From d893837d017086aec55dccfee287f35bd40452d7 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 23 Feb 2023 10:04:58 +0800 Subject: [PATCH 001/350] compat.sh: add --list-test-case The option --list-test-case lists all potential test cases without executing them. The test case description is identical with $TITLE during test case execution. Signed-off-by: Yanray Wang --- tests/compat.sh | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/compat.sh b/tests/compat.sh index 8f7d72c7b6..440e87a2af 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -110,6 +110,36 @@ print_usage() { printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n" printf " -M|--memcheck\tCheck memory leaks and errors.\n" printf " -v|--verbose\tSet verbose output.\n" + printf " --list-test-case\tList all potential test cases (No Execution)\n" +} + +# print_test_title +print_test_title() { + for i in $3; do + TITLE="$1->$2 $MODE,$VERIF $i" + echo "$TITLE" + done +} + +list_test_case() { + reset_ciphersuites + for TYPE in $TYPES; do + add_common_ciphersuites + add_openssl_ciphersuites + add_gnutls_ciphersuites + add_mbedtls_ciphersuites + done + + for VERIFY in $VERIFIES; do + VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') + for MODE in $MODES; do + print_test_title m o "$O_CIPHERS" + print_test_title o m "$O_CIPHERS" + print_test_title m g "$G_CIPHERS" + print_test_title g m "$G_CIPHERS" + print_test_title m m "$M_CIPHERS" + done + done } get_options() { @@ -139,6 +169,10 @@ get_options() { -M|--memcheck) MEMCHECK=1 ;; + --list-test-case) + list_test_case + exit 0 + ;; -h|--help) print_usage exit 0 From 235469302d592873dac98230f7ede501d0150315 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 24 Feb 2023 14:53:29 +0800 Subject: [PATCH 002/350] check_test_cases.py: support checking test coverage in compat.sh Test case description in compat.sh is in format of [ogm]->[ogm] TLSmode, VERIFY CIPHERSUITE_NAME This program calls compat.sh to list all potential test case descriptions then checks test case duplication. Signed-off-by: Yanray Wang --- tests/scripts/check_test_cases.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index d84ed042c4..dd167672f3 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -25,6 +25,7 @@ import argparse import glob import os import re +import subprocess import sys class Results: @@ -111,6 +112,24 @@ state may override this method. self.process_test_case(descriptions, file_name, line_number, description) + def walk_compat_sh(self, file_name): + """Iterate over the test cases compat.sh with a similar format.""" + descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none + compat_cmd = ['sh', file_name, '--list-test-case'] + result = subprocess.run(compat_cmd, + stdout=subprocess.PIPE, + check=False) + if result.returncode != 0: + print(*compat_cmd, 'returned', str(result.returncode)) + return + else: + # Pattern: g->m dtls12,no TLS_DHE_PSK_WITH_AES_128_CBC_SHA\n + m = re.findall(br'[^ogm]*((?:[ogm]->[ogm]\s*\w*.\w*\s\w*)*)\n', + result.stdout) + if m: + for i in m: + self.process_test_case(descriptions, file_name, 1, i) + @staticmethod def collect_test_directories(): """Get the relative path for the TLS and Crypto test directories.""" @@ -136,6 +155,9 @@ state may override this method. for ssl_opt_file_name in glob.glob(os.path.join(directory, 'opt-testcases', '*.sh')): self.walk_ssl_opt_sh(ssl_opt_file_name) + compat_sh = os.path.join(directory, 'compat.sh') + if os.path.exists(compat_sh): + self.walk_compat_sh(compat_sh) class TestDescriptions(TestDescriptionExplorer): """Collect the available test cases.""" From 3fcd3a73c97394a52b82badf67e2357c31ffd0cf Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 24 Feb 2023 17:07:47 +0800 Subject: [PATCH 003/350] compat.sh: uniform test description Test case description is printed by different block of code. This causes code maintenance harder since we need to maintain two parts of code with same functionality. print_test_title is used to control test case description in compat.sh Signed-off-by: Yanray Wang --- tests/compat.sh | 25 +++++++++++++------------ tests/scripts/check_test_cases.py | 4 ++-- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 440e87a2af..9a435c312c 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -35,6 +35,7 @@ TESTS=0 FAILED=0 SKIPPED=0 SRVMEM=0 +LIST_TEST_CASE=0 # default commands, can be overridden by the environment : ${M_SRV:=../programs/ssl/ssl_server2} @@ -113,14 +114,6 @@ print_usage() { printf " --list-test-case\tList all potential test cases (No Execution)\n" } -# print_test_title -print_test_title() { - for i in $3; do - TITLE="$1->$2 $MODE,$VERIF $i" - echo "$TITLE" - done -} - list_test_case() { reset_ciphersuites for TYPE in $TYPES; do @@ -170,6 +163,7 @@ get_options() { MEMCHECK=1 ;; --list-test-case) + LIST_TEST_CASE=1 list_test_case exit 0 ;; @@ -824,14 +818,21 @@ wait_client_done() { echo "EXIT: $EXIT" >> $CLI_OUT } +# print_test_title +print_test_title() { + for i in $3; do + TITLE="$1->$2 $MODE,$VERIF $i" + DOTS72="........................................................................" + printf "%s %.*s " "$TITLE" "$((71 - ${#TITLE}))" "$DOTS72" + [ $LIST_TEST_CASE -eq 1 ] && printf "\n" + done +} + # run_client PROGRAM_NAME STANDARD_CIPHER_SUITE PROGRAM_CIPHER_SUITE run_client() { # announce what we're going to do TESTS=$(( $TESTS + 1 )) - TITLE="${1%"${1#?}"}->${SERVER_NAME%"${SERVER_NAME#?}"}" - TITLE="$TITLE $MODE,$VERIF $2" - DOTS72="........................................................................" - printf "%s %.*s " "$TITLE" "$((71 - ${#TITLE}))" "$DOTS72" + print_test_title "${1%"${1#?}"}" "${SERVER_NAME%"${SERVER_NAME#?}"}" $2 # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index dd167672f3..b75d51743a 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -123,8 +123,8 @@ state may override this method. print(*compat_cmd, 'returned', str(result.returncode)) return else: - # Pattern: g->m dtls12,no TLS_DHE_PSK_WITH_AES_128_CBC_SHA\n - m = re.findall(br'[^ogm]*((?:[ogm]->[ogm]\s*\w*.\w*\s\w*)*)\n', + # Pattern: g->m dtls12,no TLS_DHE_PSK_WITH_AES_128_CBC_SHA .......... \n + m = re.findall(br'[^ogm]*((?:[ogm]->[ogm]\s*\w*.\w*\s\w*)*)\s*\.*\s*\n', result.stdout) if m: for i in m: From 7b394da7381aa58f009da0995f8ae9cc92488796 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 2 Mar 2023 11:41:26 +0800 Subject: [PATCH 004/350] compat.sh: fix uncompatiable name of peers in --list-test-case Signed-off-by: Yanray Wang --- tests/compat.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 9a435c312c..37df940cea 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -126,10 +126,10 @@ list_test_case() { for VERIFY in $VERIFIES; do VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') for MODE in $MODES; do - print_test_title m o "$O_CIPHERS" - print_test_title o m "$O_CIPHERS" - print_test_title m g "$G_CIPHERS" - print_test_title g m "$G_CIPHERS" + print_test_title m O "$O_CIPHERS" + print_test_title O m "$O_CIPHERS" + print_test_title m G "$G_CIPHERS" + print_test_title G m "$G_CIPHERS" print_test_title m m "$M_CIPHERS" done done From fb784b26d29730a69842f9cb11b1cb400e896282 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 2 Mar 2023 11:55:55 +0800 Subject: [PATCH 005/350] compat.sh: uniform TITLE format for --list-test-case and run_client uniform_title is used to print identical format of $TITLE between --list-test-case and run_client. In such way, no matter how $TITLE is developed, --list-test-case will in the same format of test case description as stored in OUTCOME.CSV. Signed-off-by: Yanray Wang --- tests/compat.sh | 38 ++++++++++++++++++++++---------------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index 37df940cea..d63fc063bb 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -35,7 +35,6 @@ TESTS=0 FAILED=0 SKIPPED=0 SRVMEM=0 -LIST_TEST_CASE=0 # default commands, can be overridden by the environment : ${M_SRV:=../programs/ssl/ssl_server2} @@ -114,6 +113,14 @@ print_usage() { printf " --list-test-case\tList all potential test cases (No Execution)\n" } +# print_test_case +print_test_case() { + for i in $3; do + uniform_title $1 $2 $i + echo $TITLE + done +} + list_test_case() { reset_ciphersuites for TYPE in $TYPES; do @@ -126,11 +133,11 @@ list_test_case() { for VERIFY in $VERIFIES; do VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') for MODE in $MODES; do - print_test_title m O "$O_CIPHERS" - print_test_title O m "$O_CIPHERS" - print_test_title m G "$G_CIPHERS" - print_test_title G m "$G_CIPHERS" - print_test_title m m "$M_CIPHERS" + print_test_case m O "$O_CIPHERS" + print_test_case O m "$O_CIPHERS" + print_test_case m G "$G_CIPHERS" + print_test_case G m "$G_CIPHERS" + print_test_case m m "$M_CIPHERS" done done } @@ -163,7 +170,6 @@ get_options() { MEMCHECK=1 ;; --list-test-case) - LIST_TEST_CASE=1 list_test_case exit 0 ;; @@ -818,21 +824,21 @@ wait_client_done() { echo "EXIT: $EXIT" >> $CLI_OUT } -# print_test_title -print_test_title() { - for i in $3; do - TITLE="$1->$2 $MODE,$VERIF $i" - DOTS72="........................................................................" - printf "%s %.*s " "$TITLE" "$((71 - ${#TITLE}))" "$DOTS72" - [ $LIST_TEST_CASE -eq 1 ] && printf "\n" - done +# uniform_title +# $TITLE is considered as test case description for both --list-test-case and +# MBEDTLS_TEST_OUTCOME_FILE. This function aims to control the format of +# each test case description. +uniform_title() { + TITLE="$1->$2 $MODE,$VERIF $3" } # run_client PROGRAM_NAME STANDARD_CIPHER_SUITE PROGRAM_CIPHER_SUITE run_client() { # announce what we're going to do TESTS=$(( $TESTS + 1 )) - print_test_title "${1%"${1#?}"}" "${SERVER_NAME%"${SERVER_NAME#?}"}" $2 + uniform_title "${1%"${1#?}"}" "${SERVER_NAME%"${SERVER_NAME#?}"}" $2 + DOTS72="........................................................................" + printf "%s %.*s " "$TITLE" "$((71 - ${#TITLE}))" "$DOTS72" # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then From 521710e91dadbfb41a033aa2e39426f2b139af89 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 2 Mar 2023 14:45:01 +0800 Subject: [PATCH 006/350] check_test_cases.py: simplify how to store test case description Signed-off-by: Yanray Wang --- tests/scripts/check_test_cases.py | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index b75d51743a..b0b84213aa 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -123,12 +123,11 @@ state may override this method. print(*compat_cmd, 'returned', str(result.returncode)) return else: - # Pattern: g->m dtls12,no TLS_DHE_PSK_WITH_AES_128_CBC_SHA .......... \n - m = re.findall(br'[^ogm]*((?:[ogm]->[ogm]\s*\w*.\w*\s\w*)*)\s*\.*\s*\n', - result.stdout) - if m: - for i in m: - self.process_test_case(descriptions, file_name, 1, i) + # Assume compat.sh is responsible for printing identical format of + # test case description between --list-test-case and its OUTCOME.CSV + description = result.stdout.strip().split(b'\n') + for idx, descrip in enumerate(description): + self.process_test_case(descriptions, file_name, idx, descrip) @staticmethod def collect_test_directories(): From cdc07083345eef2b2404d7a4a9c55c2546a7899f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 3 Mar 2023 17:12:29 +0800 Subject: [PATCH 007/350] check_test_cases.py: use check_output to capture error and return This commit includes: - use subprocess.check_output to report error and capture return value - add comment as a reminder for option --list-test-case Signed-off-by: Yanray Wang --- tests/compat.sh | 3 +++ tests/scripts/check_test_cases.py | 19 +++++++------------ 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/tests/compat.sh b/tests/compat.sh index d63fc063bb..ff621fc75e 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -121,6 +121,7 @@ print_test_case() { done } +# list_test_case lists all potential test cases in compat.sh without execution list_test_case() { reset_ciphersuites for TYPE in $TYPES; do @@ -169,6 +170,8 @@ get_options() { -M|--memcheck) MEMCHECK=1 ;; + # Please check scripts/check_test_cases.py correspondingly + # if you have to modify option, --list-test-case --list-test-case) list_test_case exit 0 diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index b0b84213aa..ae2bfdfe00 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -116,18 +116,13 @@ state may override this method. """Iterate over the test cases compat.sh with a similar format.""" descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none compat_cmd = ['sh', file_name, '--list-test-case'] - result = subprocess.run(compat_cmd, - stdout=subprocess.PIPE, - check=False) - if result.returncode != 0: - print(*compat_cmd, 'returned', str(result.returncode)) - return - else: - # Assume compat.sh is responsible for printing identical format of - # test case description between --list-test-case and its OUTCOME.CSV - description = result.stdout.strip().split(b'\n') - for idx, descrip in enumerate(description): - self.process_test_case(descriptions, file_name, idx, descrip) + compat_output = subprocess.check_output(compat_cmd, + stderr=subprocess.STDOUT) + # Assume compat.sh is responsible for printing identical format of + # test case description between --list-test-case and its OUTCOME.CSV + description = compat_output.strip().split(b'\n') + for idx, descrip in enumerate(description): + self.process_test_case(descriptions, file_name, idx, descrip) @staticmethod def collect_test_directories(): From 2b50c651da1cf13a06956438508c58b36c534aff Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 6 Mar 2023 19:35:04 +0800 Subject: [PATCH 008/350] check_test_cases.py: do not redirect stderr to stdout Signed-off-by: Yanray Wang --- tests/scripts/check_test_cases.