits. Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 08d3800b4..c871dd3ef 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -10266,7 +10266,7 @@ requires_gnutls requires_not_i686 requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ - "$P_SRV dtls=1 debug_level=4 \ + "$P_SRV dtls=1 debug_level=2 \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ mtu=512 force_version=dtls12" \ From ccfad9ae0edb01f12045359cd7a459e33c7312bf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Mar 2023 10:25:05 +0100 Subject: [PATCH 416/440] ssl-opt: remove remaining redundant dependencies There were some dependencies that are now automatically satisfied by the detect_required_features() function. After this check there should be no redundant requirement for: - requires_pk_alg "ECDSA" - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 141 +---------------------------------------------- 1 file changed, 2 insertions(+), 139 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c871dd3ef..5ce2d03c7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -394,7 +394,8 @@ detect_required_features() { esac case "$1" in - *server5*) + *server5*|\ + *server7*) if [ "$3" = "TLS13" ]; then # In case of TLS13 the support for ECDSA is enough requires_pk_alg "ECDSA" @@ -2506,8 +2507,6 @@ run_test "Single supported algorithm sending: mbedtls client" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_SRV_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED requires_hash_alg SHA_256 run_test "Single supported algorithm sending: openssl client" \ @@ -3745,7 +3744,6 @@ run_test "Session resume using tickets: session copy" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Session resume using tickets: openssl server" \ "$O_SRV -tls1_2" \ "$P_CLI debug_level=3 tickets=1 reconnect=1" \ @@ -4056,7 +4054,6 @@ run_test "Session resume using tickets, DTLS: session copy" \ -c "a session has been resumed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Session resume using tickets, DTLS: openssl server" \ "$O_SRV -dtls" \ "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ @@ -4198,7 +4195,6 @@ run_test "Session resume using cache: openssl client" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Session resume using cache: openssl server" \ "$O_SRV -tls1_2" \ "$P_CLI debug_level=3 tickets=0 reconnect=1" \ @@ -4349,7 +4345,6 @@ run_test "Session resume using cache, DTLS: openssl client" \ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_SSL_CACHE_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Session resume using cache, DTLS: openssl server" \ "$O_SRV -dtls" \ "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ @@ -4667,7 +4662,6 @@ requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Max fragment length: gnutls server" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ "$P_CLI debug_level=3 max_frag_len=4096" \ @@ -5096,7 +5090,6 @@ run_test "Renegotiation: nbio, server-initiated" \ requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renegotiation: openssl server, client-initiated" \ "$O_SRV -www -tls1_2" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -5111,7 +5104,6 @@ run_test "Renegotiation: openssl server, client-initiated" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renegotiation: gnutls server strict, client-initiated" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -5126,7 +5118,6 @@ run_test "Renegotiation: gnutls server strict, client-initiated" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -5141,7 +5132,6 @@ run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ @@ -5157,7 +5147,6 @@ run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ @@ -5219,7 +5208,6 @@ run_test "Renegotiation: DTLS, renego_period overflow" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ "$G_SRV -u --mtu 4096" \ "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -5235,7 +5223,6 @@ run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renego ext: gnutls server strict, client default" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3" \ @@ -5246,7 +5233,6 @@ run_test "Renego ext: gnutls server strict, client default" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Renego ext: gnutls server unsafe, client default" \ "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3" \ @@ -5372,7 +5358,6 @@ run_test "Authentication: server badcert, client required" \ -c "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: server badcert, client optional" \ "$P_SRV crt_file=data_files/server5-badsign.crt \ key_file=data_files/server5.key" \ @@ -5593,7 +5578,6 @@ run_test "Authentication: client no cert, server optional" \ -S "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT run_test "Authentication: openssl client no cert, server optional" \ "$P_SRV debug_level=3 auth_mode=optional" \ "$O_CLI" \ @@ -5605,8 +5589,6 @@ run_test "Authentication: openssl client no cert, server optional" \ -S "X509 - Certificate verification failed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication: client no cert, openssl server optional" \ "$O_SRV -verify 10 -tls1_2" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -5618,8 +5600,6 @@ run_test "Authentication: client no cert, openssl server optional" \ -C "! mbedtls_ssl_handshake returned" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Authentication: client no cert, openssl server required" \ "$O_SRV -Verify 10 -tls1_2" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -6567,7 +6547,6 @@ run_test "Not supported version check: cli TLS 1.1" \ -C "Handshake was completed" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Not supported version check: srv max TLS 1.0" \ "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" \ "$P_CLI" \ @@ -6578,7 +6557,6 @@ run_test "Not supported version check: srv max TLS 1.0" \ -C "Protocol is TLSv1.0" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "Not supported version check: srv max TLS 1.1" \ "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1" \ "$P_CLI" \ @@ -9412,7 +9390,6 @@ run_test "DTLS wrong PSK: badmac alert" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: no fragmentation (gnutls server)" \ "$G_SRV -u --mtu 2048 -a" \ "$P_CLI dtls=1 debug_level=2" \ @@ -9422,7 +9399,6 @@ run_test "DTLS reassembly: no fragmentation (gnutls server)" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: some fragmentation (gnutls server)" \ "$G_SRV -u --mtu 512" \ "$P_CLI dtls=1 debug_level=2" \ @@ -9432,7 +9408,6 @@ run_test "DTLS reassembly: some fragmentation (gnutls server)" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: more fragmentation (gnutls server)" \ "$G_SRV -u --mtu 128" \ "$P_CLI dtls=1 debug_level=2" \ @@ -9442,7 +9417,6 @@ run_test "DTLS reassembly: more fragmentation (gnutls server)" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ "$G_SRV -u --mtu 128" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ @@ -9453,7 +9427,6 @@ run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ "$G_SRV -u --mtu 256" \ "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ @@ -9469,7 +9442,6 @@ run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ requires_gnutls requires_config_enabled MBEDTLS_SSL_RENEGOTIATION requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ "$G_SRV -u --mtu 256" \ "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ @@ -9483,7 +9455,6 @@ run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ -s "Extra-header:" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: no fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 2048" \ "$P_CLI dtls=1 debug_level=2" \ @@ -9492,7 +9463,6 @@ run_test "DTLS reassembly: no fragmentation (openssl server)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: some fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 768" \ "$P_CLI dtls=1 debug_level=2" \ @@ -9501,7 +9471,6 @@ run_test "DTLS reassembly: some fragmentation (openssl server)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: more fragmentation (openssl server)" \ "$O_SRV -dtls -mtu 256" \ "$P_CLI dtls=1 debug_level=2" \ @@ -9510,7 +9479,6 @@ run_test "DTLS reassembly: more fragmentation (openssl server)" \ -C "error" requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ "$O_SRV -dtls -mtu 256" \ "$P_CLI dtls=1 nbio=2 debug_level=2" \ @@ -9532,8 +9500,6 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9555,8 +9521,6 @@ run_test "DTLS fragmenting: none (for reference)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9582,8 +9546,6 @@ run_test "DTLS fragmenting: server only (max_frag_len)" \ # `client-initiated, server only (max_frag_len)` below. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9605,8 +9567,6 @@ run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9635,8 +9595,6 @@ run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ # negotiated MFL are sent. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9659,8 +9617,6 @@ run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), pro requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9689,8 +9645,6 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ # negotiated MFL are sent. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -9713,8 +9667,6 @@ run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: none (for reference) (MTU)" \ @@ -9735,8 +9687,6 @@ run_test "DTLS fragmenting: none (for reference) (MTU)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_max_content_len 4096 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: client (MTU)" \ @@ -9757,8 +9707,6 @@ run_test "DTLS fragmenting: client (MTU)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: server (MTU)" \ @@ -9779,8 +9727,6 @@ run_test "DTLS fragmenting: server (MTU)" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: both (MTU=1024)" \ @@ -9885,8 +9831,6 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ @@ -9940,8 +9884,6 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ not_with_valgrind # spurious autoreduction due to timeout requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_max_content_len 2048 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ @@ -10239,7 +10181,6 @@ run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ # pleases other implementations, so we don't need the peer to fragment requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_gnutls requires_max_content_len 2048 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ @@ -10261,7 +10202,6 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ # GnuTLS continue the connection nonetheless. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_gnutls requires_not_i686 requires_max_content_len 2048 @@ -10276,7 +10216,6 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT requires_max_content_len 2048 run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ "$O_SRV -dtls1_2 -verify 10" \ @@ -10290,8 +10229,6 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" requires_max_content_len 2048 run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ "$P_SRV dtls=1 debug_level=2 \ @@ -10309,7 +10246,6 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ @@ -10326,7 +10262,6 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ @@ -10344,7 +10279,6 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ requires_openssl_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ @@ -10363,8 +10297,6 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ skip_next_test requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT -requires_pk_alg "ECDSA" client_needs_more_time 4 requires_max_content_len 2048 run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ @@ -10632,7 +10564,6 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP all profiles supported. openssl server" \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10646,7 +10577,6 @@ run_test "DTLS-SRTP all profiles supported. openssl server" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10660,7 +10590,6 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -10674,7 +10603,6 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10688,7 +10616,6 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -10702,7 +10629,6 @@ run_test "DTLS-SRTP server and Client support only one matching profile. openss requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ @@ -10716,7 +10642,6 @@ run_test "DTLS-SRTP server and Client support only one different profile. opens requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \ "$O_SRV -dtls" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10730,7 +10655,6 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \ "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ @@ -10844,7 +10768,6 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP all profiles supported. gnutls server" \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10859,7 +10782,6 @@ run_test "DTLS-SRTP all profiles supported. gnutls server" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10874,7 +10796,6 @@ run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -10889,7 +10810,6 @@ run_test "DTLS-SRTP server supports all profiles. Client supports one profile. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10904,7 +10824,6 @@ run_test "DTLS-SRTP server supports one profile. Client supports all profiles. requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server and Client support only one matching profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ @@ -10919,7 +10838,6 @@ run_test "DTLS-SRTP server and Client support only one matching profile. gnutls requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ @@ -10934,7 +10852,6 @@ run_test "DTLS-SRTP server and Client support only one different profile. gnutl requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ "$G_SRV -u" \ "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ @@ -10949,7 +10866,6 @@ run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ requires_config_enabled MBEDTLS_SSL_DTLS_SRTP requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ @@ -11461,7 +11377,6 @@ requires_openssl_next client_needs_more_time 6 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS proxy: 3d, openssl server" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_NEXT_SRV -dtls1_2 -mtu 2048" \ @@ -11473,7 +11388,6 @@ requires_openssl_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS proxy: 3d, openssl server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_NEXT_SRV -dtls1_2 -mtu 768" \ @@ -11485,7 +11399,6 @@ requires_openssl_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ "$O_NEXT_SRV -dtls1_2 -mtu 768" \ @@ -11497,7 +11410,6 @@ requires_gnutls client_needs_more_time 6 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS proxy: 3d, gnutls server" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_SRV -u --mtu 2048 -a" \ @@ -11510,7 +11422,6 @@ requires_gnutls_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_NEXT_SRV -u --mtu 512" \ @@ -11523,7 +11434,6 @@ requires_gnutls_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$G_NEXT_SRV -u --mtu 512" \ @@ -11568,7 +11478,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: minimal feature sets - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=3" \ @@ -11602,7 +11511,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: minimal feature sets - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=3" \ @@ -11637,7 +11545,6 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_ALPN requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: alpn - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \ "$P_CLI debug_level=3 alpn=h2" \ @@ -11673,7 +11580,6 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_ALPN requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: alpn - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \ "$P_CLI debug_level=3 alpn=h2" \ @@ -11708,7 +11614,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_ALPN requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: server alpn - openssl" \ "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 alpn=h2" \ "$O_NEXT_CLI -msg -tls1_3 -no_middlebox -alpn h2" \ @@ -11724,7 +11629,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_ALPN requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: server alpn - gnutls" \ "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 alpn=h2" \ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V --alpn h2" \ @@ -11822,7 +11726,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, no client certificate - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \ "$P_CLI debug_level=4 crt_file=none key_file=none" \ @@ -11839,7 +11742,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \ "$P_CLI debug_level=3 crt_file=none key_file=none" \ @@ -11855,7 +11757,6 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ "$P_CLI debug_level=4 crt_file=data_files/cli2.crt key_file=data_files/cli2.key" \ @@ -11870,7 +11771,6 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 crt_file=data_files/cli2.crt \ @@ -11886,7 +11786,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -11903,7 +11802,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -11919,7 +11817,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -11936,7 +11833,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -11952,7 +11848,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -11969,7 +11864,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -12121,7 +12015,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ "$P_CLI debug_level=4 crt_file=data_files/cli2.crt key_file=data_files/cli2.key key_opaque=1" \ @@ -12137,7 +12030,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ "$P_CLI debug_level=3 crt_file=data_files/cli2.crt \ @@ -12154,7 +12046,6 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -12172,7 +12063,6 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp256r1.crt \ @@ -12189,7 +12079,6 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -12207,7 +12096,6 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp384r1.crt \ @@ -12224,7 +12112,6 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -12242,7 +12129,6 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \ "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ @@ -12401,7 +12287,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \ "$O_NEXT_SRV -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=4" \ @@ -12417,7 +12302,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \ "$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=4" \ @@ -12434,7 +12318,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \ "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=4" \ @@ -12451,7 +12334,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \ "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=4" \ @@ -12466,7 +12348,6 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - openssl" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \ @@ -12484,7 +12365,6 @@ requires_openssl_tls1_3 requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - openssl with client authentication" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$O_NEXT_CLI -msg -debug -cert data_files/server5.crt -key data_files/server5.key -tls1_3 -no_middlebox" \ @@ -12505,7 +12385,6 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - gnutls" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -12525,7 +12404,6 @@ requires_gnutls_next_no_ticket requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - gnutls with client authentication" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$G_NEXT_CLI localhost -d 4 --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -12545,7 +12423,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - mbedtls" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$P_CLI debug_level=4 force_version=tls13" \ @@ -12565,7 +12442,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - mbedtls with client authentication" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13" \ @@ -12583,7 +12459,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" \ "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$P_CLI debug_level=4 crt_file=none key_file=none force_version=tls13" \ @@ -12602,7 +12477,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: Server side check - mbedtls with optional client authentication" \ "$P_SRV debug_level=4 auth_mode=optional crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$P_CLI debug_level=4 force_version=tls13 crt_file=none key_file=none" \ @@ -12750,7 +12624,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3 m->O both with middlebox compat support" \ "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=4" \ @@ -12791,7 +12664,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3 m->G both with middlebox compat support" \ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=4" \ @@ -12817,7 +12689,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3 O->m server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$O_NEXT_CLI -msg -debug -no_middlebox" \ @@ -12830,7 +12701,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3 O->m both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$O_NEXT_CLI -msg -debug" \ @@ -12861,7 +12731,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3 G->m server with middlebox compat support, not client" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -12878,7 +12747,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_SRV_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3 G->m both with middlebox compat support" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=0" \ "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ @@ -12948,7 +12816,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3 m->O HRR both with middlebox compat support" \ "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ @@ -12991,7 +12858,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3 m->G HRR both with middlebox compat support" \ "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ "$P_CLI debug_level=4 curves=secp256r1,secp384r1" \ @@ -13309,7 +13175,6 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \ "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 4" \ "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \ @@ -13326,7 +13191,6 @@ requires_config_enabled MBEDTLS_SSL_CLI_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \ "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \ @@ -13363,7 +13227,6 @@ requires_config_enabled MBEDTLS_DEBUG_C requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -requires_pk_alg "ECDSA" run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ From f9bc5b75f158be2abb815317b15901914b093809 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Feb 2023 08:33:33 +0100 Subject: [PATCH 417/440] test: remove dependencies on PK_WRITE and PK_PARSE from test_suite_psa_crypto suites Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 784 +++++++++--------- ...test_suite_psa_crypto_driver_wrappers.data | 106 +-- .../test_suite_psa_crypto_persistent_key.data | 36 +- 3 files changed, 463 insertions(+), 463 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 7b55c5f86..855d8a2dc 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -54,299 +54,299 @@ depends_on:PSA_WANT_KEY_TYPE_AES import_with_data:"0123456789abcdef":PSA_KEY_TYPE_AES:0:PSA_ERROR_INVALID_ARGUMENT PSA import/export RSA public key: good, 1024-bit -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:1 PSA import/export RSA public key: good, larger buffer (+1 byte) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:1:PSA_SUCCESS:1 PSA import/export RSA public key: good, larger buffer (*2-1) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:161:PSA_SUCCESS:1 PSA import/export RSA public key: good, larger buffer (*2) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:162:PSA_SUCCESS:1 PSA import/export RSA public key: good, larger buffer (*2+1) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:163:PSA_SUCCESS:1 PSA import/export RSA public key: export buffer too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export RSA keypair: good, 1024-bit -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (+1 byte) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:1:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2-1) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:609:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:610:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2+1) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:611:PSA_SUCCESS:1 PSA import/export RSA keypair: export buffer too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export RSA keypair: trailing garbage ignored -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:-1:PSA_SUCCESS:0 PSA import/export RSA public key: good, 1024-bit, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_CRYPTO_DRIVER_TEST