mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-16 04:20:49 +00:00
Merge remote-tracking branch 'mbedtls/development' into tls13-cli-max-early-data-size
This commit is contained in:
commit
61fd13c6a5
6
ChangeLog.d/8848.txt
Normal file
6
ChangeLog.d/8848.txt
Normal file
@ -0,0 +1,6 @@
|
||||
Removals
|
||||
* Temporary function mbedtls_pk_wrap_as_opaque() is removed. To mimic the
|
||||
same behavior mbedtls_pk_get_psa_attributes() and
|
||||
mbedtls_pk_import_into_psa() can be used to import a PK key into PSA,
|
||||
while mbedtls_pk_setup_opaque() can be used to wrap a PSA key into a opaque
|
||||
PK context.
|
3
ChangeLog.d/add_get_ecp_group_id.txt
Normal file
3
ChangeLog.d/add_get_ecp_group_id.txt
Normal file
@ -0,0 +1,3 @@
|
||||
Features
|
||||
* Add new accessor to expose the private group id member of
|
||||
`mbedtls_ecdh_context` structure.
|
8
ChangeLog.d/ecp_write_key.txt
Normal file
8
ChangeLog.d/ecp_write_key.txt
Normal file
@ -0,0 +1,8 @@
|
||||
Features
|
||||
* The new function mbedtls_ecp_write_key_ext() is similar to
|
||||
mbedtls_ecp_write_key(), but can be used without separately calculating
|
||||
the output length.
|
||||
|
||||
New deprecations
|
||||
* mbedtls_ecp_write_key() is deprecated in favor of
|
||||
mbedtls_ecp_write_key_ext().
|
4
ChangeLog.d/fix-ssl-session-serialization-config.txt
Normal file
4
ChangeLog.d/fix-ssl-session-serialization-config.txt
Normal file
@ -0,0 +1,4 @@
|
||||
Bugfix
|
||||
* Fix missing bitflags in SSL session serialization headers. Their absence
|
||||
allowed SSL sessions saved in one configuration to be loaded in a
|
||||
different, incompatible configuration.
|
5
ChangeLog.d/x509-add-ca_istrue.txt
Normal file
5
ChangeLog.d/x509-add-ca_istrue.txt
Normal file
@ -0,0 +1,5 @@
|
||||
Features
|
||||
* Add new accessor to expose the `MBEDTLS_PRIVATE(ca_istrue)` member of
|
||||
`mbedtls_x509_crt` structure. This requires setting
|
||||
the MBEDTLS_X509_EXT_BASIC_CONSTRAINTS bit in the certificate's
|
||||
ext_types field.
|
@ -157,11 +157,11 @@ The driver wrapper functions in `psa_crypto_driver_wrappers.h.jinja` for all fou
|
||||
|
||||
```
|
||||
#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
|
||||
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
|
||||
if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
|
||||
PSA_ALG_IS_ECDSA(alg) &&
|
||||
!PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
|
||||
PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
|
||||
attributes->core.bits == 256 )
|
||||
PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
|
||||
psa_get_key_bits(attributes) == 256 )
|
||||
{
|
||||
status = p256_transparent_sign_hash( attributes,
|
||||
key_buffer,
|
||||
|
@ -845,7 +845,6 @@ For an ECC private key (a future version of Mbed TLS [will provide a more direct
|
||||
|
||||
```
|
||||
unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
|
||||
size_t length = PSA_BITS_TO_BYTES(mbedtls_pk_bitlen(&pk));
|
||||
mbedtls_ecp_keypair *ec = mbedtls_pk_ec(&pk);
|
||||
psa_ecc_curve_t curve;
|
||||
{
|
||||
@ -862,7 +861,8 @@ psa_ecc_curve_t curve;
|
||||
mbedtls_ecp_point_free(&Q);
|
||||
mbedtls_mpi_free(&d);
|
||||
}
|
||||
mbedtls_ecp_write_key(ec, buf, length);
|
||||
size_t length;
|
||||
mbedtls_ecp_write_key_ext(ec, &length, buf, sizeof(buf));
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
|
||||
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_... | ...);
|
||||
@ -900,8 +900,8 @@ mbedtls_ecp_keypair_init(&ec);
|
||||
// Omitted: fill ec with key material
|
||||
// (the public key will not be used and does not need to be set)
|
||||
unsigned char buf[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
|
||||
size_t length = PSA_BITS_TO_BYTES(mbedtls_pk_bitlen(&pk));
|
||||
mbedtls_ecp_write_key(&ec, buf, length);
|
||||
size_t length;
|
||||
mbedtls_ecp_write_key_ext(&ec, &length, buf, sizeof(buf));
|
||||
psa_ecc_curve_t curve = ...; // need to determine the curve family manually
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_set_key_attributes(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(curve));
|
||||
@ -1300,7 +1300,7 @@ There is no PSA equivalent to the types `mbedtls_ecdsa_context` and `mbedtls_ecd
|
||||
The PSA API is a cryptography API, not an arithmetic API. As a consequence, there is no PSA equivalent for the ECC arithmetic functionality exposed by `ecp.h`:
|
||||
|
||||
* Manipulation of point objects and input-output: the type `mbedtls_ecp_point` and functions operating on it (`mbedtls_ecp_point_xxx`, `mbedtls_ecp_copy`, `mbedtls_ecp_{set,is}_zero`, `mbedtls_ecp_tls_{read,write}_point`). Note that the PSA export format for public keys corresponds to the uncompressed point format (`MBEDTLS_ECP_PF_UNCOMPRESSED`), so [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) and [`psa_export_public_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1gaf22ae73312217aaede2ea02cdebb6062) are equivalent to `mbedtls_ecp_point_read_binary` and `mbedtls_ecp_point_write_binary` for uncompressed points. The PSA API does not currently support compressed points, but it is likely that such support will be added in the future.
|
||||
* Manipulation of key pairs as such, with a bridge to bignum arithmetic (`mbedtls_ecp_keypair` type, `mbedtls_ecp_export`). However, the PSA export format for ECC private keys used by [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) is the same as the format used by `mbedtls_ecp_read_key` and `mbedtls_ecp_write_key`.
|
||||
* Manipulation of key pairs as such, with a bridge to bignum arithmetic (`mbedtls_ecp_keypair` type, `mbedtls_ecp_export`). However, the PSA export format for ECC private keys used by [`psa_import_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga0336ea76bf30587ab204a8296462327b), [`psa_export_key`](https://mbed-tls.readthedocs.io/projects/api/en/development/api/group/group__import__export/#group__import__export_1ga668e35be8d2852ad3feeef74ac6f75bf) is the same as the format used by `mbedtls_ecp_read_key` and `mbedtls_ecp_write_key_ext`.
|
||||
* Elliptic curve arithmetic (`mbedtls_ecp_mul`, `mbedtls_ecp_muladd` and their restartable variants).
|
||||
|
||||
### Additional information about RSA
|
||||
|
@ -141,6 +141,19 @@ typedef struct mbedtls_ecdh_context {
|
||||
}
|
||||
mbedtls_ecdh_context;
|
||||
|
||||
/**
|
||||
* \brief Return the ECP group for provided context.
|
||||
*
|
||||
* \note To access group specific fields, users should use
|
||||
* `mbedtls_ecp_curve_info_from_grp_id` or
|
||||
* `mbedtls_ecp_group_load` on the extracted `group_id`.
|
||||
*
|
||||
* \param ctx The ECDH context to parse. This must not be \c NULL.
|
||||
*
|
||||
* \return The \c mbedtls_ecp_group_id of the context.
|
||||
*/
|
||||
mbedtls_ecp_group_id mbedtls_ecdh_get_grp_id(mbedtls_ecdh_context *ctx);
|
||||
|
||||
/**
|
||||
* \brief Check whether a given group can be used for ECDH.
|
||||
*
|
||||
|
@ -24,6 +24,7 @@
|
||||
#include "mbedtls/private_access.h"
|
||||
|
||||
#include "mbedtls/build_info.h"
|
||||
#include "mbedtls/platform_util.h"
|
||||
|
||||
#include "mbedtls/bignum.h"
|
||||
|
||||
@ -1327,10 +1328,11 @@ int mbedtls_ecp_set_public_key(mbedtls_ecp_group_id grp_id,
|
||||
int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
|
||||
const unsigned char *buf, size_t buflen);
|
||||
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
/**
|
||||
* \brief This function exports an elliptic curve private key.
|
||||
*
|
||||
* \note Note that although this function accepts an output
|
||||
* \deprecated Note that although this function accepts an output
|
||||
* buffer that is smaller or larger than the key, most key
|
||||
* import interfaces require the output to have exactly
|
||||
* key's nominal length. It is generally simplest to
|
||||
@ -1338,6 +1340,10 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
|
||||
* checking that the output buffer is large enough.
|
||||
* See the description of the \p buflen parameter for
|
||||
* how to calculate the nominal length.
|
||||
* To avoid this difficulty, use mbedtls_ecp_write_key_ext()
|
||||
* instead.
|
||||
* mbedtls_ecp_write_key() is deprecated and will be
|
||||
* removed in a future version of the library.
|
||||
*
|
||||
* \note If the private key was not set in \p key,
|
||||
* the output is unspecified. Future versions
|
||||
@ -1367,8 +1373,31 @@ int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
|
||||
* representation is larger than the available space in \p buf.
|
||||
* \return Another negative error code on different kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
|
||||
unsigned char *buf, size_t buflen);
|
||||
int MBEDTLS_DEPRECATED mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
|
||||
unsigned char *buf, size_t buflen);
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
/**
|
||||
* \brief This function exports an elliptic curve private key.
|
||||
*
|
||||
* \param key The private key.
|
||||
* \param olen On success, the length of the private key.
|
||||
* This is always (`grp->nbits` + 7) / 8 bytes
|
||||
* where `grp->nbits` is the private key size in bits.
|
||||
* \param buf The output buffer for containing the binary representation
|
||||
* of the key.
|
||||
* \param buflen The total length of the buffer in bytes.
|
||||
* #MBEDTLS_ECP_MAX_BYTES is always sufficient.
|
||||
*
|
||||
* \return \c 0 on success.
|
||||
* \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key
|
||||
* representation is larger than the available space in \p buf.
|
||||
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if no private key is
|
||||
* set in \p key.
|
||||
* \return Another negative error code on different kinds of failure.
|
||||
*/
|
||||
int mbedtls_ecp_write_key_ext(const mbedtls_ecp_keypair *key,
|
||||
size_t *olen, unsigned char *buf, size_t buflen);
|
||||
|
||||
/**
|
||||
* \brief This function exports an elliptic curve public key.
|
||||
|
@ -1213,33 +1213,6 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
|
||||
const mbedtls_pk_context *key);
|
||||
#endif /* MBEDTLS_PK_WRITE_C */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/**
|
||||
* \brief Turn an EC or RSA key into an opaque one.
|
||||
*
|
||||
* \warning This is a temporary utility function for tests. It might
|
||||
* change or be removed at any time without notice.
|
||||
*
|
||||
* \param pk Input: the EC or RSA key to import to a PSA key.
|
||||
* Output: a PK context wrapping that PSA key.
|
||||
* \param key Output: a PSA key identifier.
|
||||
* It's the caller's responsibility to call
|
||||
* psa_destroy_key() on that key identifier after calling
|
||||
* mbedtls_pk_free() on the PK context.
|
||||
* \param alg The algorithm to allow for use with that key.
|
||||
* \param usage The usage to allow for use with that key.
|
||||
* \param alg2 The secondary algorithm to allow for use with that key.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
* \return An Mbed TLS error code otherwise.
|
||||
*/
|
||||
int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
|
||||
mbedtls_svc_key_id_t *key,
|
||||
psa_algorithm_t alg,
|
||||
psa_key_usage_t usage,
|
||||
psa_algorithm_t alg2);
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
@ -916,6 +916,18 @@ static inline int mbedtls_x509_crt_has_ext_type(const mbedtls_x509_crt *ctx,
|
||||
return ctx->MBEDTLS_PRIVATE(ext_types) & ext_type;
|
||||
}
|
||||
|
||||
/**
|
||||
* \brief Access the ca_istrue field
|
||||
*
|
||||
* \param[in] crt Certificate to be queried, must not be \c NULL
|
||||
*
|
||||
* \return \c 1 if this a CA certificate \c 0 otherwise.
|
||||
* \return MBEDTLS_ERR_X509_INVALID_EXTENSIONS if the certificate does not contain
|
||||
* the Optional Basic Constraint extension.
|
||||
*
|
||||
*/
|
||||
int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt);
|
||||
|
||||
/** \} name Structures and functions for parsing and writing X.509 certificates */
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_WRITE_C)
|
||||
|
@ -59,7 +59,7 @@ static inline void psa_set_key_enrollment_algorithm(
|
||||
psa_key_attributes_t *attributes,
|
||||
psa_algorithm_t alg2)
|
||||
{
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
|
||||
attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2) = alg2;
|
||||
}
|
||||
|
||||
/** Retrieve the enrollment algorithm policy from key attributes.
|
||||
@ -71,7 +71,7 @@ static inline void psa_set_key_enrollment_algorithm(
|
||||
static inline psa_algorithm_t psa_get_key_enrollment_algorithm(
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2);
|
||||
return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg2);
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
@ -129,7 +129,7 @@ static inline void psa_set_key_slot_number(
|
||||
psa_key_attributes_t *attributes,
|
||||
psa_key_slot_number_t slot_number)
|
||||
{
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) |= MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
|
||||
attributes->MBEDTLS_PRIVATE(has_slot_number) = 1;
|
||||
attributes->MBEDTLS_PRIVATE(slot_number) = slot_number;
|
||||
}
|
||||
|
||||
@ -142,8 +142,7 @@ static inline void psa_set_key_slot_number(
|
||||
static inline void psa_clear_key_slot_number(
|
||||
psa_key_attributes_t *attributes)
|
||||
{
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(flags) &=
|
||||
~MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER;
|
||||
attributes->MBEDTLS_PRIVATE(has_slot_number) = 0;
|
||||
}
|
||||
|
||||
/** Register a key that is already present in a secure element.
|
||||
|
@ -266,35 +266,15 @@ typedef uint16_t psa_key_bits_t;
|
||||
* conditionals. */
|
||||
#define PSA_MAX_KEY_BITS 0xfff8
|
||||
|
||||
/** A mask of flags that can be stored in key attributes.
|
||||
*
|
||||
* This type is also used internally to store flags in slots. Internal
|
||||
* flags are defined in library/psa_crypto_core.h. Internal flags may have
|
||||
* the same value as external flags if they are properly handled during
|
||||
* key creation and in psa_get_key_attributes.
|
||||
*/
|
||||
typedef uint16_t psa_key_attributes_flag_t;
|
||||
|
||||
#define MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER \
|
||||
((psa_key_attributes_flag_t) 0x0001)
|
||||
|
||||
/* A mask of key attribute flags used externally only.
|
||||
* Only meant for internal checks inside the library. */
|
||||
#define MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY ( \
|
||||
MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER | \
|
||||
0)
|
||||
|
||||
/* A mask of key attribute flags used both internally and externally.
|
||||
* Currently there aren't any. */
|
||||
#define MBEDTLS_PSA_KA_MASK_DUAL_USE ( \
|
||||
0)
|
||||
|
||||
typedef struct {
|
||||
struct psa_key_attributes_s {
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
|
||||
int MBEDTLS_PRIVATE(has_slot_number);
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
psa_key_type_t MBEDTLS_PRIVATE(type);
|
||||
psa_key_bits_t MBEDTLS_PRIVATE(bits);
|
||||
psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
|
||||
psa_key_policy_t MBEDTLS_PRIVATE(policy);
|
||||
psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags);
|
||||
/* This type has a different layout in the client view wrt the
|
||||
* service view of the key id, i.e. in service view usually is
|
||||
* expected to have MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined
|
||||
@ -307,31 +287,18 @@ typedef struct {
|
||||
* struct
|
||||
*/
|
||||
mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
|
||||
} psa_core_key_attributes_t;
|
||||
|
||||
#define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0, \
|
||||
PSA_KEY_LIFETIME_VOLATILE, \
|
||||
PSA_KEY_POLICY_INIT, 0, \
|
||||
MBEDTLS_SVC_KEY_ID_INIT }
|
||||
|
||||
struct psa_key_attributes_s {
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
/* With client/service separation, struct psa_key_attributes_s is
|
||||
* marshalled through a transport channel between the client and
|
||||
* service side implementation of the PSA Crypto APIs, thus having
|
||||
* the mbedtls_svc_key_id_t id as the last field of this structure
|
||||
* allows for a more efficient marshalling/unmarshalling of parameters
|
||||
*/
|
||||
psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
#define PSA_KEY_ATTRIBUTES_INIT { 0, PSA_CORE_KEY_ATTRIBUTES_INIT }
|
||||
#define PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER 0, 0,
|
||||
#else
|
||||
#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT }
|
||||
#define PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER
|
||||
#endif
|
||||
#define PSA_KEY_ATTRIBUTES_INIT { PSA_KEY_ATTRIBUTES_MAYBE_SLOT_NUMBER \
|
||||
PSA_KEY_TYPE_NONE, 0, \
|
||||
PSA_KEY_LIFETIME_VOLATILE, \
|
||||
PSA_KEY_POLICY_INIT, \
|
||||
MBEDTLS_SVC_KEY_ID_INIT }
|
||||
|
||||
static inline struct psa_key_attributes_s psa_key_attributes_init(void)
|
||||
{
|
||||
@ -342,12 +309,12 @@ static inline struct psa_key_attributes_s psa_key_attributes_init(void)
|
||||
static inline void psa_set_key_id(psa_key_attributes_t *attributes,
|
||||
mbedtls_svc_key_id_t key)
|
||||
{
|
||||
psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime);
|
||||
psa_key_lifetime_t lifetime = attributes->MBEDTLS_PRIVATE(lifetime);
|
||||
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = key;
|
||||
attributes->MBEDTLS_PRIVATE(id) = key;
|
||||
|
||||
if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) =
|
||||
attributes->MBEDTLS_PRIVATE(lifetime) =
|
||||
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
|
||||
PSA_KEY_LIFETIME_PERSISTENT,
|
||||
PSA_KEY_LIFETIME_GET_LOCATION(lifetime));
|
||||
@ -357,26 +324,26 @@ static inline void psa_set_key_id(psa_key_attributes_t *attributes,
|
||||
static inline mbedtls_svc_key_id_t psa_get_key_id(
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id);
|
||||
return attributes->MBEDTLS_PRIVATE(id);
|
||||
}
|
||||
|
||||
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
|
||||
static inline void mbedtls_set_key_owner_id(psa_key_attributes_t *attributes,
|
||||
mbedtls_key_owner_id_t owner)
|
||||
{
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner;
|
||||
attributes->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(owner) = owner;
|
||||
}
|
||||
#endif
|
||||
|
||||
static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
|
||||
psa_key_lifetime_t lifetime)
|
||||
{
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime) = lifetime;
|
||||
attributes->MBEDTLS_PRIVATE(lifetime) = lifetime;
|
||||
if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
|
||||
#ifdef MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0;
|
||||
attributes->MBEDTLS_PRIVATE(id).MBEDTLS_PRIVATE(key_id) = 0;
|
||||
#else
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(id) = 0;
|
||||
attributes->MBEDTLS_PRIVATE(id) = 0;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
@ -384,7 +351,7 @@ static inline void psa_set_key_lifetime(psa_key_attributes_t *attributes,
|
||||
static inline psa_key_lifetime_t psa_get_key_lifetime(
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(lifetime);
|
||||
return attributes->MBEDTLS_PRIVATE(lifetime);
|
||||
}
|
||||
|
||||
static inline void psa_extend_key_usage_flags(psa_key_usage_t *usage_flags)
|
||||
@ -402,53 +369,53 @@ static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
|
||||
psa_key_usage_t usage_flags)
|
||||
{
|
||||
psa_extend_key_usage_flags(&usage_flags);
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
|
||||
attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage) = usage_flags;
|
||||
}
|
||||
|
||||
static inline psa_key_usage_t psa_get_key_usage_flags(
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage);
|
||||
return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(usage);
|
||||
}
|
||||
|
||||
static inline void psa_set_key_algorithm(psa_key_attributes_t *attributes,
|
||||
psa_algorithm_t alg)
|
||||
{
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg;
|
||||
attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg) = alg;
|
||||
}
|
||||
|
||||
static inline psa_algorithm_t psa_get_key_algorithm(
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg);
|
||||
return attributes->MBEDTLS_PRIVATE(policy).MBEDTLS_PRIVATE(alg);
|
||||
}
|
||||
|
||||
static inline void psa_set_key_type(psa_key_attributes_t *attributes,
|
||||
psa_key_type_t type)
|
||||
{
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type) = type;
|
||||
attributes->MBEDTLS_PRIVATE(type) = type;
|
||||
}
|
||||
|
||||
static inline psa_key_type_t psa_get_key_type(
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(type);
|
||||
return attributes->MBEDTLS_PRIVATE(type);
|
||||
}
|
||||
|
||||
static inline void psa_set_key_bits(psa_key_attributes_t *attributes,
|
||||
size_t bits)
|
||||
{
|
||||
if (bits > PSA_MAX_KEY_BITS) {
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE;
|
||||
attributes->MBEDTLS_PRIVATE(bits) = PSA_KEY_BITS_TOO_LARGE;
|
||||
} else {
|
||||
attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits;
|
||||
attributes->MBEDTLS_PRIVATE(bits) = (psa_key_bits_t) bits;
|
||||
}
|
||||
}
|
||||
|
||||
static inline size_t psa_get_key_bits(
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
return attributes->MBEDTLS_PRIVATE(core).MBEDTLS_PRIVATE(bits);
|
||||
return attributes->MBEDTLS_PRIVATE(bits);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -144,6 +144,15 @@ static void ecdh_init_internal(mbedtls_ecdh_context_mbed *ctx)
|
||||
#endif
|
||||
}
|
||||
|
||||
mbedtls_ecp_group_id mbedtls_ecdh_get_grp_id(mbedtls_ecdh_context *ctx)
|
||||
{
|
||||
#if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
|
||||
return ctx->MBEDTLS_PRIVATE(grp).id;
|
||||
#else
|
||||
return ctx->MBEDTLS_PRIVATE(grp_id);
|
||||
#endif
|
||||
}
|
||||
|
||||
/*
|
||||
* Initialize context
|
||||
*/
|
||||
|
@ -3302,6 +3302,7 @@ cleanup:
|
||||
/*
|
||||
* Write a private key.
|
||||
*/
|
||||
#if !defined MBEDTLS_DEPRECATED_REMOVED
|
||||
int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
|
||||
unsigned char *buf, size_t buflen)
|
||||
{
|
||||
@ -3332,6 +3333,39 @@ cleanup:
|
||||
|
||||
return ret;
|
||||
}
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
int mbedtls_ecp_write_key_ext(const mbedtls_ecp_keypair *key,
|
||||
size_t *olen, unsigned char *buf, size_t buflen)
|
||||
{
|
||||
size_t len = (key->grp.nbits + 7) / 8;
|
||||
if (len > buflen) {
|
||||
/* For robustness, ensure *olen <= buflen even on error. */
|
||||
*olen = 0;
|
||||
return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
|
||||
}
|
||||
*olen = len;
|
||||
|
||||
/* Private key not set */
|
||||
if (key->d.n == 0) {
|
||||
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
|
||||
if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
|
||||
return mbedtls_mpi_write_binary_le(&key->d, buf, len);
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
|
||||
if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS) {
|
||||
return mbedtls_mpi_write_binary(&key->d, buf, len);
|
||||
}
|
||||
#endif
|
||||
|
||||
/* Private key set but no recognized curve type? This shouldn't happen. */
|
||||
return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
}
|
||||
|
||||
/*
|
||||
* Write a public key.
|
||||
|
159
library/pk.c
159
library/pk.c
@ -675,10 +675,7 @@ static int import_pair_into_psa(const mbedtls_pk_context *pk,
|
||||
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
|
||||
psa_ecc_family_t from_family = pk->ec_family;
|
||||
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
|
||||
/* We're only reading the key, but mbedtls_ecp_write_key()
|
||||
* is missing a const annotation on its key parameter, so
|
||||
* we need the non-const accessor here. */
|
||||
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
|
||||
const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk);
|
||||
size_t from_bits = 0;
|
||||
psa_ecc_family_t from_family = mbedtls_ecc_group_to_psa(ec->grp.id,
|
||||
&from_bits);
|
||||
@ -704,12 +701,9 @@ static int import_pair_into_psa(const mbedtls_pk_context *pk,
|
||||
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
||||
}
|
||||
unsigned char key_buffer[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
|
||||
/* Make sure to pass the exact key length to
|
||||
* mbedtls_ecp_write_key(), because it writes Montgomery keys
|
||||
* at the start of the buffer but Weierstrass keys at the
|
||||
* end of the buffer. */
|
||||
size_t key_length = PSA_BITS_TO_BYTES(ec->grp.nbits);
|
||||
int ret = mbedtls_ecp_write_key(ec, key_buffer, key_length);
|
||||
size_t key_length = 0;
|
||||
int ret = mbedtls_ecp_write_key_ext(ec, &key_length,
|
||||
key_buffer, sizeof(key_buffer));
|
||||
if (ret < 0) {
|
||||
return ret;
|
||||
}
|
||||
@ -1188,9 +1182,32 @@ int mbedtls_pk_sign_ext(mbedtls_pk_type_t pk_type,
|
||||
}
|
||||
|
||||
if (mbedtls_pk_get_type(ctx) == MBEDTLS_PK_OPAQUE) {
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_algorithm_t psa_alg, psa_enrollment_alg, sign_alg;
|
||||
psa_status_t status;
|
||||
|
||||
status = psa_sign_hash(ctx->priv_id, PSA_ALG_RSA_PSS(psa_md_alg),
|
||||
status = psa_get_key_attributes(ctx->priv_id, &key_attr);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
|
||||
}
|
||||
psa_alg = psa_get_key_algorithm(&key_attr);
|
||||
psa_enrollment_alg = psa_get_key_enrollment_algorithm(&key_attr);
|
||||
psa_reset_key_attributes(&key_attr);
|
||||
|
||||
/* Since we're PK type is MBEDTLS_PK_RSASSA_PSS at least one between
|
||||
* alg and enrollment alg should be of type RSA_PSS. */
|
||||
if (PSA_ALG_IS_RSA_PSS(psa_alg)) {
|
||||
sign_alg = psa_alg;
|
||||
} else if (PSA_ALG_IS_RSA_PSS(psa_enrollment_alg)) {
|
||||
sign_alg = psa_enrollment_alg;
|
||||
} else {
|
||||
/* The opaque key has no RSA PSS algorithm associated. */
|
||||
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
||||
}
|
||||
/* Adjust the hashing algorithm. */
|
||||
sign_alg = (sign_alg & ~PSA_ALG_HASH_MASK) | PSA_ALG_GET_HASH(psa_md_alg);
|
||||
|
||||
status = psa_sign_hash(ctx->priv_id, sign_alg,
|
||||
hash, hash_len,
|
||||
sig, sig_size, sig_len);
|
||||
return PSA_PK_RSA_TO_MBEDTLS_ERR(status);
|
||||
@ -1357,124 +1374,4 @@ mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx)
|
||||
return ctx->pk_info->type;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/*
|
||||
* Load the key to a PSA key slot,
|
||||
* then turn the PK context into a wrapper for that key slot.