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index ae2bfdfe00..2692371ab8 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -116,8 +116,7 @@ state may override this method. """Iterate over the test cases compat.sh with a similar format.""" descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none compat_cmd = ['sh', file_name, '--list-test-case'] - compat_output = subprocess.check_output(compat_cmd, - stderr=subprocess.STDOUT) + compat_output = subprocess.check_output(compat_cmd) # Assume compat.sh is responsible for printing identical format of # test case description between --list-test-case and its OUTCOME.CSV description = compat_output.strip().split(b'\n') From 14e052fd7cca9a4165bd45b6ad0fcc10cdafbb28 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 6 Mar 2023 19:37:07 +0800 Subject: [PATCH 009/350] compat.sh: return $? in option --list-test-case to handle error case Signed-off-by: Yanray Wang --- tests/compat.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/compat.sh b/tests/compat.sh index ff621fc75e..68c10c3cce 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -174,7 +174,7 @@ get_options() { # if you have to modify option, --list-test-case --list-test-case) list_test_case - exit 0 + exit $? ;; -h|--help) print_usage From bef1f6371fdeef39d7b5bc96817a421d263bc530 Mon Sep 17 00:00:00 2001 From: Sergey Date: Mon, 6 Mar 2023 15:25:06 -0700 Subject: [PATCH 010/350] Fix llvm error: variables may be used uninitialized Signed-off-by: Sergey --- library/psa_crypto.c | 4 ++-- library/ssl_cache.c | 2 +- tests/suites/test_suite_psa_crypto.function | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0efebb40ce..96547e04dc 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -3997,7 +3997,7 @@ psa_status_t psa_cipher_generate_iv(psa_cipher_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE]; - size_t default_iv_length; + size_t default_iv_length = 0; if (operation->id == 0) { status = PSA_ERROR_BAD_STATE; @@ -4604,7 +4604,7 @@ psa_status_t psa_aead_generate_nonce(psa_aead_operation_t *operation, { psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; uint8_t local_nonce[PSA_AEAD_NONCE_MAX_SIZE]; - size_t required_nonce_size; + size_t required_nonce_size = 0; *nonce_length = 0; diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 7c16e10e99..8b82297c66 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -246,7 +246,7 @@ int mbedtls_ssl_cache_set(void *data, mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; mbedtls_ssl_cache_entry *cur; - size_t session_serialized_len; + size_t session_serialized_len = 0; unsigned char *session_serialized = NULL; #if defined(MBEDTLS_THREADING_C) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 182443a5e9..36b01ce884 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9672,7 +9672,7 @@ void persistent_key_load_key_from_storage(data_t *data, unsigned char *first_export = NULL; unsigned char *second_export = NULL; size_t export_size = PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits); - size_t first_exported_length; + size_t first_exported_length = 0; size_t second_exported_length; if (usage_flags & PSA_KEY_USAGE_EXPORT) { From 98083c6a173ecdcd2eb9ffc03275f22dc46b4811 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 25 Jun 2023 23:27:45 +0100 Subject: [PATCH 011/350] Add support for SHA-3 in PSA Signed-off-by: Dave Rodgman --- include/mbedtls/config_psa.h | 14 +++++++ include/psa/crypto_builtin_primitives.h | 7 +++- include/psa/crypto_config.h | 1 + library/psa_crypto_hash.c | 52 +++++++++++++++++++++++++ 4 files changed, 73 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index b7e89472f7..b1d386236e 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -113,6 +113,10 @@ extern "C" { #define PSA_WANT_ALG_SHA_512 1 #endif +#if defined(MBEDTLS_SHA3_C) +#define PSA_WANT_ALG_SHA_3 1 +#endif + /****************************************************************/ /* Require built-in implementations based on PSA requirements */ @@ -270,6 +274,11 @@ extern "C" { #define MBEDTLS_SHA512_C #endif +#if defined(PSA_WANT_ALG_SHA_3) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_3) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_3 1 +#define MBEDTLS_SHA3_C +#endif + #if defined(PSA_WANT_ALG_PBKDF2_HMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 @@ -865,6 +874,11 @@ extern "C" { #define PSA_WANT_ALG_SHA_512 1 #endif +#if defined(MBEDTLS_SHA3_C) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_3 1 +#define PSA_WANT_ALG_SHA_3 1 +#endif + #if defined(MBEDTLS_AES_C) #define PSA_WANT_KEY_TYPE_AES 1 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index f3e438dd77..ea7da9a1d9 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -45,6 +45,7 @@ #include "mbedtls/sha1.h" #include "mbedtls/sha256.h" #include "mbedtls/sha512.h" +#include "mbedtls/sha3.h" #if defined(MBEDTLS_PSA_BUILTIN_ALG_MD5) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160) || \ @@ -52,7 +53,8 @@ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_224) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) #define MBEDTLS_PSA_BUILTIN_HASH #endif @@ -76,6 +78,9 @@ typedef struct { #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) mbedtls_sha512_context sha512; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) + mbedtls_sha3_context sha3; #endif } MBEDTLS_PRIVATE(ctx); } mbedtls_psa_hash_operation_t; diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 9da28de8b7..e79f217755 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -86,6 +86,7 @@ #define PSA_WANT_ALG_SHA_256 1 #define PSA_WANT_ALG_SHA_384 1 #define PSA_WANT_ALG_SHA_512 1 +#define PSA_WANT_ALG_SHA_3 1 #define PSA_WANT_ALG_STREAM_CIPHER 1 #define PSA_WANT_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c index ddf70949c4..44df5526f6 100644 --- a/library/psa_crypto_hash.c +++ b/library/psa_crypto_hash.c @@ -73,6 +73,14 @@ psa_status_t mbedtls_psa_hash_abort( case PSA_ALG_SHA_512: mbedtls_sha512_free(&operation->ctx.sha512); break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) + case PSA_ALG_SHA3_224: + case PSA_ALG_SHA3_256: + case PSA_ALG_SHA3_384: + case PSA_ALG_SHA3_512: + mbedtls_sha3_free(&operation->ctx.sha3); + break; #endif default: return PSA_ERROR_BAD_STATE; @@ -134,6 +142,24 @@ psa_status_t mbedtls_psa_hash_setup( mbedtls_sha512_init(&operation->ctx.sha512); ret = mbedtls_sha512_starts(&operation->ctx.sha512, 0); break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) + case PSA_ALG_SHA3_224: + mbedtls_sha3_init(&operation->ctx.sha3); + ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_224); + break; + case PSA_ALG_SHA3_256: + mbedtls_sha3_init(&operation->ctx.sha3); + ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_256); + break; + case PSA_ALG_SHA3_384: + mbedtls_sha3_init(&operation->ctx.sha3); + ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_384); + break; + case PSA_ALG_SHA3_512: + mbedtls_sha3_init(&operation->ctx.sha3); + ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_512); + break; #endif default: return PSA_ALG_IS_HASH(alg) ? @@ -196,6 +222,15 @@ psa_status_t mbedtls_psa_hash_clone( mbedtls_sha512_clone(&target_operation->ctx.sha512, &source_operation->ctx.sha512); break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) + case PSA_ALG_SHA3_224: + case PSA_ALG_SHA3_256: + case PSA_ALG_SHA3_384: + case PSA_ALG_SHA3_512: + mbedtls_sha3_clone(&target_operation->ctx.sha3, + &source_operation->ctx.sha3); + break; #endif default: (void) source_operation; @@ -256,6 +291,15 @@ psa_status_t mbedtls_psa_hash_update( ret = mbedtls_sha512_update(&operation->ctx.sha512, input, input_length); break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) + case PSA_ALG_SHA3_224: + case PSA_ALG_SHA3_256: + case PSA_ALG_SHA3_384: + case PSA_ALG_SHA3_512: + ret = mbedtls_sha3_update(&operation->ctx.sha3, + input, input_length); + break; #endif default: (void) input; @@ -326,6 +370,14 @@ psa_status_t mbedtls_psa_hash_finish( case PSA_ALG_SHA_512: ret = mbedtls_sha512_finish(&operation->ctx.sha512, hash); break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) + case PSA_ALG_SHA3_224: + case PSA_ALG_SHA3_256: + case PSA_ALG_SHA3_384: + case PSA_ALG_SHA3_512: + ret = mbedtls_sha3_finish(&operation->ctx.sha3, hash, hash_size); + break; #endif default: (void) hash; From e43076700e877523207204e2918563a9311a47df Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sun, 25 Jun 2023 23:27:53 +0100 Subject: [PATCH 012/350] Add PSA SHA-3 tests Signed-off-by: Dave Rodgman --- tests/suites/test_suite_psa_crypto_hash.data | 64 +++++++++++++++++++ .../test_suite_psa_crypto_metadata.data | 16 +++++ 2 files changed, 80 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data index 9f5133988a..90af796683 100644 --- a/tests/suites/test_suite_psa_crypto_hash.data +++ b/tests/suites/test_suite_psa_crypto_hash.data @@ -158,6 +158,70 @@ PSA hash finish: SHA-512 Test Vector NIST CAVS #8 depends_on:PSA_WANT_ALG_SHA_512 hash_finish:PSA_ALG_SHA_512:"990d1ae71a62d7bda9bfdaa1762a68d296eee72a4cd946f287a898fbabc002ea941fd8d4d991030b4d27a637cce501a834bb95eab1b7889a3e784c7968e67cbf552006b206b68f76d9191327524fcc251aeb56af483d10b4e0c6c5e599ee8c0fe4faeca8293844a8547c6a9a90d093f2526873a19ad4a5e776794c68c742fb834793d2dfcb7fea46c63af4b70fd11cb6e41834e72ee40edb067b292a794990c288d5007e73f349fb383af6a756b8301ad6e5e0aa8cd614399bb3a452376b1575afa6bdaeaafc286cb064bb91edef97c632b6c1113d107fa93a0905098a105043c2f05397f702514439a08a9e5ddc196100721d45c8fc17d2ed659376f8a00bd5cb9a0860e26d8a29d8d6aaf52de97e9346033d6db501a35dbbaf97c20b830cd2d18c2532f3a59cc497ee64c0e57d8d060e5069b28d86edf1adcf59144b221ce3ddaef134b3124fbc7dd000240eff0f5f5f41e83cd7f5bb37c9ae21953fe302b0f6e8b68fa91c6ab99265c64b2fd9cd4942be04321bb5d6d71932376c6f2f88e02422ba6a5e2cb765df93fd5dd0728c6abdaf03bce22e0678a544e2c3636f741b6f4447ee58a8fc656b43ef817932176adbfc2e04b2c812c273cd6cbfa4098f0be036a34221fa02643f5ee2e0b38135f2a18ecd2f16ebc45f8eb31b8ab967a1567ee016904188910861ca1fa205c7adaa194b286893ffe2f4fbe0384c2aef72a4522aeafd3ebc71f9db71eeeef86c48394a1c86d5b36c352cc33a0a2c800bc99e62fd65b3a2fd69e0b53996ec13d8ce483ce9319efd9a85acefabdb5342226febb83fd1daf4b24265f50c61c6de74077ef89b6fecf9f29a1f871af1e9f89b2d345cda7499bd45c42fa5d195a1e1a6ba84851889e730da3b2b916e96152ae0c92154b49719841db7e7cc707ba8a5d7b101eb4ac7b629bb327817910fff61580b59aab78182d1a2e33473d05b00b170b29e331870826cfe45af206aa7d0246bbd8566ca7cfb2d3c10bfa1db7dd48dd786036469ce7282093d78b5e1a5b0fc81a54c8ed4ceac1e5305305e78284ac276f5d7862727aff246e17addde50c670028d572cbfc0be2e4f8b2eb28fa68ad7b4c6c2a239c460441bfb5ea049f23b08563b4e47729a59e5986a61a6093dbd54f8c36ebe87edae01f251cb060ad1364ce677d7e8d5a4a4ca966a7241cc360bc2acb280e5f9e9c1b032ad6a180a35e0c5180b9d16d026c865b252098cc1d99ba7375ca31c7702c0d943d5e3dd2f6861fa55bd46d94b67ed3e52eccd8dd06d968e01897d6de97ed3058d91dd":"8e4bc6f8b8c60fe4d68c61d9b159c8693c3151c46749af58da228442d927f23359bd6ccd6c2ec8fa3f00a86cecbfa728e1ad60b821ed22fcd309ba91a4138bc9" +PSA hash finish: SHA3-224 Test Vector NIST "" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_224:"":"6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3f5b5a6bc7" + +PSA hash finish: SHA3-256 Test Vector NIST "" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532" + +PSA hash finish: SHA3-384 Test Vector NIST "" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_384:"":"0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004" + +PSA hash finish: SHA3-512 Test Vector NIST "" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_512:"":"a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26" + +PSA hash finish: SHA3-224 Test Vector NIST "abc" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_224:"616263":"e642824c3f8cf24ad09234ee7d3c766fc9a3a5168d0c94ad73b46fdf" + +PSA hash finish: SHA3-256 Test Vector NIST "abc" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532" + +PSA hash finish: SHA3-384 Test Vector NIST "abc" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_384:"616263":"ec01498288516fc926459f58e2c6ad8df9b473cb0fc08c2596da7cf0e49be4b298d88cea927ac7f539f1edf228376d25" + +PSA hash finish: SHA3-512 Test Vector NIST "abc" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_512:"616263":"b751850b1a57168a5693cd924b6b096e08f621827444f70d884f5d0240d2712e10e116e9192af3c91a7ec57647e3934057340b4cf408d5a56592f8274eec53f0" + +PSA hash finish: SHA3-224 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_224:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"8a24108b154ada21c9fd5574494479ba5c7e7ab76ef264ead0fcce33" + +PSA hash finish: SHA3-256 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_256:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"41c0dba2a9d6240849100376a8235e2c82e1b9998a999e21db32dd97496d3376" + +PSA hash finish: SHA3-384 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_384:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"991c665755eb3a4b6bbdfb75c78a492e8c56a22c5c4d7e429bfdbc32b9d4ad5aa04a1f076e62fea19eef51acd0657c22" + +PSA hash finish: SHA3-512 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_512:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"04a371e84ecfb5b8b77cb48610fca8182dd457ce6f326a0fd3d7ec2f1e91636dee691fbe0c985302ba1b0d8dc78c086346b533b49c030d99a27daf1139d6e75e" + +PSA hash finish: SHA3-224 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_224:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"543e6868e1666c1a643630df77367ae5a62a85070a51c14cbf665cbc" + +PSA hash finish: SHA3-256 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_256:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"916f6061fe879741ca6469b43971dfdb28b1a32dc36cb3254e812be27aad1d18" + +PSA hash finish: SHA3-384 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_384:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"79407d3b5916b59c3e30b09822974791c313fb9ecc849e406f23592d04f625dc8c709b98b43b3852b337216179aa7fc7" + +PSA hash finish: SHA3-512 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +depends_on:PSA_WANT_ALG_SHA_3 +hash_finish:PSA_ALG_SHA3_512:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"afebb2ef542e6579c50cad06d2e578f9f8dd6881d7dc824d26360feebf18a4fa73e3261122948efcfd492e74e82e2189ed0fb440d187f382270cb455f21dd185" + PSA hash finish: MD5 Test vector RFC1321 #1 depends_on:PSA_WANT_ALG_MD5 hash_finish:PSA_ALG_MD5:"":"d41d8cd98f00b204e9800998ecf8427e" diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index a41d83ad8a..2f3fe3270d 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -26,6 +26,22 @@ Hash: SHA-2 SHA-512 depends_on:PSA_WANT_ALG_SHA_512 hash_algorithm:PSA_ALG_SHA_512:64 +Hash: SHA-3 SHA3-224 +depends_on:PSA_WANT_ALG_SHA_3 +hash_algorithm:PSA_ALG_SHA3_224:28 + +Hash: SHA-3 SHA3-256 +depends_on:PSA_WANT_ALG_SHA_3 +hash_algorithm:PSA_ALG_SHA3_256:32 + +Hash: SHA-3 SHA3-384 +depends_on:PSA_WANT_ALG_SHA_3 +hash_algorithm:PSA_ALG_SHA3_384:48 + +Hash: SHA-3 SHA3-512 +depends_on:PSA_WANT_ALG_SHA_3 +hash_algorithm:PSA_ALG_SHA3_512:64 + MAC: HMAC-MD5 depends_on:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_MD5 hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD5 ):16:64 From f66cd61daa4bc37dadb519108663780457867adc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 26 Jun 2023 11:02:12 +0100 Subject: [PATCH 013/350] Use more standard PSA macro names Signed-off-by: Dave Rodgman --- include/mbedtls/config_psa.h | 34 +++++++++++--- include/psa/crypto_builtin_primitives.h | 10 ++++- include/psa/crypto_config.h | 5 ++- library/psa_crypto_hash.c | 60 ++++++++++++++++++++++--- 4 files changed, 96 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index b1d386236e..4a05318a7b 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -114,7 +114,10 @@ extern "C" { #endif #if defined(MBEDTLS_SHA3_C) -#define PSA_WANT_ALG_SHA_3 1 +#define PSA_WANT_ALG_SHA3_224 1 +#define PSA_WANT_ALG_SHA3_256 1 +#define PSA_WANT_ALG_SHA3_384 1 +#define PSA_WANT_ALG_SHA3_512 1 #endif @@ -274,8 +277,23 @@ extern "C" { #define MBEDTLS_SHA512_C #endif -#if defined(PSA_WANT_ALG_SHA_3) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_3) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_3 1 +#if defined(PSA_WANT_ALG_SHA3_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_3_224) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1 +#define MBEDTLS_SHA3_C +#endif + +#if defined(PSA_WANT_ALG_SHA3_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_3_256) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1 +#define MBEDTLS_SHA3_C +#endif + +#if defined(PSA_WANT_ALG_SHA3_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_3_384) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1 +#define MBEDTLS_SHA3_C +#endif + +#if defined(PSA_WANT_ALG_SHA3_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_3_512) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1 #define MBEDTLS_SHA3_C #endif @@ -875,8 +893,14 @@ extern "C" { #endif #if defined(MBEDTLS_SHA3_C) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_3 1 -#define PSA_WANT_ALG_SHA_3 1 +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1 +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1 +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1 +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1 +#define PSA_WANT_ALG_SHA3_224 1 +#define PSA_WANT_ALG_SHA3_256 1 +#define PSA_WANT_ALG_SHA3_384 1 +#define PSA_WANT_ALG_SHA3_512 1 #endif #if defined(MBEDTLS_AES_C) diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index ea7da9a1d9..b6bd484b9c 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -54,7 +54,10 @@ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_512) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) #define MBEDTLS_PSA_BUILTIN_HASH #endif @@ -79,7 +82,10 @@ typedef struct { defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_384) mbedtls_sha512_context sha512; #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) mbedtls_sha3_context sha3; #endif } MBEDTLS_PRIVATE(ctx); diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index e79f217755..cc15fe79f5 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -86,7 +86,10 @@ #define PSA_WANT_ALG_SHA_256 1 #define PSA_WANT_ALG_SHA_384 1 #define PSA_WANT_ALG_SHA_512 1 -#define PSA_WANT_ALG_SHA_3 1 +#define PSA_WANT_ALG_SHA3_224 1 +#define PSA_WANT_ALG_SHA3_256 1 +#define PSA_WANT_ALG_SHA3_384 1 +#define PSA_WANT_ALG_SHA3_512 1 #define PSA_WANT_ALG_STREAM_CIPHER 1 #define PSA_WANT_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c index 44df5526f6..ed933c00bf 100644 --- a/library/psa_crypto_hash.c +++ b/library/psa_crypto_hash.c @@ -74,11 +74,22 @@ psa_status_t mbedtls_psa_hash_abort( mbedtls_sha512_free(&operation->ctx.sha512); break; #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) case PSA_ALG_SHA3_224: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) case PSA_ALG_SHA3_256: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) case PSA_ALG_SHA3_384: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) case PSA_ALG_SHA3_512: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) mbedtls_sha3_free(&operation->ctx.sha3); break; #endif @@ -143,19 +154,25 @@ psa_status_t mbedtls_psa_hash_setup( ret = mbedtls_sha512_starts(&operation->ctx.sha512, 0); break; #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) case PSA_ALG_SHA3_224: mbedtls_sha3_init(&operation->ctx.sha3); ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_224); break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) case PSA_ALG_SHA3_256: mbedtls_sha3_init(&operation->ctx.sha3); ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_256); break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) case PSA_ALG_SHA3_384: mbedtls_sha3_init(&operation->ctx.sha3); ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_384); break; +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) case PSA_ALG_SHA3_512: mbedtls_sha3_init(&operation->ctx.sha3); ret = mbedtls_sha3_starts(&operation->ctx.sha3, MBEDTLS_SHA3_512); @@ -223,11 +240,22 @@ psa_status_t mbedtls_psa_hash_clone( &source_operation->ctx.sha512); break; #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) case PSA_ALG_SHA3_224: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) case PSA_ALG_SHA3_256: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) case PSA_ALG_SHA3_384: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) case PSA_ALG_SHA3_512: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) mbedtls_sha3_clone(&target_operation->ctx.sha3, &source_operation->ctx.sha3); break; @@ -292,11 +320,22 @@ psa_status_t mbedtls_psa_hash_update( input, input_length); break; #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) case PSA_ALG_SHA3_224: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) case PSA_ALG_SHA3_256: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) case PSA_ALG_SHA3_384: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) case PSA_ALG_SHA3_512: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) ret = mbedtls_sha3_update(&operation->ctx.sha3, input, input_length); break; @@ -371,11 +410,22 @@ psa_status_t mbedtls_psa_hash_finish( ret = mbedtls_sha512_finish(&operation->ctx.sha512, hash); break; #endif -#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_3) +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) case PSA_ALG_SHA3_224: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) case PSA_ALG_SHA3_256: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) case PSA_ALG_SHA3_384: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) case PSA_ALG_SHA3_512: +#endif +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) ret = mbedtls_sha3_finish(&operation->ctx.sha3, hash, hash_size); break; #endif From 09822a35f55dbc15729b17dcf0ae5f853a48182b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 26 Jun 2023 11:11:23 +0100 Subject: [PATCH 014/350] code style Signed-off-by: Dave Rodgman --- include/psa/crypto_builtin_primitives.h | 6 +++--- include/psa/crypto_config.h | 6 +++--- library/psa_crypto_hash.c | 22 +++++++++++----------- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/include/psa/crypto_builtin_primitives.h b/include/psa/crypto_builtin_primitives.h index b6bd484b9c..00363e4390 100644 --- a/include/psa/crypto_builtin_primitives.h +++ b/include/psa/crypto_builtin_primitives.h @@ -83,9 +83,9 @@ typedef struct { mbedtls_sha512_context sha512; #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) mbedtls_sha3_context sha3; #endif } MBEDTLS_PRIVATE(ctx); diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index cc15fe79f5..4e7aba5d05 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -86,10 +86,10 @@ #define PSA_WANT_ALG_SHA_256 1 #define PSA_WANT_ALG_SHA_384 1 #define PSA_WANT_ALG_SHA_512 1 -#define PSA_WANT_ALG_SHA3_224 1 +#define PSA_WANT_ALG_SHA3_224 1 #define PSA_WANT_ALG_SHA3_256 1 -#define PSA_WANT_ALG_SHA3_384 1 -#define PSA_WANT_ALG_SHA3_512 1 +#define PSA_WANT_ALG_SHA3_384 1 +#define PSA_WANT_ALG_SHA3_512 1 #define PSA_WANT_ALG_STREAM_CIPHER 1 #define PSA_WANT_ALG_TLS12_PRF 1 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 diff --git a/library/psa_crypto_hash.c b/library/psa_crypto_hash.c index ed933c00bf..dad1826166 100644 --- a/library/psa_crypto_hash.c +++ b/library/psa_crypto_hash.c @@ -87,9 +87,9 @@ psa_status_t mbedtls_psa_hash_abort( case PSA_ALG_SHA3_512: #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) mbedtls_sha3_free(&operation->ctx.sha3); break; #endif @@ -253,9 +253,9 @@ psa_status_t mbedtls_psa_hash_clone( case PSA_ALG_SHA3_512: #endif #if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_224) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ - defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) mbedtls_sha3_clone(&target_operation->ctx.sha3, &source_operation->ctx.sha3); break; @@ -336,9 +336,9 @@ psa_status_t mbedtls_psa_hash_update( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) - ret = mbedtls_sha3_update(&operation->ctx.sha3, - input, input_length); - break; + ret = mbedtls_sha3_update(&operation->ctx.sha3, + input, input_length); + break; #endif default: (void) input; @@ -426,8 +426,8 @@ psa_status_t mbedtls_psa_hash_finish( defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_256) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_384) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_SHA3_512) - ret = mbedtls_sha3_finish(&operation->ctx.sha3, hash, hash_size); - break; + ret = mbedtls_sha3_finish(&operation->ctx.sha3, hash, hash_size); + break; #endif default: (void) hash; From 12cd44b9b3ef09b1a3bf65771d222ec6c9f79fa9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 26 Jun 2023 11:27:37 +0100 Subject: [PATCH 015/350] Fix test dependencies Signed-off-by: Dave Rodgman --- tests/suites/test_suite_psa_crypto_hash.data | 32 +++++++++---------- .../test_suite_psa_crypto_metadata.data | 8 ++--- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data index 90af796683..75689c9625 100644 --- a/tests/suites/test_suite_psa_crypto_hash.data +++ b/tests/suites/test_suite_psa_crypto_hash.data @@ -159,67 +159,67 @@ depends_on:PSA_WANT_ALG_SHA_512 hash_finish:PSA_ALG_SHA_512:"990d1ae71a62d7bda9bfdaa1762a68d296eee72a4cd946f287a898fbabc002ea941fd8d4d991030b4d27a637cce501a834bb95eab1b7889a3e784c7968e67cbf552006b206b68f76d9191327524fcc251aeb56af483d10b4e0c6c5e599ee8c0fe4faeca8293844a8547c6a9a90d093f2526873a19ad4a5e776794c68c742fb834793d2dfcb7fea46c63af4b70fd11cb6e41834e72ee40edb067b292a794990c288d5007e73f349fb383af6a756b8301ad6e5e0aa8cd614399bb3a452376b1575afa6bdaeaafc286cb064bb91edef97c632b6c1113d107fa93a0905098a105043c2f05397f702514439a08a9e5ddc196100721d45c8fc17d2ed659376f8a00bd5cb9a0860e26d8a29d8d6aaf52de97e9346033d6db501a35dbbaf97c20b830cd2d18c2532f3a59cc497ee64c0e57d8d060e5069b28d86edf1adcf59144b221ce3ddaef134b3124fbc7dd000240eff0f5f5f41e83cd7f5bb37c9ae21953fe302b0f6e8b68fa91c6ab99265c64b2fd9cd4942be04321bb5d6d71932376c6f2f88e02422ba6a5e2cb765df93fd5dd0728c6abdaf03bce22e0678a544e2c3636f741b6f4447ee58a8fc656b43ef817932176adbfc2e04b2c812c273cd6cbfa4098f0be036a34221fa02643f5ee2e0b38135f2a18ecd2f16ebc45f8eb31b8ab967a1567ee016904188910861ca1fa205c7adaa194b286893ffe2f4fbe0384c2aef72a4522aeafd3ebc71f9db71eeeef86c48394a1c86d5b36c352cc33a0a2c800bc99e62fd65b3a2fd69e0b53996ec13d8ce483ce9319efd9a85acefabdb5342226febb83fd1daf4b24265f50c61c6de74077ef89b6fecf9f29a1f871af1e9f89b2d345cda7499bd45c42fa5d195a1e1a6ba84851889e730da3b2b916e96152ae0c92154b49719841db7e7cc707ba8a5d7b101eb4ac7b629bb327817910fff61580b59aab78182d1a2e33473d05b00b170b29e331870826cfe45af206aa7d0246bbd8566ca7cfb2d3c10bfa1db7dd48dd786036469ce7282093d78b5e1a5b0fc81a54c8ed4ceac1e5305305e78284ac276f5d7862727aff246e17addde50c670028d572cbfc0be2e4f8b2eb28fa68ad7b4c6c2a239c460441bfb5ea049f23b08563b4e47729a59e5986a61a6093dbd54f8c36ebe87edae01f251cb060ad1364ce677d7e8d5a4a4ca966a7241cc360bc2acb280e5f9e9c1b032ad6a180a35e0c5180b9d16d026c865b252098cc1d99ba7375ca31c7702c0d943d5e3dd2f6861fa55bd46d94b67ed3e52eccd8dd06d968e01897d6de97ed3058d91dd":"8e4bc6f8b8c60fe4d68c61d9b159c8693c3151c46749af58da228442d927f23359bd6ccd6c2ec8fa3f00a86cecbfa728e1ad60b821ed22fcd309ba91a4138bc9" PSA hash finish: SHA3-224 Test Vector NIST "" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_224 hash_finish:PSA_ALG_SHA3_224:"":"6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3f5b5a6bc7" PSA hash finish: SHA3-256 Test Vector NIST "" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_256 hash_finish:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532" PSA hash finish: SHA3-384 Test Vector NIST "" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_384 hash_finish:PSA_ALG_SHA3_384:"":"0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004" PSA hash finish: SHA3-512 Test Vector NIST "" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_512 hash_finish:PSA_ALG_SHA3_512:"":"a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26" PSA