import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_SUCCESS:1 PSA import/export RSA public key: good, larger buffer (+1 byte), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_CRYPTO_DRIVER_TEST import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:1:PSA_SUCCESS:1 PSA import/export RSA public key: good, larger buffer (*2-1), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_CRYPTO_DRIVER_TEST import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:161:PSA_SUCCESS:1 PSA import/export RSA public key: good, larger buffer (*2), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_CRYPTO_DRIVER_TEST import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:162:PSA_SUCCESS:1 PSA import/export RSA public key: good, larger buffer (*2+1), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_CRYPTO_DRIVER_TEST import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:163:PSA_SUCCESS:1 PSA import/export RSA public key: export buffer too small, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_CRYPTO_DRIVER_TEST import_export:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export RSA keypair: good, 1024-bit, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (+1 byte), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:1:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2-1), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:609:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:610:PSA_SUCCESS:1 PSA import/export RSA keypair: good, larger buffer (*2+1), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:611:PSA_SUCCESS:1 PSA import/export RSA keypair: export buffer too small, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_ERROR_BUFFER_TOO_SMALL:1 PSA import/export RSA keypair: trailing garbage ignored, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:-1:PSA_SUCCESS:0 PSA import RSA keypair: truncated -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_INVALID_ARGUMENT PSA import RSA keypair: public key -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_with_data:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_INVALID_ARGUMENT PSA import RSA public key: key pair -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_with_data:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_INVALID_ARGUMENT PSA import RSA keypair: valid key but EC -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_with_data:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_INVALID_ARGUMENT PSA import/export-public RSA public key: good, 1024-bit -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA keypair: good, 1024-bit -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA public key: buffer too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA keypair: buffer too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA public key: good, 1024-bit, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA keypair: good, 1024-bit, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA public key: buffer too small, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export-public RSA keypair: buffer too small, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):-1:PSA_ERROR_BUFFER_TOO_SMALL:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" PSA import/export RSA public key: 1016-bit (good) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1016:0:PSA_SUCCESS:1 PSA import/export RSA keypair: 1016-bit (good) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1016:0:PSA_SUCCESS:1 PSA import/export RSA public key: 1016-bit (good), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:PSA_CRYPTO_DRIVER_TEST import_export:"30818802818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1 PSA import/export RSA keypair: 1016-bit (good), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST import_export:"3082025802010002818000cde684f1aee96917b89c8a0a72523cfce4686ed5a5fbd32abab12038fc75148e45314b7e31fe60d8258e7e78234a23df0f00cc20fd008b64cb5b0f4ced8c47aa048f767f859961adc22b3df14e63bd9e08c9707bbf4e0eba32b1cc35a020e7e815ca47e0d39601a80d683ab4a07f4d3a7acebaba6c87d25bce2d091ee115c50203010001028180009dd9c34411e769a540e7e9c03682abb4e95ad2d5c2297c6b7eb2fa5415dfa081adb42bff344ea36a31e8bb36593fa69e843f053fa916f8c6ae4c423fa4c1edbcfa7e8079bc19a738f4f861c198cf277d2c89fe3deab06db5a3a09f8d1622033a618fbfbab92b50a13f77cdb53b56d38bec4cdd8cbe65e8b30ab4e77565842102400eec9285833f973372458f354bff7d35bcb04f3b26f5b58a025887a966ca951b6667651a46034bbc99f9d688dfbcb4297a4d86824dd73abdfa7deeb232b1642902400dcbe74d51f3b93afe2a22e2be0c3c56911ef771fd8eb01f64d95d018315baf4144aeb957be95a77f17f2b8a12c2d3b87a1281f9c66d839fa603fbbe7381783d0240035398154a7c1227d580cbbb05859d532d0bdf9d3fc1e5052e20ad9c84dd02ff6884037527c5f44bc5c67a9b67c39824e6ae011d6a5c5f2b997a188a7fe22a810240076bf41ec5023e57bcd87ff1c7d89f30d65a793469f933478021ea056135f45f4ef74aaa1c8158b883422cf2d6cad5c83c6aee5ea65ecd5ab99d14f4cc000ee5024006d13905db5556627066596da3383458aea6ba5e2f94ccc5b922117a1ed3ae7a26c59e68c3885a41b366f1a5c8bff7ec8853ef8d32addb818141352b2da553dc":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1016:0:PSA_SUCCESS:1 PSA import RSA public key: 1022-bit (not supported) -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C import_with_data:"30818802818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd134450230203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_NOT_SUPPORTED PSA import RSA keypair: 1022-bit (not supported) -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C import_with_data:"3082025802010002818036e4b95f847dcd7a91b0972b7ba096e040ec04e42d59f733029fb2600b8ae9e4fd8ea76f3d7ec576288102285b612db7abc53770006046fef321172a6ad84053710d48528a8d51b6481db53c09e1524d6704b58bd30313016535eefe9bcff89eb599608daaa0a72ab7720af31486b51020421fdd3c6974cc445a78dd1344502302030100010281800ad9700e01e8bf68ff4c90c4465dfa13fea0e76295d817349ccb257d382acf89b3d7b31e18606af4ac92baf3710426fe0b54225ddfa527c31218b3346e03a9cae5395a780ade880b996f4061fad65689393fc8e77f46a4c1a29b0450cdaaef0710e523cd1028abe1653d23f0d5ec805a629bdf1fc4c1c00737760e1714f6b7f102407d5e545484b546bd61972b446a04af0cf17b126a8872b977da5035ca82dd0e4fef1381a6480f60db07628348602f86ba89a271563d9a3fb613b9b39703498f9902407017641093065eed178ff848b5f8a2b502a187511db28549ea7646f3e7b3ea171f4c34c0ecf0566adc4d172c057be077a45fcf8019a36a4588c4de3b8c0a631b02407cc7fccbbae2eb2be80c9c8615b7dfbbd4469907ec13b44274cacd1f69ad38679b2021352e18106131327e54f5579893e6160714bd6fdfe60c30136e45595c51024055250f779f96f94873db82a808c24325e847b6b8212cd81e9ba118a8715ab2f8b96773b310c8477c88b76e609c11cb22569408d4afa4f836b57b85ac09e661fd02400e5fc5df9614c95d77e9bc2df63d48e7a08a0034174f0f745eef4413ee36d929f194557e6990e148b7438e949a41e92bc9d9136c3e6563904151a578a2f4fc1b":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_NOT_SUPPORTED PSA import RSA public key: 1023-bit (not supported) -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C import_with_data:"3081880281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:0:PSA_ERROR_NOT_SUPPORTED PSA import RSA keypair: 1023-bit (not supported) -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C import_with_data:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d09529a1dd05754f2da2751d7a9aa5a79f7070132f2c47b31963e37cd74675f9c93ee7c85a143fefe303e94d1ee0e4d30898d17ab3a229e8457ef21fd179039f748305babe7f134f6d58ce5d721a1a5da98f63503d2466c6a515e53494a41180a91e535bd5b55d4dce2c17419870203010001028180491b277413fb35efe82dace68b544a9dd6aa8917d329731955ec66ec3b0178fcf5a29196e1a6c093bf6c8064b36a8f0d9840a78003d11392754a70a77788975515a1442a6c806cafa2f07fe99cac78a86fa868888d654cec4baf205352cf8255acaa47e2455f23b58c0e5ae43fa297bbffe5b970caa80f71e82084fd35425479024100ef27f3fb2df90ac4910ed95fdde4877d09b0dc4e95079f12a7e2041300a8884a39372a1c79691338cd5c3965bcf3a24f2ce9e10de19d4cb87c7546d60ca0aa0d024073e9e1283475e9ab3075da0b005ca7c7b05e76325f8deb648238831c8353041d594307f784cd527cfee9187b997713d71c0ff98f01beac4d1a85583be52e90e302402f0c801e311c2677274671933f96fee4a56c6adaf6ccaa09c4875d5fd3a8542fadf3e14ffabea62e6d90302688b6b17ebc0a42e1353a79e66d6db102d9371e5d02406731ef3c8607fbf266806590a9cfd3a79a435ee355e2d9906fc6b4236c5f3a288ed178844a7d295512f49ed15b3d82325e4f729478af3262aa9bd083f273d49502410090a32c0e8ca3bcd4c66f092cdc369cd1abb4a05b9a6f0e65e5a51da1d96d5aca8c1525b3f11322c0588062fc8592ebf25b7950f918d39018e82b8acccc8f7e7a":PSA_KEY_TYPE_RSA_KEY_PAIR:0:PSA_ERROR_NOT_SUPPORTED PSA import/export EC secp224r1 key pair: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_224 import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:224:0:PSA_SUCCESS:1 PSA import/export-public EC secp224r1: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_224 import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7" PSA import/export EC secp256r1 key pair: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:256:0:PSA_SUCCESS:1 PSA import/export-public EC secp256r1: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45" PSA import/export EC secp384r1 key pair: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:384:0:PSA_SUCCESS:1 PSA import/export-public EC secp384r1: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747" PSA import/export EC secp521r1 key pair: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521 import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:521:0:PSA_SUCCESS:1 PSA import/export-public EC secp521r1: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521 import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1" PSA import/export EC brainpool256r1 key pair: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_256 import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:256:0:PSA_SUCCESS:1 PSA import/export-public EC brainpool256r1: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_256 import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d" PSA import/export EC brainpool384r1 key pair: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_384 import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:384:0:PSA_SUCCESS:1 PSA import/export-public EC brainpool384r1: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_384 import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a" PSA import/export EC brainpool512r1 key pair: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_512 import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:512:0:PSA_SUCCESS:1 PSA import/export-public EC brainpool512r1: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_512 import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a" PSA import/export EC curve25519 key pair: good (already properly masked) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255 import_export:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:255:0:PSA_SUCCESS:1 PSA import/export EC curve25519 key pair: unmasked input (check export-import-export yields properly masked output) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255 import_export:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:255:0:PSA_SUCCESS:0 PSA import/export-public EC curve25519: accept unmasked input -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255 import_export_public_key:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" PSA import/export-public EC curve25519: accept masked input -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255 import_export_public_key:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" PSA import/export EC curve448 key pair: good (already properly masked, key from RFC 7748 6.2 Alice)) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448 import_export:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:448:0:PSA_SUCCESS:1 PSA import/export EC curve448 key pair: unmasked input (check export-import-export yields properly masked output, key from RFC 7748 6.2 Alice)) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448 import_export:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:448:0:PSA_SUCCESS:0 PSA import/export-public EC curve448: accept masked input (key from RFC 7748 6.2 Alice) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448 import_export_public_key:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0" PSA import/export-public EC curve448: accept unmasked input (key from RFC 7748 6.2 Alice) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448 import_export_public_key:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:0:0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0" PSA import/export-public: cannot export-public a symmetric key -depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:0:0:PSA_ERROR_INVALID_ARGUMENT:"2b7e151628aed2a6abf7158809cf4f3c" PSA import/export EC secp256r1 public key: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:256:0:PSA_SUCCESS:1 PSA import/export EC secp521r1 public key: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_521 import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:521:0:PSA_SUCCESS:1 PSA import/export EC brainpoolP256r1 public key: good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_256 import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:0:256:0:PSA_SUCCESS:1 PSA import/export curve25519 public key: good -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255 import_export:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:255:0:PSA_SUCCESS:1 PSA import/export curve448 Public Key: good (key from RFC 7748 6.2 Alice) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_448 import_export:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:0:448:0:PSA_SUCCESS:0 PSA import/export AES key: policy forbids export @@ -358,123 +358,123 @@ depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):0:256:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export RSA keypair: policy forbids export (crypt) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:0:1024:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export RSA keypair: policy forbids export (sign) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export EC secp224r1 key pair: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_224:PSA_CRYPTO_DRIVER_TEST import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):224:0:PSA_SUCCESS:1 PSA import/export-public EC secp224r1: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_224:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_224:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7" PSA import/export EC secp256r1 key pair: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1 PSA import/export-public EC secp256r1: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45" PSA import/export EC secp384r1 key pair: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384:PSA_CRYPTO_DRIVER_TEST import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):384:0:PSA_SUCCESS:1 PSA import/export-public EC secp384r1: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_384:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747" PSA import/export EC secp521r1 key pair: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521:PSA_CRYPTO_DRIVER_TEST import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):521:0:PSA_SUCCESS:1 PSA import/export-public EC secp521r1: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1" PSA import/export EC brainpool256r1 key pair: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_CRYPTO_DRIVER_TEST import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY::PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1 PSA import/export-public EC brainpool256r1: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d" PSA import/export EC brainpool384r1 key pair: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_CRYPTO_DRIVER_TEST import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):384:0:PSA_SUCCESS:1 PSA import/export-public EC brainpool384r1: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_384:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a" PSA import/export EC brainpool512r1 key pair: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_CRYPTO_DRIVER_TEST import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):512:0:PSA_SUCCESS:1 PSA import/export-public EC brainpool512r1: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_512:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a" PSA import/export EC curve25519 key pair: good (already properly masked), opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST import_export:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:1 PSA import/export EC curve25519 key pair: unmasked input (check export-import-export yields properly masked output), opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST import_export:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:0 PSA import/export-public EC curve25519: accept unmasked input, opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" PSA import/export-public EC curve25519: accept masked input, opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a" PSA import/export EC curve448 key pair: good (already properly masked, key from RFC 7748 6.2 Alice)), opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST import_export:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):448:0:PSA_SUCCESS:1 PSA import/export EC curve448 key pair: unmasked input (check export-import-export yields properly masked output, key from RFC 7748 6.2 Alice)), opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST import_export:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):448:0:PSA_SUCCESS:0 PSA import/export-public EC curve448: accept masked input (key from RFC 7748 6.2 Alice), opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"988f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a59872eb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0" PSA import/export-public EC curve448: accept unmasked input (key from RFC 7748 6.2 Alice), opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28dd9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_SUCCESS:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0" PSA import/export-public: cannot export-public a symmetric key, opaque -depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA_ALG_CBC_NO_PADDING:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_ERROR_INVALID_ARGUMENT:"2b7e151628aed2a6abf7158809cf4f3c" PSA import/export EC secp256r1 public key: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1 PSA import/export EC secp521r1 public key: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_521:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_521:PSA_CRYPTO_DRIVER_TEST import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):521:0:PSA_SUCCESS:1 PSA import/export EC brainpoolP256r1 public key: good, opaque -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_256:PSA_CRYPTO_DRIVER_TEST import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_SUCCESS:1 PSA import/export curve25519 public key: good, opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255:PSA_CRYPTO_DRIVER_TEST import_export:"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):255:0:PSA_SUCCESS:1 PSA import/export curve448 Public Key: good (key from RFC 7748 6.2 Alice), opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_448:PSA_CRYPTO_DRIVER_TEST import_export:"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):448:0:PSA_SUCCESS:0 PSA import/export AES key: policy forbids export, opaque @@ -486,21 +486,21 @@ depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC:PSA_CRY import_export:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_TYPE_HMAC:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):256:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export RSA keypair: policy forbids export (crypt), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1 PSA import/export RSA keypair: policy forbids export (sign), opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1 # Test PEM import. Note that this is not a PSA feature, it's an Mbed TLS # extension which we may drop in the future. PSA import/export RSA public key: import PEM -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C import_export:"2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d4947664d413047435371475349623344514542415155414134474e4144434269514b4267514376425830356275685074312f6274634b7850482f6c706c53710a69714a4843315165346636777353306c7835635255784a4a34524b574b41517475376242494e46454e5354765441357548596c57377249486576456a536433750a355553447641624378686c497a514b7941756557727232553036664c2b466e43775947634d6b79344b357a545474346d4f69712f2f6b637a384865476e6f5a670a3939614454615539615137336d46397277774944415141420a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a00":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 PSA import/export RSA keypair: import PEM -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PEM_PARSE_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PEM_PARSE_C import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0 PSA import: reject raw data key of length 0 @@ -516,59 +516,59 @@ PSA import: reject raw data key of length 0 and declared size 8 bits import_with_data:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size=255 for secp256r1 -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):255:PSA_ERROR_NOT_SUPPORTED PSA import EC keypair: explicit bit-size=521 for secp521r1 (good) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521 import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):521:PSA_SUCCESS PSA import EC keypair: explicit bit-size=528 for secp521r1 (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521 import_with_data:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):528:PSA_ERROR_NOT_SUPPORTED PSA import EC keypair: explicit bit-size, DER format -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_with_data:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size, too short -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13e":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size, too long (00 start) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_with_data:"0049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size, too long (00 end) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_with_data:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee00":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: explicit bit-size, public key -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_with_data:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: implicit bit-size, not a valid length -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_NOT_SUPPORTED PSA import EC keypair: secp256r1, all-bits-zero (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_with_data:"0000000000000000000000000000000000000000000000000000000000000000":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: secp256r1, d == n - 1 (good) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_with_data:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_SUCCESS PSA import EC keypair: secp256r1, d == n (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_with_data:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: secp256r1, d > n (bad) -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_with_data:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import EC public key: key pair -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 import_with_data:"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import AES: bits=0 ok @@ -598,11 +598,11 @@ PSA import large key: raw, 65536 bits (not supported) import_large_key:PSA_KEY_TYPE_RAW_DATA:8192:PSA_ERROR_NOT_SUPPORTED PSA import RSA key pair: maximum size exceeded -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:1:PSA_ERROR_NOT_SUPPORTED PSA import RSA public key: maximum size exceeded -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C import_rsa_made_up:PSA_VENDOR_RSA_MAX_KEY_BITS+8:0:PSA_ERROR_NOT_SUPPORTED PSA key policy: AES ECB @@ -1029,43 +1029,43 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_ derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KEY_TYPE_DERIVE:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ALG_HKDF(PSA_ALG_SHA_224) PSA key policy: agreement + KDF, permitted -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_SUCCESS PSA key policy: agreement + KDF, not permitted -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED PSA key policy: agreement + KDF, wrong agreement algorithm -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_PERMITTED PSA key policy: agreement + KDF, wrong KDF algorithm -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_224:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_224)):PSA_ERROR_NOT_PERMITTED PSA key policy: agreement + KDF, key permits raw agreement -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_SUCCESS PSA key policy: raw agreement, permitted -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_SUCCESS PSA key policy: raw agreement, not permitted -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 raw_agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_ERROR_NOT_PERMITTED PSA key policy: raw agreement, wrong algorithm -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH:PSA_ERROR_NOT_PERMITTED PSA key policy: raw agreement, key permits raw agreement, but algorithm is not raw -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ERROR_NOT_SUPPORTED PSA key policy: raw agreement, key specifies KDF -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH:PSA_ERROR_NOT_PERMITTED PSA key policy algorithm2: CTR, CBC @@ -1073,15 +1073,15 @@ depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES key_policy_alg2:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING PSA key policy algorithm2: ECDH, ECDSA, HASH usage -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) PSA key policy algorithm2: ECDH, ECDSA, HASH+MESSAGE usage -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) PSA key policy algorithm2: ECDH, ECDSA, MESSAGE usage -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) Copy key: raw, 1 byte @@ -1120,63 +1120,63 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:0:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 Copy key: RSA key pair, same usage flags -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, extended usage flags -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, fewer usage flags -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, more usage flags -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, intersect usage flags #0 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, intersect usage flags #1 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in source -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in target -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in source and target -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0 Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH, extended usage flags -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH Copy key: source=ECDSA+ECDH, target=ECDSA+0 -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0 Copy key: source=ECDSA+ECDH, target=0+ECDH -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH Copy key: source=ECDSA(any)+ECDH, target=ECDSA(SHA256)+ECDH -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH Copy key: source=ECDH+ECDSA(any), target=ECDH+ECDSA(SHA256) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) Copy key: raw, 1 byte, opaque @@ -1216,63 +1216,63 @@ depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_CTR:0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:0 Copy key: RSA key pair, same usage flags, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, extended usage flags, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, fewer usage flags, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, more usage flags, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, intersect usage flags #0, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, intersect usage flags #1, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in source, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in target, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0 Copy key: RSA key pair, wildcard algorithm in source and target, opaque -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0 Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH, opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH, extended usage flags, opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH Copy key: source=ECDSA+ECDH, target=ECDSA+0, opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0 Copy key: source=ECDSA+ECDH, target=0+ECDH, opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH Copy key: source=ECDSA(any)+ECDH, target=ECDSA(SHA256)+ECDH, opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH Copy key: source=ECDH+ECDSA(any), target=ECDH+ECDSA(SHA256), opaque -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) Copy fail: raw data, no COPY flag @@ -1399,19 +1399,19 @@ depends_on:PSA_WANT_ALG_CCM:PSA_WANT_KEY_TYPE_AES:PSA_CRYPTO_DRIVER_TEST copy_success:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":0:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG(PSA_ALG_CCM, 8):0:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 12):0 Copy fail: RSA, incompatible target policy (source wildcard) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: RSA, incompatible target policy (target wildcard) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: RSA, incompatible target policy (source and target wildcard) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: RSA, ANY_HASH is not meaningful with OAEP -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_ANY_HASH):0:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:0:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: incorrect type in attributes @@ -1422,11 +1422,11 @@ Copy fail: incorrect size in attributes copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:42:PSA_KEY_USAGE_EXPORT:0:0:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: source=ECDSA(SHA224)+ECDH, target=ECDSA(SHA256)+ECDH -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_ALG_ECDH:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: source=ECDH+ECDSA(SHA224), target=ECDH+ECDSA(SHA256) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_224:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_224):0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_LIFETIME_VOLATILE:PSA_ERROR_INVALID_ARGUMENT Copy fail: AES, invalid persistent key identifier in attributes @@ -2075,7 +2075,7 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR cipher_bad_key:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24" PSA cipher: incorrect key type (ECC Family Sep R1) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 cipher_bad_key:PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320" PSA cipher encrypt: without initialization @@ -4082,39 +4082,39 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR signature_size:PSA_KEY_TYPE_RSA_KEY_PAIR:1025:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:129 PSA import/exercise RSA keypair, PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA import/exercise RSA keypair, PSS-SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256) PSA import/exercise RSA keypair, PSS-any-salt-SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR import_and_exercise_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256) PSA import/exercise RSA public key, PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PKCS1V15_SIGN_RAW PSA import/exercise RSA public key, PSS-SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256) PSA import/exercise RSA public key, PSS-any-salt-SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256) PSA import/exercise: ECP SECP256R1 keypair, ECDSA -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA_ANY PSA import/exercise: ECP SECP256R1 keypair, deterministic ECDSA -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) PSA import/exercise: ECP SECP256R1 keypair, ECDH -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDH PSA import/exercise: HKDF SHA-256 @@ -4126,23 +4126,23 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF import_and_exercise_key:"c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0":PSA_KEY_TYPE_DERIVE:192:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256) PSA sign hash: RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_hash_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a" PSA sign hash: RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_hash_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" PSA sign hash: deterministic ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" PSA sign hash: deterministic ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca" PSA sign hash: deterministic ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f" PSA sign hash int (ops=inf): det ECDSA SECP256R1 SHA-256 @@ -4170,67 +4170,67 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":0 PSA sign hash: RSA PKCS#1 v1.5 SHA-256, wrong hash size -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015":128:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: RSA PKCS#1 v1.5, invalid hash (wildcard) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: RSA PKCS#1 v1.5 raw, input too large -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":128:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: RSA PKCS#1 v1.5 SHA-256, output buffer too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":127:PSA_ERROR_BUFFER_TOO_SMALL PSA sign hash: RSA PSS SHA-256, wrong hash length (0 bytes) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":127:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: RSA PSS-any-salt SHA-256, wrong hash length (0 bytes) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"":127:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: RSA PSS SHA-256, wrong hash length (129 bytes) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":127:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: RSA PSS-any-salt SHA-256, wrong hash length (129 bytes) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":127:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: deterministic ECDSA SECP256R1 SHA-256, output buffer too small -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL PSA sign hash: RSA PKCS#1 v1.5 SHA-256, empty output buffer -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_hash_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":0:PSA_ERROR_BUFFER_TOO_SMALL PSA sign hash: deterministic ECDSA SECP256R1 SHA-256, empty output buffer -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_ERROR_BUFFER_TOO_SMALL PSA sign hash: deterministic ECDSA SECP256R1, invalid hash algorithm (0) -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: deterministic ECDSA SECP256R1, invalid hash algorithm (wildcard) -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: invalid key type, signing with a public key -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY sign_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: invalid algorithm for ECC key -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT PSA sign hash: deterministic ECDSA not supported -depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED PSA sign hash int (ops=inf): det ECDSA SECP256R1 SHA-256, out buf too small @@ -4278,43 +4278,43 @@ depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:0 PSA sign/verify hash: RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263" PSA sign/verify hash: RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" PSA sign/verify hash: RSA PSS SHA-256, 32 bytes (hash size) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" PSA sign/verify hash: RSA PSS-any-salt SHA-256, 32 bytes (hash size) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" PSA sign/verify hash: randomized ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign/verify hash: deterministic ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign/verify hash: randomized ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" PSA sign/verify hash: deterministic ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" PSA sign/verify hash: randomized ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign/verify hash: deterministic ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign/vrfy hash int (ops=inf): rand ECDSA SECP256R1 SHA-256 @@ -4366,159 +4366,159 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0 PSA verify hash: RSA PKCS#1 v1.5 SHA-256, good signature -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" PSA verify hash with keypair: RSA PKCS#1 v1.5 SHA-256, good signature -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong hash length -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_1:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_1):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_ARGUMENT PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (same size) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"111164d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (empty) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (truncated) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc73":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (trailing junk) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc731121":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: RSA-1024 PSS SHA-256, slen=0 (bad) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=0 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b" PSA verify hash: RSA-1024 PSS SHA-256, slen=31 (bad) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"797914eadbbe8293a7b0fe29d2db9fb246b519128d46d3ec93142a1a08a2992ba5325ad9b5ce55344b37996dbb81eb89628263cae4e3fc0e947dec0b8b0c7b0ee94bca02dd287f9cc619e2d88fb2279fb2a8f8301271c58009bb1223f3cfa730cb852947685678cfdef2968c82a9b8bffd8c0d518476b1ea2a5ad6c100045d8e":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=31 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"797914eadbbe8293a7b0fe29d2db9fb246b519128d46d3ec93142a1a08a2992ba5325ad9b5ce55344b37996dbb81eb89628263cae4e3fc0e947dec0b8b0c7b0ee94bca02dd287f9cc619e2d88fb2279fb2a8f8301271c58009bb1223f3cfa730cb852947685678cfdef2968c82a9b8bffd8c0d518476b1ea2a5ad6c100045d8e" PSA verify hash: RSA-1024 PSS SHA-256, slen=32 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df" PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=32 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df" PSA verify hash: RSA-1024 PSS SHA-256, slen=94 (bad) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"44a09fa66f1b2e790474960e90517e418747cfcd18423dff957516a598569d74f26ef1eae4a200d12d801e16fc6fde375330c79c0d8430825e0a7f69c664faefccfa25e7fbfc68af02af0f67fe4c49f68f6abc68c8f66d3fd77fc838961f4415827340c66e39c79ed7dae0738c08ce8272aebe50c72e31994b9b6db640b51800":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: RSA-1024 PSS-any-salt SHA-256, slen=94 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"44a09fa66f1b2e790474960e90517e418747cfcd18423dff957516a598569d74f26ef1eae4a200d12d801e16fc6fde375330c79c0d8430825e0a7f69c664faefccfa25e7fbfc68af02af0f67fe4c49f68f6abc68c8f66d3fd77fc838961f4415827340c66e39c79ed7dae0738c08ce8272aebe50c72e31994b9b6db640b51800" PSA verify hash: RSA-1024 PSS SHA-512, slen=61 (bad) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"23f5b30c8d612d8f31206c177ac2023c4f44754d03c7ff67daff99f24fa369b3e5f7c15b228a4417a1ff1c93fb8d645d619c2f4f559ac6c7f7bac20ba9df32353d19941265a4e74261adaf45d48682c0bc86cea6128f11ad172ff461fb1d97bded615861843996e2a98e7b8313b695519d001ae35305d6cbf3c0ee6c7ab06d1a":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: RSA-1024 PSS-any-salt SHA-512, slen=61 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"23f5b30c8d612d8f31206c177ac2023c4f44754d03c7ff67daff99f24fa369b3e5f7c15b228a4417a1ff1c93fb8d645d619c2f4f559ac6c7f7bac20ba9df32353d19941265a4e74261adaf45d48682c0bc86cea6128f11ad172ff461fb1d97bded615861843996e2a98e7b8313b695519d001ae35305d6cbf3c0ee6c7ab06d1a" PSA verify hash: RSA-1024 PSS SHA-512, slen=62 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"6b215d77cf88b2d08be53b4f3ac6e72ebfbf7e0dc6c1e77b238cfb661c247a011b8746709fbefe4bc05d37343391683e9489d720ecbb7df37f4e36967918958996939461703465c2014a4c12faf875f8def70070e55b765b165c7e9c6f2eb05c98351b1e82219c31a2fb3ddce05f8988f552ff92f0b3471f63c0e53824c550a4" PSA verify hash: RSA-1024 PSS-any-salt SHA-512, slen=62 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"6b215d77cf88b2d08be53b4f3ac6e72ebfbf7e0dc6c1e77b238cfb661c247a011b8746709fbefe4bc05d37343391683e9489d720ecbb7df37f4e36967918958996939461703465c2014a4c12faf875f8def70070e55b765b165c7e9c6f2eb05c98351b1e82219c31a2fb3ddce05f8988f552ff92f0b3471f63c0e53824c550a4" PSA verify hash: RSA-528 PSS SHA-512, slen=0 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"304a024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"a14ad0fef77d36c28658a66129ee632e40e1032003eefe7fcda8e52b06675a051c80b2ca1cb99ed0762e90c9a48c434cd1063638eed7895a9c770e5435af750a1955" PSA verify hash: RSA-528 PSS-any-salt SHA-512, slen=0 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA verify_hash:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"304a024300e31c246d46485984261fd174cab3d4357344602ecd793c47dbe54252d37bb350bc634359b19515542080e4724a4b672291be57c7648f51629eaef234e847d99cc65f0203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"a14ad0fef77d36c28658a66129ee632e40e1032003eefe7fcda8e52b06675a051c80b2ca1cb99ed0762e90c9a48c434cd1063638eed7895a9c770e5435af750a1955" PSA verify hash: RSA-520 PSS SHA-512 (hash too large) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"3049024200d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf0203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"deaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddead42":PSA_ERROR_INVALID_ARGUMENT PSA verify hash: RSA-520 PSS-any-salt SHA-512 (hash too large) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"3049024200d5a06f86e5b9d87428540165ca966fa8893a62e2a59d0bfd7617780bb039f9165a373a8e119d0766f8de556710f33f67019153bad8223775e797d451d48206f3bf0203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_512):"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f":"deaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddeaddead42":PSA_ERROR_INVALID_ARGUMENT PSA verify hash: RSA PSS SHA-256, wrong hash length (0 bytes) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d":PSA_ERROR_INVALID_ARGUMENT PSA verify hash: RSA PSS-any-salt SHA-256, wrong hash length (0 bytes) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"":"34c011b625c32d992f4ab8fcfa52b616ea66270b5b75a4fc71af712f9b8806bcdd374ce50eafcbb489562b93347885f93c2de1d404c45cacccefceb112ff6ffdfe4264f91d66320bbbe09304b851b8ad6280bbccc571eebcd49c7db5dfa399a6289e1978407904598751613d9870770cdd8507e3dc7b46851dbf05ae1df2988d":PSA_ERROR_INVALID_ARGUMENT PSA verify hash: RSA PSS SHA-256, wrong hash length (129 bytes) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"1491cead330b4ad5b092f8351518141ac11d0888591572669c1e79d6e932c488acd62d44479b0e14cd91a048778bc02398a772ad6bdb4f7764780cf0afe70293d0cac86f2695a1dcb54568bb37d7086f9e86f95a6802d2ee5a4facaa762beff5261bb2816b62cb5af86404974c3f6b67985ac1fbfdf46d6de54f6e29d9274308":PSA_ERROR_INVALID_ARGUMENT PSA verify hash: RSA PSS-any-salt SHA-256, wrong hash length (129 bytes) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"1491cead330b4ad5b092f8351518141ac11d0888591572669c1e79d6e932c488acd62d44479b0e14cd91a048778bc02398a772ad6bdb4f7764780cf0afe70293d0cac86f2695a1dcb54568bb37d7086f9e86f95a6802d2ee5a4facaa762beff5261bb2816b62cb5af86404974c3f6b67985ac1fbfdf46d6de54f6e29d9274308":PSA_ERROR_INVALID_ARGUMENT PSA verify hash: ECDSA SECP256R1, good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" PSA verify hash with keypair: ECDSA SECP256R1, good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" PSA vrfy hash int: ECDSA SECP256R1, good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA vrfy hash int w/keypair: ECDSA SECP256R1, good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA verify hash: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: ECDSA SECP256R1, wrong signature of correct size -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: ECDSA SECP256R1, wrong signature (empty) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: ECDSA SECP256R1, wrong signature (truncated) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: ECDSA SECP256R1, wrong signature (trailing junk) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: ECDSA SECP256R1, wrong signature (leading junk) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE PSA verify hash: invalid algorithm for ECC key -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT PSA vrfy hash int: ECDSA SECP256R1, wrong sig size (correct but ASN1-encoded) @@ -4566,39 +4566,39 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAI interruptible_signverify_hash_ops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign message: RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_message_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" PSA sign message: deterministic ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548" PSA sign message: deterministic ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"616263":"7ea712a20e3a8cbe0c6e64195362ba7635bbe78af51ddedd7a5fd858395250c592654c35d3b0614ae0e3b329c25cf5b4a5fcb243af3e3ad15c8446fe401be066" PSA sign message: deterministic ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":"3548ea85eb66d756ae90fd64a3104b5b9a17aa282f8722409762e9da4811ec5d3060a97d3450b4bc484cd21ac588f563c4873843506fed8609b7d093db0e9a2496c36995ee74c906528af6898feb502f45bfb1e9ccf371416c68d32bb5ebc1b6" PSA sign message: RSA PKCS#1 v1.5, invalid hash (wildcard) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):"616263":128:PSA_ERROR_INVALID_ARGUMENT PSA sign message: RSA PKCS#1 v1.5, invalid hash algorithm (0) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(0):"616263":128:PSA_ERROR_INVALID_ARGUMENT PSA sign message: RSA PKCS#1 v1.5 SHA-256, output buffer too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":127:PSA_ERROR_BUFFER_TOO_SMALL PSA sign message: RSA PKCS#1 v1.5 SHA-256, empty output buffer -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":0:PSA_ERROR_BUFFER_TOO_SMALL PSA sign message: RSA PKCS#1 v1.5 without hash -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_message_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":0:PSA_ERROR_INVALID_ARGUMENT PSA sign message: RSA PKCS#1 v1.5 SHA-256, invalid key type @@ -4606,19 +4606,19 @@ depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_CHACHA20 sign_message_fail:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":128:PSA_ERROR_INVALID_ARGUMENT PSA sign message: ECDSA SECP256R1 SHA-256, invalid hash (wildcard) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):"616263":64:PSA_ERROR_INVALID_ARGUMENT PSA sign message: ECDSA SECP256R1 SHA-256, invalid hash algorithm (0) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(0):"616263":64:PSA_ERROR_INVALID_ARGUMENT PSA sign message: ECDSA SECP256R1 SHA-256, output buffer too small -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":63:PSA_ERROR_BUFFER_TOO_SMALL PSA sign message: ECDSA SECP256R1 SHA-256, empty output buffer -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":0:PSA_ERROR_BUFFER_TOO_SMALL PSA sign message: ECDSA SECP256R1 SHA-256, invalid key type @@ -4626,355 +4626,355 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_CHACHA20 sign_message_fail:PSA_KEY_TYPE_CHACHA20:"4bddc98c551a95395ef719557f813656b566bc45aac04eca3866324cc75489f2":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":64:PSA_ERROR_INVALID_ARGUMENT PSA sign message: invalid algorithm for ECC key -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263":72:PSA_ERROR_INVALID_ARGUMENT PSA sign message: deterministic ECDSA not supported -depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_ECP_DP_SECP384R1_ENABLED sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":96:PSA_ERROR_NOT_SUPPORTED PSA sign message: ECDSA without hash -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"616263":96:PSA_ERROR_INVALID_ARGUMENT PSA sign/verify message: RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263" PSA sign/verify message: RSA PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263" PSA sign/verify message: RSA PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"616263" PSA sign/verify message: RSA PSS SHA-256, 0 bytes -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"" PSA sign/verify message: RSA PSS SHA-256, 32 bytes -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" PSA sign/verify message: RSA PSS SHA-256, 128 bytes -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" PSA sign/verify message: RSA PSS SHA-256, 129 bytes -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR sign_verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263" PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 0 bytes -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"" PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 32 bytes -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 64 bytes -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" PSA sign/verify message: randomized ECDSA SECP256R1 SHA-256, 65 bytes -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" PSA sign/verify message: deterministic ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263" PSA sign/verify message: randomized ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"616263" PSA sign/verify message: deterministic ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"616263" PSA sign/verify message: randomized ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263" PSA sign/verify message: deterministic ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263" PSA verify message: RSA PKCS#1 v1.5 SHA-256, good signature -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" PSA verify message with keypair: RSA PKCS#1 v1.5 SHA-256, good signature -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311" PSA verify message: RSA-1024 PSS SHA-256, slen=0 (bad) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b":PSA_ERROR_INVALID_SIGNATURE PSA verify message: RSA-1024 PSS-any-salt SHA-256, slen=0 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"616263":"abc4b612c6b71e13fa5965b2e25ee6adec5b1f211b2db158e9f3c4547d6cbef909a73dfb474b8caaf6c8fcafa10ec0bbadfd1883289ce33ad08ad533c61ea004fef4d9b76a1efc267efd066ae8918cb8e994faad30ff5e340e14c941926ba7ca9422b86e8055df1c1b90a5959a59cc7a5fc15cbd0d848cd40f7857b7629b668b" PSA verify message: RSA-1024 PSS SHA-256, slen=32 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"616263":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df" PSA verify message: RSA-1024 PSS-any-salt SHA-256, slen=32 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"616263":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df" PSA verify message: RSA PSS SHA-256, good signature, 32 bytes (hash size) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d" PSA verify message: RSA PSS-any-salt SHA-256, good signature, 32 bytes (hash size) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d" PSA verify message: RSA PSS SHA-256, good signature, 128 bytes (signature size) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5" PSA verify message: RSA-any-salt PSS SHA-256, good signature, 128 bytes (signature size) -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5" PSA verify message: RSA PSS SHA-256, good signature, 129 bytes -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"43286cc0fc599603fbb0cd1fd70c3a17b08d2adf4f90202dddfa4b9d74be8c720bbb1c714665466de6452d401ca061b68225785ff387c2615f03c81351cc3838cd3014a031a4f4c9f70bba06f504c6a9942ac2dbfed2329e590d526a9be26b4025a6d7c4151b4e795cfe756c9a8a5e8fa9228a6f5f6f427a5a070e5c0ea69830" PSA verify message: RSA PSS-any-salt SHA-256, good signature, 129 bytes -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"43286cc0fc599603fbb0cd1fd70c3a17b08d2adf4f90202dddfa4b9d74be8c720bbb1c714665466de6452d401ca061b68225785ff387c2615f03c81351cc3838cd3014a031a4f4c9f70bba06f504c6a9942ac2dbfed2329e590d526a9be26b4025a6d7c4151b4e795cfe756c9a8a5e8fa9228a6f5f6f427a5a070e5c0ea69830" PSA verify message: ECDSA SECP256R1 SHA-256, good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256 verify_message:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0b" PSA verify message with keypair: ECDSA SECP256R1 SHA-256, good -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256 verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0b" PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (same size) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"111164d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (empty) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"":PSA_ERROR_INVALID_SIGNATURE PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (truncated) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc73":PSA_ERROR_INVALID_SIGNATURE PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (trailing junk) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc731121":PSA_ERROR_INVALID_SIGNATURE PSA verify message: RSA PKCS#1 v1.5 SHA-256, wrong signature (leading junk) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"616263":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_SIGNATURE PSA verify message: RSA PKCS#1 v1.5 without hash -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_message_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_SIGN_RAW:"616263":"21a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_INVALID_ARGUMENT PSA verify message: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"304502200b295f3dc3ac2bde92f550b7e73a2de15a753b4ebc761c521a32d1ed9bf5800a022100fe7301254058347c3dec7768f62dfc63f7c049d28bfdd1d6712126fd888e9f04":PSA_ERROR_INVALID_SIGNATURE PSA verify message: ECDSA SECP256R1, wrong signature of correct size -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf00":PSA_ERROR_INVALID_SIGNATURE PSA verify message: ECDSA SECP256R1, wrong signature (empty) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"":PSA_ERROR_INVALID_SIGNATURE PSA verify message: ECDSA SECP256R1, wrong signature (truncated) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf":PSA_ERROR_INVALID_SIGNATURE PSA verify message: ECDSA SECP256R1, wrong signature (trailing junk) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0bff":PSA_ERROR_INVALID_SIGNATURE PSA verify message: ECDSA SECP256R1, wrong signature (leading junk) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"616263":"ff0f8c19f5affea6d593a33e176aa52717bff8d5875165fc63e80a2d65580d295789db5ffb5397ba4c67834e2731ee268ea6f7e83846fbb02145b35442db18cf0b":PSA_ERROR_INVALID_SIGNATURE PSA verify message: invalid algorithm for ECC key -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 verify_message_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT PSA verify message: ECDSA without hash -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_message_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"":"":PSA_ERROR_INVALID_ARGUMENT PSA encrypt: RSA PKCS#1 v1.5, good -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS PSA encrypt: RSA OAEP-SHA-256, good -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS PSA encrypt: RSA OAEP-SHA-256, good, with label -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"746869730069730061006c6162656c00":128:PSA_SUCCESS PSA encrypt: RSA OAEP-SHA-384, good -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":"":128:PSA_SUCCESS PSA encrypt: RSA OAEP-SHA-384, good, with label -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":"746869730069730061006c6162656c00":128:PSA_SUCCESS PSA encrypt: RSA PKCS#1 v1.5, key pair -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS PSA encrypt: RSA OAEP-SHA-256, key pair -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_encrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":128:PSA_SUCCESS PSA encrypt: RSA PKCS#1 v1.5, input too large -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":"":0:PSA_ERROR_INVALID_ARGUMENT PSA encrypt: RSA PKCS#1 v1.5: salt not allowed -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee":0:PSA_ERROR_INVALID_ARGUMENT PSA encrypt: RSA OAEP-SHA-384, input too large -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f":"":0:PSA_ERROR_INVALID_ARGUMENT PSA encrypt: invalid algorithm -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY asymmetric_encrypt:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_SHA_256:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":0:PSA_ERROR_INVALID_ARGUMENT PSA encrypt: RSA PKCS#1 v1.5: invalid key type -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_AES asymmetric_encrypt:PSA_KEY_TYPE_AES:"3082025e02010002818100af057d396e":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"":0:PSA_ERROR_INVALID_ARGUMENT PSA encrypt-decrypt: RSA PKCS#1 v1.5 vector #1 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"" PSA encrypt-decrypt: RSA PKCS#1 v1.5 vector #2 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff":"" PSA encrypt-decrypt: RSA OAEP-SHA-256 -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"" PSA encrypt-decrypt: RSA OAEP-SHA-256, with label -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"746869730069730061006c6162656c00" PSA encrypt-decrypt: RSA OAEP-SHA-384 -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA asymmetric_encrypt_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e":"" PSA decrypt: RSA PKCS#1 v1.5: good #1 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" PSA decrypt: RSA PKCS#1 v1.5: good #2 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":"99e8a6144bcb9a29660303bdc4305bb5eca8c64b96788cad062be9967bdab2f7ffff" PSA decrypt: RSA PKCS#1 v1.5, 0 bytes, output too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":0:PSA_ERROR_BUFFER_TOO_SMALL PSA decrypt: RSA PKCS#1 v1.5, 0 bytes, good -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_ALG_RSA_PKCS1V15_CRYPT:"1b4c1d06439b99f886048b8544607b5e8e5ac6828ad9d0b7ad4ec0b314a4d8052f8bbeab6c85dbddff0b90cc76395a7a0c4f9cc29cd7be20be0b38ff611800d6":"":"" PSA decrypt: RSA OAEP-SHA-256, 0 bytes -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3d3146b1c982004273a9ebb9b063e6ae53b1a85bfc802324bcdd04faa0f7211fb2bdeea40358095554df9c250866c7361e738f0d270eaa27738e87928c5e31815506346727900ff03cef0be6f9dd6bba63ce89074e8194fe68b5a5739422d4f138bbbb61f49b76cf1f18def2c993e3113b08c191ea1da0feb94f8fd9b30109a1":"":"" PSA decrypt: RSA OAEP-SHA-256, 0 bytes, with label -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"14e57648fbbd3c2c195d71fcb9b6c332e2ad9e3402aa701e7270b05775e9ddd025e2330d7b84e67866524c67f9c38b11e4679e28a38574b47f8d218a1a04a7466754d6ea7f959ab1f5b85d066d3f90076e8219f66653f7b78a9789d76213505b4e75ec28081608ed2f1ea1238e3eeab011ce4ec147327cd0ca029c2818133cb6":"746869730069730061006c6162656c00":"" PSA decrypt: RSA OAEP-SHA-256, 30 bytes -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"":"74686973206973206e6f2073717565616d697368206f7373696672616765" PSA decrypt: RSA OAEP-SHA-256, 30 bytes, with label -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c00":"74686973206973206e6f2073717565616d697368206f7373696672616765" PSA decrypt: RSA OAEP-SHA-384, 30 bytes -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA asymmetric_decrypt:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_384):"0df6750b8fed749359c016887d2cf097cc512c065526a91a7ee9b345a1bfff833737e7326e54d03f6bb65971962885a7661a16858d53ea55821052f4c7798d395b5c5495332fd4174451a1a437f36c27f446b96f309ff1cb6837274aa8ae2b51a8a479d736d25b8d2ca8ab96fe589553a3e52818b7df75544eb5469977b29aa4":"":"74686973206973206e6f2073717565616d697368206f7373696672616765" PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (should be empty) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75429":"00":128:PSA_ERROR_INVALID_PADDING PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (empty) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"":128:PSA_ERROR_INVALID_PADDING PSA decrypt: RSA OAEP-SHA-256, 30 bytes, wrong label (same length) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"46edc9984a6d4b7c7fd88fda9ea91ddbd30b28a0793cc75a9fcdd94d867c69090a697d46a6f336a3e48a122dd3ee3b51566b445ff78adb613d09b7d8c59c25a27d8cf7f5e36455f2e71ff6c6ee98d5740e66b23794acc72906561951c2be5064f6a250646ab627ecbfa48c02f82c29fe9b8c8e6be8eb752432124974373b542c":"746869730069730061006c6162656c01":128:PSA_ERROR_INVALID_PADDING PSA decrypt: RSA PKCS#1 v1.5, invalid padding -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46873":"":128:PSA_ERROR_INVALID_PADDING PSA decrypt: RSA PKCS#1 v1.5: salt not allowed -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"99ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee":128:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA OAEP-SHA-256, invalid padding -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"3fd3c81e3919a19014400d91098090f273312e0150e09eff7f66fb9624d2ec9764fc80befcb592e9d102493c882b8bc0334a257e73aba23a0ee13f826cbc64f8200b9150784d004ccb2955c877c95ab888e3917f423dd52f3c8a49cb61c1966ec04f336068729ae0bce7d7fb3e680f9d15d658db9b906efcbf2c2fae45e75428":"":128:PSA_ERROR_INVALID_PADDING PSA decrypt: invalid algorithm -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_SHA_256:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":128:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA PKCS#1 v1.5, invalid key type (RSA public key) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_PKCS1V15_CRYPT:"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":128:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA OAEP, invalid key type (RSA public key) -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"adeecba2db7f867a733853f0136c554e5e01c7a2015721a9bfe30c3ad163b93a9c7589170311209f91420ad8a1a8280c7e890a6d7bca3c500b4da4f53a17bd84a21d58f979a9b4b8f2246b482d930804f12b3aeb2ac8b5ac7938d452ca13be8eb8e973c4e2b19fd454058cbae037bcef7ef68a5fbabf050de5f283cf1998c695":"":128:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA PKCS#1 v1.5: invalid key type (AES) -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_AES asymmetric_decrypt_fail:PSA_KEY_TYPE_AES:"3082025e02010002818100af057d396e":PSA_ALG_RSA_PKCS1V15_CRYPT:"3082025e02010002818100af057d396e":"":16:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA PKCS#1 v1.5, input too small -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":127:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA PKCS#1 v1.5, input too large -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_CRYPT:"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA OAEP-SHA-256, input too small -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":127:PSA_ERROR_INVALID_ARGUMENT PSA decrypt: RSA OAEP-SHA-256, input too large -depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_OAEP:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR asymmetric_decrypt_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256):"0099ffde2fcc00c9cc01972ebfa7779b298dbbaf7f50707a7405296dd2783456fc792002f462e760500e02afa25a859ace8701cb5d3b0262116431c43af8eb08f5a88301057cf1c156a2a5193c143e7a5b03fac132b7e89e6dcd8f4c82c9b28452329c260d30bc39b3816b7c46b41b37b4850d2ae74e729f99c6621fbbe2e46872":"":129:PSA_ERROR_INVALID_ARGUMENT Crypto derivation operation object initializers zero properly @@ -5225,27 +5225,27 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS derive_input:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_DERIVE:"01020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708010203040506070801020304050607080102030405060708":PSA_ERROR_INVALID_ARGUMENT:PSA_KEY_DERIVATION_INPUT_LABEL:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: ECDH on P256 with HKDF-SHA256, raw output -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: ECDH on P256 with HKDF-SHA256, omitted salt -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):0:UNUSED:"":UNUSED:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: ECDH on P256 with HKDF-SHA256, info first -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_TYPE_NONE:PSA_SUCCESS PSA key derivation: ECDH on P256 with HKDF-SHA256, key output -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_TYPE_RAW_DATA:PSA_SUCCESS PSA key derivation: ECDH on P256 with HKDF-SHA256, salt after secret -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_INFO:PSA_KEY_TYPE_NONE:"":PSA_ERROR_BAD_STATE:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: ECDH on P256 with HKDF-SHA256, missing info -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE PSA key derivation: TLS12_ECJPAKE_TO_PMS, good input, output too short @@ -5838,15 +5838,15 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"4bc6f832d2c78493b1c3bf2c1dee3567fd7e0813792f12452a7cbbaa2e5c4e919c248ed866364b9785ea27fc1fac969cf1ab24ea3d0f8583c297f8093557f41f2604bcca464cf6540a861e29eb41991e11b6bbc165fbc2eea1d8305ecd28eec95c256a9652f19699d838551c4254f98e0580c121daa1e7020ff45b19caca81b5999f013c8bbc235b069e3d9705919d26a11871d3a635050c6025528e0c743600ae882593acb0cacf8dfe262fe16b0726104aea462e4acf37d2c577314b548e04f21755365b4b741a4f35393d91bf7df1af50b5c1073497064398cafce10e4ab2a2c1f1a8e7b007f6ecce394bc4bf875b6d1859bfd75d701ad4a3af792436e43a4422a1376f4f116a7bb27cf233b9130f2facd9844080154890fa3da59bb58012309d3528c4a19c020a0b6ebece627f47a0523373d52729a4df19b4a042d9a704744c1ce57197372c421a08434508084693855a9000e7dcef41264bee7066fe001d5fefa45abf9fd86f8aba0243f45af26bd769c924f56658f86cda510723d601":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"4e68326ca1b8647d8e25f6baf131a71a0cebb2916337a8affe66a3627ce41e16184c361dfedce617a8b16370620bbdcd":1:1:0 PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ka -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)) :PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"bdb7a5e3f169ce61432e6e1b10e398abf5c96099bf517b5fa61481f556193eaf884e30290d79b186c9cba7f4976e5085":"":2:1:0 PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ka -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)) :PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"bdb7a5e3f169ce61432e6e1b10e398abf5c96099bf517b5f":"a61481f556193eaf884e30290d79b186c9cba7f4976e5085":2:1:0 PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ka -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)) :PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"":"bdb7a5e3f169ce61432e6e1b10e398abf5c96099bf517b5fa61481f556193eaf884e30290d79b186c9cba7f4976e5085":2:1:0 # bad state: other secret passed before seed @@ -5859,7 +5859,7 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"":1:1:0 PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #1, ka -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"":"":2:1:0 # bad state: other secret passed after secret @@ -5872,7 +5872,7 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"":48:"":"":1:1:0 PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #2, ka -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_ERROR_BAD_STATE:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"":"":2:1:0 # bad state: other secret passed after label @@ -5885,7 +5885,7 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_ERROR_BAD_STATE:"":48:"":"":1:1:0 PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #3, ka -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"01020304":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_LABEL:"6d617374657220736563726574":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_ERROR_BAD_STATE:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"":"":2:1:0 # bad state: other secret passed twice @@ -5898,7 +5898,7 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS derive_output:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c4eb02cb10175ab8a33aeeb068ba23df08206b0e":PSA_ERROR_BAD_STATE:0:"":PSA_SUCCESS:"":48:"":"":1:1:0 PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #4, ka -depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 derive_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SEED:"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_OTHER_SECRET:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_ERROR_BAD_STATE:0:"":PSA_SUCCESS:"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":48:"":"":2:1:0 PSA key derivation: TLS 1.2 Mix-PSK-to-MS, other key is raw data @@ -6376,63 +6376,63 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS + 1:PSA_ERROR_NOT_SUPPORTED:0 PSA key agreement setup: ECDH + HKDF-SHA-256: good -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS PSA key agreement setup: ECDH + HKDF-SHA-256: good, key algorithm broader than required -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDH:"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS PSA key agreement setup: ECDH + HKDF-SHA-256: key algorithm KDF mismatch -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_512:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_512)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_PERMITTED PSA key agreement setup: ECDH + HKDF-SHA-256: public key not on curve -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ff":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH + HKDF-SHA-256: public key on different curve -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384 key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH + HKDF-SHA-256: public key instead of private key -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH, unknown KDF -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED PSA key agreement setup: bad key agreement algorithm -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_setup:PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: KDF instead of a key agreement algorithm -depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_HKDF(PSA_ALG_SHA_256):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA raw key agreement: ECDH SECP256R1 (RFC 5903) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de" PSA raw key agreement: ECDH SECP384R1 (RFC 5903) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746" PSA raw key agreement: ECDH SECP521R1 (RFC 5903) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_521 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_521 raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea" PSA raw key agreement: ECDH brainpoolP256r1 (RFC 7027) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_256 raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b" PSA raw key agreement: ECDH brainpoolP384r1 (RFC 7027) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_384 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_384 raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42" PSA raw key agreement: ECDH brainpoolP512r1 (RFC 7027) -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_BRAINPOOL_P_R1_512 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_512 raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f" PSA raw key agreement: X25519 (RFC 7748: Alice) @@ -6452,31 +6452,31 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_MONTGOM raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d":"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160 -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_capacity:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":8160 PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0 -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":"" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 31+1 -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4":"41" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 1+31 -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3b":"f511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 0+32 -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+32 -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":"7883c010f6e37cd6942c63bd8a65d8648c736bf8330b539760e18db13888d992" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 64+0 -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4417883c010f6e37cd6942c63bd8a65d8648c736bf8330b539760e18db13888d992":"" PSA generate random: 0 bytes @@ -6637,15 +6637,15 @@ PSA generate key: RSA, e=2 generate_key_rsa:512:"01":PSA_ERROR_INVALID_ARGUMENT PSA import persistent key: raw data, 8 bits -depends_on:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:MBEDTLS_PK_C:MBEDTLS_PSA_CRYPTO_STORAGE_C persistent_key_load_key_from_storage:"2a":PSA_KEY_TYPE_RAW_DATA:8:PSA_KEY_USAGE_EXPORT:0:IMPORT_KEY PSA import persistent key: AES, 128 bits, exportable -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C:MBEDTLS_PSA_CRYPTO_STORAGE_C persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:IMPORT_KEY PSA import persistent key: AES, 128 bits, non-exportable -depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C:MBEDTLS_PSA_CRYPTO_STORAGE_C +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C:MBEDTLS_PSA_CRYPTO_STORAGE_C persistent_key_load_key_from_storage:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:IMPORT_KEY PSA generate persistent key: raw data, 8 bits, exportable diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index 6069a696c..843bc8226 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -15,35 +15,35 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_W sign_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS sign_hash transparent driver: in driver RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_SUCCESS sign_hash transparent driver: fallback RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_SUCCESS sign_hash transparent driver: error RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":0:PSA_ERROR_GENERIC_ERROR sign_hash transparent driver: fake RSA PKCS#1 v1.5, raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":1:PSA_SUCCESS sign_hash transparent driver: in driver RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS sign_hash transparent driver: fallback RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS sign_hash transparent driver: error RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_ERROR_GENERIC_ERROR sign_hash transparent driver: fake RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C sign_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":1:PSA_SUCCESS