|
||||
*
|
||||
* Currently only works for EC & RSA private keys.
|
||||
*/
|
||||
int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
|
||||
mbedtls_svc_key_id_t *key,
|
||||
psa_algorithm_t alg,
|
||||
psa_key_usage_t usage,
|
||||
psa_algorithm_t alg2)
|
||||
{
|
||||
#if !defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_RSA_C)
|
||||
((void) pk);
|
||||
((void) key);
|
||||
((void) alg);
|
||||
((void) usage);
|
||||
((void) alg2);
|
||||
#else /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
|
||||
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECKEY) {
|
||||
size_t d_len;
|
||||
psa_ecc_family_t curve_id;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
psa_key_type_t key_type;
|
||||
size_t bits;
|
||||
psa_status_t status;
|
||||
|
||||
/* export the private key material in the format PSA wants */
|
||||
#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
|
||||
unsigned char d[MBEDTLS_PSA_MAX_EC_KEY_PAIR_LENGTH];
|
||||
status = psa_export_key(pk->priv_id, d, sizeof(d), &d_len);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return psa_pk_status_to_mbedtls(status);
|
||||
}
|
||||
|
||||
curve_id = pk->ec_family;
|
||||
bits = pk->ec_bits;
|
||||
#else /* MBEDTLS_PK_USE_PSA_EC_DATA */
|
||||
unsigned char d[MBEDTLS_ECP_MAX_BYTES];
|
||||
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
d_len = PSA_BITS_TO_BYTES(ec->grp.nbits);
|
||||
if ((ret = mbedtls_ecp_write_key(ec, d, d_len)) != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
curve_id = mbedtls_ecc_group_to_psa(ec->grp.id, &bits);
|
||||
#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
|
||||
key_type = PSA_KEY_TYPE_ECC_KEY_PAIR(curve_id);
|
||||
|
||||
/* prepare the key attributes */
|
||||
psa_set_key_type(&attributes, key_type);
|
||||
psa_set_key_bits(&attributes, bits);
|
||||
psa_set_key_usage_flags(&attributes, usage);
|
||||
psa_set_key_algorithm(&attributes, alg);
|
||||
if (alg2 != PSA_ALG_NONE) {
|
||||
psa_set_key_enrollment_algorithm(&attributes, alg2);
|
||||
}
|
||||
|
||||
/* import private key into PSA */
|
||||
status = psa_import_key(&attributes, d, d_len, key);
|
||||
mbedtls_platform_zeroize(d, sizeof(d));
|
||||
if (status != PSA_SUCCESS) {
|
||||
return PSA_PK_TO_MBEDTLS_ERR(status);
|
||||
}
|
||||
|
||||
/* make PK context wrap the key slot */
|
||||
mbedtls_pk_free(pk);
|
||||
mbedtls_pk_init(pk);
|
||||
|
||||
return mbedtls_pk_setup_opaque(pk, *key);
|
||||
} else
|
||||
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_RSA) {
|
||||
unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
int key_len;
|
||||
psa_status_t status;
|
||||
|
||||
/* export the private key material in the format PSA wants */
|
||||
key_len = mbedtls_pk_write_key_der(pk, buf, sizeof(buf));
|
||||
if (key_len <= 0) {
|
||||
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
|
||||
}
|
||||
|
||||
/* prepare the key attributes */
|
||||
psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
|
||||
psa_set_key_bits(&attributes, mbedtls_pk_get_bitlen(pk));
|
||||
psa_set_key_usage_flags(&attributes, usage);
|
||||
psa_set_key_algorithm(&attributes, alg);
|
||||
if (alg2 != PSA_ALG_NONE) {
|
||||
psa_set_key_enrollment_algorithm(&attributes, alg2);
|
||||
}
|
||||
|
||||
/* import private key into PSA */
|
||||
status = psa_import_key(&attributes,
|
||||
buf + sizeof(buf) - key_len,
|
||||
key_len, key);
|
||||
|
||||
mbedtls_platform_zeroize(buf, sizeof(buf));
|
||||
|
||||
if (status != PSA_SUCCESS) {
|
||||
return PSA_PK_TO_MBEDTLS_ERR(status);
|
||||
}
|
||||
|
||||
/* make PK context wrap the key slot */
|
||||
mbedtls_pk_free(pk);
|
||||
mbedtls_pk_init(pk);
|
||||
|
||||
return mbedtls_pk_setup_opaque(pk, *key);
|
||||
} else
|
||||
#endif /* MBEDTLS_RSA_C */
|
||||
#endif /* !MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_RSA_C */
|
||||
return MBEDTLS_ERR_PK_TYPE_MISMATCH;
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
|
@ -202,7 +202,7 @@ static int pk_write_ec_private(unsigned char **p, unsigned char *start,
|
||||
mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
|
||||
byte_length = (ec->grp.pbits + 7) / 8;
|
||||
|
||||
ret = mbedtls_ecp_write_key(ec, tmp, byte_length);
|
||||
ret = mbedtls_ecp_write_key_ext(ec, &byte_length, tmp, sizeof(tmp));
|
||||
if (ret != 0) {
|
||||
goto exit;
|
||||
}
|
||||
|
@ -568,7 +568,7 @@ psa_status_t psa_import_key_into_slot(
|
||||
size_t *key_buffer_length, size_t *bits)
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_type_t type = attributes->core.type;
|
||||
psa_key_type_t type = attributes->type;
|
||||
|
||||
/* zero-length keys are never supported. */
|
||||
if (data_length == 0) {
|
||||
@ -578,7 +578,7 @@ psa_status_t psa_import_key_into_slot(
|
||||
if (key_type_is_raw_bytes(type)) {
|
||||
*bits = PSA_BYTES_TO_BITS(data_length);
|
||||
|
||||
status = psa_validate_unstructured_key_bit_size(attributes->core.type,
|
||||
status = psa_validate_unstructured_key_bit_size(attributes->type,
|
||||
*bits);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return status;
|
||||
@ -1226,9 +1226,7 @@ psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
|
||||
return status;
|
||||
}
|
||||
|
||||
attributes->core = slot->attr;
|
||||
attributes->core.flags &= (MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
|
||||
MBEDTLS_PSA_KA_MASK_DUAL_USE);
|
||||
*attributes = slot->attr;
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
if (psa_get_se_driver_entry(slot->attr.lifetime) != NULL) {
|
||||
@ -1245,7 +1243,7 @@ psa_status_t psa_get_key_slot_number(
|
||||
const psa_key_attributes_t *attributes,
|
||||
psa_key_slot_number_t *slot_number)
|
||||
{
|
||||
if (attributes->core.flags & MBEDTLS_PSA_KA_FLAG_HAS_SLOT_NUMBER) {
|
||||
if (attributes->has_slot_number) {
|
||||
*slot_number = attributes->slot_number;
|
||||
return PSA_SUCCESS;
|
||||
} else {
|
||||
@ -1275,7 +1273,7 @@ psa_status_t psa_export_key_internal(
|
||||
const uint8_t *key_buffer, size_t key_buffer_size,
|
||||
uint8_t *data, size_t data_size, size_t *data_length)
|
||||
{
|
||||
psa_key_type_t type = attributes->core.type;
|
||||
psa_key_type_t type = attributes->type;
|
||||
|
||||
if (key_type_is_raw_bytes(type) ||
|
||||
PSA_KEY_TYPE_IS_RSA(type) ||
|
||||
@ -1324,10 +1322,7 @@ psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
|
||||
return status;
|
||||
}
|
||||
|
||||
psa_key_attributes_t attributes = {
|
||||
.core = slot->attr
|
||||
};
|
||||
status = psa_driver_wrapper_export_key(&attributes,
|
||||
status = psa_driver_wrapper_export_key(&slot->attr,
|
||||
slot->key.data, slot->key.bytes,
|
||||
data, data_size, data_length);
|
||||
|
||||
@ -1344,7 +1339,7 @@ psa_status_t psa_export_public_key_internal(
|
||||
size_t data_size,
|
||||
size_t *data_length)
|
||||
{
|
||||
psa_key_type_t type = attributes->core.type;
|
||||
psa_key_type_t type = attributes->type;
|
||||
|
||||
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type) &&
|
||||
(PSA_KEY_TYPE_IS_RSA(type) || PSA_KEY_TYPE_IS_ECC(type) ||
|
||||
@ -1411,7 +1406,6 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot;
|
||||
psa_key_attributes_t attributes;
|
||||
|
||||
/* Reject a zero-length output buffer now, since this can never be a
|
||||
* valid key representation. This way we know that data must be a valid
|
||||
@ -1437,11 +1431,8 @@ psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
attributes = (psa_key_attributes_t) {
|
||||
.core = slot->attr
|
||||
};
|
||||
status = psa_driver_wrapper_export_public_key(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
&slot->attr, slot->key.data, slot->key.bytes,
|
||||
data, data_size, data_length);
|
||||
|
||||
exit:
|
||||
@ -1450,16 +1441,6 @@ exit:
|
||||
return (status == PSA_SUCCESS) ? unlock_status : status;
|
||||
}
|
||||
|
||||
MBEDTLS_STATIC_ASSERT(
|
||||
(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
|
||||
"One or more key attribute flag is listed as both external-only and dual-use")
|
||||
MBEDTLS_STATIC_ASSERT(
|
||||
(PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
|
||||
"One or more key attribute flag is listed as both internal-only and dual-use")
|
||||
MBEDTLS_STATIC_ASSERT(
|
||||
(PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY) == 0,
|
||||
"One or more key attribute flag is listed as both internal-only and external-only")
|
||||
|
||||
/** Validate that a key policy is internally well-formed.
|
||||
*
|
||||
* This function only rejects invalid policies. It does not validate the
|
||||
@ -1525,7 +1506,7 @@ static psa_status_t psa_validate_key_attributes(
|
||||
}
|
||||
}
|
||||
|
||||
status = psa_validate_key_policy(&attributes->core.policy);
|
||||
status = psa_validate_key_policy(&attributes->policy);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return status;
|
||||
}
|
||||
@ -1538,12 +1519,6 @@ static psa_status_t psa_validate_key_attributes(
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
/* Reject invalid flags. These should not be reachable through the API. */
|
||||
if (attributes->core.flags & ~(MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY |
|
||||
MBEDTLS_PSA_KA_MASK_DUAL_USE)) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
@ -1617,7 +1592,7 @@ static psa_status_t psa_start_key_creation(
|
||||
* volatile key identifier associated to the slot returned to contain its
|
||||
* definition. */
|
||||
|
||||
slot->attr = attributes->core;
|
||||
slot->attr = *attributes;
|
||||
if (PSA_KEY_LIFETIME_IS_VOLATILE(slot->attr.lifetime)) {
|
||||
#if !defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER)
|
||||
slot->attr.id = volatile_key_id;
|
||||
@ -1626,13 +1601,6 @@ static psa_status_t psa_start_key_creation(
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Erase external-only flags from the internal copy. To access
|
||||
* external-only flags, query `attributes`. Thanks to the check
|
||||
* in psa_validate_key_attributes(), this leaves the dual-use
|
||||
* flags and any internal flag that psa_reserve_free_key_slot()
|
||||
* may have set. */
|
||||
slot->attr.flags &= ~MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY;
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
/* For a key in a secure element, we need to do three things
|
||||
* when creating or registering a persistent key:
|
||||
@ -1659,7 +1627,7 @@ static psa_status_t psa_start_key_creation(
|
||||
return status;
|
||||
}
|
||||
|
||||
if (!PSA_KEY_LIFETIME_IS_VOLATILE(attributes->core.lifetime)) {
|
||||
if (!PSA_KEY_LIFETIME_IS_VOLATILE(attributes->lifetime)) {
|
||||
psa_crypto_prepare_transaction(PSA_CRYPTO_TRANSACTION_CREATE_KEY);
|
||||
psa_crypto_transaction.key.lifetime = slot->attr.lifetime;
|
||||
psa_crypto_transaction.key.slot = slot_number;
|
||||
@ -1859,14 +1827,14 @@ static psa_status_t psa_validate_optional_attributes(
|
||||
const psa_key_slot_t *slot,
|
||||
const psa_key_attributes_t *attributes)
|
||||
{
|
||||
if (attributes->core.type != 0) {
|
||||
if (attributes->core.type != slot->attr.type) {
|
||||
if (attributes->type != 0) {
|
||||
if (attributes->type != slot->attr.type) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
}
|
||||
|
||||
if (attributes->core.bits != 0) {
|
||||
if (attributes->core.bits != slot->attr.bits) {
|
||||
if (attributes->bits != 0) {
|
||||
if (attributes->bits != slot->attr.bits) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
}
|
||||
@ -1910,7 +1878,7 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
|
||||
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
|
||||
* buffer to hold the imported key material. */
|
||||
if (slot->key.data == NULL) {
|
||||
if (psa_key_lifetime_is_external(attributes->core.lifetime)) {
|
||||
if (psa_key_lifetime_is_external(attributes->lifetime)) {
|
||||
status = psa_driver_wrapper_get_key_buffer_size_from_key_data(
|
||||
attributes, data, data_length, &storage_size);
|
||||
if (status != PSA_SUCCESS) {
|
||||
@ -2030,12 +1998,12 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
|
||||
* equal to the ones of the source key. So it is safe to inherit
|
||||
* them from the source key now."
|
||||
* */
|
||||
actual_attributes.core.bits = source_slot->attr.bits;
|
||||
actual_attributes.core.type = source_slot->attr.type;
|
||||
actual_attributes.bits = source_slot->attr.bits;
|
||||
actual_attributes.type = source_slot->attr.type;
|
||||
|
||||
|
||||
status = psa_restrict_key_policy(source_slot->attr.type,
|
||||
&actual_attributes.core.policy,
|
||||
&actual_attributes.policy,
|
||||
&source_slot->attr.policy);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
@ -2064,7 +2032,7 @@ psa_status_t psa_copy_key(mbedtls_svc_key_id_t source_key,
|
||||
* - For opaque keys this translates to an invocation of the drivers'
|
||||
* copy_key entry point through the dispatch layer.
|
||||
* */
|
||||
if (psa_key_lifetime_is_external(actual_attributes.core.lifetime)) {
|
||||
if (psa_key_lifetime_is_external(actual_attributes.lifetime)) {
|
||||
status = psa_driver_wrapper_get_key_buffer_size(&actual_attributes,
|
||||
&storage_size);
|
||||
if (status != PSA_SUCCESS) {
|
||||
@ -2372,7 +2340,6 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
psa_key_attributes_t attributes;
|
||||
|
||||
/* A context must be freshly initialized before it can be set up. */
|
||||
if (operation->id != 0) {
|
||||
@ -2389,11 +2356,7 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
attributes = (psa_key_attributes_t) {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
status = psa_mac_finalize_alg_and_key_validation(alg, &attributes,
|
||||
status = psa_mac_finalize_alg_and_key_validation(alg, &slot->attr,
|
||||
&operation->mac_size);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
@ -2403,13 +2366,13 @@ static psa_status_t psa_mac_setup(psa_mac_operation_t *operation,
|
||||
/* Dispatch the MAC setup call with validated input */
|
||||
if (is_sign) {
|
||||
status = psa_driver_wrapper_mac_sign_setup(operation,
|
||||
&attributes,
|
||||
&slot->attr,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg);
|
||||
} else {
|
||||
status = psa_driver_wrapper_mac_verify_setup(operation,
|
||||
&attributes,
|
||||
&slot->attr,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg);
|
||||
@ -2559,7 +2522,6 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot;
|
||||
uint8_t operation_mac_size = 0;
|
||||
psa_key_attributes_t attributes;
|
||||
|
||||
status = psa_get_and_lock_key_slot_with_policy(
|
||||
key,
|
||||
@ -2570,11 +2532,7 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
attributes = (psa_key_attributes_t) {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
status = psa_mac_finalize_alg_and_key_validation(alg, &attributes,
|
||||
status = psa_mac_finalize_alg_and_key_validation(alg, &slot->attr,
|
||||
&operation_mac_size);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
@ -2586,7 +2544,7 @@ static psa_status_t psa_mac_compute_internal(mbedtls_svc_key_id_t key,
|
||||
}
|
||||
|
||||
status = psa_driver_wrapper_mac_compute(
|
||||
&attributes,
|
||||
&slot->attr,
|
||||
slot->key.data, slot->key.bytes,
|
||||
alg,
|
||||
input, input_length,
|
||||
@ -2696,7 +2654,6 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key,
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot;
|
||||
psa_key_attributes_t attributes;
|
||||
|
||||
*signature_length = 0;
|
||||
|
||||
@ -2728,19 +2685,15 @@ static psa_status_t psa_sign_internal(mbedtls_svc_key_id_t key,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
attributes = (psa_key_attributes_t) {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
if (input_is_message) {
|
||||
status = psa_driver_wrapper_sign_message(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
&slot->attr, slot->key.data, slot->key.bytes,
|
||||
alg, input, input_length,
|
||||
signature, signature_size, signature_length);
|
||||
} else {
|
||||
|
||||
status = psa_driver_wrapper_sign_hash(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
&slot->attr, slot->key.data, slot->key.bytes,
|
||||
alg, input, input_length,
|
||||
signature, signature_size, signature_length);
|
||||
}
|
||||
@ -2782,18 +2735,14 @@ static psa_status_t psa_verify_internal(mbedtls_svc_key_id_t key,
|
||||
return status;
|
||||
}
|
||||
|
||||
psa_key_attributes_t attributes = {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
if (input_is_message) {
|
||||
status = psa_driver_wrapper_verify_message(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
&slot->attr, slot->key.data, slot->key.bytes,
|
||||
alg, input, input_length,
|
||||
signature, signature_length);
|
||||
} else {
|
||||
status = psa_driver_wrapper_verify_hash(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
&slot->attr, slot->key.data, slot->key.bytes,
|
||||
alg, input, input_length,
|
||||
signature, signature_length);
|
||||
}
|
||||
@ -2904,7 +2853,7 @@ psa_status_t psa_sign_hash_builtin(
|
||||
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||
uint8_t *signature, size_t signature_size, size_t *signature_length)
|
||||
{
|
||||
if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
|
||||
if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
|
||||
if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
|
||||
PSA_ALG_IS_RSA_PSS(alg)) {
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
||||
@ -2919,7 +2868,7 @@ psa_status_t psa_sign_hash_builtin(
|
||||
} else {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
} else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
|
||||
} else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
|
||||
if (PSA_ALG_IS_ECDSA(alg)) {
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||
@ -2965,7 +2914,7 @@ psa_status_t psa_verify_hash_builtin(
|
||||
psa_algorithm_t alg, const uint8_t *hash, size_t hash_length,
|
||||
const uint8_t *signature, size_t signature_length)
|
||||
{
|
||||
if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) {
|
||||
if (PSA_KEY_TYPE_IS_RSA(attributes->type)) {
|
||||
if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
|
||||
PSA_ALG_IS_RSA_PSS(alg)) {
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
|
||||
@ -2980,7 +2929,7 @@ psa_status_t psa_verify_hash_builtin(
|
||||
} else {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
} else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
|
||||
} else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
|
||||
if (PSA_ALG_IS_ECDSA(alg)) {
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
|
||||
@ -3031,7 +2980,6 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot;
|
||||
psa_key_attributes_t attributes;
|
||||
|
||||
(void) input;
|
||||
(void) input_length;
|
||||
@ -3056,12 +3004,8 @@ psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
attributes = (psa_key_attributes_t) {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
status = psa_driver_wrapper_asymmetric_encrypt(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
&slot->attr, slot->key.data, slot->key.bytes,
|
||||
alg, input, input_length, salt, salt_length,
|
||||
output, output_size, output_length);
|
||||
exit:
|
||||
@ -3083,7 +3027,6 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot;
|
||||
psa_key_attributes_t attributes;
|
||||
|
||||
(void) input;
|
||||
(void) input_length;
|
||||
@ -3107,12 +3050,8 @@ psa_status_t psa_asymmetric_decrypt(mbedtls_svc_key_id_t key,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
attributes = (psa_key_attributes_t) {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
status = psa_driver_wrapper_asymmetric_decrypt(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
&slot->attr, slot->key.data, slot->key.bytes,
|
||||
alg, input, input_length, salt, salt_length,
|
||||
output, output_size, output_length);
|
||||
|
||||
@ -3181,7 +3120,6 @@ psa_status_t psa_sign_hash_start(
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot;
|
||||
psa_key_attributes_t attributes;
|
||||
|
||||
/* Check that start has not been previously called, or operation has not
|
||||
* previously errored. */
|
||||
@ -3208,14 +3146,10 @@ psa_status_t psa_sign_hash_start(
|
||||
goto exit;
|
||||
}
|
||||
|
||||
attributes = (psa_key_attributes_t) {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
/* Ensure ops count gets reset, in case of operation re-use. */
|
||||
operation->num_ops = 0;
|
||||
|
||||
status = psa_driver_wrapper_sign_hash_start(operation, &attributes,
|
||||
status = psa_driver_wrapper_sign_hash_start(operation, &slot->attr,
|
||||
slot->key.data,
|
||||
slot->key.bytes, alg,
|
||||
hash, hash_length);
|
||||
@ -3353,14 +3287,10 @@ psa_status_t psa_verify_hash_start(
|
||||
return status;
|
||||
}
|
||||
|
||||
psa_key_attributes_t attributes = {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
/* Ensure ops count gets reset, in case of operation re-use. */
|
||||
operation->num_ops = 0;
|
||||
|
||||
status = psa_driver_wrapper_verify_hash_start(operation, &attributes,
|
||||
status = psa_driver_wrapper_verify_hash_start(operation, &slot->attr,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg, hash, hash_length,
|
||||
@ -3495,7 +3425,7 @@ psa_status_t mbedtls_psa_sign_hash_start(
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
size_t required_hash_length;
|
||||
|
||||
if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
|
||||
if (!PSA_KEY_TYPE_IS_ECC(attributes->type)) {
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
@ -3512,8 +3442,8 @@ psa_status_t mbedtls_psa_sign_hash_start(
|
||||
/* Ensure num_ops is zero'ed in case of context re-use. */
|
||||
operation->num_ops = 0;
|
||||
|
||||
status = mbedtls_psa_ecp_load_representation(attributes->core.type,
|
||||
attributes->core.bits,
|
||||
status = mbedtls_psa_ecp_load_representation(attributes->type,
|
||||
attributes->bits,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
&operation->ctx);
|
||||
@ -3711,7 +3641,7 @@ psa_status_t mbedtls_psa_verify_hash_start(
|
||||
size_t coordinate_bytes = 0;
|
||||
size_t required_hash_length = 0;
|
||||
|
||||
if (!PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
|
||||
if (!PSA_KEY_TYPE_IS_ECC(attributes->type)) {
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
@ -3730,8 +3660,8 @@ psa_status_t mbedtls_psa_verify_hash_start(
|
||||
/* Ensure num_ops is zero'ed in case of context re-use. */
|
||||
operation->num_ops = 0;
|
||||
|
||||
status = mbedtls_psa_ecp_load_representation(attributes->core.type,
|
||||
attributes->core.bits,
|
||||
status = mbedtls_psa_ecp_load_representation(attributes->type,
|
||||
attributes->bits,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
&operation->ctx);
|
||||
@ -3889,7 +3819,6 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
|
||||
psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ?