hash finish: SHA3-224 Test Vector NIST "abc" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_224 hash_finish:PSA_ALG_SHA3_224:"616263":"e642824c3f8cf24ad09234ee7d3c766fc9a3a5168d0c94ad73b46fdf" PSA hash finish: SHA3-256 Test Vector NIST "abc" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_256 hash_finish:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532" PSA hash finish: SHA3-384 Test Vector NIST "abc" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_384 hash_finish:PSA_ALG_SHA3_384:"616263":"ec01498288516fc926459f58e2c6ad8df9b473cb0fc08c2596da7cf0e49be4b298d88cea927ac7f539f1edf228376d25" PSA hash finish: SHA3-512 Test Vector NIST "abc" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_512 hash_finish:PSA_ALG_SHA3_512:"616263":"b751850b1a57168a5693cd924b6b096e08f621827444f70d884f5d0240d2712e10e116e9192af3c91a7ec57647e3934057340b4cf408d5a56592f8274eec53f0" PSA hash finish: SHA3-224 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_224 hash_finish:PSA_ALG_SHA3_224:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"8a24108b154ada21c9fd5574494479ba5c7e7ab76ef264ead0fcce33" PSA hash finish: SHA3-256 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_256 hash_finish:PSA_ALG_SHA3_256:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"41c0dba2a9d6240849100376a8235e2c82e1b9998a999e21db32dd97496d3376" PSA hash finish: SHA3-384 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_384 hash_finish:PSA_ALG_SHA3_384:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"991c665755eb3a4b6bbdfb75c78a492e8c56a22c5c4d7e429bfdbc32b9d4ad5aa04a1f076e62fea19eef51acd0657c22" PSA hash finish: SHA3-512 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_512 hash_finish:PSA_ALG_SHA3_512:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"04a371e84ecfb5b8b77cb48610fca8182dd457ce6f326a0fd3d7ec2f1e91636dee691fbe0c985302ba1b0d8dc78c086346b533b49c030d99a27daf1139d6e75e" PSA hash finish: SHA3-224 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_224 hash_finish:PSA_ALG_SHA3_224:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"543e6868e1666c1a643630df77367ae5a62a85070a51c14cbf665cbc" PSA hash finish: SHA3-256 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_256 hash_finish:PSA_ALG_SHA3_256:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"916f6061fe879741ca6469b43971dfdb28b1a32dc36cb3254e812be27aad1d18" PSA hash finish: SHA3-384 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_384 hash_finish:PSA_ALG_SHA3_384:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"79407d3b5916b59c3e30b09822974791c313fb9ecc849e406f23592d04f625dc8c709b98b43b3852b337216179aa7fc7" PSA hash finish: SHA3-512 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_512 hash_finish:PSA_ALG_SHA3_512:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"afebb2ef542e6579c50cad06d2e578f9f8dd6881d7dc824d26360feebf18a4fa73e3261122948efcfd492e74e82e2189ed0fb440d187f382270cb455f21dd185" PSA hash finish: MD5 Test vector RFC1321 #1 diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 2f3fe3270d..b461dc48e2 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -27,19 +27,19 @@ depends_on:PSA_WANT_ALG_SHA_512 hash_algorithm:PSA_ALG_SHA_512:64 Hash: SHA-3 SHA3-224 -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_224 hash_algorithm:PSA_ALG_SHA3_224:28 Hash: SHA-3 SHA3-256 -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_256 hash_algorithm:PSA_ALG_SHA3_256:32 Hash: SHA-3 SHA3-384 -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_384 hash_algorithm:PSA_ALG_SHA3_384:48 Hash: SHA-3 SHA3-512 -depends_on:PSA_WANT_ALG_SHA_3 +depends_on:PSA_WANT_ALG_SHA_3_512 hash_algorithm:PSA_ALG_SHA3_512:64 MAC: HMAC-MD5 From 16985d5f9813f3ffdfa48425becf3b42255f1a4b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 26 Jun 2023 11:28:33 +0100 Subject: [PATCH 016/350] Fix test dependencies Signed-off-by: Dave Rodgman --- tests/suites/test_suite_psa_crypto_hash.data | 32 +++++++++---------- .../test_suite_psa_crypto_metadata.data | 8 ++--- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data index 75689c9625..1133c398db 100644 --- a/tests/suites/test_suite_psa_crypto_hash.data +++ b/tests/suites/test_suite_psa_crypto_hash.data @@ -159,67 +159,67 @@ depends_on:PSA_WANT_ALG_SHA_512 hash_finish:PSA_ALG_SHA_512:"990d1ae71a62d7bda9bfdaa1762a68d296eee72a4cd946f287a898fbabc002ea941fd8d4d991030b4d27a637cce501a834bb95eab1b7889a3e784c7968e67cbf552006b206b68f76d9191327524fcc251aeb56af483d10b4e0c6c5e599ee8c0fe4faeca8293844a8547c6a9a90d093f2526873a19ad4a5e776794c68c742fb834793d2dfcb7fea46c63af4b70fd11cb6e41834e72ee40edb067b292a794990c288d5007e73f349fb383af6a756b8301ad6e5e0aa8cd614399bb3a452376b1575afa6bdaeaafc286cb064bb91edef97c632b6c1113d107fa93a0905098a105043c2f05397f702514439a08a9e5ddc196100721d45c8fc17d2ed659376f8a00bd5cb9a0860e26d8a29d8d6aaf52de97e9346033d6db501a35dbbaf97c20b830cd2d18c2532f3a59cc497ee64c0e57d8d060e5069b28d86edf1adcf59144b221ce3ddaef134b3124fbc7dd000240eff0f5f5f41e83cd7f5bb37c9ae21953fe302b0f6e8b68fa91c6ab99265c64b2fd9cd4942be04321bb5d6d71932376c6f2f88e02422ba6a5e2cb765df93fd5dd0728c6abdaf03bce22e0678a544e2c3636f741b6f4447ee58a8fc656b43ef817932176adbfc2e04b2c812c273cd6cbfa4098f0be036a34221fa02643f5ee2e0b38135f2a18ecd2f16ebc45f8eb31b8ab967a1567ee016904188910861ca1fa205c7adaa194b286893ffe2f4fbe0384c2aef72a4522aeafd3ebc71f9db71eeeef86c48394a1c86d5b36c352cc33a0a2c800bc99e62fd65b3a2fd69e0b53996ec13d8ce483ce9319efd9a85acefabdb5342226febb83fd1daf4b24265f50c61c6de74077ef89b6fecf9f29a1f871af1e9f89b2d345cda7499bd45c42fa5d195a1e1a6ba84851889e730da3b2b916e96152ae0c92154b49719841db7e7cc707ba8a5d7b101eb4ac7b629bb327817910fff61580b59aab78182d1a2e33473d05b00b170b29e331870826cfe45af206aa7d0246bbd8566ca7cfb2d3c10bfa1db7dd48dd786036469ce7282093d78b5e1a5b0fc81a54c8ed4ceac1e5305305e78284ac276f5d7862727aff246e17addde50c670028d572cbfc0be2e4f8b2eb28fa68ad7b4c6c2a239c460441bfb5ea049f23b08563b4e47729a59e5986a61a6093dbd54f8c36ebe87edae01f251cb060ad1364ce677d7e8d5a4a4ca966a7241cc360bc2acb280e5f9e9c1b032ad6a180a35e0c5180b9d16d026c865b252098cc1d99ba7375ca31c7702c0d943d5e3dd2f6861fa55bd46d94b67ed3e52eccd8dd06d968e01897d6de97ed3058d91dd":"8e4bc6f8b8c60fe4d68c61d9b159c8693c3151c46749af58da228442d927f23359bd6ccd6c2ec8fa3f00a86cecbfa728e1ad60b821ed22fcd309ba91a4138bc9" PSA hash finish: SHA3-224 Test Vector NIST "" -depends_on:PSA_WANT_ALG_SHA_3_224 +depends_on:PSA_WANT_ALG_SHA3_224 hash_finish:PSA_ALG_SHA3_224:"":"6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3f5b5a6bc7" PSA hash finish: SHA3-256 Test Vector NIST "" -depends_on:PSA_WANT_ALG_SHA_3_256 +depends_on:PSA_WANT_ALG_SHA3_256 hash_finish:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532" PSA hash finish: SHA3-384 Test Vector NIST "" -depends_on:PSA_WANT_ALG_SHA_3_384 +depends_on:PSA_WANT_ALG_SHA3_384 hash_finish:PSA_ALG_SHA3_384:"":"0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004" PSA hash finish: SHA3-512 Test Vector NIST "" -depends_on:PSA_WANT_ALG_SHA_3_512 +depends_on:PSA_WANT_ALG_SHA3_512 hash_finish:PSA_ALG_SHA3_512:"":"a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26" PSA hash finish: SHA3-224 Test Vector NIST "abc" -depends_on:PSA_WANT_ALG_SHA_3_224 +depends_on:PSA_WANT_ALG_SHA3_224 hash_finish:PSA_ALG_SHA3_224:"616263":"e642824c3f8cf24ad09234ee7d3c766fc9a3a5168d0c94ad73b46fdf" PSA hash finish: SHA3-256 Test Vector NIST "abc" -depends_on:PSA_WANT_ALG_SHA_3_256 +depends_on:PSA_WANT_ALG_SHA3_256 hash_finish:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532" PSA hash finish: SHA3-384 Test Vector NIST "abc" -depends_on:PSA_WANT_ALG_SHA_3_384 +depends_on:PSA_WANT_ALG_SHA3_384 hash_finish:PSA_ALG_SHA3_384:"616263":"ec01498288516fc926459f58e2c6ad8df9b473cb0fc08c2596da7cf0e49be4b298d88cea927ac7f539f1edf228376d25" PSA hash finish: SHA3-512 Test Vector NIST "abc" -depends_on:PSA_WANT_ALG_SHA_3_512 +depends_on:PSA_WANT_ALG_SHA3_512 hash_finish:PSA_ALG_SHA3_512:"616263":"b751850b1a57168a5693cd924b6b096e08f621827444f70d884f5d0240d2712e10e116e9192af3c91a7ec57647e3934057340b4cf408d5a56592f8274eec53f0" PSA hash finish: SHA3-224 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" -depends_on:PSA_WANT_ALG_SHA_3_224 +depends_on:PSA_WANT_ALG_SHA3_224 hash_finish:PSA_ALG_SHA3_224:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"8a24108b154ada21c9fd5574494479ba5c7e7ab76ef264ead0fcce33" PSA hash finish: SHA3-256 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" -depends_on:PSA_WANT_ALG_SHA_3_256 +depends_on:PSA_WANT_ALG_SHA3_256 hash_finish:PSA_ALG_SHA3_256:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"41c0dba2a9d6240849100376a8235e2c82e1b9998a999e21db32dd97496d3376" PSA hash finish: SHA3-384 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" -depends_on:PSA_WANT_ALG_SHA_3_384 +depends_on:PSA_WANT_ALG_SHA3_384 hash_finish:PSA_ALG_SHA3_384:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"991c665755eb3a4b6bbdfb75c78a492e8c56a22c5c4d7e429bfdbc32b9d4ad5aa04a1f076e62fea19eef51acd0657c22" PSA hash finish: SHA3-512 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" -depends_on:PSA_WANT_ALG_SHA_3_512 +depends_on:PSA_WANT_ALG_SHA3_512 hash_finish:PSA_ALG_SHA3_512:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"04a371e84ecfb5b8b77cb48610fca8182dd457ce6f326a0fd3d7ec2f1e91636dee691fbe0c985302ba1b0d8dc78c086346b533b49c030d99a27daf1139d6e75e" PSA hash finish: SHA3-224 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" -depends_on:PSA_WANT_ALG_SHA_3_224 +depends_on:PSA_WANT_ALG_SHA3_224 hash_finish:PSA_ALG_SHA3_224:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"543e6868e1666c1a643630df77367ae5a62a85070a51c14cbf665cbc" PSA hash finish: SHA3-256 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" -depends_on:PSA_WANT_ALG_SHA_3_256 +depends_on:PSA_WANT_ALG_SHA3_256 hash_finish:PSA_ALG_SHA3_256:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"916f6061fe879741ca6469b43971dfdb28b1a32dc36cb3254e812be27aad1d18" PSA hash finish: SHA3-384 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" -depends_on:PSA_WANT_ALG_SHA_3_384 +depends_on:PSA_WANT_ALG_SHA3_384 hash_finish:PSA_ALG_SHA3_384:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"79407d3b5916b59c3e30b09822974791c313fb9ecc849e406f23592d04f625dc8c709b98b43b3852b337216179aa7fc7" PSA hash finish: SHA3-512 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" -depends_on:PSA_WANT_ALG_SHA_3_512 +depends_on:PSA_WANT_ALG_SHA3_512 hash_finish:PSA_ALG_SHA3_512:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"afebb2ef542e6579c50cad06d2e578f9f8dd6881d7dc824d26360feebf18a4fa73e3261122948efcfd492e74e82e2189ed0fb440d187f382270cb455f21dd185" PSA hash finish: MD5 Test vector RFC1321 #1 diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index b461dc48e2..2bc559c6bd 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -27,19 +27,19 @@ depends_on:PSA_WANT_ALG_SHA_512 hash_algorithm:PSA_ALG_SHA_512:64 Hash: SHA-3 SHA3-224 -depends_on:PSA_WANT_ALG_SHA_3_224 +depends_on:PSA_WANT_ALG_SHA3_224 hash_algorithm:PSA_ALG_SHA3_224:28 Hash: SHA-3 SHA3-256 -depends_on:PSA_WANT_ALG_SHA_3_256 +depends_on:PSA_WANT_ALG_SHA3_256 hash_algorithm:PSA_ALG_SHA3_256:32 Hash: SHA-3 SHA3-384 -depends_on:PSA_WANT_ALG_SHA_3_384 +depends_on:PSA_WANT_ALG_SHA3_384 hash_algorithm:PSA_ALG_SHA3_384:48 Hash: SHA-3 SHA3-512 -depends_on:PSA_WANT_ALG_SHA_3_512 +depends_on:PSA_WANT_ALG_SHA3_512 hash_algorithm:PSA_ALG_SHA3_512:64 MAC: HMAC-MD5 From 5734bb99cc18a0db9b31f67f87c299d2f5cbbda0 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 26 Jun 2023 18:23:08 +0100 Subject: [PATCH 017/350] Fix PSA_HMAC_MAX_HASH_BLOCK_SIZE and PSA_HASH_MAX_SIZE definitions Signed-off-by: Dave Rodgman --- include/psa/crypto_sizes.h | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 8cc965b09f..dd99c0d921 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -125,28 +125,43 @@ * This macro expands to a compile-time constant integer. This value * is the maximum size of a hash in bytes. */ -/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-226, +/* Note: for HMAC-SHA-3, the block size is 144 bytes for HMAC-SHA3-224, * 136 bytes for HMAC-SHA3-256, 104 bytes for SHA3-384, 72 bytes for * HMAC-SHA3-512. */ /* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE, * see the note on MBEDTLS_MD_MAX_SIZE for details. */ -#if defined(PSA_WANT_ALG_SHA_512) -#define PSA_HASH_MAX_SIZE 64 +#if defined(PSA_WANT_ALG_SHA3_224) +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 144 +#elif defined(PSA_WANT_ALG_SHA3_256) +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 136 +#elif defined(PSA_WANT_ALG_SHA_512) #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 #elif defined(PSA_WANT_ALG_SHA_384) -#define PSA_HASH_MAX_SIZE 48 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 +#elif defined(PSA_WANT_ALG_SHA3_384) +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 104 +#elif defined(PSA_WANT_ALG_SHA3_512) +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 72 #elif defined(PSA_WANT_ALG_SHA_256) -#define PSA_HASH_MAX_SIZE 32 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 #elif defined(PSA_WANT_ALG_SHA_224) -#define PSA_HASH_MAX_SIZE 28 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 #else /* SHA-1 or smaller */ -#define PSA_HASH_MAX_SIZE 20 #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 #endif +#if defined(PSA_WANT_ALG_SHA_512) || defined(PSA_WANT_ALG_SHA3_512) +#define PSA_HASH_MAX_SIZE 64 +#elif defined(PSA_WANT_ALG_SHA_384) || defined(PSA_WANT_ALG_SHA3_384) +#define PSA_HASH_MAX_SIZE 48 +#elif defined(PSA_WANT_ALG_SHA_256) || defined(PSA_WANT_ALG_SHA3_256) +#define PSA_HASH_MAX_SIZE 32 +#elif defined(PSA_WANT_ALG_SHA_224) || defined(PSA_WANT_ALG_SHA3_224) +#define PSA_HASH_MAX_SIZE 28 +#else /* SHA-1 or smaller */ +#define PSA_HASH_MAX_SIZE 20 +#endif + /** \def PSA_MAC_MAX_SIZE * * Maximum size of a MAC. From 47a2ac1c253b90f9c57b9ba5cf3ae110a4068042 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 26 Jun 2023 18:39:42 +0100 Subject: [PATCH 018/350] Fix incorrectly named macro Signed-off-by: Dave Rodgman --- include/mbedtls/config_psa.