verify_hash transparent driver: in driver ECDSA SECP256R1 SHA-256 @@ -71,63 +71,63 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_KEY_TYPE_ECC_PUBLIC_KEY( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_GENERIC_ERROR verify_hash transparent driver: in driver Key Pair RSA PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_SUCCESS verify_hash transparent driver: fallback Key Pair RSA PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_SUCCESS verify_hash transparent driver: error Key Pair RSA PKCS#1 v1.5 raw -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"2c7744983f023ac7bb1c55529d83ed11a76a7898a1bb5ce191375a4aa7495a633d27879ff58eba5a57371c34feb1180e8b850d552476ebb5634df620261992f12ebee9097041dbbea85a42d45b344be5073ceb772ffc604954b9158ba81ec3dc4d9d65e3ab7aa318165f38c36f841f1c69cb1cfa494aa5cbb4d6c0efbafb043a":PSA_ERROR_GENERIC_ERROR verify_hash transparent driver: in driver Key Pair RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_hash transparent driver: fallback Key Pair RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_hash transparent driver: error Key Pair RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR verify_hash transparent driver: in driver Public Key RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_hash transparent driver: fallback Public Key RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_hash transparent driver: error Public Key RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR verify_hash transparent driver: in driver Public Key RSA-1024 PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS verify_hash transparent driver: fallback Public Key RSA-1024 PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS verify_hash transparent driver: error Public Key RSA-1024 PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_ERROR_GENERIC_ERROR verify_hash transparent driver: in driver Public Key RSA-1024 PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS verify_hash transparent driver: fallback Public Key RSA-1024 PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_SUCCESS verify_hash transparent driver: error Public Key RSA-1024 PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C verify_hash:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":"6b201c50637962338d1b218c1d26f031205a0e3c47bc4c54856aa037e5a332d2981e80a51648e902e46046e5507a255c4c73f5ff40d5a54c0a11d2eca7804e1767b20ea12c945a23f5473181d379689c1ba634a2c47c0a8ec90c922ca6466ae9e9fb92871c9043b5858ae34828bceb4ead82db8f21a18ebe1d95b469bbdef1df":PSA_ERROR_GENERIC_ERROR sign_message transparent driver: calculate in driver ECDSA SECP256R1 SHA-256 @@ -147,19 +147,19 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_W sign_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":"616263":"000102030405060708090A0B0C0D0E0F":1:PSA_SUCCESS sign_message transparent driver: calculate in driver RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS sign_message transparent driver: fallback RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_SUCCESS sign_message transparent driver: error RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":0:PSA_ERROR_GENERIC_ERROR sign_message transparent driver: fake RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C sign_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":1:PSA_SUCCESS verify_message transparent driver: calculate in driver ECDSA SECP256R1 SHA-256 @@ -187,51 +187,51 @@ depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548":PSA_ERROR_GENERIC_ERROR verify_message transparent driver: calculate in driver RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_message transparent driver: fallback RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_message transparent driver: error RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:0:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR verify_message transparent driver: calculate in driver Public Key RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_message transparent driver: fallback Public Key RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_SUCCESS verify_message transparent driver: error Public Key RSA PKCS#1 v1.5 SHA-256 -depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"616263":"a73664d55b39c7ea6c1e5b5011724a11e1d7073d3a68f48c836fad153a1d91b6abdbc8f69da13b206cc96af6363b114458b026af14b24fab8929ed634c6a2acace0bcc62d9bb6a984afbcbfcd3a0608d32a2bae535b9cd1ecdf9dd281db1e0025c3bfb5512963ec3b98ddaa69e38bc3c84b1b61a04e5648640856aacc6fc7311":PSA_ERROR_GENERIC_ERROR verify_message transparent driver: calculate in driver Public Key RSA PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5":PSA_SUCCESS verify_message transparent driver: fallback Public Key RSA PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5":PSA_SUCCESS verify_message transparent driver: error Public Key RSA PSS SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"29b65db0936b7fe408bda672077b0bc5e176177ba9a550fb548c292f7b4af1bb6475e0a979ba43dd644780801fabe5b62a1359cf7692918f30013e90c2362235765abc2078905d13b345dd689bf15e4e94ca51535d12f0675d5f13e9f254ba7696f0096d62deb023d106e9a96a5da3162bead6a745c8b9000868d2f9a447d5c5":PSA_ERROR_GENERIC_ERROR verify_message transparent driver: calculate in driver Public Key RSA PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_SUCCESS:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d":PSA_SUCCESS verify_message transparent driver: fallback Public Key RSA PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_NOT_SUPPORTED:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d":PSA_SUCCESS verify_message transparent driver: error Public Key RSA PSS-any-salt SHA-256 -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_MD_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_MD_C verify_message:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_ERROR_GENERIC_ERROR:1:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":"6b65e1fdc900dce8a2b82130ae8ccfac27b6d0eb5f2c0c1085b80f34ceaaf064c8ff237e74a24a3c6fb7a842f172e5146315616281bbbeeae90febaab139a212decf1c68923f2a48e242b1fd72105e3a3f2329c30d78abe8673335ad08c5ba1aa515360bb5660050f1994bb08d3dd17e3407a379403bafa4e229b3c851283f6d":PSA_ERROR_GENERIC_ERROR generate_key through transparent driver: fake @@ -252,19 +252,19 @@ generate_key through transparent driver: error generate_key:PSA_ERROR_GENERIC_ERROR:"":PSA_ERROR_GENERIC_ERROR validate key through transparent driver: good private key -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: good public key -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 validate_key:PSA_SUCCESS:PSA_KEY_LOCATION_LOCAL_STORAGE:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: fallback private key -depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:132:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through transparent driver: fallback public key -depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 validate_key:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_LOCATION_LOCAL_STORAGE:133:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through transparent driver: error @@ -272,11 +272,11 @@ depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR validate_key:PSA_ERROR_GENERIC_ERROR:PSA_KEY_LOCATION_LOCAL_STORAGE:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR validate key through opaque driver: good private key -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:130:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_SUCCESS validate key through opaque driver: good public key -depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 validate_key:PSA_SUCCESS:PSA_CRYPTO_TEST_DRIVER_LOCATION:131:1:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_SUCCESS validate key through opaque driver: error @@ -284,35 +284,35 @@ depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR validate_key:PSA_ERROR_GENERIC_ERROR:PSA_CRYPTO_TEST_DRIVER_LOCATION:134:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ERROR_GENERIC_ERROR export_key private to public through driver: fake -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 export_key:PSA_SUCCESS:"0102030405":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"":PSA_SUCCESS export_key private to public through driver: in-driver -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 export_key:PSA_SUCCESS:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS export_key private to public through driver: fallback -depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 export_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_SUCCESS export_key private to public through driver: error -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 export_key:PSA_ERROR_GENERIC_ERROR:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"":PSA_ERROR_GENERIC_ERROR raw key agreement through driver: fake -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement:PSA_ALG_ECDH:PSA_SUCCESS:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":"0102030405":PSA_SUCCESS raw key agreement through driver: in-driver -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement:PSA_ALG_ECDH:PSA_SUCCESS:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":"":PSA_SUCCESS raw key agreement through driver: fallback -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_ECDH +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_ECDH key_agreement:PSA_ALG_ECDH:PSA_ERROR_NOT_SUPPORTED:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":"":PSA_SUCCESS raw key agreement through driver: error -depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 key_agreement:PSA_ALG_ECDH:PSA_ERROR_GENERIC_ERROR:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de":"":PSA_ERROR_GENERIC_ERROR PSA symmetric encrypt validation: AES-CTR, 16 bytes, good diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.data b/tests/suites/test_suite_psa_crypto_persistent_key.data index 6d208e9e6..e6f780bd7 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.data +++ b/tests/suites/test_suite_psa_crypto_persistent_key.data @@ -42,87 +42,87 @@ Save larger than maximum-size persistent raw key save_large_persistent_key:PSA_CRYPTO_MAX_STORAGE_SIZE + 1:PSA_ERROR_NOT_SUPPORTED Persistent key destroy -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C persistent_key_destroy:2:1:0:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" Persistent key destroy after restart -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C persistent_key_destroy:17:1:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RAW_DATA:"deadbeef" Persistent key import (RSA) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_SUCCESS Persistent key import with restart (RSA) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":1:PSA_SUCCESS Persistent key import (RSA) invalid key id (VENDOR_MIN) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C persistent_key_import:256:PSA_KEY_ID_VENDOR_MIN:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_ARGUMENT Persistent key import (RSA) invalid key id (VOLATILE_MIN) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C persistent_key_import:256:PSA_KEY_ID_VOLATILE_MIN:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_ARGUMENT Persistent key import (RSA) invalid key id (VENDOR_MAX) -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C persistent_key_import:256:PSA_KEY_ID_VENDOR_MAX:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":0:PSA_ERROR_INVALID_ARGUMENT Persistent key import garbage data, should fail -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C persistent_key_import:256:1:PSA_KEY_TYPE_RSA_KEY_PAIR:"11111111":0:PSA_ERROR_INVALID_ARGUMENT import/export persistent raw key: 1 byte import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:0 import/export persistent key RSA public key: good, 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:0 import/export persistent key RSA keypair: good, 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:0:0 import/export persistent raw key file not exist: 1 byte import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:0:1 import/export persistent key RSA public key file not exist: 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:0:1 import/export persistent key RSA keypair file not exist: 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:0:1 import/export-persistent symmetric key: 16 bytes -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:0:0 import/export persistent raw key with restart: 1 byte import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:0 import/export persistent key RSA public key with restart: good, 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:0 import/export persistent key RSA keypair with restart: good, 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:1:0 import/export persistent raw key file not exist with restart: 1 byte import_export_persistent_key:"2a":PSA_KEY_TYPE_RAW_DATA:8:1:1 import/export persistent key RSA public key file not exist with restart: 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PK_C import_export_persistent_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001":PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024:1:1 import/export persistent key RSA keypair file not exist with restart: 1024-bit -depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_PK_C import_export_persistent_key:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:1:1 import/export-persistent symmetric key with restart: 16 bytes -depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PK_C import_export_persistent_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:128:1:0 Destroy invalid id: 0 From 73a218513baee92b5f804e4238cf1b20bbd8275c Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Feb 2023 09:19:22 +0100 Subject: [PATCH 418/440] psa_crypto_rsa: add comment/explanation for residual PK_WRITE_C guard Signed-off-by: Valerio Setti --- library/psa_crypto_rsa.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 6e90f1cea..0db425f11 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -172,6 +172,9 @@ psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type, size_t data_size, size_t *data_length) { +/* Currently this is always true due to the fact that build_info.h auto-enables + * MBEDTLS_PK_WRITE_C whenever both PSA and RSA_C are enabled. + * However we keep the guard here to emphasize this dependency explicitly. */ #if defined(MBEDTLS_PK_WRITE_C) int ret; mbedtls_pk_context pk; From c0e7da55c562c1f5794a3303cb83ac87cc9d2e7a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Feb 2023 11:50:29 +0100 Subject: [PATCH 419/440] test: removing remaning dependencies of PK_WRITE/PK_PARSE from test_suite_psa_crypto suites Signed-off-by: Valerio Setti --- tests/suites/test_suite_psa_crypto.data | 80 ++++++++++++------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 855d8a2dc..a2beeedae 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -4146,27 +4146,27 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f" PSA sign hash int (ops=inf): det ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":0 PSA sign hash int (ops=inf) det ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca":0 PSA sign hash int (ops=inf): det ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash int (ops=min): det ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f":0 PSA sign hash: RSA PKCS#1 v1.5 SHA-256, wrong hash size @@ -4234,47 +4234,47 @@ depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_T sign_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED PSA sign hash int (ops=inf): det ECDSA SECP256R1 SHA-256, out buf too small -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-256, out buf too small -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:0 PSA sign hash int (ops=inf): det ECDSA SECP256R1 SHA-256, empty out buf -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash int (ops=min): det ECDSA SECP256R1 SHA-256, empty out buf -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_SUCCESS:PSA_ERROR_BUFFER_TOO_SMALL:0 PSA sign hash int (ops=inf): det ECDSA SECP256R1, invld hash alg (0) -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash int (ops=min): det ECDSA SECP256R1, invld hash alg (0) -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_SUCCESS:PSA_ERROR_INVALID_ARGUMENT:0 PSA sign hash int: det ECDSA SECP256R1, invld hash alg (wildcard) -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash int: invld alg for ECC key -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PK_PARSE_C +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash int: ECDSA not supported -depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash int (ops=inf): det ECDSA not supported -depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign hash int (ops=min): det ECDSA not supported -depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:!PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":96:PSA_SUCCESS:PSA_ERROR_NOT_SUPPORTED:0 PSA sign/verify hash: RSA PKCS#1 v1.5, raw @@ -4318,51 +4318,51 @@ depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TY sign_verify_hash:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign/vrfy hash int (ops=inf): rand ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign/vrfy hash int (ops=min): rand ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0 PSA sign/vrfy hash int (ops=inf): det ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign/vrfy hash int (ops=min): det ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0 PSA sign/vrfy hash int (ops=inf): rand ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign/vrfy hash int (ops=min): rand ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":0 PSA sign/vrfy hash int (ops=inf): det ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign/vrfy hash int (ops=min): det ECDSA SECP256R1 SHA-384 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":0 PSA sign/vrfy hash int (ops=inf): rand ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign/vrfy hash int (ops=min): rand ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0 PSA sign/vrfy hash int (ops=inf): det ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign/vrfy hash int (ops=min): det ECDSA SECP384R1 SHA-256 -depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_384 +depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_384 sign_verify_hash_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0 PSA verify hash: RSA PKCS#1 v1.5 SHA-256, good signature @@ -4522,47 +4522,47 @@ depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_P verify_hash_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT PSA vrfy hash int: ECDSA SECP256R1, wrong sig size (correct but ASN1-encoded) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA vrfy hash int (ops=inf): ECDSA SECP256R1, wrong sig of correct size -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA vrfy hash int (ops=min): ECDSA SECP256R1, wrong sig of correct size -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_SUCCESS:PSA_ERROR_INVALID_SIGNATURE:0 PSA vrfy hash int: ECDSA SECP256R1, wrong sig (empty) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA vrfy hash int: ECDSA SECP256R1, wrong sig (truncated) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA vrfy hash int: ECDSA SECP256R1, wrong sig (trailing junk) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA vrfy hash int: ECDSA SECP256R1, wrong sig (leading junk) -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA vrfy hash int: invld alg for ECC key -depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_RSA_PSS:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 verify_hash_fail_interruptible:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_NOT_SUPPORTED:PSA_ERROR_BAD_STATE:PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED PSA sign/vrfy hash int state test: randomized ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 interruptible_signverify_hash_state_test:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign/vrfy hash int edge case tests: randomized ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 interruptible_signverify_hash_edgecase_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign/vrfy hash int ops tests: randomized ECDSA SECP256R1 SHA-256 -depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256 +depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256 interruptible_signverify_hash_ops_tests:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign message: RSA PKCS#1 v1.5 SHA-256 From 733de595e3eb03395e96662feb39b4ae6bf896a2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 24 Feb 2023 11:54:07 +0100 Subject: [PATCH 420/440] psa_crypto_rsa: remove PK_WRITE_C in psa_rsa_export_key Signed-off-by: Valerio Setti --- library/psa_crypto_rsa.c | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c index 0db425f11..3ff589dc8 100644 --- a/library/psa_crypto_rsa.c +++ b/library/psa_crypto_rsa.c @@ -172,10 +172,6 @@ psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type, size_t data_size, size_t *data_length) { -/* Currently this is always true due to the fact that build_info.h auto-enables - * MBEDTLS_PK_WRITE_C whenever both PSA and RSA_C are enabled. - * However we keep the guard here to emphasize this dependency explicitly. */ -#if defined(MBEDTLS_PK_WRITE_C) int ret; mbedtls_pk_context pk; uint8_t *pos = data + data_size; @@ -212,14 +208,6 @@ psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type, *data_length = ret; return PSA_SUCCESS; -#else - (void) type; - (void) rsa; - (void) data; - (void) data_size; - (void) data_length; - return PSA_ERROR_NOT_SUPPORTED; -#endif /* MBEDTLS_PK_WRITE_C */ } psa_status_t mbedtls_psa_rsa_export_public_key( From c15a2b949df4652655cc7ce6acae09ea698c9f62 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 8 Mar 2023 12:55:48 +0000 Subject: [PATCH 421/440] Update the text about gcc5 support for Armv8 CE Signed-off-by: Tom Cosgrove --- library/sha256.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/sha256.c b/library/sha256.c index 605b2b041..ca3fa5df9 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -63,8 +63,8 @@ # pragma clang attribute push (__attribute__((target("crypto"))), apply_to=function) # define MBEDTLS_POP_TARGET_PRAGMA # elif defined(__GNUC__) - /* FIXME: GCC-5 claims crypto extension, but some intrinsic are missed. - * Known miss intrinsic can be workaround. + /* FIXME: GCC 5 claims to support Armv8 Crypto Extensions, but some + * intrinsics are missing. Missing intrinsics could be worked around. */ # if __GNUC__ < 6 # error "A more recent GCC is required for MBEDTLS_SHA256_USE_A64_CRYPTO_*" From bbe166e72116848b8ef83108cde1c568a97fa592 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 8 Mar 2023 13:23:24 +0000 Subject: [PATCH 422/440] Fix mbedtls_bswap64() on 32-bit systems Signed-off-by: Tom Cosgrove --- library/alignment.