|
||||
PSA_KEY_USAGE_ENCRYPT :
|
||||
PSA_KEY_USAGE_DECRYPT);
|
||||
psa_key_attributes_t attributes;
|
||||
|
||||
/* A context must be freshly initialized before it can be set up. */
|
||||
if (operation->id != 0) {
|
||||
@ -3919,20 +3848,16 @@ static psa_status_t psa_cipher_setup(psa_cipher_operation_t *operation,
|
||||
}
|
||||
operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
|
||||
|
||||
attributes = (psa_key_attributes_t) {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
/* Try doing the operation through a driver before using software fallback. */
|
||||
if (cipher_operation == MBEDTLS_ENCRYPT) {
|
||||
status = psa_driver_wrapper_cipher_encrypt_setup(operation,
|
||||
&attributes,
|
||||
&slot->attr,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg);
|
||||
} else {
|
||||
status = psa_driver_wrapper_cipher_decrypt_setup(operation,
|
||||
&attributes,
|
||||
&slot->attr,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg);
|
||||
@ -4145,7 +4070,6 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
|
||||
psa_key_slot_t *slot = NULL;
|
||||
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
|
||||
size_t default_iv_length = 0;
|
||||
psa_key_attributes_t attributes;
|
||||
|
||||
if (!PSA_ALG_IS_CIPHER(alg)) {
|
||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||
@ -4159,10 +4083,6 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
attributes = (psa_key_attributes_t) {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
|
||||
if (default_iv_length > PSA_CIPHER_IV_MAX_SIZE) {
|
||||
status = PSA_ERROR_GENERIC_ERROR;
|
||||
@ -4182,7 +4102,7 @@ psa_status_t psa_cipher_encrypt(mbedtls_svc_key_id_t key,
|
||||
}
|
||||
|
||||
status = psa_driver_wrapper_cipher_encrypt(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
&slot->attr, slot->key.data, slot->key.bytes,
|
||||
alg, local_iv, default_iv_length, input, input_length,
|
||||
psa_crypto_buffer_offset(output, default_iv_length),
|
||||
output_size - default_iv_length, output_length);
|
||||
@ -4216,7 +4136,6 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
psa_key_attributes_t attributes;
|
||||
|
||||
if (!PSA_ALG_IS_CIPHER(alg)) {
|
||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||
@ -4230,10 +4149,6 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
attributes = (psa_key_attributes_t) {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
if (alg == PSA_ALG_CCM_STAR_NO_TAG &&
|
||||
input_length < PSA_BLOCK_CIPHER_BLOCK_LENGTH(slot->attr.type)) {
|
||||
status = PSA_ERROR_INVALID_ARGUMENT;
|
||||
@ -4244,7 +4159,7 @@ psa_status_t psa_cipher_decrypt(mbedtls_svc_key_id_t key,
|
||||
}
|
||||
|
||||
status = psa_driver_wrapper_cipher_decrypt(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
&slot->attr, slot->key.data, slot->key.bytes,
|
||||
alg, input, input_length,
|
||||
output, output_size, output_length);
|
||||
|
||||
@ -4353,17 +4268,13 @@ psa_status_t psa_aead_encrypt(mbedtls_svc_key_id_t key,
|
||||
return status;
|
||||
}
|
||||
|
||||
psa_key_attributes_t attributes = {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
status = psa_aead_check_nonce_length(alg, nonce_length);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_driver_wrapper_aead_encrypt(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
&slot->attr, slot->key.data, slot->key.bytes,
|
||||
alg,
|
||||
nonce, nonce_length,
|
||||
additional_data, additional_data_length,
|
||||
@ -4408,17 +4319,13 @@ psa_status_t psa_aead_decrypt(mbedtls_svc_key_id_t key,
|
||||
return status;
|
||||
}
|
||||
|
||||
psa_key_attributes_t attributes = {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
status = psa_aead_check_nonce_length(alg, nonce_length);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_driver_wrapper_aead_decrypt(
|
||||
&attributes, slot->key.data, slot->key.bytes,
|
||||
&slot->attr, slot->key.data, slot->key.bytes,
|
||||
alg,
|
||||
nonce, nonce_length,
|
||||
additional_data, additional_data_length,
|
||||
@ -4484,7 +4391,6 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation,
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
psa_key_usage_t key_usage = 0;
|
||||
psa_key_attributes_t attributes;
|
||||
|
||||
status = psa_aead_check_algorithm(alg);
|
||||
if (status != PSA_SUCCESS) {
|
||||
@ -4514,23 +4420,19 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
attributes = (psa_key_attributes_t) {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
if ((status = psa_validate_tag_length(alg)) != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (is_encrypt) {
|
||||
status = psa_driver_wrapper_aead_encrypt_setup(operation,
|
||||
&attributes,
|
||||
&slot->attr,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg);
|
||||
} else {
|
||||
status = psa_driver_wrapper_aead_decrypt_setup(operation,
|
||||
&attributes,
|
||||
&slot->attr,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
alg);
|
||||
@ -4539,7 +4441,7 @@ static psa_status_t psa_aead_setup(psa_aead_operation_t *operation,
|
||||
goto exit;
|
||||
}
|
||||
|
||||
operation->key_type = psa_get_key_type(&attributes);
|
||||
operation->key_type = psa_get_key_type(&slot->attr);
|
||||
|
||||
exit:
|
||||
unlock_status = psa_unregister_read_under_mutex(slot);
|
||||
@ -5842,7 +5744,6 @@ static psa_status_t psa_generate_derived_key_internal(
|
||||
size_t bytes = PSA_BITS_TO_BYTES(bits);
|
||||
size_t storage_size = bytes;
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_attributes_t attributes;
|
||||
|
||||
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(slot->attr.type)) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
@ -5891,12 +5792,9 @@ static psa_status_t psa_generate_derived_key_internal(
|
||||
}
|
||||
|
||||
slot->attr.bits = (psa_key_bits_t) bits;
|
||||
attributes = (psa_key_attributes_t) {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
if (psa_key_lifetime_is_external(attributes.core.lifetime)) {
|
||||
status = psa_driver_wrapper_get_key_buffer_size(&attributes,
|
||||
if (psa_key_lifetime_is_external(slot->attr.lifetime)) {
|
||||
status = psa_driver_wrapper_get_key_buffer_size(&slot->attr,
|
||||
&storage_size);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
@ -5907,7 +5805,7 @@ static psa_status_t psa_generate_derived_key_internal(
|
||||
goto exit;
|
||||
}
|
||||
|
||||
status = psa_driver_wrapper_import_key(&attributes,
|
||||
status = psa_driver_wrapper_import_key(&slot->attr,
|
||||
data, bytes,
|
||||
slot->key.data,
|
||||
slot->key.bytes,
|
||||
@ -5978,7 +5876,7 @@ psa_status_t psa_key_derivation_output_key_ext(
|
||||
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
|
||||
if (status == PSA_SUCCESS) {
|
||||
status = psa_generate_derived_key_internal(slot,
|
||||
attributes->core.bits,
|
||||
attributes->bits,
|
||||
operation);
|
||||
}
|
||||
if (status == PSA_SUCCESS) {
|
||||
@ -7023,11 +6921,7 @@ static psa_status_t psa_key_agreement_raw_internal(psa_algorithm_t alg,
|
||||
return PSA_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
psa_key_attributes_t attributes = {
|
||||
.core = private_key->attr
|
||||
};
|
||||
|
||||
return psa_driver_wrapper_key_agreement(&attributes,
|
||||
return psa_driver_wrapper_key_agreement(&private_key->attr,
|
||||
private_key->key.data,
|
||||
private_key->key.bytes, alg,
|
||||
peer_key, peer_key_length,
|
||||
@ -7046,7 +6940,7 @@ static psa_status_t psa_key_agreement_internal(psa_key_derivation_operation_t *o
|
||||
size_t peer_key_length)
|
||||
{
|
||||
psa_status_t status;
|
||||
uint8_t shared_secret[PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE];
|
||||
uint8_t shared_secret[PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE] = { 0 };
|
||||
size_t shared_secret_length = 0;
|
||||
psa_algorithm_t ka_alg = PSA_ALG_KEY_AGREEMENT_GET_BASE(operation->alg);
|
||||
|
||||
@ -7400,7 +7294,7 @@ psa_status_t psa_generate_key_internal(
|
||||
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_type_t type = attributes->core.type;
|
||||
psa_key_type_t type = attributes->type;
|
||||
|
||||
/* Only used for RSA */
|
||||
(void) params;
|
||||
@ -7473,12 +7367,12 @@ psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
|
||||
}
|
||||
|
||||
/* Reject any attempt to create a public key. */
|
||||
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type)) {
|
||||
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->type)) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
|
||||
if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
|
||||
if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
|
||||
if (params->flags != 0) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
@ -7499,17 +7393,17 @@ psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
|
||||
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
|
||||
* buffer to hold the generated key material. */
|
||||
if (slot->key.data == NULL) {
|
||||
if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime) ==
|
||||
if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->lifetime) ==
|
||||
PSA_KEY_LOCATION_LOCAL_STORAGE) {
|
||||
status = psa_validate_key_type_and_size_for_key_generation(
|
||||
attributes->core.type, attributes->core.bits);
|
||||
attributes->type, attributes->bits);
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
|
||||
attributes->core.type,
|
||||
attributes->core.bits);
|
||||
attributes->type,
|
||||
attributes->bits);
|
||||
} else {
|
||||
status = psa_driver_wrapper_get_key_buffer_size(
|
||||
attributes, &key_buffer_size);
|
||||
@ -7823,7 +7717,6 @@ psa_status_t psa_pake_set_password_key(
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_slot_t *slot = NULL;
|
||||
psa_key_attributes_t attributes;
|
||||
psa_key_type_t type;
|
||||
|
||||
if (operation->stage != PSA_PAKE_OPERATION_STAGE_COLLECT_INPUTS) {
|
||||
@ -7838,11 +7731,7 @@ psa_status_t psa_pake_set_password_key(
|
||||
goto exit;
|
||||
}
|
||||
|
||||
attributes = (psa_key_attributes_t) {
|
||||
.core = slot->attr
|
||||
};
|
||||
|
||||
type = psa_get_key_type(&attributes);
|
||||
type = psa_get_key_type(&slot->attr);
|
||||
|
||||
if (type != PSA_KEY_TYPE_PASSWORD &&
|
||||
type != PSA_KEY_TYPE_PASSWORD_HASH) {
|
||||
@ -7858,7 +7747,8 @@ psa_status_t psa_pake_set_password_key(
|
||||
|
||||
memcpy(operation->data.inputs.password, slot->key.data, slot->key.bytes);
|
||||
operation->data.inputs.password_len = slot->key.bytes;
|
||||
operation->data.inputs.attributes = attributes;
|
||||
operation->data.inputs.attributes = slot->attr;
|
||||
|
||||
exit:
|
||||
if (status != PSA_SUCCESS) {
|
||||
psa_pake_abort(operation);
|
||||
|
@ -33,10 +33,10 @@ static psa_status_t psa_aead_setup(
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_cipher_id_t cipher_id;
|
||||
mbedtls_cipher_mode_t mode;
|
||||
size_t key_bits = attributes->core.bits;
|
||||
size_t key_bits = attributes->bits;
|
||||
(void) key_buffer_size;
|
||||
|
||||
status = mbedtls_cipher_values_from_psa(alg, attributes->core.type,
|
||||
status = mbedtls_cipher_values_from_psa(alg, attributes->type,
|
||||
&key_bits, &mode, &cipher_id);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return status;
|
||||
@ -49,7 +49,7 @@ static psa_status_t psa_aead_setup(
|
||||
/* CCM allows the following tag lengths: 4, 6, 8, 10, 12, 14, 16.
|
||||
* The call to mbedtls_ccm_encrypt_and_tag or
|
||||
* mbedtls_ccm_auth_decrypt will validate the tag length. */
|
||||
if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->core.type) != 16) {
|
||||
if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->type) != 16) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
@ -69,7 +69,7 @@ static psa_status_t psa_aead_setup(
|
||||
/* GCM allows the following tag lengths: 4, 8, 12, 13, 14, 15, 16.
|
||||
* The call to mbedtls_gcm_crypt_and_tag or
|
||||
* mbedtls_gcm_auth_decrypt will validate the tag length. */
|
||||
if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->core.type) != 16) {
|
||||
if (PSA_BLOCK_CIPHER_BLOCK_LENGTH(attributes->type) != 16) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
|
@ -289,14 +289,14 @@ static psa_status_t psa_cipher_setup(
|
||||
int ret = 0;
|
||||
size_t key_bits;
|
||||
const mbedtls_cipher_info_t *cipher_info = NULL;
|
||||
psa_key_type_t key_type = attributes->core.type;
|
||||
psa_key_type_t key_type = attributes->type;
|
||||
|
||||
(void) key_buffer_size;
|
||||
|
||||
mbedtls_cipher_init(&operation->ctx.cipher);
|
||||
|
||||
operation->alg = alg;
|
||||
key_bits = attributes->core.bits;
|
||||
key_bits = attributes->bits;
|
||||
cipher_info = mbedtls_cipher_info_from_psa(alg, key_type,
|
||||
key_bits, NULL);
|
||||
if (cipher_info == NULL) {
|
||||
|
@ -59,7 +59,7 @@ typedef enum {
|
||||
* and metadata for one key.
|
||||
*/
|
||||
typedef struct {
|
||||
psa_core_key_attributes_t attr;
|
||||
psa_key_attributes_t attr;
|
||||
|
||||
/*
|
||||
* The current state of the key slot, as described in
|
||||
@ -159,11 +159,6 @@ typedef struct {
|
||||
} while (0);
|
||||
#endif
|
||||
|
||||
/* A mask of key attribute flags used only internally.
|
||||
* Currently there aren't any. */
|
||||
#define PSA_KA_MASK_INTERNAL_ONLY ( \
|
||||
0)
|
||||
|
||||
/** Test whether a key slot has any registered readers.
|
||||
* If multi-threading is enabled, the caller must hold the
|
||||
* global key slot mutex.
|
||||
@ -177,56 +172,6 @@ static inline int psa_key_slot_has_readers(const psa_key_slot_t *slot)
|
||||
return slot->registered_readers > 0;
|
||||
}
|
||||
|
||||
/** Retrieve flags from psa_key_slot_t::attr::core::flags.
|
||||
*
|
||||
* \param[in] slot The key slot to query.
|
||||
* \param mask The mask of bits to extract.
|
||||
*
|
||||
* \return The key attribute flags in the given slot,
|
||||
* bitwise-anded with \p mask.
|
||||
*/
|
||||
static inline uint16_t psa_key_slot_get_flags(const psa_key_slot_t *slot,
|
||||
uint16_t mask)
|
||||
{
|
||||
return slot->attr.flags & mask;
|
||||
}
|
||||
|
||||
/** Set flags in psa_key_slot_t::attr::core::flags.
|
||||
*
|
||||
* \param[in,out] slot The key slot to modify.
|
||||
* \param mask The mask of bits to modify.
|
||||
* \param value The new value of the selected bits.
|
||||
*/
|
||||
static inline void psa_key_slot_set_flags(psa_key_slot_t *slot,
|
||||
uint16_t mask,
|
||||
uint16_t value)
|
||||
{
|
||||
slot->attr.flags = ((~mask & slot->attr.flags) |
|
||||
(mask & value));
|
||||
}
|
||||
|
||||
/** Turn on flags in psa_key_slot_t::attr::core::flags.
|
||||
*
|
||||
* \param[in,out] slot The key slot to modify.
|
||||
* \param mask The mask of bits to set.
|
||||
*/
|
||||
static inline void psa_key_slot_set_bits_in_flags(psa_key_slot_t *slot,
|
||||
uint16_t mask)
|
||||
{
|
||||
slot->attr.flags |= mask;
|
||||
}
|
||||
|
||||
/** Turn off flags in psa_key_slot_t::attr::core::flags.
|
||||
*
|
||||
* \param[in,out] slot The key slot to modify.
|
||||
* \param mask The mask of bits to clear.
|
||||
*/
|
||||
static inline void psa_key_slot_clear_bits(psa_key_slot_t *slot,
|
||||
uint16_t mask)
|
||||
{
|
||||
slot->attr.flags &= ~mask;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
/** Get the SE slot number of a key from the key slot storing its description.
|
||||
*
|
||||
|
@ -216,8 +216,8 @@ psa_status_t mbedtls_psa_ecp_import_key(
|
||||
mbedtls_ecp_keypair *ecp = NULL;
|
||||
|
||||
/* Parse input */
|
||||
status = mbedtls_psa_ecp_load_representation(attributes->core.type,
|
||||
attributes->core.bits,
|
||||
status = mbedtls_psa_ecp_load_representation(attributes->type,
|
||||
attributes->bits,
|
||||
data,
|
||||
data_length,
|
||||
&ecp);
|
||||
@ -225,7 +225,7 @@ psa_status_t mbedtls_psa_ecp_import_key(
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) ==
|
||||
if (PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type) ==
|
||||
PSA_ECC_FAMILY_MONTGOMERY) {
|
||||
*bits = ecp->grp.nbits + 1;
|
||||
} else {
|
||||
@ -235,7 +235,7 @@ psa_status_t mbedtls_psa_ecp_import_key(
|
||||
/* Re-export the data to PSA export format. There is currently no support
|
||||
* for other input formats then the export format, so this is a 1-1
|
||||
* copy operation. */
|
||||
status = mbedtls_psa_ecp_export_key(attributes->core.type,
|
||||
status = mbedtls_psa_ecp_export_key(attributes->type,
|
||||
ecp,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
@ -281,20 +281,8 @@ psa_status_t mbedtls_psa_ecp_export_key(psa_key_type_t type,
|
||||
|
||||
return status;
|
||||
} else {
|
||||
if (data_size < PSA_BITS_TO_BYTES(ecp->grp.nbits)) {
|
||||
return PSA_ERROR_BUFFER_TOO_SMALL;
|
||||
}
|
||||
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_ecp_write_key(ecp,
|
||||
data,
|
||||
PSA_BITS_TO_BYTES(ecp->grp.nbits)));
|
||||
if (status == PSA_SUCCESS) {
|
||||
*data_length = PSA_BITS_TO_BYTES(ecp->grp.nbits);
|
||||
} else {
|
||||
memset(data, 0, data_size);
|
||||
}
|
||||
|
||||
mbedtls_ecp_write_key_ext(ecp, data_length, data, data_size));
|
||||
return status;
|
||||
}
|
||||
}
|
||||
@ -308,7 +296,7 @@ psa_status_t mbedtls_psa_ecp_export_public_key(
|
||||
mbedtls_ecp_keypair *ecp = NULL;
|
||||
|
||||
status = mbedtls_psa_ecp_load_representation(
|
||||
attributes->core.type, attributes->core.bits,
|
||||
attributes->type, attributes->bits,
|
||||
key_buffer, key_buffer_size, &ecp);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return status;
|
||||
@ -316,7 +304,7 @@ psa_status_t mbedtls_psa_ecp_export_public_key(
|
||||
|
||||
status = mbedtls_psa_ecp_export_key(
|
||||
PSA_KEY_TYPE_ECC_PUBLIC_KEY(
|
||||
PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type)),
|
||||
PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->type)),
|
||||
ecp, data, data_size, data_length);
|
||||
|
||||
mbedtls_ecp_keypair_free(ecp);
|
||||
@ -337,9 +325,9 @@ psa_status_t mbedtls_psa_ecp_generate_key(
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
|
||||
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
|
||||
attributes->core.type);
|
||||
attributes->type);
|
||||
mbedtls_ecp_group_id grp_id =
|
||||
mbedtls_ecc_group_from_psa(curve, attributes->core.bits);
|
||||
mbedtls_ecc_group_from_psa(curve, attributes->bits);
|
||||
|
||||
const mbedtls_ecp_curve_info *curve_info =
|
||||
mbedtls_ecp_curve_info_from_grp_id(grp_id);
|
||||
@ -359,14 +347,11 @@ psa_status_t mbedtls_psa_ecp_generate_key(
|
||||
}
|
||||
|
||||
status = mbedtls_to_psa_error(
|
||||
mbedtls_ecp_write_key(&ecp, key_buffer, key_buffer_size));
|
||||
mbedtls_ecp_write_key_ext(&ecp, key_buffer_length,
|
||||
key_buffer, key_buffer_size));
|
||||
|
||||
mbedtls_ecp_keypair_free(&ecp);
|
||||
|
||||
if (status == PSA_SUCCESS) {
|
||||
*key_buffer_length = key_buffer_size;
|
||||
}
|
||||
|
||||
return status;
|
||||
}
|
||||
#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
|
||||
@ -389,8 +374,8 @@ psa_status_t mbedtls_psa_ecdsa_sign_hash(
|
||||
size_t curve_bytes;
|
||||
mbedtls_mpi r, s;
|
||||
|
||||
status = mbedtls_psa_ecp_load_representation(attributes->core.type,
|
||||
attributes->core.bits,
|
||||
status = mbedtls_psa_ecp_load_representation(attributes->type,
|
||||
attributes->bits,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
&ecp);
|
||||
@ -476,8 +461,8 @@ psa_status_t mbedtls_psa_ecdsa_verify_hash(
|
||||
|
||||
(void) alg;
|
||||
|
||||
status = mbedtls_psa_ecp_load_representation(attributes->core.type,
|
||||
attributes->core.bits,
|
||||
status = mbedtls_psa_ecp_load_representation(attributes->type,
|
||||
attributes->bits,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
&ecp);
|
||||
@ -541,14 +526,14 @@ psa_status_t mbedtls_psa_key_agreement_ecdh(
|
||||
size_t *shared_secret_length)
|
||||
{
|
||||
psa_status_t status;
|
||||
if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(attributes->core.type) ||
|
||||
if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(attributes->type) ||
|
||||
!PSA_ALG_IS_ECDH(alg)) {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
mbedtls_ecp_keypair *ecp = NULL;
|
||||
status = mbedtls_psa_ecp_load_representation(
|
||||
attributes->core.type,
|
||||
attributes->core.bits,
|
||||
attributes->type,
|
||||
attributes->bits,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
&ecp);
|
||||
|
@ -151,7 +151,7 @@ psa_status_t mbedtls_psa_ffdh_export_public_key(
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_mpi GX, G, X, P;
|
||||
psa_key_type_t type = attributes->core.type;
|
||||
psa_key_type_t type = attributes->type;
|
||||
|
||||
if (PSA_KEY_TYPE_IS_PUBLIC_KEY(type)) {
|
||||
if (key_buffer_size > data_size) {
|
||||
@ -167,7 +167,7 @@ psa_status_t mbedtls_psa_ffdh_export_public_key(
|
||||
mbedtls_mpi_init(&GX); mbedtls_mpi_init(&G);
|
||||
mbedtls_mpi_init(&X); mbedtls_mpi_init(&P);
|
||||
|
||||
size_t key_len = PSA_BITS_TO_BYTES(attributes->core.bits);
|
||||
size_t key_len = PSA_BITS_TO_BYTES(attributes->bits);
|
||||
|
||||
status = mbedtls_psa_ffdh_set_prime_generator(key_len, &P, &G);
|
||||
|
||||
@ -283,7 +283,7 @@ psa_status_t mbedtls_psa_ffdh_key_agreement(
|
||||
mbedtls_mpi_init(&K);
|
||||
|
||||
status = mbedtls_psa_ffdh_set_prime_generator(
|
||||
PSA_BITS_TO_BYTES(attributes->core.bits), &P, &G);
|
||||
PSA_BITS_TO_BYTES(attributes->bits), &P, &G);
|
||||
|
||||
if (status != PSA_SUCCESS) {
|
||||
goto cleanup;
|
||||
|
@ -116,7 +116,7 @@ psa_status_t mbedtls_psa_rsa_import_key(
|
||||
mbedtls_rsa_context *rsa = NULL;
|
||||
|
||||
/* Parse input */
|
||||
status = mbedtls_psa_rsa_load_representation(attributes->core.type,
|
||||
status = mbedtls_psa_rsa_load_representation(attributes->type,
|
||||
data,
|
||||
data_length,
|
||||
&rsa);
|
||||
@ -130,7 +130,7 @@ psa_status_t mbedtls_psa_rsa_import_key(
|
||||
* representation in the key slot. Export representation in case of RSA is
|
||||
* the smallest representation that's allowed as input, so a straight-up
|
||||
* allocation of the same size as the input buffer will be large enough. */
|
||||
status = mbedtls_psa_rsa_export_key(attributes->core.type,
|
||||
status = mbedtls_psa_rsa_export_key(attributes->type,
|
||||
rsa,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
@ -196,7 +196,7 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
|
||||
mbedtls_rsa_context *rsa = NULL;
|
||||
|
||||
status = mbedtls_psa_rsa_load_representation(
|
||||
attributes->core.type, key_buffer, key_buffer_size, &rsa);
|
||||
attributes->type, key_buffer, key_buffer_size, &rsa);
|
||||
if (status != PSA_SUCCESS) {
|
||||
return status;
|
||||
}
|
||||
@ -261,13 +261,13 @@ psa_status_t mbedtls_psa_rsa_generate_key(
|
||||
ret = mbedtls_rsa_gen_key(&rsa,
|
||||
mbedtls_psa_get_random,
|
||||
MBEDTLS_PSA_RANDOM_STATE,
|
||||
(unsigned int) attributes->core.bits,
|
||||
(unsigned int) attributes->bits,
|
||||
exponent);
|
||||
if (ret != 0) {
|
||||
return mbedtls_to_psa_error(ret);
|
||||
}
|
||||
|
||||
status = mbedtls_psa_rsa_export_key(attributes->core.type,
|
||||
status = mbedtls_psa_rsa_export_key(attributes->type,
|
||||
&rsa, key_buffer, key_buffer_size,
|
||||
key_buffer_length);
|
||||
mbedtls_rsa_free(&rsa);
|
||||
@ -325,7 +325,7 @@ psa_status_t mbedtls_psa_rsa_sign_hash(
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_md_type_t md_alg;
|
||||
|
||||
status = mbedtls_psa_rsa_load_representation(attributes->core.type,
|
||||
status = mbedtls_psa_rsa_load_representation(attributes->type,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
&rsa);
|
||||
@ -424,7 +424,7 @@ psa_status_t mbedtls_psa_rsa_verify_hash(
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
mbedtls_md_type_t md_alg;
|
||||
|
||||
status = mbedtls_psa_rsa_load_representation(attributes->core.type,
|
||||
status = mbedtls_psa_rsa_load_representation(attributes->type,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
&rsa);
|
||||
@ -536,11 +536,11 @@ psa_status_t mbedtls_psa_asymmetric_encrypt(const psa_key_attributes_t *attribut
|
||||
(void) output_size;
|
||||
(void) output_length;
|
||||
|
||||
if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) {
|
||||
if (PSA_KEY_TYPE_IS_RSA(attributes->type)) {
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
|
||||
mbedtls_rsa_context *rsa = NULL;
|
||||
status = mbedtls_psa_rsa_load_representation(attributes->core.type,
|
||||
status = mbedtls_psa_rsa_load_representation(attributes->type,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
&rsa);
|
||||
@ -632,11 +632,11 @@ psa_status_t mbedtls_psa_asymmetric_decrypt(const psa_key_attributes_t *attribut
|
||||
|
||||
*output_length = 0;
|
||||
|
||||
if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
|
||||
if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
|
||||
#if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
|
||||
defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP)
|
||||
mbedtls_rsa_context *rsa = NULL;
|
||||
status = mbedtls_psa_rsa_load_representation(attributes->core.type,
|
||||
status = mbedtls_psa_rsa_load_representation(attributes->type,
|
||||
key_buffer,
|
||||
key_buffer_size,
|
||||
&rsa);
|
||||
|
@ -329,7 +329,7 @@ static psa_status_t psa_load_builtin_key_into_slot(psa_key_slot_t *slot)
|
||||
|
||||
/* Copy actual key length and core attributes into the slot on success */
|
||||
slot->key.bytes = key_buffer_length;
|
||||
slot->attr = attributes.core;
|
||||
slot->attr = attributes;
|
||||
exit:
|
||||
if (status != PSA_SUCCESS) {
|
||||
psa_remove_key_data_from_memory(slot);
|
||||
|
@ -235,7 +235,7 @@ typedef struct {
|
||||
|
||||
void psa_format_key_data_for_storage(const uint8_t *data,
|
||||
const size_t data_length,
|
||||
const psa_core_key_attributes_t *attr,
|
||||
const psa_key_attributes_t *attr,
|
||||
uint8_t *storage_data)
|
||||
{
|
||||
psa_persistent_key_storage_format *storage_format =
|
||||
@ -267,7 +267,7 @@ psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
|
||||
size_t storage_data_length,
|
||||
uint8_t **key_data,
|
||||
size_t *key_data_length,
|
||||
psa_core_key_attributes_t *attr)
|
||||
psa_key_attributes_t *attr)
|
||||
{
|
||||
psa_status_t status;
|
||||
const psa_persistent_key_storage_format *storage_format =
|
||||
@ -314,7 +314,7 @@ psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
|
||||
return PSA_SUCCESS;
|
||||
}
|
||||
|
||||
psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr,
|
||||
psa_status_t psa_save_persistent_key(const psa_key_attributes_t *attr,
|
||||
const uint8_t *data,
|
||||
const size_t data_length)
|
||||
{
|
||||
@ -352,7 +352,7 @@ void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length)
|
||||
mbedtls_zeroize_and_free(key_data, key_data_length);
|
||||
}
|
||||
|
||||
psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr,
|
||||
psa_status_t psa_load_persistent_key(psa_key_attributes_t *attr,
|
||||
uint8_t **data,
|
||||
size_t *data_length)
|
||||
{
|
||||
|
@ -93,7 +93,7 @@ int psa_is_key_present_in_storage(const mbedtls_svc_key_id_t key);
|
||||
* \retval #PSA_ERROR_DATA_INVALID \emptydescription
|
||||
* \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
|
||||
*/
|
||||
psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr,
|
||||
psa_status_t psa_save_persistent_key(const psa_key_attributes_t *attr,
|
||||
const uint8_t *data,
|
||||
const size_t data_length);
|
||||
|
||||
@ -123,7 +123,7 @@ psa_status_t psa_save_persistent_key(const psa_core_key_attributes_t *attr,
|
||||
* \retval #PSA_ERROR_DATA_CORRUPT \emptydescription
|
||||
* \retval #PSA_ERROR_DOES_NOT_EXIST \emptydescription
|
||||
*/
|
||||
psa_status_t psa_load_persistent_key(psa_core_key_attributes_t *attr,
|
||||
psa_status_t psa_load_persistent_key(psa_key_attributes_t *attr,
|
||||
uint8_t **data,
|
||||
size_t *data_length);
|
||||
|
||||
@ -163,7 +163,7 @@ void psa_free_persistent_key_data(uint8_t *key_data, size_t key_data_length);
|
||||
*/
|
||||
void psa_format_key_data_for_storage(const uint8_t *data,
|
||||
const size_t data_length,
|
||||
const psa_core_key_attributes_t *attr,
|
||||
const psa_key_attributes_t *attr,
|
||||
uint8_t *storage_data);
|
||||
|
||||
/**
|
||||
@ -186,7 +186,7 @@ psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data,
|
||||
size_t storage_data_length,
|
||||
uint8_t **key_data,
|
||||
size_t *key_data_length,
|
||||
psa_core_key_attributes_t *attr);
|
||||
psa_key_attributes_t *attr);
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
/** This symbol is defined if transaction support is required. */
|
||||
|
@ -765,11 +765,6 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl)
|
||||
MBEDTLS_SSL_SESSION_TICKETS &&
|
||||
MBEDTLS_HAVE_TIME */
|
||||
|
||||
if (ssl->conf->f_rng == NULL) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
|
||||
return MBEDTLS_ERR_SSL_NO_RNG;
|
||||
}
|
||||
|
||||
/* Bet on the highest configured version if we are not in a TLS 1.2
|
||||
* renegotiation or session resumption.