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 4a05318a7b..45fcddf3d9 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -277,22 +277,22 @@ extern "C" { #define MBEDTLS_SHA512_C #endif -#if defined(PSA_WANT_ALG_SHA3_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_3_224) +#if defined(PSA_WANT_ALG_SHA3_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224) #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1 #define MBEDTLS_SHA3_C #endif -#if defined(PSA_WANT_ALG_SHA3_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_3_256) +#if defined(PSA_WANT_ALG_SHA3_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256) #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1 #define MBEDTLS_SHA3_C #endif -#if defined(PSA_WANT_ALG_SHA3_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_3_384) +#if defined(PSA_WANT_ALG_SHA3_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384) #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1 #define MBEDTLS_SHA3_C #endif -#if defined(PSA_WANT_ALG_SHA3_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_3_512) +#if defined(PSA_WANT_ALG_SHA3_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512) #define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1 #define MBEDTLS_SHA3_C #endif From 527f48f14d8b11f674903cb4b02e172771593f9a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 5 Jul 2023 18:57:30 +0100 Subject: [PATCH 019/350] Add OID definitions for SHA3 Signed-off-by: Dave Rodgman --- include/mbedtls/oid.h | 9 +++++++++ library/oid.c | 24 ++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index e333ba11bb..f894205892 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -270,6 +270,15 @@ #define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */ + +#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */ + + #define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */ #define MBEDTLS_OID_HMAC_SHA224 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */ diff --git a/library/oid.c b/library/oid.c index 47a311b940..9ea41cbae2 100644 --- a/library/oid.c +++ b/library/oid.c @@ -760,6 +760,30 @@ static const oid_md_alg_t oid_md_alg[] = OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160"), MBEDTLS_MD_RIPEMD160, }, +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_224, "id-sha3-224", "SHA-3-224"), + MBEDTLS_MD_SHA3_224, + }, +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_256, "id-sha3-256", "SHA-3-256"), + MBEDTLS_MD_SHA3_256, + }, +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_384, "id-sha3-384", "SHA-3-384"), + MBEDTLS_MD_SHA3_384, + }, +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_DIGEST_ALG_SHA3_512, "id-sha3-512", "SHA-3-512"), + MBEDTLS_MD_SHA3_512, + }, #endif { NULL_OID_DESCRIPTOR, From 3a498a6ccbe7b821012ba2404b03ccd45fa14628 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 5 Jul 2023 18:58:04 +0100 Subject: [PATCH 020/350] Add SHA-3 cases in mbedtls_md_type_from_psa_alg, mbedtls_md_psa_alg_from_type Signed-off-by: Dave Rodgman --- library/md.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/library/md.c b/library/md.c index a29d876e9e..b04e364456 100644 --- a/library/md.c +++ b/library/md.c @@ -816,6 +816,22 @@ psa_algorithm_t mbedtls_md_psa_alg_from_type(mbedtls_md_type_t md_type) #if defined(MBEDTLS_MD_CAN_SHA512) case MBEDTLS_MD_SHA512: return PSA_ALG_SHA_512; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_224) + case MBEDTLS_MD_SHA3_224: + return PSA_ALG_SHA3_224; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_256) + case MBEDTLS_MD_SHA3_256: + return PSA_ALG_SHA3_256; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_384) + case MBEDTLS_MD_SHA3_384: + return PSA_ALG_SHA3_384; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_512) + case MBEDTLS_MD_SHA3_512: + return PSA_ALG_SHA3_512; #endif default: return PSA_ALG_NONE; @@ -852,6 +868,22 @@ mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa_alg) #if defined(MBEDTLS_MD_CAN_SHA512) case PSA_ALG_SHA_512: return MBEDTLS_MD_SHA512; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_224) + case PSA_ALG_SHA3_224: + return MBEDTLS_MD_SHA3_224; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_256) + case PSA_ALG_SHA3_256: + return MBEDTLS_MD_SHA3_256; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_384) + case PSA_ALG_SHA3_384: + return MBEDTLS_MD_SHA3_384; +#endif +#if defined(MBEDTLS_MD_CAN_SHA3_512) + case PSA_ALG_SHA3_512: + return MBEDTLS_MD_SHA3_512; #endif default: return MBEDTLS_MD_NONE; From 7bb7602a6630d2e33b6d6cdcfff95befb28e6fc3 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 5 Jul 2023 19:03:21 +0100 Subject: [PATCH 021/350] Add OID tests for SHA-3 Signed-off-by: Dave Rodgman --- tests/suites/test_suite_oid.data | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index 00f6e0b4d7..cc23c5b665 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -82,6 +82,22 @@ OID hash id - id-sha512 depends_on:MBEDTLS_MD_CAN_SHA512 oid_get_md_alg_id:"608648016503040203":MBEDTLS_MD_SHA512 +OID hash id - id-sha3-224 +depends_on:MBEDTLS_MD_CAN_SHA3_224 +oid_get_md_alg_id:"608648016503040207":MBEDTLS_MD_SHA3_224 + +OID hash id - id-sha3-256 +depends_on:MBEDTLS_MD_CAN_SHA3_256 +oid_get_md_alg_id:"608648016503040208":MBEDTLS_MD_SHA3_256 + +OID hash id - id-sha3-384 +depends_on:MBEDTLS_MD_CAN_SHA3_384 +oid_get_md_alg_id:"608648016503040209":MBEDTLS_MD_SHA3_384 + +OID hash id - id-sha3-512 +depends_on:MBEDTLS_MD_CAN_SHA3_512 +oid_get_md_alg_id:"60864801650304020a":MBEDTLS_MD_SHA3_512 + OID hash id - id-ripemd160 depends_on:MBEDTLS_MD_CAN_RIPEMD160 oid_get_md_alg_id:"2b24030201":MBEDTLS_MD_RIPEMD160 From c0a0990b6e176ff0d7efd90424242662a6597d0a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 5 Jul 2023 19:15:53 +0100 Subject: [PATCH 022/350] Improve testing of md/PSA alg identifier macro conversions Signed-off-by: Dave Rodgman --- tests/suites/test_suite_md.function | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index ac9516ab8d..2768707e9f 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -28,6 +28,11 @@ void mbedtls_md_list() TEST_EQUAL(0, mbedtls_md_starts(&ctx)); TEST_EQUAL(0, mbedtls_md_finish(&ctx, out)); mbedtls_md_free(&ctx); + + /* Ensure that we can convert to and from a psa_algorithm_t */ + psa_algorithm_t p = mbedtls_md_psa_alg_from_type(*md_type_ptr); + TEST_ASSERT(p != PSA_ALG_NONE); + TEST_EQUAL(*md_type_ptr, mbedtls_md_type_from_psa_alg(p)); } exit: From 76814b6207b141de1137a5c77b372ede829e1858 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 5 Jul 2023 19:38:21 +0100 Subject: [PATCH 023/350] fix missing include Signed-off-by: Dave Rodgman --- tests/suites/test_suite_md.function | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 2768707e9f..75087e7eea 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -1,5 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/md.h" +#include "../library/md_psa.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES From 852b6c30b787f28a1fc085b7ccf3b776b0fa09f5 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 5 Jul 2023 19:47:08 +0100 Subject: [PATCH 024/350] Support MBEDTLS_MD_SHA3_xxx_VIA_PSA Signed-off-by: Dave Rodgman --- include/mbedtls/md.h | 21 +++++++++++++++++++++ library/md.c | 16 ++++++++++++++++ 2 files changed, 37 insertions(+) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index f717618d27..de4f8758ed 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -85,6 +85,26 @@ #define MBEDTLS_MD_RIPEMD160_VIA_PSA #define MBEDTLS_MD_SOME_PSA #endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224) +#define MBEDTLS_MD_CAN_SHA3_224 +#define MBEDTLS_MD_SHA3_224_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256) +#define MBEDTLS_MD_CAN_SHA3_256 +#define MBEDTLS_MD_SHA3_256_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384) +#define MBEDTLS_MD_CAN_SHA3_384 +#define MBEDTLS_MD_SHA3_384_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512) +#define MBEDTLS_MD_CAN_SHA3_512 +#define MBEDTLS_MD_SHA3_512_VIA_PSA +#define MBEDTLS_MD_SOME_PSA +#endif #endif /* MBEDTLS_PSA_CRYPTO_C */ /* Built-in implementations */ @@ -117,6 +137,7 @@ #define MBEDTLS_MD_CAN_SHA3_256 #define MBEDTLS_MD_CAN_SHA3_384 #define MBEDTLS_MD_CAN_SHA3_512 +#define MBEDTLS_MD_SOME_LEGACY #endif #if defined(MBEDTLS_RIPEMD160_C) #define MBEDTLS_MD_CAN_RIPEMD160 diff --git a/library/md.c b/library/md.c index b04e364456..4223c865ba 100644 --- a/library/md.c +++ b/library/md.c @@ -258,6 +258,22 @@ static psa_algorithm_t psa_alg_of_md(const mbedtls_md_info_t *info) #if defined(MBEDTLS_MD_SHA512_VIA_PSA) case MBEDTLS_MD_SHA512: return PSA_ALG_SHA_512; +#endif +#if defined(MBEDTLS_MD_SHA3_224_VIA_PSA) + case MBEDTLS_MD_SHA3_224: + return PSA_ALG_SHA3_224; +#endif +#if defined(MBEDTLS_MD_SHA3_256_VIA_PSA) + case MBEDTLS_MD_SHA3_256: + return PSA_ALG_SHA3_256; +#endif +#if defined(MBEDTLS_MD_SHA3_384_VIA_PSA) + case MBEDTLS_MD_SHA3_384: + return PSA_ALG_SHA3_384; +#endif +#if defined(MBEDTLS_MD_SHA3_512_VIA_PSA) + case MBEDTLS_MD_SHA3_512: + return PSA_ALG_SHA3_512; #endif default: return PSA_ALG_NONE; From f324a74fab4969f1037d715bb3f9905a40aa0b73 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 5 Jul 2023 19:55:15 +0100 Subject: [PATCH 025/350] Add tests for MBEDTLS_MD_SHA3_xxx_VIA_PSA Signed-off-by: Dave Rodgman --- tests/suites/test_suite_md.psa.data | 48 +++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/tests/suites/test_suite_md.psa.data b/tests/suites/test_suite_md.psa.data index 5266f187ff..cd24add46d 100644 --- a/tests/suites/test_suite_md.psa.data +++ b/tests/suites/test_suite_md.psa.data @@ -85,3 +85,51 @@ md_psa_dynamic_dispatch:MBEDTLS_MD_SHA512:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_ PSA dispatch SHA512 legacy+driver depends_on:MBEDTLS_SHA512_C:MBEDTLS_MD_SHA512_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA512:0:MBEDTLS_MD_ENGINE_PSA + +PSA dispatch SHA3-224 legacy only +depends_on:MBEDTLS_SHA3_224_C:!MBEDTLS_MD_SHA3_224_VIA_PSA +md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_224:0:MBEDTLS_MD_ENGINE_LEGACY + +PSA dispatch SHA3-224 driver only +depends_on:!MBEDTLS_SHA3_224_C:MBEDTLS_MD_SHA3_224_VIA_PSA +md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_224:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA + +PSA dispatch SHA3-224 legacy+driver +depends_on:MBEDTLS_SHA3_224_C:MBEDTLS_MD_SHA3_224_VIA_PSA +md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_224:0:MBEDTLS_MD_ENGINE_PSA + +PSA dispatch SHA3-256 legacy only +depends_on:MBEDTLS_SHA3_256_C:!MBEDTLS_MD_SHA3_256_VIA_PSA +md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_256:0:MBEDTLS_MD_ENGINE_LEGACY + +PSA dispatch SHA3-256 driver only +depends_on:!MBEDTLS_SHA3_256_C:MBEDTLS_MD_SHA3_256_VIA_PSA +md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_256:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA + +PSA dispatch SHA3-256 legacy+driver +depends_on:MBEDTLS_SHA3_256_C:MBEDTLS_MD_SHA3_256_VIA_PSA +md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_256:0:MBEDTLS_MD_ENGINE_PSA + +PSA dispatch SHA3-384 legacy only +depends_on:MBEDTLS_SHA3_384_C:!MBEDTLS_MD_SHA3_384_VIA_PSA +md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_384:0:MBEDTLS_MD_ENGINE_LEGACY + +PSA dispatch SHA3-384 driver only +depends_on:!MBEDTLS_SHA3_384_C:MBEDTLS_MD_SHA3_384_VIA_PSA +md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_384:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA + +PSA dispatch SHA3-384 legacy+driver +depends_on:MBEDTLS_SHA3_384_C:MBEDTLS_MD_SHA3_384_VIA_PSA +md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_384:0:MBEDTLS_MD_ENGINE_PSA + +PSA dispatch SHA3-512 legacy only +depends_on:MBEDTLS_SHA3_512_C:!MBEDTLS_MD_SHA3_512_VIA_PSA +md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_512:0:MBEDTLS_MD_ENGINE_LEGACY + +PSA dispatch SHA3-512 driver only +depends_on:!MBEDTLS_SHA3_512_C:MBEDTLS_MD_SHA3_512_VIA_PSA +md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_512:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA + +PSA dispatch SHA3-512 legacy+driver +depends_on:MBEDTLS_SHA3_512_C:MBEDTLS_MD_SHA3_512_VIA_PSA +md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_512:0:MBEDTLS_MD_ENGINE_PSA From 0c2d1afaf328f840959db099b7d668474e948db8 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 5 Jul 2023 20:23:09 +0100 Subject: [PATCH 026/350] Fix free before pointers initialised Signed-off-by: Dave Rodgman --- tests/suites/test_suite_md.function | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 75087e7eea..03b18640b7 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -386,7 +386,6 @@ exit: void md_psa_dynamic_dispatch(int md_type, int pre_psa_ret, int post_psa_engine) { const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type); - TEST_ASSERT(md_info != NULL); mbedtls_md_context_t ctx1, ctx2; /* Intentionally no PSA init here! (Will be done later.) */ @@ -394,6 +393,8 @@ void md_psa_dynamic_dispatch(int md_type, int pre_psa_ret, int post_psa_engine) mbedtls_md_init(&ctx1); mbedtls_md_init(&ctx2); + TEST_ASSERT(md_info != NULL); + /* Before PSA crypto init */ TEST_EQUAL(pre_psa_ret, mbedtls_md_setup(&ctx1, md_info, 0)); TEST_EQUAL(pre_psa_ret, mbedtls_md_setup(&ctx2, md_info, 0)); From 6cc1734f3e7ac9e1de336937d41cfa6ec308873f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 5 Jul 2023 20:27:45 +0100 Subject: [PATCH 027/350] Fix test dependency Signed-off-by: Dave Rodgman --- tests/suites/test_suite_md.function | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 03b18640b7..384b408c81 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -30,10 +30,12 @@ void mbedtls_md_list() TEST_EQUAL(0, mbedtls_md_finish(&ctx, out)); mbedtls_md_free(&ctx); +#if defined MBEDTLS_PSA_CRYPTO_C /* Ensure that we can convert to and from a psa_algorithm_t */ psa_algorithm_t p = mbedtls_md_psa_alg_from_type(*md_type_ptr); TEST_ASSERT(p != PSA_ALG_NONE); TEST_EQUAL(*md_type_ptr, mbedtls_md_type_from_psa_alg(p)); +#endif } exit: From 8dda131a0ad44805f56ea8e6ddb7e5f68f4279bb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 6 Jul 2023 09:30:37 +0100 Subject: [PATCH 028/350] Test OID lookup for every hash algorithm Signed-off-by: Dave Rodgman --- tests/suites/test_suite_md.function | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 384b408c81..7a10891238 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -1,6 +1,8 @@ /* BEGIN_HEADER */ #include "mbedtls/md.h" #include "../library/md_psa.h" +#include "mbedtls/oid.h" +#include "mbedtls/asn1.