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/library/alignment.h b/library/alignment.h index f7330c989..a518a8a3a 100644 --- a/library/alignment.h +++ b/library/alignment.h @@ -217,14 +217,14 @@ static inline uint32_t mbedtls_bswap32(uint32_t x) static inline uint64_t mbedtls_bswap64(uint64_t x) { return - (x & 0x00000000000000ff) << 56 | - (x & 0x000000000000ff00) << 40 | - (x & 0x0000000000ff0000) << 24 | - (x & 0x00000000ff000000) << 8 | - (x & 0x000000ff00000000) >> 8 | - (x & 0x0000ff0000000000) >> 24 | - (x & 0x00ff000000000000) >> 40 | - (x & 0xff00000000000000) >> 56; + (x & 0x00000000000000ffULL) << 56 | + (x & 0x000000000000ff00ULL) << 40 | + (x & 0x0000000000ff0000ULL) << 24 | + (x & 0x00000000ff000000ULL) << 8 | + (x & 0x000000ff00000000ULL) >> 8 | + (x & 0x0000ff0000000000ULL) >> 24 | + (x & 0x00ff000000000000ULL) >> 40 | + (x & 0xff00000000000000ULL) >> 56; } #define MBEDTLS_BSWAP64 mbedtls_bswap64 #endif /* !defined(MBEDTLS_BSWAP64) */ From b3c6a1e04a7e9432398f332edbba87665083a859 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Wed, 8 Mar 2023 15:47:00 +0000 Subject: [PATCH 423/440] Update ChangeLog to make "fix" explicit Signed-off-by: Tom Cosgrove --- ChangeLog | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1404d3647..639c8e97b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -106,11 +106,11 @@ Security * Fix potential heap buffer overread and overwrite in DTLS if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX. - * An adversary with access to precise enough information about memory - accesses (typically, an untrusted operating system attacking a secure - enclave) could recover an RSA private key after observing the victim - performing a single private-key operation if the window size used for the - exponentiation was 3 or smaller. Found and reported by Zili KOU, + * Fix an issue where an adversary with access to precise enough information + about memory accesses (typically, an untrusted operating system attacking + a secure enclave) could recover an RSA private key after observing the + victim performing a single private-key operation if the window size used + for the exponentiation was 3 or smaller. Found and reported by Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG. See "Cache Side-channel Attacks and Defenses of the Sliding Window Algorithm in TEEs" - Design, Automation and Test in Europe 2023. @@ -969,16 +969,17 @@ Security signature, allowing the recovery of the private key after observing a large number of signature operations. This completes a partial fix in Mbed TLS 2.20.0. - * An adversary with access to precise enough information about memory - accesses (typically, an untrusted operating system attacking a secure - enclave) could recover an RSA private key after observing the victim - performing a single private-key operation. Found and reported by + * Fix an issue where an adversary with access to precise enough information + about memory accesses (typically, an untrusted operating system attacking + a secure enclave) could recover an RSA private key after observing the + victim performing a single private-key operation. Found and reported by Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG. - * An adversary with access to precise enough timing information (typically, a - co-located process) could recover a Curve25519 or Curve448 static ECDH key - after inputting a chosen public key and observing the victim performing the - corresponding private-key operation. Found and reported by Leila Batina, - Lukas Chmielewski, Björn Haase, Niels Samwel and Peter Schwabe. + * Fix an issue where an adversary with access to precise enough timing + information (typically, a co-located process) could recover a Curve25519 + or Curve448 static ECDH key after inputting a chosen public key and + observing the victim performing the corresponding private-key operation. + Found and reported by Leila Batina, Lukas Chmielewski, Björn Haase, Niels + Samwel and Peter Schwabe. Bugfix * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may From f84b7d5c21d176c77adc41821f82ebf9b4a0aadf Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Feb 2023 17:33:33 +0100 Subject: [PATCH 424/440] test: enable ECDSA based key exchanges in driver coverage tests Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2e283d458..5a9ccbcff 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2111,10 +2111,6 @@ config_psa_crypto_config_ecdsa_use_psa () { # Disable the module that's accelerated scripts/config.py unset MBEDTLS_ECDSA_C fi - # Disable things that depend on it - # TODO: make these work - #6862 - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED # Restartable feature is not yet supported by PSA. Once it will in # the future, the following line could be removed (see issues # 6061, 6332 and following ones) From 30c4618970f0f3c5569f1dc9b637e68d80bfc4ea Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Feb 2023 17:34:37 +0100 Subject: [PATCH 425/440] Add new PSA_HAS_FULL_ECDSA macro for easily signal that PSA has full ECDSA support Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 6 ++++-- include/mbedtls/config_psa.h | 5 +++++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 3065df5d9..306db035e 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -280,7 +280,8 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \ + ( !defined(MBEDTLS_ECDH_C) || \ + !(defined(MBEDTLS_ECDSA_C) || defined(PSA_HAS_FULL_ECDSA)) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" #endif @@ -313,7 +314,8 @@ #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ - ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \ + ( !defined(MBEDTLS_ECDH_C) || \ + !(defined(MBEDTLS_ECDSA_C) || defined(PSA_HAS_FULL_ECDSA)) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 48b2d3209..8dff07236 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -308,6 +308,11 @@ extern "C" { #define PSA_HAVE_SOFT_BLOCK_AEAD 1 #endif +#if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#define PSA_HAS_FULL_ECDSA 1 +#endif + #if defined(PSA_WANT_KEY_TYPE_AES) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #define PSA_HAVE_SOFT_KEY_TYPE_AES 1 From 75fba32cb33911b018b28b629f2dd8c15fb89dca Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Feb 2023 17:35:09 +0100 Subject: [PATCH 426/440] ssl: use new macros for ECDSA capabilities Signed-off-by: Valerio Setti --- library/ssl_tls.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index c13f2f07e..5d8a761db 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1206,7 +1206,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) { continue; } -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) sig_algs_len += sizeof(uint16_t); #endif @@ -1234,7 +1234,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) if (hash == MBEDTLS_SSL_HASH_NONE) { continue; } -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) *p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA); p++; #endif @@ -4979,22 +4979,25 @@ static int ssl_preset_suiteb_ciphersuites[] = { */ static uint16_t ssl_preset_default_sig_algs[] = { -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \ +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \ + defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA && +#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \ +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \ + defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA&& +#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA&& MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \ +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \ + defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA) && \ defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512, -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA&& +#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA&& MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ @@ -5034,7 +5037,7 @@ static uint16_t ssl_preset_default_sig_algs[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA) -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512), #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) @@ -5045,7 +5048,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #endif #endif /* MBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/ #if defined(MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA) -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) @@ -5056,7 +5059,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #endif #endif /* MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA*/ #if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA) -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256), #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) From 2f081473b6f33c09345b05886e9235e349c8a451 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 23 Feb 2023 17:36:06 +0100 Subject: [PATCH 427/440] test: fix disparities in test_suite_ssl Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 38 ++++++++++++++-------------- tests/suites/test_suite_ssl.function | 2 +- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 928a7cee0..c47f29243 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -280,11 +280,11 @@ depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_ handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0 Handshake, ECDHE-ECDSA-WITH-AES-256-CCM -depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0 Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0 Handshake, PSK-WITH-AES-128-CBC-SHA @@ -308,11 +308,11 @@ depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_ handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1 DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM -depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1 DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 -depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1 DTLS Handshake, PSK-WITH-AES-128-CBC-SHA @@ -420,23 +420,23 @@ depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C: handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque -depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256 -depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg -depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage -depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque @@ -456,23 +456,23 @@ depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque -depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg -depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage -depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECDH_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0 Sending app data via TLS, MFL=512 without fragmentation @@ -3133,7 +3133,7 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1 # - App data payload: 70696e67 # - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5 # - Padding used: No (== granularity 1) -depends_on:MBEDTLS_AES_C:MBEDTLS_ECDSA_C:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5" SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2 @@ -3144,7 +3144,7 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2 # - App data payload: 706f6e67 # - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7 # - Padding used: No (== granularity 1) -depends_on:MBEDTLS_AES_C:MBEDTLS_ECDSA_C:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7" SSL TLS 1.3 Record Encryption RFC 8448 Example #1 @@ -3163,7 +3163,7 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #1 # 62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6 # 3a ee bb 21 69 49 15 e4 # - Padding used: No (== granularity 1) -depends_on:MBEDTLS_AES_C:MBEDTLS_ECDSA_C:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4" SSL TLS 1.3 Record Encryption RFC 8448 Example #2 @@ -3182,12 +3182,12 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #2 # fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54 # 0d d0 32 e1 67 c2 95 5d # - Padding used: No (== granularity 1) -depends_on:MBEDTLS_AES_C:MBEDTLS_ECDSA_C:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d" SSL TLS 1.3 Key schedule: Application secrets derivation helper # Vector from RFC 8448 -depends_on:MBEDTLS_AES_C:MBEDTLS_ECDSA_C:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ssl_tls13_derive_application_secrets:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" SSL TLS 1.3 Key schedule: Resumption secrets derivation helper diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9e37259a7..f48602183 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -5685,7 +5685,7 @@ void cid_sanity() } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDSA_C */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PK_CAN_ECDSA_SOME */ void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 }; From 1470ce3ebafe94540b7379caeb93d7210e553695 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 8 Mar 2023 16:50:12 +0100 Subject: [PATCH 428/440] fix typos Signed-off-by: Valerio Setti --- include/mbedtls/check_config.h | 4 ++-- include/mbedtls/config_psa.h | 2 +- tests/ssl-opt.sh | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 306db035e..2e02e9a5c 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -281,7 +281,7 @@ #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ ( !defined(MBEDTLS_ECDH_C) || \ - !(defined(MBEDTLS_ECDSA_C) || defined(PSA_HAS_FULL_ECDSA)) || \ + !(defined(MBEDTLS_ECDSA_C) || defined(PSA_HAVE_FULL_ECDSA)) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" #endif @@ -315,7 +315,7 @@ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ ( !defined(MBEDTLS_ECDH_C) || \ - !(defined(MBEDTLS_ECDSA_C) || defined(PSA_HAS_FULL_ECDSA)) || \ + !(defined(MBEDTLS_ECDSA_C) || defined(PSA_HAVE_FULL_ECDSA)) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #endif diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 8dff07236..92c126619 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -310,7 +310,7 @@ extern "C" { #if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#define PSA_HAS_FULL_ECDSA 1 +#define PSA_HAVE_FULL_ECDSA 1 #endif #if defined(PSA_WANT_KEY_TYPE_AES) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 5ce2d03c7..d73ef0f87 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1450,7 +1450,7 @@ do_run_test_once() { # detect_required_features() function), it does NOT guarantee that the # result is accurate. It does not check other conditions, such as: # - MBEDTLS_SSL_PROTO_TLS1_x can be disabled to selectively remove -# TLS 1.2/1.3 suppport +# TLS 1.2/1.3 support # - we can force a ciphersuite which contains "WITH" in its name, meaning # that we are going to use TLS 1.2 # - etc etc From 369930dec2da8da1e05f3804092cb183daee0bb6 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 9 Mar 2023 09:52:13 +0000 Subject: [PATCH 429/440] Move docs/getting_started.md to docs repo Delete docs/getting_started.md as it has been moved to the dedicated documentation repo. Signed-off-by: David Horstmann --- docs/getting_started.md | 962 ---------------------------------------- 1 file changed, 962 deletions(-) delete mode 100644 docs/getting_started.md diff --git a/docs/getting_started.md b/docs/getting_started.md deleted file mode 100644 index 507afa163..000000000 --- a/docs/getting_started.md +++ /dev/null @@ -1,962 +0,0 @@ -## Getting started with Mbed TLS - -### What is Mbed TLS? - -Mbed TLS is an open source cryptographic library that supports a wide range of -cryptographic operations, including: -* Key management -* Hashing -* Symmetric cryptography -* Asymmetric cryptography -* Message authentication (MAC) -* Key generation and derivation -* Authenticated encryption with associated data (AEAD) - -Mbed TLS provides a reference implementation of the cryptography interface of -the Arm Platform Security Architecture (PSA). It is written in portable C. - -Mbed TLS is distributed under the Apache License, version 2.0. - -#### Platform Security Architecture (PSA) - -Arm's Platform Security Architecture (PSA) is a holistic set of threat models, -security analyses, hardware and firmware architecture specifications, and an -open source firmware reference implementation. PSA provides a recipe, based on -industry best practice, that enables you to design security into both hardware -and firmware consistently. Part of the API provided by PSA is the cryptography -interface, which provides access to a set of primitives. - -### Using Mbed TLS - -* [Getting the Mbed TLS library](#getting-the-mbed-tls-library) -* [Building the Mbed TLS library](#building-the-mbed-tls-library) -* [Using the PSA Crypto API](#using-the-psa-crypto-api) -* [Importing a key](#importing-a-key) -* [Signing a message using RSA](#signing-a-message-using-RSA) -* [Encrypting or decrypting using symmetric ciphers](#encrypting-or-decrypting-using-symmetric-ciphers) -* [Hashing a message](#hashing-a-message) -* [Deriving a new key from an existing key](#deriving-a-new-key-from-an-existing-key) -* [Generating a random value](#generating-a-random-value) -* [Authenticating and encrypting or decrypting a message](#authenticating-and-encrypting-or-decrypting-a-message) -* [Generating and exporting keys](#generating-and-exporting-keys) -* [More about the PSA Crypto API](#more-about-the-psa-crypto-api) - -### Getting the Mbed TLS library - -Mbed TLS releases are available in the [public GitHub repository](https://github.com/Mbed-TLS/mbedtls). - -### Building the Mbed TLS library - -**Prerequisites to building the library with the provided makefiles:** -* GNU Make. -* A C toolchain (compiler, linker, archiver) that supports C99. -* Python 3.6 to generate the test code. -* Perl to run the tests. - -If you have a C compiler such as GCC or Clang, just run `make` in the top-level -directory to build the library, a set of unit tests and some sample programs. - -To select a different compiler, set the `CC` variable to the name or path of the -compiler and linker (default: `cc`) and set `AR` to a compatible archiver -(default: `ar`); for example: -``` -make CC=arm-linux-gnueabi-gcc AR=arm-linux-gnueabi-ar -``` -The provided makefiles pass options to the compiler that assume a GCC-like -command line syntax. To use a different compiler, you may need to pass different -values for `CFLAGS`, `WARNINGS_CFLAGS` and `LDFLAGS`. - -To run the unit tests on the host machine, run `make test` from the top-level -directory. If you are cross-compiling, copy the test executable from the `tests` -directory to the target machine. - -### Using the PSA Crypto API - -If using PSA Crypto, you must initialize the library by calling -`psa_crypto_init()` before any other PSA API. - -### Importing a key - -To use a key for cryptography operations in PSA, you need to first -import it. The import operation returns the identifier of the key for use -with other function calls. - -**Prerequisites to importing keys:** -* Initialize the library with a successful call to `psa_crypto_init()`. - -This example shows how to import a key: -```C -void import_a_key(const uint8_t *key, size_t key_len) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id; - - printf("Import an AES key...\t"); - fflush(stdout); - - /* Initialize PSA Crypto */ - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("Failed to initialize PSA Crypto\n"); - return; - } - - /* Set key attributes */ - psa_set_key_usage_flags(&attributes, 0); - psa_set_key_algorithm(&attributes, 0); - psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attributes, 128); - - /* Import the key */ - status = psa_import_key(&attributes, key, key_len, &key_id); - if (status != PSA_SUCCESS) { - printf("Failed to import key\n"); - return; - } - printf("Imported a key\n"); - - /* Free the attributes */ - psa_reset_key_attributes(&attributes); - - /* Destroy the key */ - psa_destroy_key(key_id); - - mbedtls_psa_crypto_free(); -} -``` - -### Signing a message using RSA - -The PSA Crypto API supports encrypting, decrypting, signing and verifying -messages using public key signature algorithms, such as RSA or ECDSA. - -**Prerequisites to performing asymmetric signature operations:** -* Initialize the library with a successful call to `psa_crypto_init()`. -* Have a valid key with appropriate attributes set: - * Usage flag `PSA_KEY_USAGE_SIGN_HASH` to allow signing. - * Usage flag `PSA_KEY_USAGE_VERIFY_HASH` to allow signature verification. - * Algorithm set to the desired signature algorithm. - -This example shows how to sign a hash that has already been calculated: -```C -void sign_a_message_using_rsa(const uint8_t *key, size_t key_len) -{ - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - uint8_t hash[32] = {0x50, 0xd8, 0x58, 0xe0, 0x98, 0x5e, 0xcc, 0x7f, - 0x60, 0x41, 0x8a, 0xaf, 0x0c, 0xc5, 0xab, 0x58, - 0x7f, 0x42, 0xc2, 0x57, 0x0a, 0x88, 0x40, 0x95, - 0xa9, 0xe8, 0xcc, 0xac, 0xd0, 0xf6, 0x54, 0x5c}; - uint8_t signature[PSA_SIGNATURE_MAX_SIZE] = {0}; - size_t signature_length; - psa_key_id_t key_id; - - printf("Sign a message...\t"); - fflush(stdout); - - /* Initialize PSA Crypto */ - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("Failed to initialize PSA Crypto\n"); - return; - } - - /* Set key attributes */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); - psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW); - psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR); - psa_set_key_bits(&attributes, 1024); - - /* Import the key */ - status = psa_import_key(&attributes, key, key_len, &key_id); - if (status != PSA_SUCCESS) { - printf("Failed to import key\n"); - return; - } - - /* Sign message using the key */ - status = psa_sign_hash(key_id, PSA_ALG_RSA_PKCS1V15_SIGN_RAW, - hash, sizeof(hash), - signature, sizeof(signature), - &signature_length); - if (status != PSA_SUCCESS) { - printf("Failed to sign\n"); - return; - } - - printf("Signed a message\n"); - - /* Free the attributes */ - psa_reset_key_attributes(&attributes); - - /* Destroy the key */ - psa_destroy_key(key_id); - - mbedtls_psa_crypto_free(); -} -``` - -### Using symmetric ciphers - -The PSA Crypto API supports encrypting and decrypting messages using various -symmetric cipher algorithms (both block and stream ciphers). - -**Prerequisites to working with the symmetric cipher API:** -* Initialize the library with a successful call to `psa_crypto_init()`. -* Have a symmetric key. This key's usage flags must include - `PSA_KEY_USAGE_ENCRYPT` to allow encryption or `PSA_KEY_USAGE_DECRYPT` to - allow decryption. - -**To encrypt a message with a symmetric cipher:** -1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the - cipher functions. -1. Initialize the operation structure to zero or to `PSA_CIPHER_OPERATION_INIT`. -1. Call `psa_cipher_encrypt_setup()` to specify the algorithm and the key to be - used. -1. Call either `psa_cipher_generate_iv()` or `psa_cipher_set_iv()` to generate - or set the initialization vector (IV). We recommend calling - `psa_cipher_generate_iv()`, unless you require a specific IV value. -1. Call `psa_cipher_update()` with the message to encrypt. You may call this - function multiple times, passing successive fragments of the message on - successive calls. -1. Call `psa_cipher_finish()` to end the operation and output the encrypted - message. - -This example shows how to encrypt data using an AES (Advanced Encryption -Standard) key in CBC (Cipher Block Chaining) mode with no padding (assuming all -prerequisites have been fulfilled): -```c -void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) -{ - enum { - block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES), - }; - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING; - uint8_t plaintext[block_size] = SOME_PLAINTEXT; - uint8_t iv[block_size]; - size_t iv_len; - uint8_t output[block_size]; - size_t output_len; - psa_key_id_t key_id; - psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; - - printf("Encrypt with cipher...\t"); - fflush(stdout); - - /* Initialize PSA Crypto */ - status = psa_crypto_init(); - if (status != PSA_SUCCESS) - { - printf("Failed to initialize PSA Crypto\n"); - return; - } - - /* Import a key */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attributes, 128); - status = psa_import_key(&attributes, key, key_len, &key_id); - if (status != PSA_SUCCESS) { - printf("Failed to import a key\n"); - return; - } - psa_reset_key_attributes(&attributes); - - /* Encrypt the plaintext */ - status = psa_cipher_encrypt_setup(&operation, key_id, alg); - if (status != PSA_SUCCESS) { - printf("Failed to begin cipher operation\n"); - return; - } - status = psa_cipher_generate_iv(&operation, iv, sizeof(iv), &iv_len); - if (status != PSA_SUCCESS) { - printf("Failed to generate IV\n"); - return; - } - status = psa_cipher_update(&operation, plaintext, sizeof(plaintext), - output, sizeof(output), &output_len); - if (status != PSA_SUCCESS) { - printf("Failed to update cipher operation\n"); - return; - } - status = psa_cipher_finish(&operation, output + output_len, - sizeof(output) - output_len, &output_len); - if (status != PSA_SUCCESS) { - printf("Failed to finish cipher operation\n"); - return; - } - printf("Encrypted plaintext\n"); - - /* Clean up cipher operation context */ - psa_cipher_abort(&operation); - - /* Destroy the key */ - psa_destroy_key(key_id); - - mbedtls_psa_crypto_free(); -} -``` - -**To decrypt a message with a symmetric cipher:** -1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the - cipher functions. -1. Initialize the operation structure to zero or to `PSA_CIPHER_OPERATION_INIT`. -1. Call `psa_cipher_decrypt_setup()` to specify the algorithm and the key to be - used. -1. Call `psa_cipher_set_iv()` with the IV for the decryption. -1. Call `psa_cipher_update()` with the message to encrypt. You may call this - function multiple times, passing successive fragments of the message on - successive calls. -1. Call `psa_cipher_finish()` to end the operation and output the decrypted - message. - -This example shows how to decrypt encrypted data using an AES key in CBC mode -with no padding (assuming all prerequisites have been fulfilled): -```c -void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len) -{ - enum { - block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES), - }; - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING; - psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT; - uint8_t ciphertext[block_size] = SOME_CIPHERTEXT; - uint8_t iv[block_size] = ENCRYPTED_WITH_IV; - uint8_t output[block_size]; - size_t output_len; - psa_key_id_t key_id; - - printf("Decrypt with cipher...