|
||||
*/
|
||||
|
@ -2150,6 +2150,9 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
const unsigned char *end,
|
||||
size_t *out_len);
|
||||
|
||||
int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl,
|
||||
size_t early_data_len);
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
|
||||
|
@ -4005,7 +4005,11 @@ static int ssl_prepare_record_content(mbedtls_ssl_context *ssl,
|
||||
MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD)) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
3, ("EarlyData: deprotect and discard app data records."));
|
||||
/* TODO: Add max_early_data_size check here, see issue 6347 */
|
||||
|
||||
ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */
|
||||
@ -4129,9 +4133,15 @@ static int ssl_prepare_record_content(mbedtls_ssl_context *ssl,
|
||||
*/
|
||||
if (ssl->discard_early_data_record == MBEDTLS_SSL_EARLY_DATA_DISCARD) {
|
||||
if (rec->type == MBEDTLS_SSL_MSG_APPLICATION_DATA) {
|
||||
|
||||
ret = mbedtls_ssl_tls13_check_early_data_len(ssl, rec->data_len);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
3, ("EarlyData: Ignore application message before 2nd ClientHello"));
|
||||
/* TODO: Add max_early_data_size check here, see issue 6347 */
|
||||
|
||||
return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
|
||||
} else if (rec->type == MBEDTLS_SSL_MSG_HANDSHAKE) {
|
||||
ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD;
|
||||
|
1399
library/ssl_tls.c
1399
library/ssl_tls.c
File diff suppressed because it is too large
Load Diff
@ -2178,11 +2178,6 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl)
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */
|
||||
|
||||
if (ssl->conf->f_rng == NULL) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
|
||||
return MBEDTLS_ERR_SSL_NO_RNG;
|
||||
}
|
||||
|
||||
/*
|
||||
* 0 . 0 handshake type
|
||||
* 1 . 3 handshake length
|
||||
@ -2703,8 +2698,7 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
|
||||
PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type));
|
||||
psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits);
|
||||
|
||||
key_len = PSA_BITS_TO_BYTES(key->grp.pbits);
|
||||
ret = mbedtls_ecp_write_key(key, buf, key_len);
|
||||
ret = mbedtls_ecp_write_key_ext(key, &key_len, buf, sizeof(buf));
|
||||
if (ret != 0) {
|
||||
mbedtls_platform_zeroize(buf, sizeof(buf));
|
||||
break;
|
||||
|
@ -1454,6 +1454,54 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SRV_C)
|
||||
int mbedtls_ssl_tls13_check_early_data_len(mbedtls_ssl_context *ssl,
|
||||
size_t early_data_len)
|
||||
{
|
||||
/*
|
||||
* This function should be called only while an handshake is in progress
|
||||
* and thus a session under negotiation. Add a sanity check to detect a
|
||||
* misuse.
|
||||
*/
|
||||
if (ssl->session_negotiate == NULL) {
|
||||
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
}
|
||||
|
||||
/* RFC 8446 section 4.6.1
|
||||
*
|
||||
* A server receiving more than max_early_data_size bytes of 0-RTT data
|
||||
* SHOULD terminate the connection with an "unexpected_message" alert.
|
||||
* Note that if it is still possible to send early_data_len bytes of early
|
||||
* data, it means that early_data_len is smaller than max_early_data_size
|
||||
* (type uint32_t) and can fit in an uint32_t. We use this further
|
||||
* down.
|
||||
*/
|
||||
if (early_data_len >
|
||||
(ssl->session_negotiate->max_early_data_size -
|
||||
ssl->total_early_data_size)) {
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
2, ("EarlyData: Too much early data received, %u + %" MBEDTLS_PRINTF_SIZET " > %u",
|
||||
ssl->total_early_data_size, early_data_len,
|
||||
ssl->session_negotiate->max_early_data_size));
|
||||
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE,
|
||||
MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE);
|
||||
return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
|
||||
}
|
||||
|
||||
/*
|
||||
* early_data_len has been checked to be less than max_early_data_size
|
||||
* that is uint32_t. Its cast to an uint32_t below is thus safe. We need
|
||||
* the cast to appease some compilers.
|
||||
*/
|
||||
ssl->total_early_data_size += (uint32_t) early_data_len;
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SRV_C */
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
/* Reset SSL context and update hash for handling HRR.
|
||||
|
@ -39,6 +39,63 @@ static const mbedtls_ssl_ciphersuite_t *ssl_tls13_validate_peer_ciphersuite(
|
||||
return ciphersuite_info;
|
||||
}
|
||||
|
||||
static void ssl_tls13_select_ciphersuite(
|
||||
mbedtls_ssl_context *ssl,
|
||||
const unsigned char *cipher_suites,
|
||||
const unsigned char *cipher_suites_end,
|
||||
int psk_ciphersuite_id,
|
||||
psa_algorithm_t psk_hash_alg,
|
||||
const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info)
|
||||
{
|
||||
*selected_ciphersuite_info = NULL;
|
||||
|
||||
/*
|
||||
* In a compliant ClientHello the byte-length of the list of ciphersuites
|
||||
* is even and this function relies on this fact. This should have been
|
||||
* checked in the main ClientHello parsing function. Double check here.
|
||||
*/
|
||||
if ((cipher_suites_end - cipher_suites) & 1) {
|
||||
return;
|
||||
}
|
||||
|
||||
for (const unsigned char *p = cipher_suites;
|
||||
p < cipher_suites_end; p += 2) {
|
||||
/*
|
||||
* "cipher_suites_end - p is even" is an invariant of the loop. As
|
||||
* cipher_suites_end - p > 0, we have cipher_suites_end - p >= 2 and it
|
||||
* is thus safe to read two bytes.
|
||||
*/
|
||||
uint16_t id = MBEDTLS_GET_UINT16_BE(p, 0);
|
||||
|
||||
const mbedtls_ssl_ciphersuite_t *info =
|
||||
ssl_tls13_validate_peer_ciphersuite(ssl, id);
|
||||
if (info == NULL) {
|
||||
continue;
|
||||
}
|
||||
|
||||
/*
|
||||
* If a valid PSK ciphersuite identifier has been passed in, we want
|
||||
* an exact match.
|
||||
*/
|
||||
if (psk_ciphersuite_id != 0) {
|
||||
if (id != psk_ciphersuite_id) {
|
||||
continue;
|
||||
}
|
||||
} else if (psk_hash_alg != PSA_ALG_NONE) {
|
||||
if (mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac) !=
|
||||
psk_hash_alg) {
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
*selected_ciphersuite_info = info;
|
||||
return;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite, psk_ciphersuite_id=%x, psk_hash_alg=%x",
|
||||
(unsigned) psk_ciphersuite_id, psk_hash_alg));
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
/* From RFC 8446:
|
||||
*
|
||||
@ -90,8 +147,30 @@ static int ssl_tls13_parse_key_exchange_modes_ext(mbedtls_ssl_context *ssl,
|
||||
return 0;
|
||||
}
|
||||
|
||||
#define SSL_TLS1_3_OFFERED_PSK_NOT_MATCH 1
|
||||
#define SSL_TLS1_3_OFFERED_PSK_MATCH 0
|
||||
/*
|
||||
* Non-error return values of
|
||||
* ssl_tls13_offered_psks_check_identity_match_ticket() and
|
||||
* ssl_tls13_offered_psks_check_identity_match(). They are positive to
|
||||
* not collide with error codes that are negative. Zero
|
||||
* (SSL_TLS1_3_PSK_IDENTITY_MATCH) in case of success as it may be propagated
|
||||
* up by the callers of this function as a generic success condition.
|
||||
*
|
||||
* The return value SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE means
|
||||
* that the pre-shared-key identity matches that of a ticket or an externally-
|
||||
* provisioned pre-shared-key. We have thus been able to retrieve the
|
||||
* attributes of the pre-shared-key but at least one of them does not meet
|
||||
* some criteria and the pre-shared-key cannot be used. For example, a ticket
|
||||
* is expired or its version is not TLS 1.3. Note eventually that the return
|
||||
* value SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE does not have
|
||||
* anything to do with binder check. A binder check is done only when a
|
||||
* suitable pre-shared-key has been selected and only for that selected
|
||||
* pre-shared-key: if the binder check fails, we fail the handshake and we do
|
||||
* not try to find another pre-shared-key for which the binder check would
|
||||
* succeed as recommended by the specification.
|
||||
*/
|
||||
#define SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH 2
|
||||
#define SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE 1
|
||||
#define SSL_TLS1_3_PSK_IDENTITY_MATCH 0
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
@ -109,7 +188,6 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char *ticket_buffer;
|
||||
unsigned int key_exchanges;
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
mbedtls_ms_time_t now;
|
||||
mbedtls_ms_time_t server_age;
|
||||
@ -123,7 +201,7 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
|
||||
|
||||
/* Ticket parser is not configured, Skip */
|
||||
if (ssl->conf->f_ticket_parse == NULL || identity_len == 0) {
|
||||
return 0;
|
||||
return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
|
||||
}
|
||||
|
||||
/* We create a copy of the encrypted ticket since the ticket parsing
|
||||
@ -133,63 +211,51 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
|
||||
*/
|
||||
ticket_buffer = mbedtls_calloc(1, identity_len);
|
||||
if (ticket_buffer == NULL) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("buffer too small"));
|
||||
return MBEDTLS_ERR_SSL_ALLOC_FAILED;
|
||||
}
|
||||
memcpy(ticket_buffer, identity, identity_len);
|
||||
|
||||
if ((ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket,
|
||||
session,
|
||||
ticket_buffer, identity_len)) != 0) {
|
||||
if (ret == MBEDTLS_ERR_SSL_INVALID_MAC) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic"));
|
||||
} else if (ret == MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED) {
|
||||
ret = ssl->conf->f_ticket_parse(ssl->conf->p_ticket,
|
||||
session,
|
||||
ticket_buffer, identity_len);
|
||||
switch (ret) {
|
||||
case 0:
|
||||
ret = SSL_TLS1_3_PSK_IDENTITY_MATCH;
|
||||
break;
|
||||
|
||||
case MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED:
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is expired"));
|
||||
} else {
|
||||
ret = SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE;
|
||||
break;
|
||||
|
||||
case MBEDTLS_ERR_SSL_INVALID_MAC:
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("ticket is not authentic"));
|
||||
ret = SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
|
||||
break;
|
||||
|
||||
default:
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "ticket_parse", ret);
|
||||
}
|
||||
ret = SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
|
||||
}
|
||||
|
||||
/* We delete the temporary buffer */
|
||||
mbedtls_free(ticket_buffer);
|
||||
|
||||
if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3."));
|
||||
/* TODO: Define new return value for this case. */
|
||||
ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
|
||||
}
|
||||
|
||||
if (ret != 0) {
|
||||
if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
/* RFC 8446 section 4.2.9
|
||||
*
|
||||
* Servers SHOULD NOT send NewSessionTicket with tickets that are not
|
||||
* compatible with the advertised modes; however, if a server does so,
|
||||
* the impact will just be that the client's attempts at resumption fail.
|
||||
*
|
||||
* We regard the ticket with incompatible key exchange modes as not match.
|
||||
/*
|
||||
* The identity matches that of a ticket. Now check that it has suitable
|
||||
* attributes and bet it will not be the case.
|
||||
*/
|
||||
ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
|
||||
MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
|
||||
ret = SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE;
|
||||
|
||||
key_exchanges = 0;
|
||||
if (mbedtls_ssl_tls13_session_ticket_allow_psk_ephemeral(session) &&
|
||||
ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
|
||||
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
|
||||
}
|
||||
if (mbedtls_ssl_tls13_session_ticket_allow_psk(session) &&
|
||||
ssl_tls13_key_exchange_is_psk_available(ssl)) {
|
||||
key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
|
||||
}
|
||||
|
||||
if (key_exchanges == 0) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
|
||||
if (session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3."));
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
|
||||
#if defined(MBEDTLS_HAVE_TIME)
|
||||
now = mbedtls_ms_time();
|
||||
|
||||
@ -242,13 +308,15 @@ static int ssl_tls13_offered_psks_check_identity_match_ticket(
|
||||
age_diff));
|
||||
goto exit;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
#endif /* MBEDTLS_HAVE_TIME */
|
||||
|
||||
/*
|
||||
* All good, we have found a suitable ticket.
|
||||
*/
|
||||
ret = SSL_TLS1_3_PSK_IDENTITY_MATCH;
|
||||
|
||||
exit:
|
||||
if (ret != 0) {
|
||||
if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) {
|
||||
mbedtls_ssl_session_free(session);
|
||||
}
|
||||
|
||||
@ -273,13 +341,11 @@ static int ssl_tls13_offered_psks_check_identity_match(
|
||||
*psk_type = MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF(4, "identity", identity, identity_len);
|
||||
ssl->handshake->resume = 0;
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
if (ssl_tls13_offered_psks_check_identity_match_ticket(
|
||||
ssl, identity, identity_len, obfuscated_ticket_age,
|
||||
session) == SSL_TLS1_3_OFFERED_PSK_MATCH) {
|
||||
ssl->handshake->resume = 1;
|
||||
ret = ssl_tls13_offered_psks_check_identity_match_ticket(
|
||||
ssl, identity, identity_len, obfuscated_ticket_age, session);
|
||||
if (ret == SSL_TLS1_3_PSK_IDENTITY_MATCH) {
|
||||
*psk_type = MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION;
|
||||
ret = mbedtls_ssl_set_hs_psk(ssl,
|
||||
session->resumption_key,
|
||||
@ -294,7 +360,9 @@ static int ssl_tls13_offered_psks_check_identity_match(
|
||||
session->resumption_key_len);
|
||||
MBEDTLS_SSL_DEBUG_MSG(4, ("ticket: obfuscated_ticket_age: %u",
|
||||
(unsigned) obfuscated_ticket_age));
|
||||
return SSL_TLS1_3_OFFERED_PSK_MATCH;
|
||||
return SSL_TLS1_3_PSK_IDENTITY_MATCH;
|
||||
} else if (ret == SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE) {
|
||||
return SSL_TLS1_3_PSK_IDENTITY_MATCH_BUT_PSK_NOT_USABLE;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
@ -302,9 +370,9 @@ static int ssl_tls13_offered_psks_check_identity_match(
|
||||
if (ssl->conf->f_psk != NULL) {
|
||||
if (ssl->conf->f_psk(
|
||||
ssl->conf->p_psk, ssl, identity, identity_len) == 0) {
|
||||
return SSL_TLS1_3_OFFERED_PSK_MATCH;
|
||||
return SSL_TLS1_3_PSK_IDENTITY_MATCH;
|
||||
}
|
||||
return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
|
||||
return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_BUF(5, "identity", identity, identity_len);
|
||||
@ -318,12 +386,20 @@ static int ssl_tls13_offered_psks_check_identity_match(
|
||||
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_set_hs_psk", ret);
|
||||
return ret;
|
||||
}
|
||||
return SSL_TLS1_3_OFFERED_PSK_MATCH;
|
||||
return SSL_TLS1_3_PSK_IDENTITY_MATCH;
|
||||
}
|
||||
|
||||
return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
|
||||
return SSL_TLS1_3_PSK_IDENTITY_DOES_NOT_MATCH;
|
||||
}
|
||||
|
||||
/*
|
||||
* Non-error return values of ssl_tls13_offered_psks_check_binder_match().
|
||||
* They are positive to not collide with error codes that are negative. Zero
|
||||
* (SSL_TLS1_3_BINDER_MATCH) in case of success as it may be propagated up
|
||||
* by the callers of this function as a generic success condition.
|
||||
*/
|
||||
#define SSL_TLS1_3_BINDER_DOES_NOT_MATCH 1
|
||||
#define SSL_TLS1_3_BINDER_MATCH 0
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_offered_psks_check_binder_match(
|
||||
mbedtls_ssl_context *ssl,
|
||||
@ -368,99 +444,15 @@ static int ssl_tls13_offered_psks_check_binder_match(
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "psk binder ( received ): ", binder, binder_len);
|
||||
|
||||
if (mbedtls_ct_memcmp(server_computed_binder, binder, binder_len) == 0) {
|
||||
return SSL_TLS1_3_OFFERED_PSK_MATCH;
|
||||
return SSL_TLS1_3_BINDER_MATCH;
|
||||
}
|
||||
|
||||
mbedtls_platform_zeroize(server_computed_binder,
|
||||
sizeof(server_computed_binder));
|
||||
return SSL_TLS1_3_OFFERED_PSK_NOT_MATCH;
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_select_ciphersuite_for_psk(
|
||||
mbedtls_ssl_context *ssl,
|
||||
const unsigned char *cipher_suites,
|
||||
const unsigned char *cipher_suites_end,
|
||||
uint16_t *selected_ciphersuite,
|
||||
const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info)
|
||||
{
|
||||
psa_algorithm_t psk_hash_alg = PSA_ALG_SHA_256;
|
||||
|
||||
*selected_ciphersuite = 0;
|
||||
*selected_ciphersuite_info = NULL;
|
||||
|
||||
/* RFC 8446, page 55.
|
||||
*
|
||||
* For externally established PSKs, the Hash algorithm MUST be set when the
|
||||
* PSK is established or default to SHA-256 if no such algorithm is defined.
|
||||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* Search for a matching ciphersuite
|
||||
*/
|
||||
for (const unsigned char *p = cipher_suites;
|
||||
p < cipher_suites_end; p += 2) {
|
||||
uint16_t cipher_suite;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
|
||||
cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
|
||||
ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl,
|
||||
cipher_suite);
|
||||
if (ciphersuite_info == NULL) {
|
||||
continue;
|
||||
}
|
||||
|
||||
/* MAC of selected ciphersuite MUST be same with PSK binder if exist.
|
||||
* Otherwise, client should reject.
|
||||
*/
|
||||
if (psk_hash_alg ==
|
||||
mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac)) {
|
||||
*selected_ciphersuite = cipher_suite;
|
||||
*selected_ciphersuite_info = ciphersuite_info;
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("No matched ciphersuite"));
|
||||
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
|
||||
return SSL_TLS1_3_BINDER_DOES_NOT_MATCH;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_select_ciphersuite_for_resumption(
|
||||
mbedtls_ssl_context *ssl,
|
||||
const unsigned char *cipher_suites,
|
||||
const unsigned char *cipher_suites_end,
|
||||
mbedtls_ssl_session *session,
|
||||
uint16_t *selected_ciphersuite,
|
||||
const mbedtls_ssl_ciphersuite_t **selected_ciphersuite_info)
|
||||
{
|
||||
|
||||
*selected_ciphersuite = 0;
|
||||
*selected_ciphersuite_info = NULL;
|
||||
for (const unsigned char *p = cipher_suites; p < cipher_suites_end; p += 2) {
|
||||
uint16_t cipher_suite = MBEDTLS_GET_UINT16_BE(p, 0);
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
|
||||
if (cipher_suite != session->ciphersuite) {
|
||||
continue;
|
||||
}
|
||||
|
||||
ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(ssl,
|
||||
cipher_suite);
|
||||
if (ciphersuite_info == NULL) {
|
||||
continue;
|
||||
}
|
||||
|
||||
*selected_ciphersuite = cipher_suite;
|
||||
*selected_ciphersuite_info = ciphersuite_info;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst,
|
||||
const mbedtls_ssl_session *src)
|
||||
@ -481,6 +473,13 @@ static int ssl_tls13_session_copy_ticket(mbedtls_ssl_session *dst,
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
|
||||
|
||||
struct psk_attributes {
|
||||
int type;
|
||||
int key_exchange_mode;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
};
|
||||
#define PSK_ATTRIBUTES_INIT { 0, 0, NULL }
|
||||
|
||||
/* Parser for pre_shared_key extension in client hello
|
||||
* struct {
|
||||
* opaque identity<1..2^16-1>;
|
||||
@ -507,7 +506,8 @@ static int ssl_tls13_parse_pre_shared_key_ext(
|
||||
const unsigned char *pre_shared_key_ext,
|
||||
const unsigned char *pre_shared_key_ext_end,
|
||||
const unsigned char *ciphersuites,
|
||||
const unsigned char *ciphersuites_end)
|
||||
const unsigned char *ciphersuites_end,
|
||||
struct psk_attributes *psk)
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
const unsigned char *identities = pre_shared_key_ext;
|
||||
@ -558,9 +558,10 @@ static int ssl_tls13_parse_pre_shared_key_ext(
|
||||
uint32_t obfuscated_ticket_age;
|
||||
const unsigned char *binder;
|
||||
size_t binder_len;
|
||||
int psk_type;
|
||||
uint16_t cipher_suite;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
int psk_ciphersuite_id;
|
||||
psa_algorithm_t psk_hash_alg;
|
||||
int allowed_key_exchange_modes;
|
||||
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
mbedtls_ssl_session session;
|
||||
mbedtls_ssl_session_init(&session);
|
||||
@ -586,47 +587,74 @@ static int ssl_tls13_parse_pre_shared_key_ext(
|
||||
|
||||
ret = ssl_tls13_offered_psks_check_identity_match(
|
||||
ssl, identity, identity_len, obfuscated_ticket_age,
|
||||
&psk_type, &session);
|
||||
if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) {
|
||||
&psk->type, &session);
|
||||
if (ret != SSL_TLS1_3_PSK_IDENTITY_MATCH) {
|
||||
continue;
|
||||
}
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(4, ("found matched identity"));
|
||||
switch (psk_type) {
|
||||
|
||||
switch (psk->type) {
|
||||
case MBEDTLS_SSL_TLS1_3_PSK_EXTERNAL:
|
||||
ret = ssl_tls13_select_ciphersuite_for_psk(
|
||||
ssl, ciphersuites, ciphersuites_end,
|
||||
&cipher_suite, &ciphersuite_info);
|
||||
psk_ciphersuite_id = 0;
|
||||
psk_hash_alg = PSA_ALG_SHA_256;
|
||||
allowed_key_exchange_modes =
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
|
||||
break;
|
||||
case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
ret = ssl_tls13_select_ciphersuite_for_resumption(
|
||||
ssl, ciphersuites, ciphersuites_end, &session,
|
||||
&cipher_suite, &ciphersuite_info);
|
||||
if (ret != 0) {
|
||||
mbedtls_ssl_session_free(&session);
|
||||
}
|
||||
#else
|
||||
ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
|
||||
#endif
|
||||
case MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION:
|
||||
psk_ciphersuite_id = session.ciphersuite;
|
||||
psk_hash_alg = PSA_ALG_NONE;
|
||||
ssl->session_negotiate->ticket_flags = session.ticket_flags;
|
||||
allowed_key_exchange_modes =
|
||||
session.ticket_flags &
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
|
||||
break;
|
||||
#endif
|
||||
default:
|
||||
return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
|
||||
}
|
||||
if (ret != 0) {
|
||||
/* See below, no cipher_suite available, abort handshake */
|
||||
|
||||
psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
|
||||
|
||||
if ((allowed_key_exchange_modes &
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) &&
|
||||
ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
|
||||
psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
|
||||
} else if ((allowed_key_exchange_modes &
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) &&
|
||||
ssl_tls13_key_exchange_is_psk_available(ssl)) {
|
||||
psk->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
|
||||
}
|
||||
|
||||
if (psk->key_exchange_mode == MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable PSK key exchange mode"));
|
||||
continue;
|
||||
}
|
||||
|
||||
ssl_tls13_select_ciphersuite(ssl, ciphersuites, ciphersuites_end,
|
||||
psk_ciphersuite_id, psk_hash_alg,
|
||||
&psk->ciphersuite_info);
|
||||
|
||||
if (psk->ciphersuite_info == NULL) {
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
mbedtls_ssl_session_free(&session);
|
||||
#endif
|
||||
/*
|
||||
* We consider finding a ciphersuite suitable for the PSK as part
|
||||
* of the validation of its binder. Thus if we do not find one, we
|
||||
* abort the handshake with a decrypt_error alert.
|
||||
*/
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(
|
||||
MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR,
|
||||
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
|
||||
MBEDTLS_SSL_DEBUG_RET(
|
||||
2, "ssl_tls13_select_ciphersuite", ret);
|
||||
return ret;
|
||||
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
|
||||
}
|
||||
|
||||
ret = ssl_tls13_offered_psks_check_binder_match(
|
||||
ssl, binder, binder_len, psk_type,
|
||||
mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) ciphersuite_info->mac));
|
||||
if (ret != SSL_TLS1_3_OFFERED_PSK_MATCH) {
|
||||
ssl, binder, binder_len, psk->type,
|
||||
mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) psk->ciphersuite_info->mac));
|
||||
if (ret != SSL_TLS1_3_BINDER_MATCH) {
|
||||
/* For security reasons, the handshake should be aborted when we
|
||||
* fail to validate a binder value. See RFC 8446 section 4.2.11.2
|
||||
* and appendix E.6. */
|
||||
@ -644,13 +672,8 @@ static int ssl_tls13_parse_pre_shared_key_ext(
|
||||
|
||||
matched_identity = identity_id;
|
||||
|
||||
/* Update handshake parameters */
|
||||
ssl->handshake->ciphersuite_info = ciphersuite_info;
|
||||
ssl->session_negotiate->ciphersuite = cipher_suite;
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("overwrite ciphersuite: %04x - %s",
|
||||
cipher_suite, ciphersuite_info->name));
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
if (psk_type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) {
|
||||
if (psk->type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) {
|
||||
ret = ssl_tls13_session_copy_ticket(ssl->session_negotiate,
|
||||
&session);
|
||||
mbedtls_ssl_session_free(&session);
|
||||
@ -676,7 +699,7 @@ static int ssl_tls13_parse_pre_shared_key_ext(
|
||||
return ret;
|
||||
}
|
||||
if (matched_identity == -1) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("No matched PSK or ticket."));
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("No usable PSK or ticket."));
|
||||
return MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY;
|
||||
}
|
||||
|
||||
@ -1003,21 +1026,29 @@ static int ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_ticket_is_kex_mode_permitted(mbedtls_ssl_context *ssl,
|
||||
unsigned int kex_mode)
|
||||
static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
if (ssl->handshake->resume) {
|
||||
if (!mbedtls_ssl_tls13_session_ticket_has_flags(
|
||||
ssl->session_negotiate, kex_mode)) {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
|
||||
return mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) &&
|
||||
mbedtls_ssl_tls13_is_psk_supported(ssl) &&
|
||||
ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl);
|
||||
#else
|
||||
((void) ssl);
|
||||
((void) kex_mode);
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
|
||||
return mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) &&
|
||||
mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) &&
|
||||
ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl);
|
||||
#else
|
||||
((void) ssl);
|
||||
return 0;
|
||||
#endif
|
||||
return 1;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
|
||||
|
||||
@ -1033,83 +1064,6 @@ static int ssl_tls13_key_exchange_is_ephemeral_available(mbedtls_ssl_context *ss
|
||||
#endif
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_key_exchange_is_psk_available(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
|
||||
return ssl_tls13_ticket_is_kex_mode_permitted(
|
||||
ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) &&
|
||||
mbedtls_ssl_conf_tls13_is_psk_enabled(ssl) &&
|
||||
mbedtls_ssl_tls13_is_psk_supported(ssl) &&
|
||||
ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl);
|
||||
#else
|
||||
((void) ssl);
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
static int ssl_tls13_key_exchange_is_psk_ephemeral_available(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
|
||||
return ssl_tls13_ticket_is_kex_mode_permitted(
|
||||
ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) &&
|
||||
mbedtls_ssl_conf_tls13_is_psk_ephemeral_enabled(ssl) &&
|
||||
mbedtls_ssl_tls13_is_psk_ephemeral_supported(ssl) &&
|
||||
ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl);
|
||||
#else
|
||||
((void) ssl);
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
static int ssl_tls13_determine_key_exchange_mode(mbedtls_ssl_context *ssl)
|
||||
{
|
||||
/*
|
||||
* Determine the key exchange algorithm to use.
|
||||
* There are three types of key exchanges supported in TLS 1.3:
|
||||
* - (EC)DH with ECDSA,
|
||||
* - (EC)DH with PSK,
|
||||
* - plain PSK.
|
||||
*
|
||||
* The PSK-based key exchanges may additionally be used with 0-RTT.
|
||||
*
|
||||
* Our built-in order of preference is
|
||||
* 1 ) (EC)DHE-PSK Mode ( psk_ephemeral )
|
||||
* 2 ) Certificate Mode ( ephemeral )
|
||||
* 3 ) Plain PSK Mode ( psk )
|
||||
*/
|
||||
|
||||
ssl->handshake->key_exchange_mode =
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
|
||||
|
||||
if (ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
|
||||
ssl->handshake->key_exchange_mode =
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral"));
|
||||
} else
|
||||
if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) {
|
||||
ssl->handshake->key_exchange_mode =
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral"));
|
||||
} else
|
||||
if (ssl_tls13_key_exchange_is_psk_available(ssl)) {
|
||||
ssl->handshake->key_exchange_mode =
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk"));
|
||||
} else {
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
1,
|
||||
("ClientHello message misses mandatory extensions."));
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION,
|
||||
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
|
||||
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
|
||||
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED)
|
||||
|
||||
@ -1301,6 +1255,8 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
|
||||
int no_usable_share_for_key_agreement = 0;
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
int got_psk = 0;
|
||||
struct psk_attributes psk = PSK_ATTRIBUTES_INIT;
|
||||
const unsigned char *pre_shared_key_ext = NULL;
|
||||
const unsigned char *pre_shared_key_ext_end = NULL;
|
||||
#endif
|
||||
@ -1464,37 +1420,20 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
|
||||
*/
|
||||
MBEDTLS_SSL_DEBUG_BUF(3, "client hello, list of cipher suites",
|
||||
cipher_suites, cipher_suites_len);
|
||||
for (const unsigned char *cipher_suites_p = cipher_suites;
|
||||
cipher_suites_p < cipher_suites_end; cipher_suites_p += 2) {
|
||||
uint16_t cipher_suite;
|
||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
|
||||
|
||||
/*
|
||||
* "cipher_suites_end - cipher_suites_p is even" is an invariant of the
|
||||
* loop. As cipher_suites_end - cipher_suites_p > 0, we have
|
||||
* cipher_suites_end - cipher_suites_p >= 2 and it is thus safe to read
|
||||
* two bytes.
|
||||
*/
|
||||
cipher_suite = MBEDTLS_GET_UINT16_BE(cipher_suites_p, 0);
|
||||
ciphersuite_info = ssl_tls13_validate_peer_ciphersuite(
|
||||
ssl, cipher_suite);
|
||||
if (ciphersuite_info == NULL) {
|
||||
continue;
|
||||
}
|
||||
|
||||
ssl->session_negotiate->ciphersuite = cipher_suite;
|
||||
handshake->ciphersuite_info = ciphersuite_info;
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %04x - %s",
|
||||
cipher_suite,
|
||||
ciphersuite_info->name));
|
||||
break;
|
||||
}
|
||||
ssl_tls13_select_ciphersuite(ssl, cipher_suites, cipher_suites_end,
|
||||
0, PSA_ALG_NONE, &handshake->ciphersuite_info);
|
||||
|
||||
if (handshake->ciphersuite_info == NULL) {
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE,
|
||||
MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE);
|
||||
return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
|
||||
}
|
||||
ssl->session_negotiate->ciphersuite = handshake->ciphersuite_info->id;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("selected ciphersuite: %04x - %s",
|
||||
((unsigned) handshake->ciphersuite_info->id),
|
||||
handshake->ciphersuite_info->name));
|
||||
|
||||
/* ...
|
||||
* opaque legacy_compression_methods<1..2^8-1>;
|
||||
@ -1734,10 +1673,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
|
||||
/* Update checksum with either
|
||||
* - The entire content of the CH message, if no PSK extension is present
|
||||
* - The content up to but excluding the PSK extension, if present.
|
||||
* Always parse the pre-shared-key extension when present in the
|
||||
* ClientHello even if some pre-requisites for PSK key exchange modes are
|
||||
* not met. That way we always validate the syntax of the extension.
|
||||
*/
|
||||
/* If we've settled on a PSK-based exchange, parse PSK identity ext */
|
||||
if (ssl_tls13_key_exchange_is_psk_available(ssl) ||
|
||||
ssl_tls13_key_exchange_is_psk_ephemeral_available(ssl)) {
|
||||
if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY)) {
|
||||
ret = handshake->update_checksum(ssl, buf,
|
||||
pre_shared_key_ext - buf);
|
||||
if (0 != ret) {
|
||||
@ -1748,10 +1688,11 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
|
||||
pre_shared_key_ext,
|
||||
pre_shared_key_ext_end,
|
||||
cipher_suites,
|
||||
cipher_suites_end);
|
||||
if (ret == MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) {
|
||||
handshake->received_extensions &= ~MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY);
|
||||
} else if (ret != 0) {
|
||||
cipher_suites_end,
|
||||
&psk);
|
||||
if (ret == 0) {
|
||||
got_psk = 1;
|
||||
} else if (ret != MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY) {
|
||||
MBEDTLS_SSL_DEBUG_RET(
|
||||
1, "ssl_tls13_parse_pre_shared_key_ext", ret);
|
||||
return ret;
|
||||
@ -1766,12 +1707,68 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
|
||||
}
|
||||
}
|
||||
|
||||
ret = ssl_tls13_determine_key_exchange_mode(ssl);
|
||||
if (ret < 0) {
|
||||
return ret;
|
||||
/*
|
||||
* Determine the key exchange algorithm to use.
|
||||
* There are three types of key exchanges supported in TLS 1.3:
|
||||
* - (EC)DH with ECDSA,
|
||||
* - (EC)DH with PSK,
|
||||
* - plain PSK.
|
||||
*
|
||||
* The PSK-based key exchanges may additionally be used with 0-RTT.
|
||||
*
|
||||
* Our built-in order of preference is
|
||||
* 1 ) (EC)DHE-PSK Mode ( psk_ephemeral )
|
||||
* 2 ) Certificate Mode ( ephemeral )
|
||||
* 3 ) Plain PSK Mode ( psk )
|
||||
*/
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
if (got_psk && (psk.key_exchange_mode ==
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL)) {
|
||||
handshake->key_exchange_mode =
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk_ephemeral"));
|
||||
|
||||
} else
|
||||
#endif
|
||||
if (ssl_tls13_key_exchange_is_ephemeral_available(ssl)) {
|
||||
handshake->key_exchange_mode =
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: ephemeral"));
|
||||
|
||||
}
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
else if (got_psk && (psk.key_exchange_mode ==
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK)) {
|
||||
handshake->key_exchange_mode = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("key exchange mode: psk"));
|
||||
}
|
||||
#endif
|
||||
else {
|
||||
MBEDTLS_SSL_DEBUG_MSG(
|
||||
1,
|
||||
("ClientHello message misses mandatory extensions."));
|
||||
MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_MISSING_EXTENSION,
|
||||
MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
|
||||
return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
|
||||
}
|
||||
|
||||
if (ssl->handshake->key_exchange_mode !=
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
|
||||
if (handshake->key_exchange_mode &
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL) {
|
||||
handshake->ciphersuite_info = psk.ciphersuite_info;
|
||||
ssl->session_negotiate->ciphersuite = psk.ciphersuite_info->id;
|
||||
|
||||
MBEDTLS_SSL_DEBUG_MSG(2, ("Select PSK ciphersuite: %04x - %s",
|
||||
((unsigned) psk.ciphersuite_info->id),
|
||||
psk.ciphersuite_info->name));
|
||||
|
||||
if (psk.type == MBEDTLS_SSL_TLS1_3_PSK_RESUMPTION) {
|
||||
handshake->resume = 1;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
if (handshake->key_exchange_mode !=
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) {
|
||||
hrr_required = (no_usable_share_for_key_agreement != 0);
|
||||
}
|
||||
@ -1973,10 +1970,6 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl)
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char *server_randbytes =
|
||||
ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
|
||||
if (ssl->conf->f_rng == NULL) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
|
||||
return MBEDTLS_ERR_SSL_NO_RNG;
|
||||
}
|
||||
|
||||
if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes,
|
||||
MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) {
|
||||
@ -2913,17 +2906,14 @@ static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl)
|
||||
}
|
||||
|
||||
if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("Received early data"));
|
||||
/* RFC 8446 section 4.6.1
|
||||
*
|
||||
* A server receiving more than max_early_data_size bytes of 0-RTT data
|
||||
* SHOULD terminate the connection with an "unexpected_message" alert.
|
||||
*
|
||||
* TODO: Add received data size check here.
|
||||
*/
|
||||
if (ssl->in_offt == NULL) {
|
||||
MBEDTLS_SSL_DEBUG_MSG(3, ("Received early data"));
|
||||
/* Set the reading pointer */
|
||||
ssl->in_offt = ssl->in_msg;
|
||||
ret = mbedtls_ssl_tls13_check_early_data_len(ssl, ssl->in_msglen);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
}
|
||||
return SSL_GOT_EARLY_DATA;
|
||||
}
|
||||
@ -3141,6 +3131,7 @@ static int ssl_tls13_prepare_new_session_ticket(mbedtls_ssl_context *ssl,
|
||||
ssl->conf->max_early_data_size > 0) {
|
||||
mbedtls_ssl_tls13_session_set_ticket_flags(
|
||||
session, MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_EARLY_DATA);
|
||||
session->max_early_data_size = ssl->conf->max_early_data_size;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
|
@ -3290,4 +3290,12 @@ void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx)
|
||||
}
|
||||
#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
|
||||
|
||||
int mbedtls_x509_crt_get_ca_istrue(const mbedtls_x509_crt *crt)
|
||||
{
|
||||
if ((crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS) != 0) {
|
||||
return crt->MBEDTLS_PRIVATE(ca_istrue);
|
||||
}
|
||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
|
||||
}
|
||||
|
||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||
|
@ -1769,11 +1769,10 @@ usage:
|
||||
&psa_alg, &psa_alg2,
|
||||
&usage,
|
||||
mbedtls_pk_get_type(&pkey)) == 0) {
|
||||
ret = mbedtls_pk_wrap_as_opaque(&pkey, &key_slot, psa_alg,
|
||||
usage, psa_alg2);
|
||||
ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, usage, &key_slot);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed\n ! "
|
||||
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
|
||||
"mbedtls_pk_get_psa_attributes returned -0x%x\n\n",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
@ -2708,12 +2708,10 @@ usage:
|
||||
&psa_alg, &psa_alg2,
|
||||
&psa_usage,
|
||||
mbedtls_pk_get_type(&pkey)) == 0) {
|
||||
ret = mbedtls_pk_wrap_as_opaque(&pkey, &key_slot,
|
||||
psa_alg, psa_usage, psa_alg2);
|
||||
|
||||
ret = pk_wrap_as_opaque(&pkey, psa_alg, psa_alg2, psa_usage, &key_slot);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed\n ! "
|
||||
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
|
||||
"pk_wrap_as_opaque returned -0x%x\n\n",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
@ -2727,12 +2725,10 @@ usage:
|
||||
&psa_alg, &psa_alg2,
|
||||
&psa_usage,
|
||||
mbedtls_pk_get_type(&pkey2)) == 0) {
|
||||
ret = mbedtls_pk_wrap_as_opaque(&pkey2, &key_slot2,
|
||||
psa_alg, psa_usage, psa_alg2);
|
||||
|
||||
ret = pk_wrap_as_opaque(&pkey2, psa_alg, psa_alg2, psa_usage, &key_slot2);
|
||||
if (ret != 0) {
|
||||
mbedtls_printf(" failed\n ! "
|
||||
"mbedtls_pk_wrap_as_opaque returned -0x%x\n\n",
|
||||
"mbedtls_pk_get_psa_attributes returned -0x%x\n\n",
|
||||
(unsigned int) -ret);
|
||||
goto exit;
|
||||
}
|
||||
|
@ -274,6 +274,37 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_PK_C)
|
||||
int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2,
|
||||
psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id)
|
||||
{
|
||||
int ret;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
ret = mbedtls_pk_get_psa_attributes(pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
psa_set_key_usage_flags(&key_attr, psa_usage);
|
||||
psa_set_key_algorithm(&key_attr, psa_alg);
|
||||
if (psa_alg2 != PSA_ALG_NONE) {
|
||||
psa_set_key_enrollment_algorithm(&key_attr, psa_alg2);
|
||||
}
|
||||
ret = mbedtls_pk_import_into_psa(pk, &key_attr, key_id);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
mbedtls_pk_free(pk);
|
||||
mbedtls_pk_init(pk);
|
||||
ret = mbedtls_pk_setup_opaque(pk, *key_id);
|
||||
if (ret != 0) {
|
||||
return ret;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
|
||||
|
@ -235,6 +235,31 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
|
||||
psa_algorithm_t *psa_alg2,
|
||||
psa_key_usage_t *usage,
|
||||
mbedtls_pk_type_t key_type);
|
||||
|
||||
#if defined(MBEDTLS_PK_C)
|
||||
/** Turn a non-opaque PK context into an opaque one with folowing steps:
|
||||
* - extract the key data and attributes from the PK context.
|
||||
* - import the key material into PSA.
|
||||
* - free the provided PK context and re-initilize it as an opaque PK context
|
||||
* wrapping the PSA key imported in the above step.
|
||||
*
|
||||
* \param[in/out] pk On input the non-opaque PK context which contains the
|
||||
* key to be wrapped. On output the re-initialized PK
|
||||
* context which represents the opaque version of the one
|
||||
* provided as input.
|
||||
* \param[in] psa_alg The primary algorithm that will be associated to the
|
||||
* PSA key.
|
||||
* \param[in] psa_alg2 The enrollment algorithm that will be associated to the
|
||||
* PSA key.
|
||||
* \param[in] psa_usage The PSA key usage policy.
|
||||
* \param[out] key_id The PSA key identifier of the imported key.
|
||||
*
|
||||
* \return \c 0 on sucess.
|
||||
* \return \c -1 on failure.
|
||||
*/
|
||||
int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2,
|
||||
psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id);
|
||||
#endif /* MBEDTLS_PK_C */
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
|
||||
|
@ -122,7 +122,7 @@ static inline psa_status_t psa_driver_wrapper_sign_message(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -196,7 +196,7 @@ static inline psa_status_t psa_driver_wrapper_verify_message(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -266,7 +266,7 @@ static inline psa_status_t psa_driver_wrapper_sign_hash(
|
||||
const psa_drv_se_t *drv;
|
||||
psa_drv_se_context_t *drv_context;
|
||||
|
||||
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
||||
if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
|
||||
{
|
||||
if( drv->asymmetric == NULL ||
|
||||
drv->asymmetric->p_sign == NULL )
|
||||
@ -283,7 +283,7 @@ static inline psa_status_t psa_driver_wrapper_sign_hash(
|
||||
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -306,11 +306,11 @@ static inline psa_status_t psa_driver_wrapper_sign_hash(
|
||||
return( status );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
|
||||
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
|
||||
if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
|
||||
PSA_ALG_IS_ECDSA(alg) &&
|
||||
!PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
|
||||
PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
|
||||
attributes->core.bits == 256 )
|
||||
PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
|
||||
psa_get_key_bits(attributes) == 256 )
|
||||
{
|
||||
status = p256_transparent_sign_hash( attributes,
|
||||
key_buffer,
|
||||
@ -370,7 +370,7 @@ static inline psa_status_t psa_driver_wrapper_verify_hash(
|
||||
const psa_drv_se_t *drv;
|
||||
psa_drv_se_context_t *drv_context;
|
||||
|
||||
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
||||
if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
|
||||
{
|
||||
if( drv->asymmetric == NULL ||
|
||||
drv->asymmetric->p_verify == NULL )
|
||||
@ -387,7 +387,7 @@ static inline psa_status_t psa_driver_wrapper_verify_hash(
|
||||
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -410,11 +410,11 @@ static inline psa_status_t psa_driver_wrapper_verify_hash(
|
||||
return( status );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED)
|
||||
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
|
||||
if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
|
||||
PSA_ALG_IS_ECDSA(alg) &&
|
||||
!PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) &&
|
||||
PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
|
||||
attributes->core.bits == 256 )
|
||||
PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
|
||||
psa_get_key_bits(attributes) == 256 )
|
||||
{
|
||||
status = p256_transparent_verify_hash( attributes,
|
||||
key_buffer,
|
||||
@ -517,7 +517,7 @@ static inline psa_status_t psa_driver_wrapper_sign_hash_start(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
|
||||
attributes->core.lifetime );
|
||||
psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -609,7 +609,7 @@ static inline psa_status_t psa_driver_wrapper_verify_hash_start(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION(
|
||||
attributes->core.lifetime );
|
||||
psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -707,8 +707,8 @@ static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
|
||||
size_t *key_buffer_size )
|
||||
{
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
psa_key_type_t key_type = attributes->core.type;
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
psa_key_type_t key_type = psa_get_key_type(attributes);
|
||||
|
||||
*key_buffer_size = 0;
|
||||
switch( location )
|
||||
@ -736,7 +736,7 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION(attributes->core.lifetime);
|
||||
PSA_KEY_LIFETIME_GET_LOCATION(psa_get_key_lifetime(attributes));
|
||||
|
||||
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
|
||||
int is_default_production =
|
||||
@ -757,7 +757,7 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
|
||||
const psa_drv_se_t *drv;
|
||||
psa_drv_se_context_t *drv_context;
|
||||
|
||||
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
||||
if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
|
||||
{
|
||||
size_t pubkey_length = 0; /* We don't support this feature yet */
|
||||
if( drv->key_management == NULL ||
|
||||
@ -780,7 +780,7 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
|
||||
/* Transparent drivers are limited to generating asymmetric keys. */
|
||||
/* We don't support passing custom production parameters
|
||||
* to drivers yet. */
|
||||
if( PSA_KEY_TYPE_IS_ASYMMETRIC( attributes->core.type ) &&
|
||||
if( PSA_KEY_TYPE_IS_ASYMMETRIC( psa_get_key_type(attributes) ) &&
|
||||
is_default_production )
|
||||
{
|
||||
/* Cycle through all known transparent accelerators */
|
||||
@ -793,9 +793,9 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
|
||||
break;
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
|
||||
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
|
||||
attributes->core.type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
|
||||
attributes->core.bits == 256 )
|
||||
if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
|
||||
psa_get_key_type(attributes) == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) &&
|
||||
psa_get_key_bits(attributes) == 256 )
|
||||
{
|
||||
status = p256_transparent_generate_key( attributes,
|
||||
key_buffer,
|
||||
@ -862,7 +862,7 @@ bits
|
||||
const psa_drv_se_t *drv;
|
||||
psa_drv_se_context_t *drv_context;
|
||||
|
||||
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
||||
if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
|
||||
{
|
||||
if( drv->key_management == NULL ||
|
||||
drv->key_management->p_import == NULL )
|
||||
@ -939,7 +939,7 @@ data_length
|
||||
const psa_drv_se_t *drv;
|
||||
psa_drv_se_context_t *drv_context;
|
||||
|
||||
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
||||
if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
|
||||
{
|
||||
if( ( drv->key_management == NULL ) ||
|
||||
( drv->key_management->p_export == NULL ) )
|
||||
@ -994,13 +994,13 @@ target_key_buffer_length
|
||||
{% endmacro %}
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
|
||||
const psa_drv_se_t *drv;
|
||||
psa_drv_se_context_t *drv_context;
|
||||
|
||||
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
||||
if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
|
||||
{
|
||||
/* Copying to a secure element is not implemented yet. */
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
@ -1044,7 +1044,7 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -1134,7 +1134,7 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -1211,7 +1211,7 @@ static inline psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -1284,7 +1284,7 @@ static inline psa_status_t psa_driver_wrapper_cipher_decrypt_setup(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -1684,7 +1684,7 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -1736,7 +1736,7 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -1785,7 +1785,7 @@ static inline psa_status_t psa_driver_wrapper_aead_encrypt_setup(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -1833,7 +1833,7 @@ static inline psa_status_t psa_driver_wrapper_aead_decrypt_setup(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -2169,7 +2169,7 @@ static inline psa_status_t psa_driver_wrapper_mac_compute(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -2233,7 +2233,7 @@ static inline psa_status_t psa_driver_wrapper_mac_sign_setup(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -2305,7 +2305,7 @@ static inline psa_status_t psa_driver_wrapper_mac_verify_setup(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -2505,7 +2505,7 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_encrypt(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -2563,7 +2563,7 @@ static inline psa_status_t psa_driver_wrapper_asymmetric_decrypt(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -2627,7 +2627,7 @@ static inline psa_status_t psa_driver_wrapper_key_agreement(
|
||||
{
|
||||
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
|
||||
psa_key_location_t location =
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
|
||||
switch( location )
|
||||
{
|
||||
@ -2645,10 +2645,10 @@ static inline psa_status_t psa_driver_wrapper_key_agreement(
|
||||
return( status );
|
||||
#endif /* PSA_CRYPTO_DRIVER_TEST */
|
||||
#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)
|
||||
if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) &&
|
||||
if( PSA_KEY_TYPE_IS_ECC( psa_get_key_type(attributes) ) &&
|
||||
PSA_ALG_IS_ECDH(alg) &&
|
||||
PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 &&
|
||||
attributes->core.bits == 256 )
|
||||
PSA_KEY_TYPE_ECC_GET_FAMILY(psa_get_key_type(attributes)) == PSA_ECC_FAMILY_SECP_R1 &&
|
||||
psa_get_key_bits(attributes) == 256 )
|
||||
{
|
||||
status = p256_transparent_key_agreement( attributes,
|
||||
key_buffer,
|
||||
|
@ -88,9 +88,9 @@ psa_status_t psa_driver_wrapper_get_key_buffer_size(
|
||||
const psa_key_attributes_t *attributes,
|
||||
size_t *key_buffer_size )
|
||||
{
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
psa_key_type_t key_type = attributes->core.type;
|
||||
size_t key_bits = attributes->core.bits;
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
psa_key_type_t key_type = psa_get_key_type(attributes);
|
||||
size_t key_bits = psa_get_key_bits(attributes);
|
||||
|
||||
*key_buffer_size = 0;
|
||||
switch( location )
|
||||
@ -144,7 +144,7 @@ data_length
|
||||
const psa_drv_se_t *drv;
|
||||
psa_drv_se_context_t *drv_context;
|
||||
|
||||
if( psa_get_se_driver( attributes->core.lifetime, &drv, &drv_context ) )
|
||||
if( psa_get_se_driver( psa_get_key_lifetime(attributes), &drv, &drv_context ) )
|
||||
{
|
||||
if( ( drv->key_management == NULL ) ||
|
||||
( drv->key_management->p_export_public == NULL ) )
|
||||
@ -203,7 +203,7 @@ key_buffer,
|
||||
key_buffer_size,
|
||||
key_buffer_length
|
||||
{% endmacro %}
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( attributes->core.lifetime );
|
||||
psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( psa_get_key_lifetime(attributes) );
|
||||
switch( location )
|
||||
{
|
||||
#if defined(PSA_CRYPTO_DRIVER_TEST)
|
||||
|
@ -40,5 +40,7 @@
|
||||
//#define MBEDTLS_MD_C
|
||||
//#define MBEDTLS_PEM_PARSE_C
|
||||
//#define MBEDTLS_BASE64_C
|
||||
//#define MBEDTLS_THREADING_C
|
||||
//#define MBEDTLS_THREADING_PTHREAD
|
||||
|
||||
#endif /* MBEDTLS_CONFIG_H */
|
||||
|
@ -196,6 +196,13 @@ typedef struct mbedtls_test_ssl_endpoint {
|
||||
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
|
||||
/*
|
||||
* Random number generator aimed for TLS unitary tests. Its main purpose is to
|
||||
* simplify the set-up of a random number generator for TLS
|
||||
* unitary tests: no need to set up a good entropy source for example.