\t"); - fflush(stdout); - - /* Initialize PSA Crypto */ - status = psa_crypto_init(); - if (status != PSA_SUCCESS) - { - printf("Failed to initialize PSA Crypto\n"); - return; - } - - /* Import a key */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attributes, 128); - status = psa_import_key(&attributes, key, key_len, &key_id); - if (status != PSA_SUCCESS) { - printf("Failed to import a key\n"); - return; - } - psa_reset_key_attributes(&attributes); - - /* Decrypt the ciphertext */ - status = psa_cipher_decrypt_setup(&operation, key_id, alg); - if (status != PSA_SUCCESS) { - printf("Failed to begin cipher operation\n"); - return; - } - status = psa_cipher_set_iv(&operation, iv, sizeof(iv)); - if (status != PSA_SUCCESS) { - printf("Failed to set IV\n"); - return; - } - status = psa_cipher_update(&operation, ciphertext, sizeof(ciphertext), - output, sizeof(output), &output_len); - if (status != PSA_SUCCESS) { - printf("Failed to update cipher operation\n"); - return; - } - status = psa_cipher_finish(&operation, output + output_len, - sizeof(output) - output_len, &output_len); - if (status != PSA_SUCCESS) { - printf("Failed to finish cipher operation\n"); - return; - } - printf("Decrypted ciphertext\n"); - - /* Clean up cipher operation context */ - psa_cipher_abort(&operation); - - /* Destroy the key */ - psa_destroy_key(key_id); - - mbedtls_psa_crypto_free(); -} -``` - -#### Handling cipher operation contexts - -After you've initialized the operation structure with a successful call to -`psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()`, you can terminate -the operation at any time by calling `psa_cipher_abort()`. - -The call to `psa_cipher_abort()` frees any resources associated with the -operation, except for the operation structure itself. - -The PSA Crypto API implicitly calls `psa_cipher_abort()` when: -* A call to `psa_cipher_generate_iv()`, `psa_cipher_set_iv()` or - `psa_cipher_update()` fails (returning any status other than `PSA_SUCCESS`). -* A call to `psa_cipher_finish()` succeeds or fails. - -After an implicit or explicit call to `psa_cipher_abort()`, the operation -structure is invalidated; in other words, you cannot reuse the operation -structure for the same operation. You can, however, reuse the operation -structure for a different operation by calling either -`psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` again. - -You must call `psa_cipher_abort()` at some point for any operation that is -initialized successfully (by a successful call to `psa_cipher_encrypt_setup()` -or `psa_cipher_decrypt_setup()`). - -Making multiple sequential calls to `psa_cipher_abort()` on an operation that -is terminated (either implicitly or explicitly) is safe and has no effect. - -### Hashing a message - -The PSA Crypto API lets you compute and verify hashes using various hashing -algorithms. - -**Prerequisites to working with the hash APIs:** -* Initialize the library with a successful call to `psa_crypto_init()`. - -**To calculate a hash:** -1. Allocate an operation structure (`psa_hash_operation_t`) to pass to the hash - functions. -1. Initialize the operation structure to zero or to `PSA_HASH_OPERATION_INIT`. -1. Call `psa_hash_setup()` to specify the hash algorithm. -1. Call `psa_hash_update()` with the message to encrypt. You may call this - function multiple times, passing successive fragments of the message on - successive calls. -1. Call `psa_hash_finish()` to calculate the hash, or `psa_hash_verify()` to - compare the computed hash with an expected hash value. - -This example shows how to calculate the SHA-256 hash of a message: -```c - psa_status_t status; - psa_algorithm_t alg = PSA_ALG_SHA_256; - psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; - unsigned char input[] = { 'a', 'b', 'c' }; - unsigned char actual_hash[PSA_HASH_MAX_SIZE]; - size_t actual_hash_len; - - printf("Hash a message...\t"); - fflush(stdout); - - /* Initialize PSA Crypto */ - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("Failed to initialize PSA Crypto\n"); - return; - } - - /* Compute hash of message */ - status = psa_hash_setup(&operation, alg); - if (status != PSA_SUCCESS) { - printf("Failed to begin hash operation\n"); - return; - } - status = psa_hash_update(&operation, input, sizeof(input)); - if (status != PSA_SUCCESS) { - printf("Failed to update hash operation\n"); - return; - } - status = psa_hash_finish(&operation, actual_hash, sizeof(actual_hash), - &actual_hash_len); - if (status != PSA_SUCCESS) { - printf("Failed to finish hash operation\n"); - return; - } - - printf("Hashed a message\n"); - - /* Clean up hash operation context */ - psa_hash_abort(&operation); - - mbedtls_psa_crypto_free(); -``` - -This example shows how to verify the SHA-256 hash of a message: -```c - psa_status_t status; - psa_algorithm_t alg = PSA_ALG_SHA_256; - psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; - unsigned char input[] = { 'a', 'b', 'c' }; - unsigned char expected_hash[] = { - 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde, - 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, - 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad - }; - size_t expected_hash_len = PSA_HASH_LENGTH(alg); - - printf("Verify a hash...\t"); - fflush(stdout); - - /* Initialize PSA Crypto */ - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("Failed to initialize PSA Crypto\n"); - return; - } - - /* Verify message hash */ - status = psa_hash_setup(&operation, alg); - if (status != PSA_SUCCESS) { - printf("Failed to begin hash operation\n"); - return; - } - status = psa_hash_update(&operation, input, sizeof(input)); - if (status != PSA_SUCCESS) { - printf("Failed to update hash operation\n"); - return; - } - status = psa_hash_verify(&operation, expected_hash, expected_hash_len); - if (status != PSA_SUCCESS) { - printf("Failed to verify hash\n"); - return; - } - - printf("Verified a hash\n"); - - /* Clean up hash operation context */ - psa_hash_abort(&operation); - - mbedtls_psa_crypto_free(); -``` - -The API provides the macro `PSA_HASH_LENGTH`, which returns the expected hash -length (in bytes) for the specified algorithm. - -#### Handling hash operation contexts - -After a successful call to `psa_hash_setup()`, you can terminate the operation -at any time by calling `psa_hash_abort()`. The call to `psa_hash_abort()` frees -any resources associated with the operation, except for the operation structure -itself. - -The PSA Crypto API implicitly calls `psa_hash_abort()` when: -1. A call to `psa_hash_update()` fails (returning any status other than - `PSA_SUCCESS`). -1. A call to `psa_hash_finish()` succeeds or fails. -1. A call to `psa_hash_verify()` succeeds or fails. - -After an implicit or explicit call to `psa_hash_abort()`, the operation -structure is invalidated; in other words, you cannot reuse the operation -structure for the same operation. You can, however, reuse the operation -structure for a different operation by calling `psa_hash_setup()` again. - -You must call `psa_hash_abort()` at some point for any operation that is -initialized successfully (by a successful call to `psa_hash_setup()`) . - -Making multiple sequential calls to `psa_hash_abort()` on an operation that has -already been terminated (either implicitly or explicitly) is safe and has no -effect. - -### Generating a random value - -The PSA Crypto API can generate random data. - -**Prerequisites to generating random data:** -* Initialize the library with a successful call to `psa_crypto_init()`. - -**Note:** To generate a random key, use `psa_generate_key()` -instead of `psa_generate_random()`. - -This example shows how to generate ten bytes of random data by calling -`psa_generate_random()`: -```C - psa_status_t status; - uint8_t random[10] = { 0 }; - - printf("Generate random...\t"); - fflush(stdout); - - /* Initialize PSA Crypto */ - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("Failed to initialize PSA Crypto\n"); - return; - } - - status = psa_generate_random(random, sizeof(random)); - if (status != PSA_SUCCESS) { - printf("Failed to generate a random value\n"); - return; - } - - printf("Generated random data\n"); - - /* Clean up */ - mbedtls_psa_crypto_free(); -``` - -### Deriving a new key from an existing key - -The PSA Crypto API provides a key derivation API that lets you derive new keys -from existing ones. The key derivation API has functions to take inputs, -including other keys and data, and functions to generate outputs, such as -new keys or other data. - -You must first initialize and set up a key derivation context, -provided with a key and, optionally, other data. Then, use the key derivation -context to either read derived data to a buffer or send derived data directly -to a key slot. - -See the documentation for the particular algorithm (such as HKDF or the -TLS 1.2 PRF) for information about which inputs to pass when, and when you can -obtain which outputs. - -**Prerequisites to working with the key derivation APIs:** -* Initialize the library with a successful call to `psa_crypto_init()`. -* Use a key with the appropriate attributes set: - * Usage flags set for key derivation (`PSA_KEY_USAGE_DERIVE`) - * Key type set to `PSA_KEY_TYPE_DERIVE`. - * Algorithm set to a key derivation algorithm - (for example, `PSA_ALG_HKDF(PSA_ALG_SHA_256)`). - -**To derive a new AES-CTR 128-bit encryption key into a given key slot using HKDF -with a given key, salt and info:** - -1. Set up the key derivation context using the `psa_key_derivation_setup()` -function, specifying the derivation algorithm `PSA_ALG_HKDF(PSA_ALG_SHA_256)`. -1. Provide an optional salt with `psa_key_derivation_input_bytes()`. -1. Provide info with `psa_key_derivation_input_bytes()`. -1. Provide a secret with `psa_key_derivation_input_key()`, referencing a key - that can be used for key derivation. -1. Set the key attributes desired for the new derived key. We'll set - the `PSA_KEY_USAGE_ENCRYPT` usage flag and the `PSA_ALG_CTR` algorithm for - this example. -1. Derive the key by calling `psa_key_derivation_output_key()`. -1. Clean up the key derivation context. - -At this point, the derived key slot holds a new 128-bit AES-CTR encryption key -derived from the key, salt and info provided: -```C - psa_status_t status; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - static const unsigned char key[] = { - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b }; - static const unsigned char salt[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, - 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c }; - static const unsigned char info[] = { - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, - 0xf7, 0xf8, 0xf9 }; - psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256); - psa_key_derivation_operation_t operation = - PSA_KEY_DERIVATION_OPERATION_INIT; - size_t derived_bits = 128; - size_t capacity = PSA_BITS_TO_BYTES(derived_bits); - psa_key_id_t base_key; - psa_key_id_t derived_key; - - printf("Derive a key (HKDF)...\t"); - fflush(stdout); - - /* Initialize PSA Crypto */ - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("Failed to initialize PSA Crypto\n"); - return; - } - - /* Import a key for use in key derivation. If such a key has already been - * generated or imported, you can skip this part. */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE); - psa_set_key_algorithm(&attributes, alg); - psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE); - status = psa_import_key(&attributes, key, sizeof(key), &base_key); - if (status != PSA_SUCCESS) { - printf("Failed to import a key\n"); - return; - } - psa_reset_key_attributes(&attributes); - - /* Derive a key */ - status = psa_key_derivation_setup(&operation, alg); - if (status != PSA_SUCCESS) { - printf("Failed to begin key derivation\n"); - return; - } - status = psa_key_derivation_set_capacity(&operation, capacity); - if (status != PSA_SUCCESS) { - printf("Failed to set capacity\n"); - return; - } - status = psa_key_derivation_input_bytes(&operation, - PSA_KEY_DERIVATION_INPUT_SALT, - salt, sizeof(salt)); - if (status != PSA_SUCCESS) { - printf("Failed to input salt (extract)\n"); - return; - } - status = psa_key_derivation_input_key(&operation, - PSA_KEY_DERIVATION_INPUT_SECRET, - base_key); - if (status != PSA_SUCCESS) { - printf("Failed to input key (extract)\n"); - return; - } - status = psa_key_derivation_input_bytes(&operation, - PSA_KEY_DERIVATION_INPUT_INFO, - info, sizeof(info)); - if (status != PSA_SUCCESS) { - printf("Failed to input info (expand)\n"); - return; - } - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_CTR); - psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attributes, 128); - status = psa_key_derivation_output_key(&attributes, &operation, - &derived_key); - if (status != PSA_SUCCESS) { - printf("Failed to derive key\n"); - return; - } - psa_reset_key_attributes(&attributes); - - printf("Derived key\n"); - - /* Clean up key derivation operation */ - psa_key_derivation_abort(&operation); - - /* Destroy the keys */ - psa_destroy_key(derived_key); - psa_destroy_key(base_key); - - mbedtls_psa_crypto_free(); -``` - -### Authenticating and encrypting or decrypting a message - -The PSA Crypto API provides a simple way to authenticate and encrypt with -associated data (AEAD), supporting the `PSA_ALG_CCM` algorithm. - -**Prerequisites to working with the AEAD cipher APIs:** -* Initialize the library with a successful call to `psa_crypto_init()`. -* The key attributes for the key used for derivation must have the - `PSA_KEY_USAGE_ENCRYPT` or `PSA_KEY_USAGE_DECRYPT` usage flags. - -This example shows how to authenticate and encrypt a message: -```C - psa_status_t status; - static const uint8_t key[] = { - 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, - 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF }; - static const uint8_t nonce[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B }; - static const uint8_t additional_data[] = { - 0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25, - 0x20, 0xC3, 0x3C, 0x49, 0xFD, 0x70 }; - static const uint8_t input_data[] = { - 0xB9, 0x6B, 0x49, 0xE2, 0x1D, 0x62, 0x17, 0x41, - 0x63, 0x28, 0x75, 0xDB, 0x7F, 0x6C, 0x92, 0x43, - 0xD2, 0xD7, 0xC2 }; - uint8_t *output_data = NULL; - size_t output_size = 0; - size_t output_length = 0; - size_t tag_length = 16; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id; - - printf("Authenticate encrypt...\t"); - fflush(stdout); - - /* Initialize PSA Crypto */ - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("Failed to initialize PSA Crypto\n"); - return; - } - - output_size = sizeof(input_data) + tag_length; - output_data = (uint8_t *)malloc(output_size); - if (!output_data) { - printf("Out of memory\n"); - return; - } - - /* Import a key */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_CCM); - psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attributes, 128); - status = psa_import_key(&attributes, key, sizeof(key), &key_id); - psa_reset_key_attributes(&attributes); - - /* Authenticate and encrypt */ - status = psa_aead_encrypt(key_id, PSA_ALG_CCM, - nonce, sizeof(nonce), - additional_data, sizeof(additional_data), - input_data, sizeof(input_data), - output_data, output_size, - &output_length); - if (status != PSA_SUCCESS) { - printf("Failed to authenticate and encrypt\n"); - return; - } - - printf("Authenticated and encrypted\n"); - - /* Clean up */ - free(output_data); - - /* Destroy the key */ - psa_destroy_key(key_id); - - mbedtls_psa_crypto_free(); -``` - -This example shows how to authenticate and decrypt a message: - -```C - psa_status_t status; - static const uint8_t key_data[] = { - 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, - 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF }; - static const uint8_t nonce[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B }; - static const uint8_t additional_data[] = { - 0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25, - 0x20, 0xC3, 0x3C, 0x49, 0xFD, 0x70 }; - static const uint8_t input_data[] = { - 0x20, 0x30, 0xE0, 0x36, 0xED, 0x09, 0xA0, 0x45, 0xAF, 0x3C, 0xBA, 0xEE, - 0x0F, 0xC8, 0x48, 0xAF, 0xCD, 0x89, 0x54, 0xF4, 0xF6, 0x3F, 0x28, 0x9A, - 0xA1, 0xDD, 0xB2, 0xB8, 0x09, 0xCD, 0x7C, 0xE1, 0x46, 0xE9, 0x98 }; - uint8_t *output_data = NULL; - size_t output_size = 0; - size_t output_length = 0; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id; - - printf("Authenticate decrypt...\t"); - fflush(stdout); - - /* Initialize PSA Crypto */ - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("Failed to initialize PSA Crypto\n"); - return; - } - - output_size = sizeof(input_data); - output_data = (uint8_t *)malloc(output_size); - if (!output_data) { - printf("Out of memory\n"); - return; - } - - /* Import a key */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT); - psa_set_key_algorithm(&attributes, PSA_ALG_CCM); - psa_set_key_type(&attributes, PSA_KEY_TYPE_AES); - psa_set_key_bits(&attributes, 128); - status = psa_import_key(&attributes, key_data, sizeof(key_data), &key_id); - if (status != PSA_SUCCESS) { - printf("Failed to import a key\n"); - return; - } - psa_reset_key_attributes(&attributes); - - /* Authenticate and decrypt */ - status = psa_aead_decrypt(key_id, PSA_ALG_CCM, - nonce, sizeof(nonce), - additional_data, sizeof(additional_data), - input_data, sizeof(input_data), - output_data, output_size, - &output_length); - if (status != PSA_SUCCESS) { - printf("Failed to authenticate and decrypt %ld\n", status); - return; - } - - printf("Authenticated and decrypted\n"); - - /* Clean up */ - free(output_data); - - /* Destroy the key */ - psa_destroy_key(key_id); - - mbedtls_psa_crypto_free(); -``` - -### Generating and exporting keys - -The PSA Crypto API provides a simple way to generate a key or key pair. - -**Prerequisites to using key generation and export APIs:** -* Initialize the library with a successful call to `psa_crypto_init()`. - -**To generate an ECDSA key:** -1. Set the desired key attributes for key generation by calling - `psa_set_key_algorithm()` with the chosen ECDSA algorithm (such as - `PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)`). You only want to export the - public key, not the key pair (or private key); therefore, do not - set `PSA_KEY_USAGE_EXPORT`. -1. Generate a key by calling `psa_generate_key()`. -1. Export the generated public key by calling `psa_export_public_key()`: -```C - enum { - key_bits = 256, - }; - psa_status_t status; - size_t exported_length = 0; - static uint8_t exported[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits)]; - psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t key_id; - - printf("Generate a key pair...\t"); - fflush(stdout); - - /* Initialize PSA Crypto */ - status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - printf("Failed to initialize PSA Crypto\n"); - return; - } - - /* Generate a key */ - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH); - psa_set_key_algorithm(&attributes, - PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)); - psa_set_key_type(&attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); - psa_set_key_bits(&attributes, key_bits); - status = psa_generate_key(&attributes, &key_id); - if (status != PSA_SUCCESS) { - printf("Failed to generate key\n"); - return; - } - psa_reset_key_attributes(&attributes); - - status = psa_export_public_key(key_id, exported, sizeof(exported), - &exported_length); - if (status != PSA_SUCCESS) { - printf("Failed to export public key %ld\n", status); - return; - } - - printf("Exported a public key\n"); - - /* Destroy the key */ - psa_destroy_key(key_id); - - mbedtls_psa_crypto_free(); -``` - -### More about the PSA Crypto API - -For more information about the PSA Crypto API, please see the -[PSA Cryptography API Specification](https://arm-software.github.io/psa-api/crypto/). From b8eaf635ba803099c2bab2e4f2d5091429b5ea0b Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Wed, 8 Mar 2023 09:56:29 +0100 Subject: [PATCH 430/440] Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies Signed-off-by: Przemek Stekiel --- include/mbedtls/config_psa.h | 1 - tests/suites/test_suite_psa_crypto_driver_wrappers.data | 4 ++-- tests/suites/test_suite_psa_crypto_driver_wrappers.function | 6 +++--- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index f7de6d1e5..2818c9cfd 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -154,7 +154,6 @@ extern "C" { #define MBEDTLS_BIGNUM_C #define MBEDTLS_ECP_C #define MBEDTLS_ECJPAKE_C -#define MBEDTLS_SHA256_C #endif /* MBEDTLS_PSA_ACCEL_ALG_JPAKE */ #endif /* PSA_WANT_ALG_JPAKE */ diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index d63371b7c..cf027c80e 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -859,9 +859,9 @@ depends_on:!MBEDTLS_PSA_BUILTIN_PAKE pake_operations:"abcd":PSA_ERROR_NOT_SUPPORTED:PSA_SUCCESS:"":PSA_ERROR_NOT_SUPPORTED:3 PSA PAKE: ecjpake rounds transparent driver: in-driver success -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS +depends_on:PSA_WANT_ALG_JPAKE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:1 PSA PAKE: ecjpake rounds transparent driver: fallback success -depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:MBEDTLS_PSA_BUILTIN_PAKE +depends_on:PSA_WANT_ALG_JPAKE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS:MBEDTLS_PSA_BUILTIN_ALG_JPAKE ecjpake_rounds:PSA_ALG_JPAKE:PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC, PSA_ECC_FAMILY_SECP_R1, 256):PSA_ALG_SHA_256:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"abcdef":0:0 diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 8a4c007ae..ab09fa0f5 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -5,8 +5,8 @@ Global to silent the compiler when unused. */ size_t pake_expected_hit_count = 0; int pake_in_driver = 0; - -#if defined(PSA_WANT_ALG_JPAKE) +#if defined(PSA_WANT_ALG_JPAKE) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ + defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256) static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive, psa_pake_operation_t *server, psa_pake_operation_t *client, @@ -3167,7 +3167,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE */ +/* BEGIN_CASE depends_on:PSA_WANT_ALG_JPAKE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_256 */ void ecjpake_rounds(int alg_arg, int primitive_arg, int hash_arg, int derive_alg_arg, data_t *pw_data, int client_input_first, int in_driver) From 8657e3280ad463e3d957076f6f262d737fff3a1a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 9 Mar 2023 15:53:52 +0000 Subject: [PATCH 431/440] Add corrupt PKCS #7 test files Generated by running "make " and commiting the result. Signed-off-by: Dave Rodgman --- .../pkcs7_data_signed_badsigner1_badsize.der | Bin 0 -> 1185 bytes .../pkcs7_data_signed_badsigner1_badtag.der | Bin 0 -> 1185 bytes .../pkcs7_data_signed_badsigner1_fuzzbad.der | Bin 0 -> 1185 bytes .../pkcs7_data_signed_badsigner2_badsize.der | Bin 0 -> 1185 bytes .../pkcs7_data_signed_badsigner2_badtag.der | Bin 0 -> 1185 bytes .../pkcs7_data_signed_badsigner2_fuzzbad.der | Bin 0 -> 1185 bytes 6 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 tests/data_files/pkcs7_data_signed_badsigner1_badsize.der create mode 100644 tests/data_files/pkcs7_data_signed_badsigner1_badtag.der create mode 100644 tests/data_files/pkcs7_data_signed_badsigner1_fuzzbad.der create mode 100644 tests/data_files/pkcs7_data_signed_badsigner2_badsize.der create mode 100644 tests/data_files/pkcs7_data_signed_badsigner2_badtag.der create mode 100644 tests/data_files/pkcs7_data_signed_badsigner2_fuzzbad.der diff --git a/tests/data_files/pkcs7_data_signed_badsigner1_badsize.der b/tests/data_files/pkcs7_data_signed_badsigner1_badsize.der new file mode 100644 index 0000000000000000000000000000000000000000..da7f3a9910f62aa76ba08523e29d6db28c46cacf GIT binary patch literal 1185 zcmXqLVwuavsnzDu_MMlJooPW6OP@g#OBWL(qanWmFB@k(-%0lcd2g|8|nd{=;ys(YYF>l^D zqubl<&XlL2?F-poiMs7qy41y4pQ`1Mc1JT+Z9?XH{lK!_Jugq?3jRzF|6s)OJ*>dA z{Q}n&mCBq+f2v;Rd%76ToOjD$CZB(JakAc}h<{9F>83Mp<)1S>yS7|y!EPp>wKKCj z9-N-h>hn5=JMXy1&7bG8a;})ScCXnXlGvrL|9Oe%u?O|G8)meZ|9#UEHGO}rfbIog zuosaZ>_$u?VZNabs_P@?85LA+D&qUV`?=*Ix zV{ts$c+Z)4@62ZTdqv+}@hVcyQRRu|hc=@O+uIAP_p9kPZQJ+D+E1jxJgcYPrnXKi zy>j=*rleJ^wJ#2F32j?+uFtpL@UFCE@TBvJt?SR3tbY(OjkVhB<;KEo$Lg*h(#YAr z!v4p?^y7O9IoCbE{&2$V%PqhEBu?)8vs9*Y@^RVC;>G-8&!3mIRXzE8H0j#M*r%<} zclv#qwm3aGebMPv+qapebTgFgx_b8GgXs=$vRtMA2mAd}447}dytg_-gLBxgmG*>*s{$o-v8UQ^9-4Xx* literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs7_data_signed_badsigner1_badtag.der b/tests/data_files/pkcs7_data_signed_badsigner1_badtag.der new file mode 100644 index 0000000000000000000000000000000000000000..402b91050ffde574c123e3201496ef8fdde53ad6 GIT binary patch literal 1185 zcmXqLVwuavsnzDu_MMlJooPW6OP@g#OBWL(qanWmFB@k(-%0lcd2g|8|nd{=;ys(YYF>l^D zqubl<&XlL2?F-poiMs7qy41y4pQ`1Mc1JT+Z9?XH{lK!_Jugq?3jRzF|6s)OJ*>dA z{Q}n&mCBq+f2v;Rd%76ToOjD$CZB(JakAc}h<{9F>83Mp<)1S>yS7|y!EPp>wKKCj z9-N-h>hn5=JMXy1&7bG8a;})ScCXnXlGvrL|9Oe%u?O|G8)meZ|9#UEHGO}rfbIoo zurDMp*o~M(!hAy=RM$t&Gb*UuRK)jz_jAqf8p6TOk}%^=y!On;d-SfQ=+<*3zF&PX z#^QLg@t!m9-kHtv_lmx|;#H)YqskM_4{b&nwzn5n?