|
||||
*/
|
||||
int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len);
|
||||
|
||||
/*
|
||||
* This function can be passed to mbedtls to receive output logs from it. In
|
||||
* this case, it will count the instances of a mbedtls_test_ssl_log_pattern
|
||||
|
@ -23,7 +23,7 @@ run_test "TLS 1.3: G->m: all/psk, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-s "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -41,7 +41,7 @@ run_test "TLS 1.3: G->m: all/psk, fail, key id mismatch" \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -78,7 +78,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, good" \
|
||||
-S "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-s "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -96,7 +96,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk, fail, key id mismatch" \
|
||||
-s "found pre_shared_key extension" \
|
||||
-S "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -133,7 +133,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -151,7 +151,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_ephemeral, fail, key id mismatch"
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -188,7 +188,7 @@ run_test "TLS 1.3: G->m: all/psk_ephemeral, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -206,7 +206,7 @@ run_test "TLS 1.3: G->m: all/psk_ephemeral, fail, key id mismatch" \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -261,7 +261,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_all, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -280,7 +280,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_all, fail, key id mismatch" \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -319,7 +319,7 @@ run_test "TLS 1.3: G->m: all/psk_all, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -338,7 +338,7 @@ run_test "TLS 1.3: G->m: all/psk_all, fail, key id mismatch" \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -377,7 +377,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, good" \
|
||||
-S "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-s "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -396,7 +396,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_all, fail, key id mismatch" \
|
||||
-s "found pre_shared_key extension" \
|
||||
-S "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -435,7 +435,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -454,7 +454,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/ephemeral_all, good, key id mismatch,
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -493,7 +493,7 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -512,7 +512,7 @@ run_test "TLS 1.3: G->m: all/ephemeral_all, good, key id mismatch, dhe." \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -550,8 +550,9 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/ephemeral_all, good" \
|
||||
-s "found pre_shared_key extension" \
|
||||
-S "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "No suitable PSK key exchange mode" \
|
||||
-S "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -572,7 +573,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -592,7 +593,7 @@ run_test "TLS 1.3: G->m: ephemeral_all/all, good, key id mismatch, dhe." \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -633,7 +634,7 @@ run_test "TLS 1.3: G->m: all/all, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -653,7 +654,7 @@ run_test "TLS 1.3: G->m: all/all, good, key id mismatch, dhe." \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -694,7 +695,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/all, good" \
|
||||
-S "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -733,8 +734,9 @@ run_test "TLS 1.3: G->m: ephemeral_all/psk_or_ephemeral, good" \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "No suitable PSK key exchange mode" \
|
||||
-S "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -754,7 +756,7 @@ run_test "TLS 1.3: G->m: all/psk_or_ephemeral, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -793,7 +795,7 @@ run_test "TLS 1.3: G->m: psk_or_ephemeral/psk_or_ephemeral, good" \
|
||||
-S "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -921,7 +923,7 @@ run_test "TLS 1.3: O->m: all/psk, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-s "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -938,7 +940,7 @@ run_test "TLS 1.3: O->m: all/psk, fail, key id mismatch" \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -973,7 +975,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -990,7 +992,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch"
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -1025,7 +1027,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -1042,7 +1044,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -1078,7 +1080,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -1096,7 +1098,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -1133,7 +1135,7 @@ run_test "TLS 1.3: O->m: all/psk_all, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -1151,7 +1153,7 @@ run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -1188,7 +1190,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -1206,7 +1208,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch,
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -1243,7 +1245,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -1261,7 +1263,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -1299,7 +1301,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -1318,7 +1320,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -1357,7 +1359,7 @@ run_test "TLS 1.3: O->m: all/all, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: ephemeral"
|
||||
@ -1376,7 +1378,7 @@ run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -1413,8 +1415,9 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \
|
||||
-s "found pre_shared_key extension" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-S "Found PSK KEX MODE" \
|
||||
-s "No suitable PSK key exchange mode" \
|
||||
-S "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -1433,7 +1436,7 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \
|
||||
-s "Found PSK_EPHEMERAL KEX MODE" \
|
||||
-s "Found PSK KEX MODE" \
|
||||
-s "Pre shared key found" \
|
||||
-S "No matched PSK or ticket" \
|
||||
-S "No usable PSK or ticket" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
@ -1580,7 +1583,7 @@ run_test "TLS 1.3: m->m: psk/psk, fail, key id mismatch" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket"
|
||||
-s "No usable PSK or ticket"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
@ -1665,7 +1668,7 @@ run_test "TLS 1.3: m->m: psk/psk_all, fail, key id mismatch" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-s "ClientHello message misses mandatory extensions."
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
@ -1711,7 +1714,7 @@ run_test "TLS 1.3: m->m: psk/all, fail, key id mismatch" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-s "ClientHello message misses mandatory extensions."
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
@ -1769,7 +1772,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_ephemeral, fail, key id mismatch"
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-s "ClientHello message misses mandatory extensions."
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
@ -1827,7 +1830,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/ephemeral_all, fail, key id mismatch"
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket"
|
||||
-s "No usable PSK or ticket"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
@ -1870,7 +1873,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/psk_all, fail, key id mismatch" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-s "ClientHello message misses mandatory extensions."
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
@ -1916,7 +1919,7 @@ run_test "TLS 1.3: m->m: psk_ephemeral/all, fail, key id mismatch" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
@ -2047,7 +2050,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/psk_ephemeral, fail, key id mismatch"
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket"
|
||||
-s "No usable PSK or ticket"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
@ -2106,7 +2109,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/ephemeral_all,good,key id mismatch,fal
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
@ -2152,7 +2155,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/psk_all, fail, key id mismatch" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-s "ClientHello message misses mandatory extensions."
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
@ -2199,7 +2202,7 @@ run_test "TLS 1.3: m->m: ephemeral_all/all, good, key id mismatch, fallback"
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
@ -2288,7 +2291,7 @@ run_test "TLS 1.3: m->m: psk_all/psk_ephemeral, fail, key id mismatch" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-s "ClientHello message misses mandatory extensions."
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
@ -2348,7 +2351,7 @@ run_test "TLS 1.3: m->m: psk_all/ephemeral_all, fail, key id mismatch" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket"
|
||||
-s "No usable PSK or ticket"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
@ -2392,7 +2395,7 @@ run_test "TLS 1.3: m->m: psk_all/psk_all, fail, key id mismatch" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-s "ClientHello message misses mandatory extensions."
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
@ -2438,7 +2441,7 @@ run_test "TLS 1.3: m->m: psk_all/all, fail, key id mismatch" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket"
|
||||
-s "No usable PSK or ticket"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
requires_config_enabled MBEDTLS_SSL_SRV_C
|
||||
@ -2485,7 +2488,7 @@ run_test "TLS 1.3: m->m: all/psk, fail, key id mismatch" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-s "ClientHello message misses mandatory extensions."
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
@ -2532,7 +2535,7 @@ run_test "TLS 1.3: m->m: all/psk_ephemeral, fail, key id mismatch" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-s "ClientHello message misses mandatory extensions."
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
@ -2595,7 +2598,7 @@ run_test "TLS 1.3: m->m: all/ephemeral_all, good, key id mismatch, fallback"
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-c "Selected key exchange mode: ephemeral" \
|
||||
-c "HTTP/1.0 200 OK"
|
||||
|
||||
@ -2643,7 +2646,7 @@ run_test "TLS 1.3: m->m: all/psk_all, fail, key id mismatch" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-s "ClientHello message misses mandatory extensions."
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
@ -2690,7 +2693,7 @@ run_test "TLS 1.3: m->m: all/all, good, key id mismatch, fallback" \
|
||||
-c "client hello, adding pre_shared_key extension, omitting PSK binder list" \
|
||||
-c "client hello, adding psk_key_exchange_modes extension" \
|
||||
-c "client hello, adding PSK binder list" \
|
||||
-s "No matched PSK or ticket" \
|
||||
-s "No usable PSK or ticket" \
|
||||
-s "key exchange mode: ephemeral"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
|
||||
|
@ -353,8 +353,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/none." \
|
||||
-s "key exchange mode: ephemeral" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "No suitable key exchange mode" \
|
||||
-s "No matched PSK or ticket"
|
||||
-s "No suitable PSK key exchange mode" \
|
||||
-s "No usable PSK or ticket"
|
||||
|
||||
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
|
||||
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
|
||||
@ -365,7 +365,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \
|
||||
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
|
||||
0 \
|
||||
-c "Pre-configured PSK number = 1" \
|
||||
-S "No suitable key exchange mode" \
|
||||
-S "No suitable PSK key exchange mode" \
|
||||
-s "found matched identity"
|
||||
|
||||
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
|
||||
@ -381,8 +381,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_ephemeral." \
|
||||
-s "key exchange mode: ephemeral" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "No suitable key exchange mode" \
|
||||
-s "No matched PSK or ticket"
|
||||
-s "No suitable PSK key exchange mode" \
|
||||
-s "No usable PSK or ticket"
|
||||
|
||||
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
|
||||
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
|
||||
@ -393,7 +393,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \
|
||||
"$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
|
||||
0 \
|
||||
-c "Pre-configured PSK number = 1" \
|
||||
-S "No suitable key exchange mode" \
|
||||
-S "No suitable PSK key exchange mode" \
|
||||
-s "found matched identity"
|
||||
|
||||
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
|
||||
@ -409,8 +409,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/none." \
|
||||
-s "key exchange mode: ephemeral" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "No suitable key exchange mode" \
|
||||
-s "No matched PSK or ticket"
|
||||
-s "No suitable PSK key exchange mode" \
|
||||
-s "No usable PSK or ticket"
|
||||
|
||||
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
|
||||
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
|
||||
@ -425,8 +425,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk." \
|
||||
-s "key exchange mode: ephemeral" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "No suitable key exchange mode" \
|
||||
-s "No matched PSK or ticket"
|
||||
-s "No suitable PSK key exchange mode" \
|
||||
-s "No usable PSK or ticket"
|
||||
|
||||
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
|
||||
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
|
||||
@ -437,7 +437,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_ephemera
|
||||
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
|
||||
0 \
|
||||
-c "Pre-configured PSK number = 1" \
|
||||
-S "No suitable key exchange mode" \
|
||||
-S "No suitable PSK key exchange mode" \
|
||||
-s "found matched identity" \
|
||||
-s "key exchange mode: psk_ephemeral"
|
||||
|
||||
@ -450,7 +450,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_all." \
|
||||
"$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
|
||||
0 \
|
||||
-c "Pre-configured PSK number = 1" \
|
||||
-S "No suitable key exchange mode" \
|
||||
-S "No suitable PSK key exchange mode" \
|
||||
-s "found matched identity" \
|
||||
-s "key exchange mode: psk_ephemeral"
|
||||
|
||||
@ -468,8 +468,8 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/none." \
|
||||
-s "key exchange mode: ephemeral" \
|
||||
-S "key exchange mode: psk_ephemeral" \
|
||||
-S "key exchange mode: psk$" \
|
||||
-s "No suitable key exchange mode" \
|
||||
-s "No matched PSK or ticket"
|
||||
-s "No suitable PSK key exchange mode" \
|
||||
-s "No usable PSK or ticket"
|
||||
|
||||
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
|
||||
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
|
||||
@ -481,7 +481,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \
|
||||
"$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
|
||||
0 \
|
||||
-c "Pre-configured PSK number = 1" \
|
||||
-S "No suitable key exchange mode" \
|
||||
-S "No suitable PSK key exchange mode" \
|
||||
-s "found matched identity"
|
||||
|
||||
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
|
||||
@ -494,7 +494,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_ephemeral." \
|
||||
"$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
|
||||
0 \
|
||||
-c "Pre-configured PSK number = 1" \
|
||||
-S "No suitable key exchange mode" \
|
||||
-S "No suitable PSK key exchange mode" \
|
||||
-s "found matched identity" \
|
||||
-s "key exchange mode: psk_ephemeral"
|
||||
|
||||
@ -508,7 +508,7 @@ run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \
|
||||
"$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
|
||||
0 \
|
||||
-c "Pre-configured PSK number = 1" \
|
||||
-S "No suitable key exchange mode" \
|
||||
-S "No suitable PSK key exchange mode" \
|
||||
-s "found matched identity" \
|
||||
-s "key exchange mode: psk_ephemeral"
|
||||
|
||||
@ -535,3 +535,18 @@ run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \
|
||||
-s "$( tail -1 $EARLY_DATA_INPUT )" \
|
||||
-s "200 early data bytes read" \
|
||||
-s "106 early data bytes read"
|
||||
|
||||
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
|
||||
MBEDTLS_SSL_CLI_C MBEDTLS_SSL_SRV_C \
|
||||
MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
|
||||
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
run_test "TLS 1.3 m->m: Ephemeral over PSK kex with early data enabled" \
|
||||
"$P_SRV force_version=tls13 debug_level=4 max_early_data_size=1024" \
|
||||
"$P_CLI debug_level=4 early_data=1 tls13_kex_modes=psk_or_ephemeral reco_mode=1 reconnect=1" \
|
||||
0 \
|
||||
-s "key exchange mode: ephemeral" \
|
||||
-S "key exchange mode: psk" \
|
||||
-s "found matched identity" \
|
||||
-s "EarlyData: rejected, not a session resumption" \
|
||||
-C "EncryptedExtensions: early_data(42) extension exists."
|
||||
|
@ -212,10 +212,21 @@ pre_initialize_variables () {
|
||||
# defined in this script whose name starts with "component_".
|
||||
ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
|
||||
|
||||
# Delay determinig SUPPORTED_COMPONENTS until the command line options have a chance to override
|
||||
# Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override
|
||||
# the commands set by the environment
|
||||
}
|
||||
|
||||
setup_quiet_wrappers()
|
||||
{
|
||||
# Pick up "quiet" wrappers for make and cmake, which don't output very much
|
||||
# unless there is an error. This reduces logging overhead in the CI.
|
||||
#
|
||||
# Note that the cmake wrapper breaks unless we use an absolute path here.
|
||||
if [[ -e ${PWD}/tests/scripts/quiet ]]; then
|
||||
export PATH=${PWD}/tests/scripts/quiet:$PATH
|
||||
fi
|
||||
}
|
||||
|
||||
# Test whether the component $1 is included in the command line patterns.
|
||||
is_component_included()
|
||||
{
|
||||
@ -889,6 +900,16 @@ helper_libtestdriver1_adjust_config() {
|
||||
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
|
||||
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
|
||||
# If threading is enabled on the normal build, then we need to enable it in the drivers as well,
|
||||
# otherwise we will end up running multithreaded tests without mutexes to protect them.
|
||||
if scripts/config.py get MBEDTLS_THREADING_C; then
|
||||
scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_C
|
||||
fi
|
||||
|
||||
if scripts/config.py get MBEDTLS_THREADING_PTHREAD; then
|
||||
scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_PTHREAD
|
||||
fi
|
||||
}
|
||||
|
||||
# When called with no parameter this function disables all builtin curves.
|
||||
@ -6353,6 +6374,7 @@ pre_check_environment
|
||||
pre_initialize_variables
|
||||
pre_parse_command_line "$@"
|
||||
|
||||
setup_quiet_wrappers
|
||||
pre_check_git
|
||||
pre_restore_files
|
||||
pre_back_up
|
||||
|
@ -173,6 +173,8 @@ class ShebangIssueTracker(FileIssueTracker):
|
||||
b'sh': 'sh',
|
||||
}
|
||||
|
||||
path_exemptions = re.compile(r'tests/scripts/quiet/.*')
|
||||
|
||||
def is_valid_shebang(self, first_line, filepath):
|
||||
m = re.match(self._shebang_re, first_line)
|
||||
if not m:
|
||||
|
19
tests/scripts/quiet/cmake
Executable file
19
tests/scripts/quiet/cmake
Executable file
@ -0,0 +1,19 @@
|
||||
#! /usr/bin/env bash
|
||||
#
|
||||
# Copyright The Mbed TLS Contributors
|
||||
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
#
|
||||
# This swallows the output of the wrapped tool, unless there is an error.
|
||||
# This helps reduce excess logging in the CI.
|
||||
|
||||
# If you are debugging a build / CI issue, you can get complete unsilenced logs
|
||||
# by un-commenting the following line (or setting VERBOSE_LOGS in your environment):
|
||||
|
||||
# export VERBOSE_LOGS=1
|
||||
|
||||
# don't silence invocations containing these arguments
|
||||
export NO_SILENCE=" --version "
|
||||
|
||||
export TOOL="cmake"
|
||||
|
||||
exec "$(dirname "$0")/quiet.sh" "$@"
|
19
tests/scripts/quiet/make
Executable file
19
tests/scripts/quiet/make
Executable file
@ -0,0 +1,19 @@
|
||||
#! /usr/bin/env bash
|
||||
#
|
||||
# Copyright The Mbed TLS Contributors
|
||||
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
#
|
||||
# This swallows the output of the wrapped tool, unless there is an error.
|
||||
# This helps reduce excess logging in the CI.
|
||||
|
||||
# If you are debugging a build / CI issue, you can get complete unsilenced logs
|
||||
# by un-commenting the following line (or setting VERBOSE_LOGS in your environment):
|
||||
|
||||
# export VERBOSE_LOGS=1
|
||||
|
||||
# don't silence invocations containing these arguments
|
||||
export NO_SILENCE=" --version | test "
|
||||
|
||||
export TOOL="make"
|
||||
|
||||
exec "$(dirname "$0")/quiet.sh" "$@"
|
75
tests/scripts/quiet/quiet.sh
Executable file
75
tests/scripts/quiet/quiet.sh
Executable file
@ -0,0 +1,75 @@
|
||||
# -*-mode: sh; sh-shell: bash -*-
|
||||
#
|
||||
# Copyright The Mbed TLS Contributors
|
||||
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
#
|
||||
# This swallows the output of the wrapped tool, unless there is an error.
|
||||
# This helps reduce excess logging in the CI.
|
||||
|
||||
# If you are debugging a build / CI issue, you can get complete unsilenced logs
|
||||
# by un-commenting the following line (or setting VERBOSE_LOGS in your environment):
|
||||
#
|
||||
# VERBOSE_LOGS=1
|
||||
#
|
||||
# This script provides most of the functionality for the adjacent make and cmake
|
||||
# wrappers.
|
||||
#
|
||||
# It requires two variables to be set:
|
||||
#
|
||||
# TOOL - the name of the tool that is being wrapped (with no path), e.g. "make"
|
||||
#
|
||||
# NO_SILENCE - a regex that describes the commandline arguments for which output will not
|
||||
# be silenced, e.g. " --version | test ". In this example, "make lib test" will
|
||||
# not be silent, but "make lib" will be.
|
||||
|
||||
# Locate original tool
|
||||
TOOL_WITH_PATH=$(dirname "$0")/$TOOL
|
||||
ORIGINAL_TOOL=$(type -ap "${TOOL}" | grep -v -Fx "$TOOL_WITH_PATH" | head -n1)
|
||||
|
||||
print_quoted_args() {
|
||||
# similar to printf '%q' "$@"
|
||||
# but produce more human-readable results for common/simple cases like "a b"
|
||||
for a in "$@"; do
|
||||
# Get bash to quote the string
|
||||
printf -v q '%q' "$a"
|
||||
simple_pattern="^([-[:alnum:]_+./:@]+=)?([^']*)$"
|
||||
if [[ "$a" != "$q" && $a =~ $simple_pattern ]]; then
|
||||
# a requires some quoting (a != q), but has no single quotes, so we can
|
||||
# simplify the quoted form - e.g.:
|
||||
# a b -> 'a b'
|
||||
# CFLAGS=a b -> CFLAGS='a b'
|
||||
q="${BASH_REMATCH[1]}'${BASH_REMATCH[2]}'"
|
||||
fi
|
||||
printf " %s" "$q"
|
||||
done
|
||||
}
|
||||
|
||||
if [[ ! " $* " =~ " --version " ]]; then
|
||||
# Display the command being invoked - if it succeeds, this is all that will
|
||||
# be displayed. Don't do this for invocations with --version, because
|
||||
# this output is often parsed by scripts, so we don't want to modify it.
|
||||
printf %s "${TOOL}" 1>&2
|
||||
print_quoted_args "$@" 1>&2
|
||||
echo 1>&2
|
||||
fi
|
||||
|
||||
if [[ " $@ " =~ $NO_SILENCE || -n "${VERBOSE_LOGS}" ]]; then
|
||||
# Run original command with no output supression
|
||||
exec "${ORIGINAL_TOOL}" "$@"
|
||||
else
|
||||
# Run original command and capture output & exit status
|
||||
TMPFILE=$(mktemp "quiet-${TOOL}.XXXXXX")
|
||||
"${ORIGINAL_TOOL}" "$@" > "${TMPFILE}" 2>&1
|
||||
EXIT_STATUS=$?
|
||||
|
||||
if [[ $EXIT_STATUS -ne 0 ]]; then
|
||||
# On error, display the full output
|
||||
cat "${TMPFILE}"
|
||||
fi
|
||||
|
||||
# Remove tmpfile
|
||||
rm "${TMPFILE}"
|
||||
|
||||
# Propagate the exit status
|
||||
exit $EXIT_STATUS
|
||||
fi
|
@ -49,7 +49,7 @@ psa_status_t sign_hash(
|
||||
size_t signature_size,
|
||||
size_t *signature_length)
|
||||
{
|
||||
if (attributes->core.type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
|
||||
if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
|
||||
if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
|
||||
PSA_ALG_IS_RSA_PSS(alg)) {
|
||||
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
|
||||
@ -71,7 +71,7 @@ psa_status_t sign_hash(
|
||||
} else {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
} else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
|
||||
} else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
|
||||
if (PSA_ALG_IS_ECDSA(alg)) {
|
||||
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
|
||||
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||
@ -116,7 +116,7 @@ psa_status_t verify_hash(
|
||||
const uint8_t *signature,
|
||||
size_t signature_length)
|
||||
{
|
||||
if (PSA_KEY_TYPE_IS_RSA(attributes->core.type)) {
|
||||
if (PSA_KEY_TYPE_IS_RSA(attributes->type)) {
|
||||
if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
|
||||
PSA_ALG_IS_RSA_PSS(alg)) {
|
||||
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
|
||||
@ -138,7 +138,7 @@ psa_status_t verify_hash(
|
||||
} else {
|
||||
return PSA_ERROR_INVALID_ARGUMENT;
|
||||
}
|
||||
} else if (PSA_KEY_TYPE_IS_ECC(attributes->core.type)) {
|
||||
} else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
|
||||
if (PSA_ALG_IS_ECDSA(alg)) {
|
||||
#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
|
||||
(defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
|
||||
|
@ -12,9 +12,7 @@
|
||||
#include "mbedtls/psa_util.h"
|
||||
|
||||
#if defined(MBEDTLS_SSL_TLS_C)
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
static int rng_seed = 0xBEEF;
|
||||
static int rng_get(void *p_rng, unsigned char *output, size_t output_len)
|
||||
int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len)
|
||||
{
|
||||
(void) p_rng;
|
||||
for (size_t i = 0; i < output_len; i++) {
|
||||
@ -23,7 +21,6 @@ static int rng_get(void *p_rng, unsigned char *output, size_t output_len)
|
||||
|
||||
return 0;
|
||||
}
|
||||
#endif
|
||||
|
||||
void mbedtls_test_ssl_log_analyzer(void *ctx, int level,
|
||||
const char *file, int line,
|
||||
@ -46,6 +43,8 @@ void mbedtls_test_init_handshake_options(
|
||||
mbedtls_test_handshake_test_options *opts)
|
||||
{
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
static int rng_seed = 0xBEEF;
|
||||
|
||||
srand(rng_seed);
|
||||
rng_seed += 0xD0;
|
||||
#endif
|
||||
@ -686,9 +685,20 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (opaque_alg != 0) {
|
||||
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(cert->pkey, &key_slot,
|
||||
opaque_alg, opaque_usage,
|
||||
opaque_alg2), 0);
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
/* Use a fake key usage to get a successful initial guess for the PSA attributes. */
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(cert->pkey, PSA_KEY_USAGE_SIGN_HASH,
|
||||
&key_attr), 0);
|
||||
/* Then manually usage, alg and alg2 as requested by the test. */
|
||||
psa_set_key_usage_flags(&key_attr, opaque_usage);
|
||||
psa_set_key_algorithm(&key_attr, opaque_alg);
|
||||
if (opaque_alg2 != PSA_ALG_NONE) {
|
||||
psa_set_key_enrollment_algorithm(&key_attr, opaque_alg2);
|
||||
}
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(cert->pkey, &key_attr, &key_slot), 0);
|
||||
mbedtls_pk_free(cert->pkey);
|
||||
mbedtls_pk_init(cert->pkey);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(cert->pkey, key_slot), 0);
|
||||
}
|
||||
#else
|
||||
(void) opaque_alg;
|
||||
@ -745,7 +755,7 @@ int mbedtls_test_ssl_endpoint_init(
|
||||
|
||||
mbedtls_ssl_init(&(ep->ssl));
|
||||
mbedtls_ssl_config_init(&(ep->conf));
|
||||
mbedtls_ssl_conf_rng(&(ep->conf), rng_get, NULL);
|
||||
mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL);
|
||||
|
||||
TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL);
|
||||
TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0);
|
||||
|
@ -2,6 +2,7 @@
|
||||
#include "debug_internal.h"
|
||||
#include "string.h"
|
||||
#include "mbedtls/pk.h"
|
||||
#include <test/ssl_helpers.h>
|
||||
|
||||
struct buffer_data {
|
||||
char buf[2000];
|
||||
@ -65,11 +66,12 @@ void debug_print_msg_threshold(int threshold, int level, char *file,
|
||||
memset(buffer.buf, 0, 2000);
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT);
|
||||
|
||||
TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT),
|
||||
0);
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
|
||||
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
|
||||
|
||||
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
|
||||
@ -103,11 +105,12 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value,
|
||||
memset(buffer.buf, 0, 2000);
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT);
|
||||
|
||||
TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT),
|
||||
0);
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
|
||||
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
|
||||
|
||||
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
|
||||
@ -138,11 +141,12 @@ void mbedtls_debug_print_buf(char *file, int line, char *text,
|
||||
memset(buffer.buf, 0, 2000);
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT);
|
||||
|
||||
TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT),
|
||||
0);
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
|
||||
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
|
||||
|
||||
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
|
||||
@ -175,11 +179,12 @@ void mbedtls_debug_print_crt(char *crt_file, char *file, int line,
|
||||
memset(buffer.buf, 0, 2000);
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT);
|
||||
|
||||
TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT),
|
||||
0);
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
|
||||
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
|
||||
|
||||
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
|
||||
@ -214,11 +219,12 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line,
|
||||
memset(buffer.buf, 0, 2000);
|
||||
buffer.ptr = buffer.buf;
|
||||
|
||||
mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT);
|
||||
|
||||
TEST_EQUAL(mbedtls_ssl_config_defaults(&conf,
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT),
|
||||
0);
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
|
||||
mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
|
||||
|
||||
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
|
||||
|
@ -100,3 +100,19 @@ ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"12345678123456781234567812
|
||||
ECDH get_params with mismatched groups: their SECP256R1, our BP256R1
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_BP256R1_ENABLED
|
||||
ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"1234567812345678123456781234567812345678123456781234567812345678":MBEDTLS_ECP_DP_SECP256R1:"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":1:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
Context get ECP Group #1
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecdh_context_grp:MBEDTLS_ECP_DP_SECP256R1
|
||||
|
||||
Context get ECP Group #2
|
||||
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
ecdh_primitive_random:MBEDTLS_ECP_DP_SECP384R1
|
||||
|
||||
Context get ECP Group #3
|
||||
depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED
|
||||
ecdh_primitive_random:MBEDTLS_ECP_DP_SECP521R1
|
||||
|
||||
Context get ECP Group #4
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
ecdh_primitive_random:MBEDTLS_ECP_DP_CURVE448
|
||||
|
@ -464,3 +464,20 @@ exit:
|
||||
mbedtls_ecp_keypair_free(&their_key);
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void ecdh_context_grp(int id)
|
||||
{
|
||||
mbedtls_ecdh_context srv;
|
||||
|
||||
mbedtls_ecdh_init(&srv);
|
||||
TEST_ASSERT(mbedtls_ecdh_setup(&srv, id) == 0);
|
||||
|
||||
/* Test the retrieved group id matches/*/
|
||||
TEST_ASSERT((int) mbedtls_ecdh_get_grp_id(&srv) == id);
|
||||
|
||||
exit:
|
||||
mbedtls_ecdh_free(&srv);
|
||||
|
||||
}
|
||||
/* END_CASE */
|
||||
|
@ -888,6 +888,109 @@ ECP write key: Curve448, mostly-0 key, output_size=55
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
ecp_write_key:MBEDTLS_ECP_DP_CURVE448:"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080":55:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
|
||||
ECP write key ext: secp256r1, nominal
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":32:0
|
||||
|
||||
ECP write key ext: secp256r1, output longer by 1
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":33:0
|
||||
|
||||
ECP write key ext: secp256r1, output short by 1
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
|
||||
ECP write key ext: secp256r1, output_size=0
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
|
||||
ECP write key ext: secp256r1, top byte = 0, output_size=32
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":32:0
|
||||
|
||||
ECP write key ext: secp256r1, top byte = 0, output_size=31
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
|
||||
ECP write key ext: secp256r1, top byte = 0, output_size=30
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":30:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
|
||||
ECP write key ext: secp256r1, mostly-0 key, output_size=32
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"0000000000000000000000000000000000000000000000000000000000000001":32:0
|
||||
|
||||
ECP write key ext: secp256r1, mostly-0 key, output_size=1
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"0000000000000000000000000000000000000000000000000000000000000001":1:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
|
||||
ECP write key ext: secp256r1, private key not set
|
||||
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_SECP256R1:"":32:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP write key ext: secp384r1, nominal
|
||||
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":48:0
|
||||
|
||||
ECP write key ext: secp384r1, output longer by 1
|
||||
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":49:0
|
||||
|
||||
ECP write key ext: secp384r1, output short by 1
|
||||
depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":47:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
|
||||
ECP write key ext: Curve25519, nominal
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":32:0
|
||||
|
||||
ECP write key ext: Curve25519, output longer by 1
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":33:0
|
||||
|
||||
ECP write key ext: Curve25519, output short by 1
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
|
||||
ECP write key ext: Curve25519, output_size=0
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":0:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
|
||||
ECP write key ext: Curve25519, mostly-0 key, output_size=32
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"0000000000000000000000000000000000000000000000000000000000000040":32:0
|
||||
|
||||
ECP write key ext: Curve25519, mostly-0 key, output_size=31
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"0000000000000000000000000000000000000000000000000000000000000040":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
|
||||
ECP write key ext: Curve25519, private key not set
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE25519:"":32:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP write key ext: Curve448, nominal
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE448:"3c262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a779c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3":56:0
|
||||
|
||||
ECP write key ext: Curve448, output longer by 1
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE448:"3c262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a779c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3":57:0
|
||||
|
||||
ECP write key ext: Curve448, output short by 1
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE448:"3c262fddf9ec8e88495266fea19a34d28882acef045104d0d1aae121700a779c984c24f8cdd78fbff44943eba368f54b29259a4f1c600ad3":55:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
|
||||
ECP write key ext: Curve448, mostly-0 key, output_size=56
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE448:"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080":56:0
|
||||
|
||||
ECP write key ext: Curve448, mostly-0 key, output_size=55
|
||||
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_CURVE448:"0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080":55:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
|
||||
|
||||
ECP write key ext: group not set
|
||||
ecp_write_key_ext:MBEDTLS_ECP_DP_NONE:"":32:MBEDTLS_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP mod p192 small (more than 192 bits, less limbs than 2 * 192 bits)
|
||||
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_NIST_OPTIM
|
||||
ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"0100000000000103010000000000010201000000000001010100000000000100"
|
||||
|
@ -1204,29 +1204,46 @@ void mbedtls_ecp_read_key(int grp_id, data_t *in_key, int expected, int canonica
|
||||
TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Y, 2), 0);
|
||||
TEST_EQUAL(mbedtls_mpi_cmp_int(&key.Q.Z, 3), 0);
|
||||
|
||||
if (canonical) {
|
||||
if (canonical && in_key->len == (key.grp.nbits + 7) / 8) {
|
||||
unsigned char buf[MBEDTLS_ECP_MAX_BYTES];
|
||||
size_t length = 0xdeadbeef;
|
||||
|
||||
ret = mbedtls_ecp_write_key(&key, buf, in_key->len);
|
||||
TEST_ASSERT(ret == 0);
|
||||
TEST_EQUAL(mbedtls_ecp_write_key_ext(&key,
|
||||
&length, buf, in_key->len), 0);
|
||||
TEST_MEMORY_COMPARE(in_key->x, in_key->len,
|
||||
buf, length);
|
||||
|
||||
#if defined(MBEDTLS_TEST_DEPRECATED)
|
||||
memset(buf, 0, sizeof(buf));
|
||||
TEST_EQUAL(mbedtls_ecp_write_key(&key, buf, in_key->len), 0);
|
||||
TEST_MEMORY_COMPARE(in_key->x, in_key->len,
|
||||
buf, in_key->len);
|
||||
#endif /* MBEDTLS_TEST_DEPRECATED */
|
||||
} else {
|
||||
unsigned char export1[MBEDTLS_ECP_MAX_BYTES];
|
||||
unsigned char export2[MBEDTLS_ECP_MAX_BYTES];
|
||||
|
||||
ret = mbedtls_ecp_write_key(&key, export1, in_key->len);
|
||||
TEST_ASSERT(ret == 0);
|
||||
|
||||
ret = mbedtls_ecp_read_key(grp_id, &key2, export1, in_key->len);
|
||||
TEST_ASSERT(ret == expected);
|
||||
|
||||
ret = mbedtls_ecp_write_key(&key2, export2, in_key->len);
|
||||
TEST_ASSERT(ret == 0);
|
||||
size_t length1 = 0xdeadbeef;
|
||||
TEST_EQUAL(mbedtls_ecp_write_key_ext(&key, &length1,
|
||||
export1, sizeof(export1)), 0);
|
||||
TEST_EQUAL(mbedtls_ecp_read_key(grp_id, &key2, export1, length1),
|
||||
expected);
|
||||
size_t length2 = 0xdeadbeef;
|
||||
TEST_EQUAL(mbedtls_ecp_write_key_ext(&key2, &length2,
|
||||
export2, sizeof(export2)), 0);
|
||||
TEST_MEMORY_COMPARE(export1, length1,
|
||||
export2, length2);
|
||||
|
||||
#if defined(MBEDTLS_TEST_DEPRECATED)
|
||||
memset(export1, 0, sizeof(export1));
|
||||
memset(export2, 0, sizeof(export2));
|
||||
TEST_EQUAL(mbedtls_ecp_write_key(&key, export1, in_key->len), 0);
|
||||
TEST_EQUAL(mbedtls_ecp_read_key(grp_id, &key2, export1, in_key->len),
|
||||
expected);
|
||||
TEST_EQUAL(mbedtls_ecp_write_key(&key2, export2, in_key->len), 0);
|
||||
TEST_MEMORY_COMPARE(export1, in_key->len,
|
||||
export2, in_key->len);
|
||||
#endif /* MBEDTLS_TEST_DEPRECATED */
|
||||
}
|
||||
}
|
||||
|
||||
@ -1236,7 +1253,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_TEST_DEPRECATED */
|
||||
void ecp_write_key(int grp_id, data_t *in_key,
|
||||
int exported_size, int expected_ret)
|
||||
{
|
||||
@ -1296,6 +1313,42 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void ecp_write_key_ext(int grp_id, data_t *in_key,
|
||||
int exported_size, int expected_ret)
|
||||
{
|
||||
mbedtls_ecp_keypair key;
|
||||
mbedtls_ecp_keypair_init(&key);
|
||||
unsigned char *exported = NULL;
|
||||
|
||||
if (in_key->len != 0) {
|
||||
TEST_EQUAL(mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len), 0);
|
||||
} else if (grp_id != MBEDTLS_ECP_DP_NONE) {
|
||||
TEST_EQUAL(mbedtls_ecp_group_load(&key.grp, grp_id), 0);
|
||||
}
|
||||
|
||||
TEST_CALLOC(exported, exported_size);
|
||||
size_t olen = 0xdeadbeef;
|
||||
TEST_EQUAL(mbedtls_ecp_write_key_ext(&key, &olen, exported, exported_size),
|
||||
expected_ret);
|
||||
|
||||
if (expected_ret == 0) {
|
||||
TEST_EQUAL(olen, (key.grp.nbits + 7) / 8);
|
||||
TEST_LE_U(olen, MBEDTLS_ECP_MAX_BYTES);
|
||||
TEST_MEMORY_COMPARE(in_key->x, in_key->len,
|
||||
exported, olen);
|
||||
} else {
|
||||
/* Robustness check: even in the error case, insist that olen is less
|
||||
* than the buffer size. */
|
||||
TEST_LE_U(olen, exported_size);
|
||||
}
|
||||
|
||||
exit:
|
||||
mbedtls_ecp_keypair_free(&key);
|
||||
mbedtls_free(exported);
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS:MBEDTLS_ECP_MONTGOMERY_ENABLED:MBEDTLS_ECP_LIGHT */
|
||||
void genkey_mx_known_answer(int bits, data_t *seed, data_t *expected)
|
||||
{
|
||||
|
@ -434,7 +434,7 @@ exit:
|
||||
*/
|
||||
mbedtls_svc_key_id_t pk_psa_genkey_ecc(void)
|
||||
{
|
||||
mbedtls_svc_key_id_t key;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
const psa_key_type_t type =
|
||||
PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1);
|
||||
@ -456,7 +456,7 @@ exit:
|
||||
*/
|
||||
mbedtls_svc_key_id_t pk_psa_genkey_rsa(void)
|
||||
{
|
||||
mbedtls_svc_key_id_t key;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
const psa_key_type_t type = PSA_KEY_TYPE_RSA_KEY_PAIR;
|
||||
const size_t bits = 1024;
|
||||
@ -482,7 +482,7 @@ exit:
|
||||
void pk_psa_utils(int key_is_rsa)
|
||||
{
|
||||
mbedtls_pk_context pk, pk2;
|
||||
mbedtls_svc_key_id_t key;
|
||||
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
const char * const name = "Opaque";
|
||||
@ -836,6 +836,7 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
|
||||
mbedtls_pk_context pub, prv, alt;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t opaque_key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_pk_init(&pub);
|
||||
@ -873,9 +874,13 @@ void mbedtls_pk_check_pair(char *pub_file, char *prv_file, int ret)
|
||||
#endif
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if (mbedtls_pk_get_type(&prv) == MBEDTLS_PK_ECKEY) {
|
||||
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&prv, &opaque_key_id,
|
||||
PSA_ALG_ANY_HASH,
|
||||
PSA_KEY_USAGE_EXPORT, 0), 0);
|
||||
/* Turn the prv PK context into an opaque one.*/
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&prv, PSA_KEY_USAGE_SIGN_HASH,
|
||||
&opaque_key_attr), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&prv, &opaque_key_attr, &opaque_key_id), 0);
|
||||
mbedtls_pk_free(&prv);
|
||||
mbedtls_pk_init(&prv);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&prv, opaque_key_id), 0);
|
||||
TEST_EQUAL(mbedtls_pk_check_pair(&pub, &prv, mbedtls_test_rnd_std_rand,
|
||||
NULL), ret);
|
||||
}
|
||||
@ -1395,7 +1400,8 @@ void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod,
|
||||
mbedtls_mpi N, P, Q, E;
|
||||
mbedtls_rsa_context *rsa;
|
||||
mbedtls_pk_context pk;
|
||||
mbedtls_svc_key_id_t key_id;
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
size_t olen;
|
||||
|
||||
mbedtls_pk_init(&pk);
|
||||
@ -1422,10 +1428,11 @@ void pk_wrap_rsa_decrypt_test_vec(data_t *cipher, int mod,
|
||||
TEST_EQUAL(mbedtls_rsa_complete(rsa), 0);
|
||||
|
||||
/* Turn PK context into an opaque one. */
|
||||
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&pk, &key_id,
|
||||
PSA_ALG_RSA_PKCS1V15_CRYPT,
|
||||
PSA_KEY_USAGE_DECRYPT,
|
||||
PSA_ALG_NONE), 0);
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_DECRYPT, &key_attr), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &key_attr, &key_id), 0);
|
||||
mbedtls_pk_free(&pk);
|
||||
mbedtls_pk_init(&pk);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0);
|
||||
|
||||
TEST_EQUAL(mbedtls_pk_get_bitlen(&pk), mod);
|
||||
|
||||
@ -1635,10 +1642,9 @@ void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits)
|
||||
unsigned char pkey_legacy[200];
|
||||
unsigned char pkey_psa[200];
|
||||
unsigned char *pkey_legacy_start, *pkey_psa_start;
|
||||
psa_algorithm_t alg_psa;
|
||||
size_t sig_len, klen_legacy, klen_psa;
|
||||
int ret;
|
||||
mbedtls_svc_key_id_t key_id;
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
|
||||
|
||||
/*
|
||||
@ -1660,7 +1666,6 @@ void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits)
|
||||
TEST_ASSERT(mbedtls_rsa_gen_key(mbedtls_pk_rsa(pk),
|
||||
mbedtls_test_rnd_std_rand, NULL,
|
||||
curve_or_keybits, 3) == 0);
|
||||
alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256);
|
||||
} else
|
||||
#endif /* MBEDTLS_RSA_C && MBEDTLS_GENPRIME */
|
||||
#if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
|
||||
@ -1671,8 +1676,6 @@ void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits)
|
||||
TEST_ASSERT(mbedtls_pk_setup(&pk,
|
||||
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0);
|
||||
TEST_ASSERT(pk_genkey(&pk, grpid) == 0);
|
||||
|
||||
alg_psa = PSA_ALG_ECDSA(PSA_ALG_SHA_256);
|
||||
} else
|
||||
#endif /* MBEDTLS_PK_CAN_ECDSA_SIGN */
|
||||
{
|
||||
@ -1699,9 +1702,11 @@ void pk_psa_sign(int curve_or_keybits, int psa_type, int expected_bits)
|
||||
#endif /* MBEDTLS_PK_WRITE_C */
|
||||
|
||||
/* Turn PK context into an opaque one. */
|
||||
TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&pk, &key_id, alg_psa,
|
||||
PSA_KEY_USAGE_SIGN_HASH,
|
||||
PSA_ALG_NONE) == 0);
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &attributes), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &key_id), 0);
|
||||
mbedtls_pk_free(&pk);
|
||||
mbedtls_pk_init(&pk);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0);
|
||||
|
||||
PSA_ASSERT(psa_get_key_attributes(key_id, &attributes));
|
||||
TEST_EQUAL(psa_get_key_type(&attributes), (psa_key_type_t) psa_type);
|
||||
@ -1821,13 +1826,13 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg
|
||||
{
|
||||
mbedtls_pk_context pk;
|
||||
size_t sig_len, pkey_len;
|
||||
mbedtls_svc_key_id_t key_id;
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
|
||||
unsigned char pkey[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
|
||||
unsigned char *pkey_start;
|
||||
unsigned char hash[PSA_HASH_MAX_SIZE];
|
||||
psa_algorithm_t psa_md_alg = mbedtls_md_psa_alg_from_type(md_alg);
|
||||
psa_algorithm_t psa_alg;
|
||||
size_t hash_len = PSA_HASH_LENGTH(psa_md_alg);
|
||||
void const *options = NULL;
|
||||
mbedtls_pk_rsassa_pss_options rsassa_pss_options;
|
||||
@ -1844,6 +1849,10 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg
|
||||
mbedtls_test_rnd_std_rand, NULL,
|
||||
key_bits, 3), 0);
|
||||
|
||||
if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) {
|
||||
mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk), MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_NONE);
|
||||
}
|
||||
|
||||
/* Export underlying public key for re-importing in a legacy context. */
|
||||
ret = mbedtls_pk_write_pubkey_der(&pk, pkey, sizeof(pkey));
|
||||
TEST_ASSERT(ret >= 0);
|
||||
@ -1852,18 +1861,12 @@ void pk_psa_wrap_sign_ext(int pk_type, int key_bits, int key_pk_type, int md_alg
|
||||
/* mbedtls_pk_write_pubkey_der() writes backwards in the data buffer. */
|
||||
pkey_start = pkey + sizeof(pkey) - pkey_len;
|
||||
|
||||
if (key_pk_type == MBEDTLS_PK_RSA) {
|
||||
psa_alg = PSA_ALG_RSA_PKCS1V15_SIGN(psa_md_alg);
|
||||
} else if (key_pk_type == MBEDTLS_PK_RSASSA_PSS) {
|
||||
psa_alg = PSA_ALG_RSA_PSS(psa_md_alg);
|
||||
} else {
|
||||
TEST_ASSUME(!"PK key type not supported in this configuration");
|
||||
}
|
||||
|
||||
/* Turn PK context into an opaque one. */
|
||||
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&pk, &key_id, psa_alg,
|
||||
PSA_KEY_USAGE_SIGN_HASH,
|
||||
PSA_ALG_NONE), 0);
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &key_attr, &key_id), 0);
|
||||
mbedtls_pk_free(&pk);
|
||||
mbedtls_pk_init(&pk);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0);
|
||||
|
||||
memset(hash, 0x2a, sizeof(hash));
|
||||
memset(sig, 0, sizeof(sig));
|
||||
|
@ -75,6 +75,7 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
|
||||
size_t buf_len, check_buf_len;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t opaque_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
USE_PSA_INIT();
|
||||
@ -117,10 +118,13 @@ static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
|
||||
/* Verify that pk_write works also for opaque private keys */
|
||||
if (!is_public_key) {
|
||||
memset(buf, 0, check_buf_len);
|
||||
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&key, &opaque_id,
|
||||
PSA_ALG_NONE,
|
||||
PSA_KEY_USAGE_EXPORT,
|
||||
PSA_ALG_NONE), 0);
|
||||
/* Turn the key PK context into an opaque one.