^n}p+P3ePwVz0Xc~(!oO>Lc4 zdgbnqO-ZX-YhN7V656)tT%T{f;azFT;7R8bTi2g6S^pqn8f&%L%Z-KGj@4a1q>;0K zh5e6(>BsjJa;|%R{o#b!ms@`SNu1pGXQ@o*Zt9tVHXwtQhu}@o{ z@AUgJZE<>X`l8dTwr?{_>1HU~b@lAW2h$ziWVuTJ5BB?|7%<;@d37V>PPyezV{iWx zVGJxtzrI0Ai=*;GM@*+z`}u7>zI87qBzQEg+gYP@@w55+Np{RpDGZdQc4H=yB=@2j zrStk&3cH>ri^iKOpWoqgn{cq_>g+cED>St(s-)o@i|LE^3FY@b^nWU7@qHAS{^~Dn(Kl|P=<&=v~gNO_BX|8yN{l}zUGynjH_}zp6 literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs7_data_signed_badsigner1_fuzzbad.der b/tests/data_files/pkcs7_data_signed_badsigner1_fuzzbad.der new file mode 100644 index 0000000000000000000000000000000000000000..e19c54a05fdeebff3ffcf79ad7a51107a253730f GIT binary patch literal 1185 zcmXqLVwuavsnzDu_MMlJooPW6OP@g#OBWL(qanWmFB@k(-%0lcd2g|8|nd{=;ys(YYF>l^D zqubl<&XlL2?F-poiMs7qy41y4pQ`1Mc1JT+Z9?XH{lK!_Jugq?3jRzF|6s)OJ*>dA z{Q}n&mCBq+f2v;Rd%76ToOjD$CZB(JakAc}h<{9F>83Mp<)1S>yS7|y!EPp>wKKCj z9-N-h>hn5=JMXy1&7bG8a;})ScCXnXlGvrL|9Oe%u?O|G8)meZ|9#UEHGO}rfbIp# zg58KoB+NI|L3MrPJfnijO+|bkct6+tuE8Jd3xUDTk}%^=y!On;d-SfQ=+<*3zF&PX z#^QLg@t!m9-kHtv_lmx|;#H)YqskM_4{b&nwzn5n?^n}p+P3ePwVz0Xc~(!oO>Lc4 zdgbnqO-ZX-YhN7V656)tT%T{f;azFT;7R8bTi2g6S^pqn8f&%L%Z-KGj@4a1q>;0K zh5e6(>BsjJa;|%R{o#b!ms@`SNu1pGXQ@o*Zt9tVHXwtQhu}@o{ z@AUgJZE<>X`l8dTwr?{_>1HU~b@lAW2h$ziWVuTJ5BB?|7%<;@d37V>PPyezV{iWx zVGJxtzrI0Ai=*;GM@*+z`}u7>zI87qBzQEg+gYP@@w55+Np{RpDGZbayD^hUl6%pN z(s_L>g!)y>b9rIWa9q;Gt?13nlI-O@NA^A`HJr=1 z_j!%y)n2j7n_kN3CB87QS$zHN;>!9Pn`4%1Z}b*j%hy1*Pc!&0pLMdV-Ct<_u3paQY{TO1tA)1Yh)q&Z?=2VK-eu!@%`!@u zt2?4aW{)PHe`D?ACI7_UTqr+fykM2;BhxeWX`w5)SFC%}J|TM3@{q{wdyXzN{xs8M k@)r3&-)ycgp7{9L_l7B_Tyz>lT$oRD#WU(-%0lcd2g|8|nd{=;ys(YYF>l^D zqubl<&XlL2?F-poiMs7qy41y4pQ`1Mc1JT+Z9?XH{lK!_Jugq?3jRzF|6s)OJ*>dA z{Q}n&mCBq+f2v;Rd%76ToOjD$CZB(JakAc}h<{9F>83Mp<)1S>yS7|y!EPp>wKKCj z9-N-h>hn5=JMXy1&7bG8a;})ScCXnXlGvrL|9Oe%u?O|G8)meZ|9#UEHGO}rfbIp# zg58KoB+NI|L3MrPJfnijO+|bkct6+tt|1)kED1C2#B0xdyhra^if%nu;``MHV=Rs* z8}B*u?w#2zf3N7fD_%vaIjTI-{Lp5UVS9UF^?o(orfvIvS^J4Jm}m9W+tk)+rC09$ z*p#%Ywf4m!E}?CU&h`1$8{Uv^Xk1bi{OewV&VC<6HM)LV`!*x}7yj7eAZ7pJc}zmBIiF_9F6AyD^hUl6%pN z(s_L>g_-gLBxgmG*>*s{$o-v8UQ|i-4Xx* literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs7_data_signed_badsigner2_badtag.der b/tests/data_files/pkcs7_data_signed_badsigner2_badtag.der new file mode 100644 index 0000000000000000000000000000000000000000..7929444662e9d580b120d1341bd9ab926482b52a GIT binary patch literal 1185 zcmXqLVwuavsnzDu_MMlJooPW6OP@g#OBWL(qanWmFB@k(-%0lcd2g|8|nd{=;ys(YYF>l^D zqubl<&XlL2?F-poiMs7qy41y4pQ`1Mc1JT+Z9?XH{lK!_Jugq?3jRzF|6s)OJ*>dA z{Q}n&mCBq+f2v;Rd%76ToOjD$CZB(JakAc}h<{9F>83Mp<)1S>yS7|y!EPp>wKKCj z9-N-h>hn5=JMXy1&7bG8a;})ScCXnXlGvrL|9Oe%u?O|G8)meZ|9#UEHGO}rfbIp# zg58KoB+NI|L3MrPJfnijO+|bkct6+tt|1)kED1C2#B0xdyhra^if%nu;``MHV=Rs* z8}B*u?w#2zf3N7fD_%vaIjTI-{Lp5UVS9UF^?o(orfvIvS^J4Jm}m9W+tk)+rC09$ z*p#%Ywf4m!E}?CU&h`1$8{Uv^Xk1bi{OewV&VC<6HM)LV`!*x}7yj7eAZ7pJc}zmBIiG_J!o7c4H=yB=@2j zrStk&3cH>ri^iKOpWoqgn{cq_>g+cED>St(s-)o@i|LE^3FY@b^nWU7@qHAS{^~Dn(Kl|P=<&=v~gNO_BX|8yN{l}zUGynkNV%>xQ literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs7_data_signed_badsigner2_fuzzbad.der b/tests/data_files/pkcs7_data_signed_badsigner2_fuzzbad.der new file mode 100644 index 0000000000000000000000000000000000000000..b52bb78198b9520f728113a4f0e096fe10a5ddb7 GIT binary patch literal 1185 zcmXqLVwuavsnzDu_MMlJooPW6OP@g#OBWL(qanWmFB@k(-%0lcd2g|8|nd{=;ys(YYF>l^D zqubl<&XlL2?F-poiMs7qy41y4pQ`1Mc1JT+Z9?XH{lK!_Jugq?3jRzF|6s)OJ*>dA z{Q}n&mCBq+f2v;Rd%76ToOjD$CZB(JakAc}h<{9F>83Mp<)1S>yS7|y!EPp>wKKCj z9-N-h>hn5=JMXy1&7bG8a;})ScCXnXlGvrL|9Oe%u?O|G8)meZ|9#UEHGO}rfbIp# zg58KoB+NI|L3MrPJfnijO+|bkct6+tt|1)kED1C2#B0xdyhra^if%nu;``MHV=Rs* z8}B*u?w#2zf3N7fD_%vaIjTI-{Lp5UVS9UF^?o(orfvIvS^J4Jm}m9W+tk)+rC09$ z*p#%Ywf4m!E}?CU&h`1$8{Uv^Xk1bi{OewV&VC<6HM)LV`!*x}7yj7eAZ7pJc}zmBK(-up2XpB)J#OD4o~G zQrPu0Sv1~M`TP!_+xUZhAuzS)>g+cED>St(s-)o@i|LE^3FY@b^nWU7@qHAS{^~Dn(Kl|P=<&=v~gNO_BX|8yN{l}zUGynkKX5Fv= literal 0 HcmV?d00001 From 45bcb6aac847645439f35416bf229e709a963a5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Mar 2023 11:40:48 +0100 Subject: [PATCH 432/440] Fix dependencies of 1.2 ECDSA key exchanges MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2... Also, move the definition of PSA_HAVE_FULL_ECDSA outside the MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/check_config.h | 20 +++++++++++++++++--- include/mbedtls/config_psa.h | 10 +++++----- 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 2e02e9a5c..7b1c70cb0 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -279,9 +279,20 @@ #error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites" #endif +/* Helper for ECDSA dependencies, will be undefined at the end of the file */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(PSA_HAVE_FULL_ECDSA) +#define MBEDTLS_PK_HAVE_ECDSA +#endif +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_PK_HAVE_ECDSA +#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + #if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) && \ ( !defined(MBEDTLS_ECDH_C) || \ - !(defined(MBEDTLS_ECDSA_C) || defined(PSA_HAVE_FULL_ECDSA)) || \ + !defined(MBEDTLS_PK_HAVE_ECDSA) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites" #endif @@ -313,9 +324,9 @@ #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites" #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) && \ ( !defined(MBEDTLS_ECDH_C) || \ - !(defined(MBEDTLS_ECDSA_C) || defined(PSA_HAVE_FULL_ECDSA)) || \ + !defined(MBEDTLS_PK_HAVE_ECDSA) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) ) #error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites" #endif @@ -1068,6 +1079,9 @@ #error "MBEDTLS_PKCS7_C is defined, but not all prerequisites" #endif +/* Undefine helper symbols */ +#undef MBEDTLS_PK_HAVE_ECDSA + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 77cb1a9e1..568d8c2bf 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -310,11 +310,6 @@ extern "C" { #define PSA_HAVE_SOFT_BLOCK_AEAD 1 #endif -#if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ - defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#define PSA_HAVE_FULL_ECDSA 1 -#endif - #if defined(PSA_WANT_KEY_TYPE_AES) #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) #define PSA_HAVE_SOFT_KEY_TYPE_AES 1 @@ -848,6 +843,11 @@ extern "C" { #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ +#if defined(PSA_WANT_ALG_ECDSA) && defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR) && \ + defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#define PSA_HAVE_FULL_ECDSA 1 +#endif + /* These features are always enabled. */ #define PSA_WANT_KEY_TYPE_DERIVE 1 #define PSA_WANT_KEY_TYPE_PASSWORD 1 From 439dbc5c607387461df3faefc408bfa0bf3b0472 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Mar 2023 12:33:15 +0100 Subject: [PATCH 433/440] Fix dependency for TLS 1.3 as well MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Turns out TLS 1.3 is using the PK layer for signature generation & verification, and the PK layer is influenced by USE_PSA_CRYPTO. Also update docs/use-psa-crypto.md accordingly. Signed-off-by: Manuel Pégourié-Gonnard --- docs/use-psa-crypto.md | 15 +++++++++------ include/mbedtls/check_config.h | 2 +- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/docs/use-psa-crypto.md b/docs/use-psa-crypto.md index fc5317af8..c63e65a9a 100644 --- a/docs/use-psa-crypto.md +++ b/docs/use-psa-crypto.md @@ -11,12 +11,15 @@ General considerations `psa_crypto_init()` before calling any function from the SSL/TLS, X.509 or PK module. -**Scope:** `MBEDTLS_USE_PSA_CRYPTO` has no effect on the parts of the code that -are specific to TLS 1.3; those parts always use PSA Crypto. The parts of the -TLS 1.3 code that are common with TLS 1.2, however, follow this option; -currently this is the record protection code, computation of the running -handshake hash, and X.509. You need to enable `MBEDTLS_USE_PSA_CRYPTO` if you -want TLS 1.3 to use PSA everywhere. +**Scope:** `MBEDTLS_USE_PSA_CRYPTO` has no effect on the most of the TLS 1.3 +code, which always uses PSA crypto. The parts of the TLS 1.3 code that will +use PSA Crypto or not depending on the value of this option are: +- record protection; +- running handshake hash; +- asymmetric signature verification & generation; +- X.509 certificate chain verification. +You need to enable `MBEDTLS_USE_PSA_CRYPTO` if you want TLS 1.3 to use PSA +everywhere. New APIs / API extensions ------------------------- diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7b1c70cb0..ca60a9d92 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -783,7 +783,7 @@ #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) #if !( defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_X509_CRT_PARSE_C) && \ - ( defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_PKCS1_V21) ) ) + ( defined(MBEDTLS_PK_HAVE_ECDSA) || defined(MBEDTLS_PKCS1_V21) ) ) #error "MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED defined, but not all prerequisites" #endif #endif From c2495f78e6f5687271bd17b3b57ae1822d8c4a95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 10 Mar 2023 12:04:33 +0100 Subject: [PATCH 434/440] Add a ChangeLog entry for driver-only ECDSA MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/driver-only-ecdsa.txt | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 ChangeLog.d/driver-only-ecdsa.txt diff --git a/ChangeLog.d/driver-only-ecdsa.txt b/ChangeLog.d/driver-only-ecdsa.txt new file mode 100644 index 000000000..645a72374 --- /dev/null +++ b/ChangeLog.d/driver-only-ecdsa.txt @@ -0,0 +1,7 @@ +Features + * When a PSA driver for ECDSA is present, it is now possible to disable + MBEDTLS_ECDSA_C in the build in order to save code size. For PK, X.509 + and TLS to fully work, this requires MBEDTLS_USE_PSA_CRYPTO to be enabled. + Restartable/interruptible ECDSA operations in PK, X.509 and TLS are not + supported in those builds yet, as driver support for interruptible ECDSA + operations is not present yet. From f2f2dbcfd7ba1c6fa2424d8625aec7ce0c13eb95 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 10 Mar 2023 12:50:50 +0000 Subject: [PATCH 435/440] Add test case for PKCS7 file with zero signers The test file was created by manually modifying tests/data_files/pkcs7_data_without_cert_signed.der, using ASN.1 JavaScript decoder https://lapo.it/asn1js/ Changes made: The SignerInfos set was truncated to zero length. All the parent sequences, sets, etc were then adjusted for their new reduced length. Signed-off-by: Dave Rodgman --- tests/data_files/pkcs7_data_no_signers.pem | Bin 0 -> 52 bytes tests/suites/test_suite_pkcs7.data | 4 ++++ 2 files changed, 4 insertions(+) create mode 100644 tests/data_files/pkcs7_data_no_signers.pem diff --git a/tests/data_files/pkcs7_data_no_signers.pem b/tests/data_files/pkcs7_data_no_signers.pem new file mode 100644 index 0000000000000000000000000000000000000000..b75c9910c2d4d071afa7279b199b0b4a78cb0166 GIT binary patch literal 52 zcmXpoV&l|m^Jx3d%gD~OK-EB*iILHe-+-5mGoj6cF_oExiIJ7TfE%HR(U1WE1?&k= literal 0 HcmV?d00001 diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index ffeec498c..eba0e2496 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -10,6 +10,10 @@ PKCS7 Signed Data Parse Pass Without CERT #3 depends_on:MBEDTLS_SHA256_C pkcs7_parse:"data_files/pkcs7_data_without_cert_signed.der":MBEDTLS_PKCS7_SIGNED_DATA +PKCS7 Signed Data Parse with zero signers +depends_on:MBEDTLS_SHA256_C +pkcs7_parse:"data_files/pkcs7_data_no_signers.pem":MBEDTLS_PKCS7_SIGNED_DATA + PKCS7 Signed Data Parse Fail with multiple certs #4 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C pkcs7_parse:"data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE From ca43e0d0acece454d1c6c2db36b12e03d4ca683f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 10 Mar 2023 13:06:01 +0000 Subject: [PATCH 436/440] Fix test file extension Signed-off-by: Dave Rodgman --- ...ata_no_signers.pem => pkcs7_data_no_signers.der} | Bin tests/suites/test_suite_pkcs7.data | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename tests/data_files/{pkcs7_data_no_signers.pem => pkcs7_data_no_signers.der} (100%) diff --git a/tests/data_files/pkcs7_data_no_signers.pem b/tests/data_files/pkcs7_data_no_signers.der similarity index 100% rename from tests/data_files/pkcs7_data_no_signers.pem rename to tests/data_files/pkcs7_data_no_signers.der diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index eba0e2496..7b32fa4c2 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -12,7 +12,7 @@ pkcs7_parse:"data_files/pkcs7_data_without_cert_signed.der":MBEDTLS_PKCS7_SIGNED PKCS7 Signed Data Parse with zero signers depends_on:MBEDTLS_SHA256_C -pkcs7_parse:"data_files/pkcs7_data_no_signers.pem":MBEDTLS_PKCS7_SIGNED_DATA +pkcs7_parse:"data_files/pkcs7_data_no_signers.der":MBEDTLS_PKCS7_SIGNED_DATA PKCS7 Signed Data Parse Fail with multiple certs #4 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C From d51b1c5666a7fefccf77cc93ed4a80fca040b9ea Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 10 Mar 2023 17:44:08 +0000 Subject: [PATCH 437/440] Remove duplicate test macros Signed-off-by: Dave Rodgman --- tests/include/test/macros.h | 23 ----------------------- tests/src/random.c | 3 ++- 2 files changed, 2 insertions(+), 24 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 2eba0c102..ab8260b75 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -253,27 +253,4 @@ */ #define MAX(x, y) ((x) > (y) ? (x) : (y)) -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n, b, i) \ - { \ - (n) = ((uint32_t) (b)[(i)] << 24) \ - | ((uint32_t) (b)[(i) + 1] << 16) \ - | ((uint32_t) (b)[(i) + 2] << 8) \ - | ((uint32_t) (b)[(i) + 3]); \ - } -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n, b, i) \ - { \ - (b)[(i)] = (unsigned char) ((n) >> 24); \ - (b)[(i) + 1] = (unsigned char) ((n) >> 16); \ - (b)[(i) + 2] = (unsigned char) ((n) >> 8); \ - (b)[(i) + 3] = (unsigned char) ((n)); \ - } -#endif - #endif /* TEST_MACROS_H */ diff --git a/tests/src/random.c b/tests/src/random.c index e74e68954..5ca333a67 100644 --- a/tests/src/random.c +++ b/tests/src/random.c @@ -36,6 +36,7 @@ #include #include +#include "../../library/alignment.h" int mbedtls_test_rnd_std_rand(void *rng_state, unsigned char *output, @@ -137,7 +138,7 @@ int mbedtls_test_rnd_pseudo_rand(void *rng_state, + info->v0) ^ (sum + k[(sum>>11) & 3]); } - PUT_UINT32_BE(info->v0, result, 0); + MBEDTLS_PUT_UINT32_BE(info->v0, result, 0); memcpy(out, result, use_len); len -= use_len; out += 4; From cc77fe8e52d65fbe596ed73ee824903751c253cf Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 11 Mar 2023 09:46:13 +0000 Subject: [PATCH 438/440] Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset Ensure that verification of an expired cert still fails, but update the test to handle the different error code. Signed-off-by: Dave Rodgman --- tests/suites/test_suite_pkcs7.data | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index 7b32fa4c2..500f3ce1f 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -134,10 +134,14 @@ PKCS7 Signed Data Hash Verify Fail with multiple signers #18 depends_on:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C pkcs7_verify:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA512:MBEDTLS_ERR_PKCS7_VERIFY_FAIL -PKCS7 Signed Data Verify Fail Expired Cert #19 -depends_on:MBEDTLS_SHA256_C +PKCS7 Signed Data Verify Fail Expired Cert #19 have DATE_TIME +depends_on:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-expired.crt":"data_files/pkcs7_data.bin":0:MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID +PKCS7 Signed Data Verify Fail Expired Cert #19 no DATE_TIME +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_HAVE_TIME_DATE +pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-expired.crt":"data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED + PKCS7 Parse Failure Invalid ASN1: Add null byte to start #20.0 depends_on:MBEDTLS_SHA256_C pkcs7_asn1_fail:"003082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0" From 2e8442565a5a67ca935abee573259cf419eaf7fe Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 11 Mar 2023 10:24:30 +0000 Subject: [PATCH 439/440] Add PKCS #7 test files using expired cert Signed-off-by: Dave Rodgman --- tests/data_files/Makefile | 9 +++++++++ tests/data_files/pkcs7-rsa-expired.der | Bin 0 -> 857 bytes tests/data_files/pkcs7_data_rsa_expired.der | Bin 0 -> 1302 bytes 3 files changed, 9 insertions(+) create mode 100644 tests/data_files/pkcs7-rsa-expired.der create mode 100644 tests/data_files/pkcs7_data_rsa_expired.der diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 80bdd2573..e638cafe6 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1306,6 +1306,11 @@ pkcs7-rsa-expired.crt: $(FAKETIME) -f -3650d $(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert Expired" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-expired.key -out pkcs7-rsa-expired.crt all_final += pkcs7-rsa-expired.crt +# File with an otherwise valid signature signed with an expired cert +pkcs7_data_rsa_expired.der: pkcs7-rsa-expired.key pkcs7-rsa-expired.crt pkcs7_data.bin + $(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -inkey pkcs7-rsa-expired.key -signer pkcs7-rsa-expired.crt -noattr -outform DER -out $@ +all_final += pkcs7_data_rsa_expired.der + # Convert signing certs to DER for testing PEM-free builds pkcs7-rsa-sha256-1.der: $(pkcs7_test_cert_1) $(OPENSSL) x509 -in pkcs7-rsa-sha256-1.crt -out $@ -outform DER @@ -1315,6 +1320,10 @@ pkcs7-rsa-sha256-2.der: $(pkcs7_test_cert_2) $(OPENSSL) x509 -in pkcs7-rsa-sha256-2.crt -out $@ -outform DER all_final += pkcs7-rsa-sha256-2.der +pkcs7-rsa-expired.der: pkcs7-rsa-expired.crt + $(OPENSSL) x509 -in pkcs7-rsa-expired.crt -out $@ -outform DER +all_final += pkcs7-rsa-expired.der + # pkcs7 signature file over zero-len data pkcs7_zerolendata_detached.der: pkcs7_zerolendata.bin pkcs7-rsa-sha256-1.key pkcs7-rsa-sha256-1.crt $(OPENSSL) smime -sign -md sha256 -nocerts -noattr -in pkcs7_zerolendata.bin -inkey pkcs7-rsa-sha256-1.key -outform DER -binary -signer pkcs7-rsa-sha256-1.crt -out pkcs7_zerolendata_detached.der diff --git a/tests/data_files/pkcs7-rsa-expired.der b/tests/data_files/pkcs7-rsa-expired.der new file mode 100644 index 0000000000000000000000000000000000000000..508ec5c29a04659cc22494dfdda906c5512310fe GIT binary patch literal 857 zcmXqLVh%NEVzOPp%*4pVBx1F7(v4q_f3_dF99xx_C%#{5zFVXLFB_*;n@8JsUPeZ4 zRt5trLv903Hs(+kHen_|A45I^9uS9%hc&?4IoRA#+CUP-XXX(C^A(&^i%Jw+D+)4; zQd11%#CZ*kfY98~(#YJT0`2H@QSIxHI9&>m@daye>@3OxAqN=TpIcbLGd+PtV&(O*cI(R&^{>-{QQtZlBs| zp5!-QHvL&BGr=QTZ+2mjaYC~{-vSZkh|q@WdV6QRs|!DA@XgGPoMBBEFPyX55MuwyF>YOe%pRWKbEjxscdUBOUZlcMAF(WD z?snhznQy0*=jXa6Wy?-^VB}kFoo6vk=0<|5-qvMFzP2ZBX-~P$5@(|MnJ;;h@x!U? z>PCu8%!~|-i-QdU4P=24B+JJl#v)=oT}<&%Nvfsbwq?5{{%r9Q$w@FbkOxUCvq%_- zHDFi34^kk^$oQXy)qojDAqP7!g#d${k%5=_)6w^WcHsfp=HeWAYSwMl`I3I6v6k;v{C@#6<|BMH7C--O5E09~&i%0O zV%zV3EbC77t-ICF!KvuH(UMO?O|`6i7T?`&g-?&lA}7zi^(r#<`I!e3R_-poU_9G5 z)azpX!?-USZ~0DqA1#0Ni+7~r83&ny>Sp0$)%$U)9pg!60FaqLSO5S3 literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs7_data_rsa_expired.der b/tests/data_files/pkcs7_data_rsa_expired.der new file mode 100644 index 0000000000000000000000000000000000000000..63af49d6a9d8334faca425e3c7cede1be7cdc6ad GIT binary patch literal 1302 zcmXqLVijWJ)N1o+`_9YA&a|M3mD!+)$PF~Y%8=WD zlZ`o)g-w{r&&QC@fCt3k;$aQ&b`CZ-ls1qA@tJvqzT0`2H@QSI zxHI9&>m@daye>@3OxAqN=TpIcbLGd+PtV&(O*cI(R&^{>-{QQtZlBs|p5!-QHvL&B zGr=QTZ+2mjaYC~{-vSZkh|q@WdV6QRs|!DA@XgGPoMBBEFPyX55MuwyF>YOe%pRWKbEjxscdUBOUZlcMAF(WD?snhznQy0* z=jXa6Wy?-^VB}kFoo6vk=0<|5-qvMFzP2ZBX-~P$5@(|MnJ;;h@x!U?>PCu8%!~|- zi-QdU4P=24B+JJl#v)=oT}<&%Nvfsbwq?5{{%r9Q$w@FbkOxUCvq%_-HDFi34^kk^ z$oQXy)qojDAqP7!g#d${k%5=_)6w^WcHsfp=HeWAYSwMl`I3I6v6k;v{C@#6<|BMH7C--O5E09~&i%0OV%zV3EbC77 zt-ICF!KvuH(UMO?O|`6i7T?`&g-?&lA}7zi^(r#<`I!e3R_-poU_9G5)azpX!?-US zZ~0DqA1#0Ni+7~r83&ny>Sp0$)%$U)9pg#H*u+>1OnQ~TTxbwPNxH_JDUtIvQXT~+ ze3m9ghAFT6(xUf@{ym%6vsEzDPD=LCsk)a=mmVH5+pR4Cyq5g} z>#iR=ek@i^ef;_4%IT}Ly^k+Qn~>D(CSRKnx9z&WSk{stDV2NY^{O+}*Tu0vMM3Q<>y?S9T?{y_Vg35(ApOgYY|fLUw&Ci;P0O`ck@oqmfSIyHMT9L zWO9>&<1%xpfLCQZ>tz+V8a5Ps;jR#q^tSmfT$RXnXuI+IgB!okvN-Q+(J6n1`Sa0B Sv($r)ZeP_5tz=$xa{&OMyW?d5 literal 0 HcmV?d00001 From f8565b3c2b895827e393c103967531e823e078e0 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 11 Mar 2023 10:26:39 +0000 Subject: [PATCH 440/440] Add more PKCS #7 tests with expired cert Add test which uses an expired cert but is otherwise OK, which passes if and only if MBEDTLS_HAVE_TIME_DATE is not set. Add similar test which verifies against a different data file, which must fail regardless of MBEDTLS_HAVE_TIME_DATE. Signed-off-by: Dave Rodgman --- tests/suites/test_suite_pkcs7.data | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data index 500f3ce1f..89c223dcb 100644 --- a/tests/suites/test_suite_pkcs7.data +++ b/tests/suites/test_suite_pkcs7.data @@ -134,14 +134,22 @@ PKCS7 Signed Data Hash Verify Fail with multiple signers #18 depends_on:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C pkcs7_verify:"data_files/pkcs7_data_multiple_signed.der":"data_files/pkcs7-rsa-sha256-1.crt data_files/pkcs7-rsa-sha256-2.crt":"data_files/pkcs7_data.bin":MBEDTLS_MD_SHA512:MBEDTLS_ERR_PKCS7_VERIFY_FAIL +PKCS7 Signed Data Verify Pass Expired Cert #19 no TIME_DATE +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_HAVE_TIME_DATE +pkcs7_verify:"data_files/pkcs7_data_rsa_expired.der":"data_files/pkcs7-rsa-expired.crt":"data_files/pkcs7_data.bin":0:0 + PKCS7 Signed Data Verify Fail Expired Cert #19 have DATE_TIME depends_on:MBEDTLS_SHA256_C:MBEDTLS_HAVE_TIME_DATE pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-expired.crt":"data_files/pkcs7_data.bin":0:MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID -PKCS7 Signed Data Verify Fail Expired Cert #19 no DATE_TIME +PKCS7 Signed Data Verify Fail Expired Cert #19 no DATE_TIME 1 depends_on:MBEDTLS_SHA256_C:!MBEDTLS_HAVE_TIME_DATE pkcs7_verify:"data_files/pkcs7_data_cert_signed_sha256.der":"data_files/pkcs7-rsa-expired.crt":"data_files/pkcs7_data.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED +PKCS7 Signed Data Verify Fail Expired Cert #19 no TIME_DATE 2 +depends_on:MBEDTLS_SHA256_C:!MBEDTLS_HAVE_TIME_DATE +pkcs7_verify:"data_files/pkcs7_data_rsa_expired.der":"data_files/pkcs7-rsa-expired.crt":"data_files/pkcs7_data_1.bin":0:MBEDTLS_ERR_RSA_VERIFY_FAILED + PKCS7 Parse Failure Invalid ASN1: Add null byte to start #20.0 depends_on:MBEDTLS_SHA256_C pkcs7_asn1_fail:"003082050006092a864886f70d010702a08204f1308204ed020101310f300d06096086480165030402010500300b06092a864886f70d010701a082034d3082034930820231a00302010202147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06092a864886f70d01010b05003034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b43533720436572742031301e170d3232313032383136313035365a170d3233313032383136313035365a3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203130820122300d06092a864886f70d01010105000382010f003082010a0282010100c8b6cf69899cd1f0ebb4ca645c05e70e0d2efeddcc61d089cbd515a39a3579b92343b61ec750060fb4ed37876332400e425f1d376c7e75c2973314edf4bb30c8f8dd03b9fcff955a245d49137ad6e60056cac19552a865d52187187cc042c9c49e3e3a9c17a534b453cdabc0cb113b4f63f5b3174b9ee9902b1910d11496a279a74326adcfee10bfd9e7ebafbb377be9b63959165d13dd5751171cadad3c1d3adac68bc8011d61b54cf60178be36839a89ac91ab419e3ca37d6ba881d25518c4db68bca6f7c83602f699a86b17fb1e773bcbe74bb93a49b251ae86428b5740e1868bb1d6fab9e28712e98ec319ad8fca4d73010c4b09c4b80458961e7cf083530203010001a3533051301d0603551d0e041604148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8301f0603551d230418301680148aeee5947cc67c5dd515a76e2a7ecd31ee52fdc8300f0603551d130101ff040530030101ff300d06092a864886f70d01010b05000382010100821d6b98cd457debd2b081aca27ebecd4f93acc828443b39eabffa9fa4e9e4543b46fcc31e2b5b48177903dea6969ac4a2cc6570650390f1b08d43a4c2f975c7ed8bf3356c7218380212451a8f11de46553cbcd65b4254ddb8f66834eb21dda2a8f33b581e1484557aca1b94ee8931ddf16037b7a7171321a91936afc27ffce395de75d5f70cb8b5aee05ff507088d65af1e43966cd42cbe6f7facf8dae055dd8222b1696521723f81245178595c985ae917fd4b3998773e1a97b7bd10085446f4259bcc09a454929282c1b89b71ed587a775e0a3d4536341f45dae969e806c96fefc71067776c02ba22122b9199b14c0c28c04487509070b97f3dd2d6d972733182017730820173020101304c3034310b3009060355040613024e4c310e300c060355040a0c05504b4353373115301306035504030c0c504b4353372043657274203102147bdeddd2444cd1cdfe5c41a8102c89b7df2e6cbf300d06096086480165030402010500300d06092a864886f70d0101010500048201005becd87195c1deff90c24c91269b55b3f069bc225c326c314c1a51786ffe14c830be4e4bc73cba36c97677b44168279be91e7cdf7c19386ae21862719d13a3a0fff0803d460962f2cda8371484873252c3d7054db8143e2b081a3816ed0804ca5099ae5fece83d5c2c3783b1988b4b46dc94e55587a107ea1546bf22d28a097f652a4066dc2965269069af2f5176bb8ce9ca6d11f96757f03204f756703587d00ad424796c92fc7aeb6f494431999eda30990e4f5773632ed258fe0276673599da6fce35cdad7726a0bb024cad996b88e0cb98854ceb5c0b6ec748d9f9ce6a6cd437858bacb814618a272ff3a415c6e07f3db0988777fdec845a97bf7d102dd0"