|
||||
* Note: set some practical usage for the key to make get_psa_attributes() happy. */
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_MESSAGE, &key_attr), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&key, &key_attr, &opaque_id), 0);
|
||||
mbedtls_pk_free(&key);
|
||||
mbedtls_pk_init(&key);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&key, opaque_id), 0);
|
||||
start_buf = buf;
|
||||
buf_len = check_buf_len;
|
||||
TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key,
|
||||
@ -172,6 +176,7 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file)
|
||||
size_t pub_key_len = 0;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
mbedtls_pk_init(&priv_key);
|
||||
@ -194,9 +199,12 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file)
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_platform_zeroize(derived_key_raw, derived_key_len);
|
||||
|
||||
TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&priv_key, &opaque_key_id,
|
||||
PSA_ALG_NONE, PSA_KEY_USAGE_EXPORT,
|
||||
PSA_ALG_NONE), 0);
|
||||
/* Turn the priv_key PK context into an opaque one. */
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&priv_key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&priv_key, &key_attr, &opaque_key_id), 0);
|
||||
mbedtls_pk_free(&priv_key);
|
||||
mbedtls_pk_init(&priv_key);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&priv_key, opaque_key_id), 0);
|
||||
|
||||
TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw,
|
||||
derived_key_len), pub_key_len);
|
||||
|
@ -61,7 +61,7 @@ void format_storage_data_check(data_t *key_data,
|
||||
|
||||
TEST_CALLOC(file_data, file_data_length);
|
||||
psa_format_key_data_for_storage(key_data->x, key_data->len,
|
||||
&attributes.core,
|
||||
&attributes,
|
||||
file_data);
|
||||
|
||||
TEST_MEMORY_COMPARE(expected_file_data->x, expected_file_data->len,
|
||||
@ -90,7 +90,7 @@ void parse_storage_data_check(data_t *file_data,
|
||||
|
||||
status = psa_parse_key_data_from_storage(file_data->x, file_data->len,
|
||||
&key_data, &key_data_length,
|
||||
&attributes.core);
|
||||
&attributes);
|
||||
|
||||
TEST_EQUAL(status, expected_status);
|
||||
if (status != PSA_SUCCESS) {
|
||||
|
@ -952,7 +952,7 @@ void key_creation_import_export(int lifetime_arg, int min_slot, int restart)
|
||||
psa_set_key_slot_number(&attributes, min_slot);
|
||||
|
||||
if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
|
||||
attributes.core.id = returned_id;
|
||||
attributes.id = returned_id;
|
||||
} else {
|
||||
psa_set_key_id(&attributes, returned_id);
|
||||
}
|
||||
|
@ -359,19 +359,19 @@ void mock_import(int mock_alloc_return_value,
|
||||
|
||||
if (mock_alloc_return_value == PSA_SUCCESS) {
|
||||
TEST_ASSERT(mbedtls_svc_key_id_equal(
|
||||
mock_import_data.attributes.core.id, id));
|
||||
mock_import_data.attributes.id, id));
|
||||
} else {
|
||||
TEST_ASSERT(MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
|
||||
mock_import_data.attributes.core.id) == 0);
|
||||
mock_import_data.attributes.id) == 0);
|
||||
TEST_ASSERT(MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(
|
||||
mock_import_data.attributes.core.id) == 0);
|
||||
mock_import_data.attributes.id) == 0);
|
||||
}
|
||||
|
||||
TEST_ASSERT(mock_import_data.attributes.core.lifetime ==
|
||||
TEST_ASSERT(mock_import_data.attributes.lifetime ==
|
||||
(mock_alloc_return_value == PSA_SUCCESS ? lifetime : 0));
|
||||
TEST_ASSERT(mock_import_data.attributes.core.policy.usage ==
|
||||
TEST_ASSERT(mock_import_data.attributes.policy.usage ==
|
||||
(mock_alloc_return_value == PSA_SUCCESS ? PSA_KEY_USAGE_EXPORT : 0));
|
||||
TEST_ASSERT(mock_import_data.attributes.core.type ==
|
||||
TEST_ASSERT(mock_import_data.attributes.type ==
|
||||
(mock_alloc_return_value == PSA_SUCCESS ? PSA_KEY_TYPE_RAW_DATA : 0));
|
||||
|
||||
if (expected_result == PSA_SUCCESS) {
|
||||
@ -474,19 +474,19 @@ void mock_generate(int mock_alloc_return_value,
|
||||
|
||||
if (mock_alloc_return_value == PSA_SUCCESS) {
|
||||
TEST_ASSERT(mbedtls_svc_key_id_equal(
|
||||
mock_generate_data.attributes.core.id, id));
|
||||
mock_generate_data.attributes.id, id));
|
||||
} else {
|
||||
TEST_ASSERT(MBEDTLS_SVC_KEY_ID_GET_KEY_ID(
|
||||
mock_generate_data.attributes.core.id) == 0);
|
||||
mock_generate_data.attributes.id) == 0);
|
||||
TEST_ASSERT(MBEDTLS_SVC_KEY_ID_GET_OWNER_ID(
|
||||
mock_generate_data.attributes.core.id) == 0);
|
||||
mock_generate_data.attributes.id) == 0);
|
||||
}
|
||||
|
||||
TEST_ASSERT(mock_generate_data.attributes.core.lifetime ==
|
||||
TEST_ASSERT(mock_generate_data.attributes.lifetime ==
|
||||
(mock_alloc_return_value == PSA_SUCCESS ? lifetime : 0));
|
||||
TEST_ASSERT(mock_generate_data.attributes.core.policy.usage ==
|
||||
TEST_ASSERT(mock_generate_data.attributes.policy.usage ==
|
||||
(mock_alloc_return_value == PSA_SUCCESS ? PSA_KEY_USAGE_EXPORT : 0));
|
||||
TEST_ASSERT(mock_generate_data.attributes.core.type ==
|
||||
TEST_ASSERT(mock_generate_data.attributes.type ==
|
||||
(mock_alloc_return_value == PSA_SUCCESS ? PSA_KEY_TYPE_RAW_DATA : 0));
|
||||
|
||||
if (expected_result == PSA_SUCCESS) {
|
||||
|
@ -458,7 +458,7 @@ void create_fail(int lifetime_arg, int id_arg,
|
||||
* PSA key attributes APIs thus accessing to the attributes
|
||||
* directly.
|
||||
*/
|
||||
attributes.core.id = id;
|
||||
attributes.id = id;
|
||||
} else {
|
||||
psa_set_key_id(&attributes, id);
|
||||
}
|
||||
@ -992,7 +992,7 @@ void non_reusable_key_slots_integrity_in_case_of_key_slot_starvation()
|
||||
* Check that we can now access the persistent key again.
|
||||
*/
|
||||
PSA_ASSERT(psa_get_key_attributes(persistent_key, &attributes));
|
||||
TEST_ASSERT(mbedtls_svc_key_id_equal(attributes.core.id,
|
||||
TEST_ASSERT(mbedtls_svc_key_id_equal(attributes.id,
|
||||
persistent_key));
|
||||
|
||||
/*
|
||||
|
@ -3321,3 +3321,39 @@ tls13_cli_max_early_data_size:3
|
||||
|
||||
TLS 1.3 cli, maximum early data size, 93
|
||||
tls13_cli_max_early_data_size:93
|
||||
|
||||
TLS 1.3 srv, max early data size, dflt, wsz=96
|
||||
tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:-1:96
|
||||
|
||||
TLS 1.3 srv, max early data size, dflt, wsz=128
|
||||
tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:-1:128
|
||||
|
||||
TLS 1.3 srv, max early data size, 3, wsz=2
|
||||
tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:3:2
|
||||
|
||||
TLS 1.3 srv, max early data size, 3, wsz=3
|
||||
tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:3:3
|
||||
|
||||
TLS 1.3 srv, max early data size, 98, wsz=23
|
||||
tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:98:23
|
||||
|
||||
TLS 1.3 srv, max early data size, 98, wsz=49
|
||||
tls13_srv_max_early_data_size:TEST_EARLY_DATA_ACCEPTED:98:49
|
||||
|
||||
TLS 1.3 srv, max early data size, server rejects, dflt, wsz=128
|
||||
tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:-1:128
|
||||
|
||||
TLS 1.3 srv, max early data size, server rejects, 3, wsz=3
|
||||
tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:3:3
|
||||
|
||||
TLS 1.3 srv, max early data size, server rejects, 98, wsz=49
|
||||
tls13_srv_max_early_data_size:TEST_EARLY_DATA_SERVER_REJECTS:98:49
|
||||
|
||||
TLS 1.3 srv, max early data size, HRR, dflt, wsz=128
|
||||
tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:-1:128
|
||||
|
||||
TLS 1.3 srv, max early data size, HRR, 3, wsz=3
|
||||
tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:3:3
|
||||
|
||||
TLS 1.3 srv, max early data size, HRR, 98, wsz=49
|
||||
tls13_srv_max_early_data_size:TEST_EARLY_DATA_HRR:97:0
|
||||
|
@ -18,6 +18,47 @@
|
||||
#define TEST_EARLY_DATA_SERVER_REJECTS 2
|
||||
#define TEST_EARLY_DATA_HRR 3
|
||||
|
||||
#if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
|
||||
defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \
|
||||
defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_DEBUG_C) && \
|
||||
defined(MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE) && \
|
||||
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \
|
||||
defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) && \
|
||||
defined(MBEDTLS_MD_CAN_SHA256) && \
|
||||
defined(MBEDTLS_ECP_HAVE_SECP256R1) && defined(MBEDTLS_ECP_HAVE_SECP384R1) && \
|
||||
defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) && defined(MBEDTLS_SSL_SESSION_TICKETS)
|
||||
/*
|
||||
* Test function to write early data for negative tests where
|
||||
* mbedtls_ssl_write_early_data() cannot be used.
|
||||
*/
|
||||
static int write_early_data(mbedtls_ssl_context *ssl,
|
||||
unsigned char *buf, size_t len)
|
||||
{
|
||||
int ret = mbedtls_ssl_get_max_out_record_payload(ssl);
|
||||
|
||||
TEST_ASSERT(ret > 0);
|
||||
TEST_LE_U(len, (size_t) ret);
|
||||
|
||||
ret = mbedtls_ssl_flush_output(ssl);
|
||||
TEST_EQUAL(ret, 0);
|
||||
TEST_EQUAL(ssl->out_left, 0);
|
||||
|
||||
ssl->out_msglen = len;
|
||||
ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
|
||||
if (len > 0) {
|
||||
memcpy(ssl->out_msg, buf, len);
|
||||
}
|
||||
|
||||
ret = mbedtls_ssl_write_record(ssl, 1);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = len;
|
||||
|
||||
exit:
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* END_HEADER */
|
||||
|
||||
/* BEGIN_DEPENDENCIES
|
||||
@ -1131,6 +1172,8 @@ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret)
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT) == 0);
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
|
||||
|
||||
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
|
||||
|
||||
/* Read previous record numbers */
|
||||
@ -2879,6 +2922,7 @@ void conf_version(int endpoint, int transport,
|
||||
mbedtls_ssl_conf_transport(&conf, transport);
|
||||
mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version);
|
||||
mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version);
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
|
||||
|
||||
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result);
|
||||
TEST_EQUAL(mbedtls_ssl_conf_get_endpoint(
|
||||
@ -2920,6 +2964,8 @@ void conf_curve()
|
||||
mbedtls_ssl_init(&ssl);
|
||||
MD_OR_USE_PSA_INIT();
|
||||
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
|
||||
|
||||
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
|
||||
|
||||
TEST_ASSERT(ssl.handshake != NULL && ssl.handshake->group_list != NULL);
|
||||
@ -2951,6 +2997,7 @@ void conf_group()
|
||||
mbedtls_ssl_config conf;
|
||||
mbedtls_ssl_config_init(&conf);
|
||||
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
|
||||
mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
|
||||
mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2);
|
||||
|
||||
@ -3059,6 +3106,7 @@ void cookie_parsing(data_t *cookie, int exp_ret)
|
||||
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT),
|
||||
0);
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
|
||||
|
||||
TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
|
||||
TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id,
|
||||
@ -3113,6 +3161,7 @@ void cid_sanity()
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT)
|
||||
== 0);
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
|
||||
|
||||
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
|
||||
|
||||
@ -3371,6 +3420,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg)
|
||||
MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_SSL_TRANSPORT_STREAM,
|
||||
MBEDTLS_SSL_PRESET_DEFAULT), 0);
|
||||
mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
|
||||
|
||||
TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
|
||||
|
||||
@ -4159,6 +4209,10 @@ void tls13_write_early_data(int scenario)
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
/*
|
||||
* Remove server support for the group negotiated in
|
||||
* mbedtls_test_get_tls13_ticket() forcing a HelloRetryRequest.
|
||||
*/
|
||||
server_options.group_list = group_list + 1;
|
||||
break;
|
||||
|
||||
@ -4596,3 +4650,259 @@ exit:
|
||||
PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/*
|
||||
* The !MBEDTLS_SSL_PROTO_TLS1_2 dependency of tls13_early_data() below is
|
||||
* a temporary workaround to not run the test in Windows-2013 where there is
|
||||
* an issue with mbedtls_vsnprintf().
|
||||
*/
|
||||
/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */
|
||||
void tls13_srv_max_early_data_size(int scenario, int max_early_data_size_arg, int write_size_arg)
|
||||
{
|
||||
int ret = -1;
|
||||
mbedtls_test_ssl_endpoint client_ep, server_ep;
|
||||
mbedtls_test_handshake_test_options client_options;
|
||||
mbedtls_test_handshake_test_options server_options;
|
||||
mbedtls_ssl_session saved_session;
|
||||
mbedtls_test_ssl_log_pattern server_pattern = { NULL, 0 };
|
||||
uint16_t group_list[3] = {
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_NONE
|
||||
};
|
||||
char pattern[128];
|
||||
unsigned char *buf_write = NULL;
|
||||
uint32_t write_size = (uint32_t) write_size_arg;
|
||||
unsigned char *buf_read = NULL;
|
||||
uint32_t read_size;
|
||||
uint32_t expanded_early_data_chunk_size = 0;
|
||||
uint32_t written_early_data_size = 0;
|
||||
uint32_t max_early_data_size;
|
||||
|
||||
mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
|
||||
mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
|
||||
mbedtls_test_init_handshake_options(&client_options);
|
||||
mbedtls_test_init_handshake_options(&server_options);
|
||||
mbedtls_ssl_session_init(&saved_session);
|
||||
PSA_INIT();
|
||||
|
||||
TEST_CALLOC(buf_write, write_size);
|
||||
|
||||
/*
|
||||
* Allocate a smaller buffer for early data reading to exercise the reading
|
||||
* of data in one record in multiple calls.
|
||||
*/
|
||||
read_size = (write_size / 2) + 1;
|
||||
TEST_CALLOC(buf_read, read_size);
|
||||
|
||||
/*
|
||||
* Run first handshake to get a ticket from the server.
|
||||
*/
|
||||
|
||||
client_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
client_options.group_list = group_list;
|
||||
client_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
|
||||
server_options.pk_alg = MBEDTLS_PK_ECDSA;
|
||||
server_options.group_list = group_list;
|
||||
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_ENABLED;
|
||||
server_options.max_early_data_size = max_early_data_size_arg;
|
||||
|
||||
ret = mbedtls_test_get_tls13_ticket(&client_options, &server_options,
|
||||
&saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Prepare for handshake with the ticket.
|
||||
*/
|
||||
server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
|
||||
server_options.srv_log_obj = &server_pattern;
|
||||
server_pattern.pattern = pattern;
|
||||
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_ACCEPTED:
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS:
|
||||
server_options.early_data = MBEDTLS_SSL_EARLY_DATA_DISABLED;
|
||||
ret = mbedtls_snprintf(pattern, sizeof(pattern),
|
||||
"EarlyData: deprotect and discard app data records.");
|
||||
TEST_ASSERT(ret < (int) sizeof(pattern));
|
||||
mbedtls_debug_set_threshold(3);
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
/*
|
||||
* Remove server support for the group negotiated in
|
||||
* mbedtls_test_get_tls13_ticket() forcing an HelloRetryRequest.
|
||||
*/
|
||||
server_options.group_list = group_list + 1;
|
||||
ret = mbedtls_snprintf(
|
||||
pattern, sizeof(pattern),
|
||||
"EarlyData: Ignore application message before 2nd ClientHello");
|
||||
TEST_ASSERT(ret < (int) sizeof(pattern));
|
||||
mbedtls_debug_set_threshold(3);
|
||||
break;
|
||||
|
||||
default:
|
||||
TEST_FAIL("Unknown scenario.");
|
||||
}
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
|
||||
&client_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
|
||||
&server_options, NULL, NULL, NULL);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
|
||||
mbedtls_test_ticket_write,
|
||||
mbedtls_test_ticket_parse,
|
||||
NULL);
|
||||
|
||||
ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
|
||||
&(server_ep.socket), 1024);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
max_early_data_size = saved_session.max_early_data_size;
|
||||
|
||||
ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session);
|
||||
TEST_EQUAL(ret, 0);
|
||||
|
||||
/*
|
||||
* Start an handshake based on the ticket up to the point where early data
|
||||
* can be sent from client side. Then send in a loop as much early data as
|
||||
* possible without going over the maximum permitted size for the ticket.
|
||||
* Finally, do a last writting to go past that maximum permitted size and
|
||||
* check that we detect it.
|
||||
*/
|
||||
TEST_EQUAL(mbedtls_test_move_handshake_to_state(
|
||||
&(client_ep.ssl), &(server_ep.ssl),
|
||||
MBEDTLS_SSL_SERVER_HELLO), 0);
|
||||
|
||||
TEST_ASSERT(client_ep.ssl.early_data_status !=
|
||||
MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
|
||||
|
||||
ret = mbedtls_ssl_handshake(&(server_ep.ssl));
|
||||
TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ);
|
||||
|
||||
/*
|
||||
* Write and if possible read as much as possible chunks of write_size
|
||||
* bytes data without getting over the max_early_data_size limit.
|
||||
*/
|
||||
do {
|
||||
uint32_t read_early_data_size = 0;
|
||||
|
||||
/*
|
||||
* The contents of the early data are not very important, write a
|
||||
* pattern that varies byte-by-byte and is different for every chunk of
|
||||
* early data.
|
||||
*/
|
||||
if ((written_early_data_size + write_size) > max_early_data_size) {
|
||||
break;
|
||||
}
|
||||
|
||||
/*
|
||||
* If the server rejected early data, base the determination of when
|
||||
* to stop the loop on the expanded size (padding and encryption
|
||||
* expansion) of early data on server side and the number of early data
|
||||
* received so far by the server (multiple of the expanded size).
|
||||
*/
|
||||
if ((expanded_early_data_chunk_size != 0) &&
|
||||
((server_ep.ssl.total_early_data_size +
|
||||
expanded_early_data_chunk_size) > max_early_data_size)) {
|
||||
break;
|
||||
}
|
||||
|
||||
for (size_t i = 0; i < write_size; i++) {
|
||||
buf_write[i] = (unsigned char) (written_early_data_size + i);
|
||||
}
|
||||
|
||||
ret = write_early_data(&(client_ep.ssl), buf_write, write_size);
|
||||
TEST_EQUAL(ret, write_size);
|
||||
written_early_data_size += write_size;
|
||||
|
||||
switch (scenario) {
|
||||
case TEST_EARLY_DATA_ACCEPTED:
|
||||
while (read_early_data_size < write_size) {
|
||||
ret = mbedtls_ssl_handshake(&(server_ep.ssl));
|
||||
TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA);
|
||||
|
||||
ret = mbedtls_ssl_read_early_data(&(server_ep.ssl),
|
||||
buf_read, read_size);
|
||||
TEST_ASSERT(ret > 0);
|
||||
|
||||
TEST_MEMORY_COMPARE(buf_read, ret,
|
||||
buf_write + read_early_data_size, ret);
|
||||
read_early_data_size += ret;
|
||||
|
||||
TEST_EQUAL(server_ep.ssl.total_early_data_size,
|
||||
written_early_data_size);
|
||||
}
|
||||
break;
|
||||
|
||||
case TEST_EARLY_DATA_SERVER_REJECTS: /* Intentional fallthrough */
|
||||
case TEST_EARLY_DATA_HRR:
|
||||
ret = mbedtls_ssl_handshake(&(server_ep.ssl));
|
||||
/*
|
||||
* In this write loop we try to always stay below the
|
||||
* max_early_data_size limit but if max_early_data_size is very
|
||||
* small we may exceed the max_early_data_size limit on the
|
||||
* first write. In TEST_EARLY_DATA_SERVER_REJECTS/
|
||||
* TEST_EARLY_DATA_HRR scenario, this is for sure the case if
|
||||
* max_early_data_size is smaller than the smallest possible
|
||||
* inner content/protected record. Take into account this
|
||||
* possibility here but only for max_early_data_size values
|
||||
* that are close to write_size. Below, '1' is for the inner
|
||||
* type byte and '16' is to take into account some AEAD
|
||||
* expansion (tag, ...).
|
||||
*/
|
||||
if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE) {
|
||||
if (scenario == TEST_EARLY_DATA_SERVER_REJECTS) {
|
||||
TEST_LE_U(max_early_data_size,
|
||||
write_size + 1 +
|
||||
MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY);
|
||||
} else {
|
||||
TEST_LE_U(max_early_data_size,
|
||||
write_size + 1 + 16 +
|
||||
MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY);
|
||||
}
|
||||
goto exit;
|
||||
}
|
||||
|
||||
TEST_ASSERT(ret == MBEDTLS_ERR_SSL_WANT_READ);
|
||||
|
||||
TEST_EQUAL(server_pattern.counter, 1);
|
||||
server_pattern.counter = 0;
|
||||
if (expanded_early_data_chunk_size == 0) {
|
||||
expanded_early_data_chunk_size = server_ep.ssl.total_early_data_size;
|
||||
}
|
||||
break;
|
||||
}
|
||||
TEST_LE_U(server_ep.ssl.total_early_data_size, max_early_data_size);
|
||||
} while (1);
|
||||
|
||||
mbedtls_debug_set_threshold(3);
|
||||
ret = write_early_data(&(client_ep.ssl), buf_write, write_size);
|
||||
TEST_EQUAL(ret, write_size);
|
||||
|
||||
ret = mbedtls_snprintf(pattern, sizeof(pattern),
|
||||
"EarlyData: Too much early data received");
|
||||
TEST_ASSERT(ret < (int) sizeof(pattern));
|
||||
|
||||
ret = mbedtls_ssl_handshake(&(server_ep.ssl));
|
||||
TEST_EQUAL(ret, MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE);
|
||||
TEST_EQUAL(server_pattern.counter, 1);
|
||||
|
||||
exit:
|
||||
mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
|
||||
mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
|
||||
mbedtls_test_free_handshake_options(&client_options);
|
||||
mbedtls_test_free_handshake_options(&server_options);
|
||||
mbedtls_ssl_session_free(&saved_session);
|
||||
mbedtls_free(buf_write);
|
||||
mbedtls_free(buf_read);
|
||||
mbedtls_debug_set_threshold(0);
|
||||
PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
@ -3155,6 +3155,18 @@ X509 File parse (conforms to RFC 5480 / RFC 5758 - AlgorithmIdentifier's paramet
|
||||
depends_on:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_MD_CAN_SHA256
|
||||
x509parse_crt_file:"data_files/parse_input/server5.crt":0
|
||||
|
||||
X509 File parse & read the ca_istrue field (Not Set)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA1
|
||||
mbedtls_x509_get_ca_istrue:"data_files/parse_input/server1.crt":0
|
||||
|
||||
X509 File parse & read the ca_istrue field (Set)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA1
|
||||
mbedtls_x509_get_ca_istrue:"data_files/test-ca.crt":1
|
||||
|
||||
X509 File parse & read the ca_istrue field (Legacy Certificate)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAVE_TIME_DATE:MBEDTLS_MD_CAN_SHA1:MBEDTLS_MD_CAN_SHA256
|
||||
mbedtls_x509_get_ca_istrue:"data_files/server1-v1.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS
|
||||
|
||||
X509 Get time (UTC no issues)
|
||||
depends_on:MBEDTLS_X509_USE_C
|
||||
x509_get_time:MBEDTLS_ASN1_UTC_TIME:"500101000000Z":0:1950:1:1:0:0:0
|
||||
|
@ -1083,6 +1083,21 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
|
||||
void mbedtls_x509_get_ca_istrue(char *crt_file, int result)
|
||||
{
|
||||
mbedtls_x509_crt crt;
|
||||
mbedtls_x509_crt_init(&crt);
|
||||
USE_PSA_INIT();
|
||||
|
||||
TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
|
||||
TEST_EQUAL(mbedtls_x509_crt_get_ca_istrue(&crt), result);
|
||||
exit:
|
||||
mbedtls_x509_crt_free(&crt);
|
||||
USE_PSA_DONE();
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
|
||||
void x509parse_crt(data_t *buf, char *result_str, int result)
|
||||
{
|
||||
|
@ -284,7 +284,7 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage,
|
||||
{
|
||||
mbedtls_pk_context key;
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_algorithm_t md_alg_psa, alg_psa;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
mbedtls_x509write_csr req;
|
||||
unsigned char buf[4096];
|
||||
int ret;
|
||||
@ -297,24 +297,16 @@ void x509_csr_check_opaque(char *key_file, int md_type, int key_usage,
|
||||
|
||||
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
|
||||
|
||||
md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type);
|
||||
TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
|
||||
|
||||
mbedtls_pk_init(&key);
|
||||
TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
|
||||
mbedtls_test_rnd_std_rand, NULL) == 0);
|
||||
|
||||
if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
|
||||
alg_psa = PSA_ALG_ECDSA(md_alg_psa);
|
||||
} else if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
|
||||
alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(md_alg_psa);
|
||||
} else {
|
||||
TEST_ASSUME(!"PK key type not supported in this configuration");
|
||||
}
|
||||
|
||||
TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&key, &key_id, alg_psa,
|
||||
PSA_KEY_USAGE_SIGN_HASH,
|
||||
PSA_ALG_NONE) == 0);
|
||||
/* Turn the PK context into an opaque one. */
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&key, PSA_KEY_USAGE_SIGN_HASH, &key_attr), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&key, &key_attr, &key_id), 0);
|
||||
mbedtls_pk_free(&key);
|
||||
mbedtls_pk_init(&key);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&key, key_id), 0);
|
||||
|
||||
mbedtls_x509write_csr_set_md_alg(&req, md_type);
|
||||
mbedtls_x509write_csr_set_key(&req, &key);
|
||||
@ -373,6 +365,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
||||
mbedtls_test_rnd_pseudo_info rnd_info;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
|
||||
#endif
|
||||
mbedtls_pk_type_t issuer_key_type;
|
||||
mbedtls_x509_san_list san_ip;
|
||||
@ -451,24 +444,14 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
/* For Opaque PK contexts, wrap key as an Opaque RSA context. */
|
||||
/* Turn the issuer PK context into an opaque one. */
|
||||
if (pk_wrap == 2) {
|
||||
psa_algorithm_t alg_psa, md_alg_psa;
|
||||
|
||||
md_alg_psa = mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) md_type);
|
||||
TEST_ASSERT(md_alg_psa != MBEDTLS_MD_NONE);
|
||||
|
||||
if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_ECKEY) {
|
||||
alg_psa = PSA_ALG_ECDSA(md_alg_psa);
|
||||
} else if (mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_RSA) {
|
||||
alg_psa = PSA_ALG_RSA_PKCS1V15_SIGN(md_alg_psa);
|
||||
} else {
|
||||
TEST_ASSUME(!"PK key type not supported in this configuration");
|
||||
}
|
||||
|
||||
TEST_ASSERT(mbedtls_pk_wrap_as_opaque(&issuer_key, &key_id, alg_psa,
|
||||
PSA_KEY_USAGE_SIGN_HASH,
|
||||
PSA_ALG_NONE) == 0);
|
||||
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&issuer_key, PSA_KEY_USAGE_SIGN_HASH,
|
||||
&key_attr), 0);
|
||||
TEST_EQUAL(mbedtls_pk_import_into_psa(&issuer_key, &key_attr, &key_id), 0);
|
||||
mbedtls_pk_free(&issuer_key);
|
||||
mbedtls_pk_init(&issuer_key);
|
||||
TEST_EQUAL(mbedtls_pk_setup_opaque(&issuer_key, key_id), 0);
|
||||
}
|
||||
#endif /* MBEDTLS_USE_PSA_CRYPTO */
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user