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -30,12 +32,23 @@ void mbedtls_md_list() TEST_EQUAL(0, mbedtls_md_finish(&ctx, out)); mbedtls_md_free(&ctx); -#if defined MBEDTLS_PSA_CRYPTO_C +#if defined(MBEDTLS_PSA_CRYPTO_C) /* Ensure that we can convert to and from a psa_algorithm_t */ psa_algorithm_t p = mbedtls_md_psa_alg_from_type(*md_type_ptr); TEST_ASSERT(p != PSA_ALG_NONE); TEST_EQUAL(*md_type_ptr, mbedtls_md_type_from_psa_alg(p)); #endif + +#if defined(MBEDTLS_OID_C) + mbedtls_asn1_buf asn1; + /* Check that we have an OID definition */ + TEST_EQUAL(mbedtls_oid_get_oid_by_md((mbedtls_md_type_t) *md_type_ptr, + (const char **) &asn1.p, &asn1.len), 0); + /* Check that this OID definition maps back to the correct mbedtls_md_type_t */ + mbedtls_md_type_t m; + TEST_EQUAL(mbedtls_oid_get_md_alg(&asn1, &m), 0); + TEST_EQUAL(m, *md_type_ptr); +#endif } exit: From e92ff1128bf13c3a75e744c4374b515b239b7c96 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Jul 2023 19:05:00 +0200 Subject: [PATCH 029/350] Remove duplicated component There were two copies of component_test_psa_crypto_config_accel_pake, identical except for two typos. Keep the copy without the typos. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 31 ------------------------------- 1 file changed, 31 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e3db6fdbd6..24d1f337ce 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3137,37 +3137,6 @@ component_test_psa_crypto_config_accel_aead () { make test } -component_test_psa_crypto_config_accel_pake() { - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" - - loc_accel_list="ALG_JPAKE" - - # Configure - # --------- - - helper_libtestdriver1_adjust_config "full" - - # Make build-in fallback not available - scripts/config.py unset MBEDTLS_ECJPAKE_C - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED - - # Build - # ----- - - helper_libtestdriver1_make_drivers "$loc_accel_list" - - helper_libtestdriver1_make_main "$loc_accel_list" - - # Make sure this was not re-enabled by accident (additive config) - not grep mbedtls_ecjpake_init library/ecjpake.o - - # Run the tests - # ------------- - - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" - make test -} - component_test_psa_crypto_config_chachapoly_disabled() { # full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305 msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" From af3a5a263e08887fc6353081afb93df5a048cafd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Jul 2023 19:10:43 +0200 Subject: [PATCH 030/350] Remove comments that duplicate the 'msg' call just below Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 24d1f337ce..65f6ec8444 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3138,7 +3138,6 @@ component_test_psa_crypto_config_accel_aead () { } component_test_psa_crypto_config_chachapoly_disabled() { - # full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305 msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" scripts/config.py full scripts/config.py unset MBEDTLS_CHACHAPOLY_C @@ -3164,8 +3163,6 @@ component_test_ccm_aes_sha256() { # This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test. component_build_psa_accel_alg_ecdh() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDH - # without MBEDTLS_ECDH_C msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3183,7 +3180,6 @@ component_build_psa_accel_alg_ecdh() { # This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. component_build_psa_accel_key_type_ecc_key_pair() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3201,7 +3197,6 @@ component_build_psa_accel_key_type_ecc_key_pair() { # This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. component_build_psa_accel_key_type_ecc_public_key() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3219,7 +3214,6 @@ component_build_psa_accel_key_type_ecc_public_key() { # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. component_build_psa_accel_alg_hmac() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HMAC msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3231,8 +3225,6 @@ component_build_psa_accel_alg_hmac() { # This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. component_build_psa_accel_alg_hkdf() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_HKDF - # without MBEDTLS_HKDF_C msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3247,7 +3239,6 @@ component_build_psa_accel_alg_hkdf() { # This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. component_build_psa_accel_alg_md5() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_MD5 without other hashes msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3268,7 +3259,6 @@ component_build_psa_accel_alg_md5() { # This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. component_build_psa_accel_alg_ripemd160() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RIPEMD160 without other hashes msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3289,7 +3279,6 @@ component_build_psa_accel_alg_ripemd160() { # This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. component_build_psa_accel_alg_sha1() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_1 without other hashes msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3310,7 +3299,6 @@ component_build_psa_accel_alg_sha1() { # This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. component_build_psa_accel_alg_sha224() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_224 without other hashes msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3328,7 +3316,6 @@ component_build_psa_accel_alg_sha224() { # This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. component_build_psa_accel_alg_sha256() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_256 without other hashes msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3346,7 +3333,6 @@ component_build_psa_accel_alg_sha256() { # This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. component_build_psa_accel_alg_sha384() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_384 without other hashes msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3366,7 +3352,6 @@ component_build_psa_accel_alg_sha384() { # This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. component_build_psa_accel_alg_sha512() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_SHA_512 without other hashes msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3387,7 +3372,6 @@ component_build_psa_accel_alg_sha512() { # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_CRYPT msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3403,7 +3387,6 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. component_build_psa_accel_alg_rsa_pkcs1v15_sign() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PKCS1V15_SIGN and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3419,7 +3402,6 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() { # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. component_build_psa_accel_alg_rsa_oaep() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_OAEP and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3435,7 +3417,6 @@ component_build_psa_accel_alg_rsa_oaep() { # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. component_build_psa_accel_alg_rsa_pss() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_RSA_PSS and PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3451,7 +3432,6 @@ component_build_psa_accel_alg_rsa_pss() { # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. component_build_psa_accel_key_type_rsa_key_pair() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx and PSA_WANT_ALG_RSA_PSS msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -3468,7 +3448,6 @@ component_build_psa_accel_key_type_rsa_key_pair() { # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. component_build_psa_accel_key_type_rsa_public_key() { - # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY and PSA_WANT_ALG_RSA_PSS msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" scripts/config.py full scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG From 8dbdf2f7ea362574bacce58be4c06744ebab6d48 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Jul 2023 19:16:37 +0200 Subject: [PATCH 031/350] Fix typo in function name Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 65f6ec8444..d15e467fea 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2446,7 +2446,7 @@ component_test_psa_crypto_config_accel_pake() { # - component_test_psa_crypto_config_accel_ecc_ecp_light_only; # - component_test_psa_crypto_config_reference_ecc_ecp_light_only. # This supports comparing their test coverage with analyze_outcomes.py. -config_psa_crypto_config_ecp_ligh_only () { +config_psa_crypto_config_ecp_light_only () { DRIVER_ONLY="$1" # start with config full for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" @@ -2482,7 +2482,7 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { # --------- # Use the same config as reference, only without built-in EC algs - config_psa_crypto_config_ecp_ligh_only 1 + config_psa_crypto_config_ecp_light_only 1 # Build # ----- @@ -2513,7 +2513,7 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { component_test_psa_crypto_config_reference_ecc_ecp_light_only () { msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA" - config_psa_crypto_config_ecp_ligh_only 0 + config_psa_crypto_config_ecp_light_only 0 make From 36dea1501bb1b89216fb7c7f29c6c605b36c61eb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Jul 2023 22:19:45 +0200 Subject: [PATCH 032/350] Fix inconsistencies in no-chachapoly test The original goal (https://github.com/Mbed-TLS/mbedtls/pull/5072) was to run a test with ChaChaPoly disabled in PSA. It was actually implemented with GCM also partially disabled (legacy GCM enabled but PSA GCM disabled), which distracted from the objective. It's actually useful to test both with and without GCM, so test both. Don't test inconsistencies between legacy and PSA support because that's not a common case and not one we have particular reasons to test. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d15e467fea..374331e181 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3137,15 +3137,27 @@ component_test_psa_crypto_config_accel_aead () { make test } -component_test_psa_crypto_config_chachapoly_disabled() { - msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" +component_test_aead_chachapoly_disabled() { + msg "build: full minus CHACHAPOLY" scripts/config.py full scripts/config.py unset MBEDTLS_CHACHAPOLY_C - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" - msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305" + msg "test: full minus CHACHAPOLY" + make test +} + +component_test_aead_only_ccm() { + msg "build: full minus CHACHAPOLY and GCM" + scripts/config.py full + scripts/config.py unset MBEDTLS_CHACHAPOLY_C + scripts/config.py unset MBEDTLS_GCM_C + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305 + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM + make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" + + msg "test: full minus CHACHAPOLY and GCM" make test } From cf4fe58fd0ff3d6cb0624e7de76f144710027d2b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Jul 2023 19:00:15 +0200 Subject: [PATCH 033/350] Make malloc-0-null a user config file Having a wrapper made it harder to use: incompatible with setting MBEDTLS_CONFIG_FILE, harder to combine with other settings. It was also surprising since it was the only test config that was structured in that way. Signed-off-by: Gilles Peskine --- ...ig-wrapper-malloc-0-null.h => user-config-malloc-0-null.h} | 4 +--- tests/scripts/all.sh | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) rename tests/configs/{config-wrapper-malloc-0-null.h => user-config-malloc-0-null.h} (90%) diff --git a/tests/configs/config-wrapper-malloc-0-null.h b/tests/configs/user-config-malloc-0-null.h similarity index 90% rename from tests/configs/config-wrapper-malloc-0-null.h rename to tests/configs/user-config-malloc-0-null.h index fc649bf14c..226f4d187e 100644 --- a/tests/configs/config-wrapper-malloc-0-null.h +++ b/tests/configs/user-config-malloc-0-null.h @@ -1,4 +1,4 @@ -/* mbedtls_config.h wrapper that forces calloc(0) to return NULL. +/* mbedtls_config.h modifier that forces calloc(0) to return NULL. * Used for testing. */ /* @@ -18,8 +18,6 @@ * limitations under the License. */ -#include "mbedtls/mbedtls_config.h" - #include #ifndef MBEDTLS_PLATFORM_STD_CALLOC diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 374331e181..fcc6745253 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3766,7 +3766,7 @@ component_test_platform_calloc_macro () { component_test_malloc_0_null () { msg "build: malloc(0) returns NULL (ASan+UBSan build)" scripts/config.py full - make CC=gcc CFLAGS="'-DMBEDTLS_CONFIG_FILE=\"$PWD/tests/configs/config-wrapper-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS" + make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"$PWD/tests/configs/user-config-malloc-0-null.h\"' $ASAN_CFLAGS -O" LDFLAGS="$ASAN_CFLAGS" msg "test: malloc(0) returns NULL (ASan+UBSan build)" make test From 7eea4a7a80af4ecc7c85f07928f66e2aa464a818 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Jul 2023 19:26:30 +0200 Subject: [PATCH 034/350] Enable MBEDTLS_PSA_CRYPTO_CONFIG in "config.py full" Back when we introduced MBEDTLS_PSA_CRYPTO_CONFIG and it was still experimental, it made sense that we tested it separately. Nowadays, the feature is fully implemented, and the full config without MBEDTLS_PSA_CRYPTO_CONFIG keeps cryptographic mechanisms that only have a PSA implementation and aren't in the default build disabled (currently: PBKDF2). So enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config. Signed-off-by: Gilles Peskine --- scripts/config.py | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/config.py b/scripts/config.py index 3e957fdd22..5810a4a2d4 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -205,7 +205,6 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature - 'MBEDTLS_PSA_CRYPTO_CONFIG', # toggles old/new style PSA config 'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO 'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM) From 884b4620449e5b8ac3406ba9abdfacb77de00461 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Jul 2023 20:11:51 +0200 Subject: [PATCH 035/350] When subtracting classic symbols from full, turn off PSA_CRYPTO_CONFIG Otherwise unwanted algorithms creep back from the default-on PSA_WANT symbols. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 3 +++ tests/scripts/depends.py | 1 + 2 files changed, 4 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fcc6745253..5e384b6858 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1440,6 +1440,7 @@ component_test_sw_inet_pton () { component_test_crypto_full_md_light_only () { msg "build: crypto_full with only the light subset of MD" scripts/config.py crypto_full + scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG # Disable MD scripts/config.py unset MBEDTLS_MD_C # Disable direct dependencies of MD_C @@ -1479,6 +1480,7 @@ component_test_full_no_cipher () { scripts/config.py unset MBEDTLS_SSL_TICKET_C # Indirect dependencies scripts/config.py unset MBEDTLS_SSL_CLI_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.py unset MBEDTLS_SSL_DTLS_ANTI_REPLAY @@ -1508,6 +1510,7 @@ component_test_crypto_full_no_cipher () { scripts/config.py unset MBEDTLS_PKCS5_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # Indirect dependencies + scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py index 5486a8652e..e925641519 100755 --- a/tests/scripts/depends.py +++ b/tests/scripts/depends.py @@ -161,6 +161,7 @@ derived.""" log_command(['config.py', 'full']) conf.adapt(config.full_adapter) set_config_option_value(conf, 'MBEDTLS_TEST_HOOKS', colors, False) + set_config_option_value(conf, 'MBEDTLS_PSA_CRYPTO_CONFIG', colors, False) if options.unset_use_psa: set_config_option_value(conf, 'MBEDTLS_USE_PSA_CRYPTO', colors, False) From 14302ed1c0abaaf3d44dc45d7e939de17545c0e6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Jul 2023 19:30:04 +0200 Subject: [PATCH 036/350] Simplify msg messages in full config Don't reiterate that this includes MBEDTLS_USE_PSA_CRYPTO and, now, MBEDTLS_PSA_CRYPTO_CONFIG. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 58 ++++++++++++++++++++++---------------------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5e384b6858..f2e10b04aa 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2351,7 +2351,7 @@ component_test_psa_crypto_config_accel_ecdh () { } component_test_psa_crypto_config_accel_ffdh () { - msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH" + msg "build: full with accelerated FFDH" # Algorithms and key types to accelerate loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY" @@ -2382,15 +2382,15 @@ component_test_psa_crypto_config_accel_ffdh () { # Run the tests # ------------- - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH" + msg "test: full with accelerated FFDH" make test - msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH alg" + msg "ssl-opt: full with accelerated FFDH alg" tests/ssl-opt.sh -f "ffdh" } component_test_psa_crypto_config_reference_ffdh () { - msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated FFDH" + msg "build: full with accelerated FFDH" # Start with full (USE_PSA and TLS 1.3) helper_libtestdriver1_adjust_config "full" @@ -2400,15 +2400,15 @@ component_test_psa_crypto_config_reference_ffdh () { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED make - msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated FFDH alg + USE_PSA" + msg "test suites: full with non-accelerated FFDH alg" make test - msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated FFDH alg + USE_PSA" + msg "ssl-opt: full with non-accelerated FFDH alg" tests/ssl-opt.sh -f "ffdh" } component_test_psa_crypto_config_accel_pake() { - msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" + msg "build: full with accelerated PAKE" loc_accel_list="ALG_JPAKE" @@ -2434,7 +2434,7 @@ component_test_psa_crypto_config_accel_pake() { # Run the tests # ------------- - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE" + msg "test: full with accelerated PAKE" make test } @@ -2469,7 +2469,7 @@ config_psa_crypto_config_ecp_light_only () { # Keep in sync with component_test_psa_crypto_config_reference_ecc_ecp_light_only component_test_psa_crypto_config_accel_ecc_ecp_light_only () { - msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA" + msg "build: full with accelerated EC algs" # Algorithms and key types to accelerate loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ @@ -2505,25 +2505,25 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { # Run the tests # ------------- - msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA" + msg "test suites: full with accelerated EC algs" make test - msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated EC algs + USE_PSA" + msg "ssl-opt: full with accelerated EC algs" tests/ssl-opt.sh } # Keep in sync with component_test_psa_crypto_config_accel_ecc_ecp_light_only component_test_psa_crypto_config_reference_ecc_ecp_light_only () { - msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA" + msg "build: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs" config_psa_crypto_config_ecp_light_only 0 make - msg "test suites: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA" + msg "test suites: full with non-accelerated EC algs" make test - msg "ssl-opt: MBEDTLS_PSA_CRYPTO_CONFIG with non-accelerated EC algs + USE_PSA" + msg "ssl-opt: full with non-accelerated EC algs" tests/ssl-opt.sh } @@ -2573,7 +2573,7 @@ config_psa_crypto_no_ecp_at_all () { # # Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all() component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { - msg "build: full + accelerated EC algs + USE_PSA - ECP" + msg "build: full + accelerated EC algs - ECP" # Algorithms and key types to accelerate loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ @@ -2612,10 +2612,10 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # Run the tests # ------------- - msg "test: full + accelerated EC algs + USE_PSA - ECP" + msg "test: full + accelerated EC algs - ECP" make test - msg "ssl-opt: full + accelerated EC algs + USE_PSA - ECP" + msg "ssl-opt: full + accelerated EC algs - ECP" tests/ssl-opt.sh } @@ -2623,16 +2623,16 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all(). # Keep in sync with its accelerated counterpart. component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { - msg "build: full + non accelerated EC algs + USE_PSA" + msg "build: full + non accelerated EC algs" config_psa_crypto_no_ecp_at_all 0 make - msg "test: full + non accelerated EC algs + USE_PSA" + msg "test: full + non accelerated EC algs" make test - msg "ssl-opt: full + non accelerated EC algs + USE_PSA" + msg "ssl-opt: full + non accelerated EC algs" tests/ssl-opt.sh } @@ -2643,7 +2643,7 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { psa_crypto_config_accel_all_curves_except_one () { BUILTIN_CURVE=$1 - msg "build: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO" + msg "build: full + all accelerated EC algs (excl $BUILTIN_CURVE)" # Accelerate all EC algs (all EC curves are automatically accelerated as # well in the built-in version due to the "PSA_WANT_xxx" symbols in @@ -2741,7 +2741,7 @@ psa_crypto_config_accel_all_curves_except_one () { # Run the tests # ------------- - msg "test: PSA_CRYPTO_CONFIG + all accelerated EC algs (excl $BUILTIN_CURVE) + USE_PSA_CRYPTO" + msg "test: full + all accelerated EC algs (excl $BUILTIN_CURVE)" make test } @@ -2997,7 +2997,7 @@ config_psa_crypto_hash_use_psa () { # is related to this component and both components need to be kept in sync. # For details please see comments for component_test_psa_crypto_config_reference_hash_use_psa. component_test_psa_crypto_config_accel_hash_use_psa () { - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA" + msg "test: full with accelerated hashes" loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" @@ -3024,18 +3024,18 @@ component_test_psa_crypto_config_accel_hash_use_psa () { # Run the tests # ------------- - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA" + msg "test: full with accelerated hashes" make test # This is mostly useful so that we can later compare outcome files with # the reference config in analyze_outcomes.py, to check that the # dependency declarations in ssl-opt.sh and in TLS code are correct. - msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA" + msg "test: ssl-opt.sh, full with accelerated hashes" tests/ssl-opt.sh # This is to make sure all ciphersuites are exercised, but we don't need # interop testing (besides, we already got some from ssl-opt.sh). - msg "test: compat.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA" + msg "test: compat.sh, full with accelerated hashes" tests/compat.sh -p mbedTLS -V YES } @@ -3044,16 +3044,16 @@ component_test_psa_crypto_config_accel_hash_use_psa () { # script to find regression in test coverage when accelerated hash is used (tests and ssl-opt). # Both components need to be kept in sync. component_test_psa_crypto_config_reference_hash_use_psa() { - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA" + msg "test: full without accelerated hashes" config_psa_crypto_hash_use_psa 0 make - msg "test: MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA" + msg "test: full without accelerated hashes" make test - msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG without accelerated hash and USE_PSA" + msg "test: ssl-opt.sh, full without accelerated hashes" tests/ssl-opt.sh } From eb41e0d6c86ff05853e5e6fc896b4c93f1de8b8b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 19 Jul 2023 19:36:55 +0200 Subject: [PATCH 037/350] Correct some msg messages in full config When MBEDTLS_USE_PSA_CRYPTO is disabled on a base of full, mention it. Now that full implies MBEDTLS_PSA_CRYPTO_CONFIG, don't mention it, and don't set it explicitly. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 59 +++++++++++++++----------------------------- 1 file changed, 20 insertions(+), 39 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f2e10b04aa..16b46dcdfe 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2765,9 +2765,8 @@ build_and_test_psa_want_key_pair_partial() { UNSET_OPTION=$2 DISABLED_PSA_WANT="PSA_WANT_KEY_TYPE_${KEY_TYPE}_KEY_PAIR_${UNSET_OPTION}" - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG - ${DISABLED_PSA_WANT}" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO - ${DISABLED_PSA_WANT}" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 @@ -2777,7 +2776,7 @@ build_and_test_psa_want_key_pair_partial() { make CC=gcc CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" - msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG - ${DISABLED_PSA_WANT}" + msg "test: full - MBEDTLS_USE_PSA_CRYPTO - ${DISABLED_PSA_WANT}" make test } @@ -3178,9 +3177,8 @@ component_test_ccm_aes_sha256() { # This should be renamed to test and updated once the accelerator ECDH code is in place and ready to test. component_build_psa_accel_alg_ecdh() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py unset MBEDTLS_ECDH_C @@ -3195,9 +3193,8 @@ component_build_psa_accel_alg_ecdh() { # This should be renamed to test and updated once the accelerator ECC key pair code is in place and ready to test. component_build_psa_accel_key_type_ecc_key_pair() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_xxx" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 @@ -3212,9 +3209,8 @@ component_build_psa_accel_key_type_ecc_key_pair() { # This should be renamed to test and updated once the accelerator ECC public key code is in place and ready to test. component_build_psa_accel_key_type_ecc_public_key() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 @@ -3229,9 +3225,8 @@ component_build_psa_accel_key_type_ecc_public_key() { # This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test. component_build_psa_accel_alg_hmac() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HMAC" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 # Need to define the correct symbol and include the test driver header path in order to build with the test driver @@ -3240,9 +3235,8 @@ component_build_psa_accel_alg_hmac() { # This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test. component_build_psa_accel_alg_hkdf() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py unset MBEDTLS_HKDF_C @@ -3254,9 +3248,8 @@ component_build_psa_accel_alg_hkdf() { # This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test. component_build_psa_accel_alg_md5() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_MD5 - other hashes" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RIPEMD160 @@ -3274,9 +3267,8 @@ component_build_psa_accel_alg_md5() { # This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test. component_build_psa_accel_alg_ripemd160() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RIPEMD160 - other hashes" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 @@ -3294,9 +3286,8 @@ component_build_psa_accel_alg_ripemd160() { # This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test. component_build_psa_accel_alg_sha1() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_1 - other hashes" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 @@ -3314,9 +3305,8 @@ component_build_psa_accel_alg_sha1() { # This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test. component_build_psa_accel_alg_sha224() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_224 - other hashes" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 @@ -3331,9 +3321,8 @@ component_build_psa_accel_alg_sha224() { # This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test. component_build_psa_accel_alg_sha256() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_256 - other hashes" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 @@ -3348,9 +3337,8 @@ component_build_psa_accel_alg_sha256() { # This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test. component_build_psa_accel_alg_sha384() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_384 - other hashes" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 @@ -3367,9 +3355,8 @@ component_build_psa_accel_alg_sha384() { # This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test. component_build_psa_accel_alg_sha512() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_SHA_512 - other hashes" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_MD5 @@ -3387,9 +3374,8 @@ component_build_psa_accel_alg_sha512() { # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 @@ -3402,9 +3388,8 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() { # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. component_build_psa_accel_alg_rsa_pkcs1v15_sign() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 @@ -3417,9 +3402,8 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() { # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. component_build_psa_accel_alg_rsa_oaep() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_OAEP 1 @@ -3432,9 +3416,8 @@ component_build_psa_accel_alg_rsa_oaep() { # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. component_build_psa_accel_alg_rsa_pss() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 @@ -3447,9 +3430,8 @@ component_build_psa_accel_alg_rsa_pss() { # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. component_build_psa_accel_key_type_rsa_key_pair() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_xxx + PSA_WANT_ALG_RSA_PSS" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 @@ -3463,9 +3445,8 @@ component_build_psa_accel_key_type_rsa_key_pair() { # This should be renamed to test and updated once the accelerator RSA code is in place and ready to test. component_build_psa_accel_key_type_rsa_public_key() { - msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" + msg "build: full - MBEDTLS_USE_PSA_CRYPTO + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1 From 3c861642c85b9a705a25b7fe32194ab12878cb55 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Jul 2023 15:10:34 +0200 Subject: [PATCH 038/350] Make sure that size constants are unsigned This fixes a warning from some compilers (e.g. MSVC) about comparisons between signed and unsigned values in perfectly reasonable code. In particular, there was one such warning in psa_pbkdf2_hmac_set_password. Signed-off-by: Gilles Peskine --- include/psa/crypto_sizes.h | 240 ++++++++++++++++++------------------- 1 file changed, 120 insertions(+), 120 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index 8cc965b09f..bb0eee5f4b 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -49,8 +49,8 @@ */ #include "psa/build_info.h" -#define PSA_BITS_TO_BYTES(bits) (((bits) + 7) / 8) -#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8) +#define PSA_BITS_TO_BYTES(bits) (((bits) + 7u) / 8u) +#define PSA_BYTES_TO_BITS(bytes) ((bytes) * 8u) #define PSA_MAX_OF_THREE(a, b, c) ((a) <= (b) ? (b) <= (c) ? \ (c) : (b) : (a) <= (c) ? (c) : (a)) @@ -71,20 +71,20 @@ */ #define PSA_HASH_LENGTH(alg) \ ( \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64 : \ - 0) + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 16u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 20u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 20u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 28u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 32u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 48u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 64u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 28u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 32u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 28u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 32u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 48u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 64u : \ + 0u) /** The input block size of a hash algorithm, in bytes. * @@ -103,19 +103,19 @@ */ #define PSA_HASH_BLOCK_LENGTH(alg) \ ( \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104 : \ - PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72 : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_MD5 ? 64u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_RIPEMD160 ? 64u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_1 ? 64u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_224 ? 64u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_256 ? 64u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_384 ? 128u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512 ? 128u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_224 ? 128u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA_512_256 ? 128u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_224 ? 144u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104u : \ + PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72u : \ 0) /** \def PSA_HASH_MAX_SIZE @@ -131,20 +131,20 @@ /* Note: PSA_HASH_MAX_SIZE should be kept in sync with MBEDTLS_MD_MAX_SIZE, * see the note on MBEDTLS_MD_MAX_SIZE for details. */ #if defined(PSA_WANT_ALG_SHA_512) -#define PSA_HASH_MAX_SIZE 64 -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 +#define PSA_HASH_MAX_SIZE 64u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u #elif defined(PSA_WANT_ALG_SHA_384) -#define PSA_HASH_MAX_SIZE 48 -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128 +#define PSA_HASH_MAX_SIZE 48u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128u #elif defined(PSA_WANT_ALG_SHA_256) -#define PSA_HASH_MAX_SIZE 32 -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 +#define PSA_HASH_MAX_SIZE 32u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u #elif defined(PSA_WANT_ALG_SHA_224) -#define PSA_HASH_MAX_SIZE 28 -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 +#define PSA_HASH_MAX_SIZE 28u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u #else /* SHA-1 or smaller */ -#define PSA_HASH_MAX_SIZE 20 -#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64 +#define PSA_HASH_MAX_SIZE 20u +#define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64u #endif /** \def PSA_MAC_MAX_SIZE @@ -185,13 +185,13 @@ #define PSA_AEAD_TAG_LENGTH(key_type, key_bits, alg) \ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \ PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \ - ((void) (key_bits), 0)) + ((void) (key_bits), 0u)) /** The maximum tag size for all supported AEAD algorithms, in bytes. * * See also #PSA_AEAD_TAG_LENGTH(\p key_type, \p key_bits, \p alg). */ -#define PSA_AEAD_TAG_MAX_SIZE 16 +#define PSA_AEAD_TAG_MAX_SIZE 16u /* The maximum size of an RSA key on this implementation, in bits. * This is a vendor-specific macro. @@ -206,44 +206,44 @@ * * Note that an implementation may set different size limits for different * operations, and does not need to accept all key sizes up to the limit. */ -#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096 +#define PSA_VENDOR_RSA_MAX_KEY_BITS 4096u /* The maximum size of an DH key on this implementation, in bits. * * Note that an implementation may set different size limits for different * operations, and does not need to accept all key sizes up to the limit. */ -#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192 +#define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192u /* The maximum size of an ECC key on this implementation, in bits. * This is a vendor-specific macro. */ #if defined(PSA_WANT_ECC_SECP_R1_521) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 521u #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 512u #elif defined(PSA_WANT_ECC_MONTGOMERY_448) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 448u #elif defined(PSA_WANT_ECC_SECP_R1_384) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 384u #elif defined(PSA_WANT_ECC_SECP_R1_256) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u #elif defined(PSA_WANT_ECC_SECP_K1_256) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u #elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 256u #elif defined(PSA_WANT_ECC_MONTGOMERY_255) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 255u #elif defined(PSA_WANT_ECC_SECP_R1_224) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u #elif defined(PSA_WANT_ECC_SECP_K1_224) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 224u #elif defined(PSA_WANT_ECC_SECP_R1_192) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u #elif defined(PSA_WANT_ECC_SECP_K1_192) -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 192u #else -#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0 +#define PSA_VENDOR_ECC_MAX_CURVE_BITS 0u #endif /** This macro returns the maximum supported length of the PSK for the @@ -261,23 +261,23 @@ * Therefore, no implementation should define a value smaller than 64 * for #PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE. */ -#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128 +#define PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE 128u /* The expected size of input passed to psa_tls12_ecjpake_to_pms_input, * which is expected to work with P-256 curve only. */ -#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65 +#define PSA_TLS12_ECJPAKE_TO_PMS_INPUT_SIZE 65u /* The size of a serialized K.X coordinate to be used in * psa_tls12_ecjpake_to_pms_input. This function only accepts the P-256 * curve. */ -#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32 +#define PSA_TLS12_ECJPAKE_TO_PMS_DATA_SIZE 32u /* The maximum number of iterations for PBKDF2 on this implementation, in bits. * This is a vendor-specific macro. This can be configured if necessary */ -#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffff +#define PSA_VENDOR_PBKDF2_MAX_ITERATIONS 0xffffffffU /** The maximum size of a block cipher. */ -#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16 +#define PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE 16u /** The size of the output of psa_mac_sign_finish(), in bytes. * @@ -304,7 +304,7 @@ ((alg) & PSA_ALG_MAC_TRUNCATION_MASK ? PSA_MAC_TRUNCATED_LENGTH(alg) : \ PSA_ALG_IS_HMAC(alg) ? PSA_HASH_LENGTH(PSA_ALG_HMAC_GET_HASH(alg)) : \ PSA_ALG_IS_BLOCK_CIPHER_MAC(alg) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ - ((void) (key_type), (void) (key_bits), 0)) + ((void) (key_type), (void) (key_bits), 0u)) /** The maximum size of the output of psa_aead_encrypt(), in bytes. * @@ -335,7 +335,7 @@ #define PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, plaintext_length) \ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 ? \ (plaintext_length) + PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \ - 0) + 0u) /** A sufficient output buffer size for psa_aead_encrypt(), for any of the * supported key types and AEAD algorithms. @@ -389,7 +389,7 @@ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \ (ciphertext_length) > PSA_ALG_AEAD_GET_TAG_LENGTH(alg) ? \ (ciphertext_length) - PSA_ALG_AEAD_GET_TAG_LENGTH(alg) : \ - 0) + 0u) /** A sufficient output buffer size for psa_aead_decrypt(), for any of the * supported key types and AEAD algorithms. @@ -439,12 +439,12 @@ */ #define PSA_AEAD_NONCE_LENGTH(key_type, alg) \ (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) == 16 ? \ - MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13 : \ - MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12 : \ - 0 : \ + MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CCM) ? 13u : \ + MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_GCM) ? 12u : \ + 0u : \ (key_type) == PSA_KEY_TYPE_CHACHA20 && \ - MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12 : \ - 0) + MBEDTLS_PSA_ALG_AEAD_EQUAL(alg, PSA_ALG_CHACHA20_POLY1305) ? 12u : \ + 0u) /** The maximum default nonce size among all supported pairs of key types and * AEAD algorithms, in bytes. @@ -457,7 +457,7 @@ * just the largest size that may be generated by * #psa_aead_generate_nonce(). */ -#define PSA_AEAD_NONCE_MAX_SIZE 13 +#define PSA_AEAD_NONCE_MAX_SIZE 13u /** A sufficient output buffer size for psa_aead_update(). * @@ -494,7 +494,7 @@ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), (input_length)) : \ (input_length) : \ - 0) + 0u) /** A sufficient output buffer size for psa_aead_update(), for any of the * supported key types and AEAD algorithms. @@ -534,7 +534,7 @@ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ - 0) + 0u) /** A sufficient ciphertext buffer size for psa_aead_finish(), for any of the * supported key types and AEAD algorithms. @@ -568,7 +568,7 @@ (PSA_AEAD_NONCE_LENGTH(key_type, alg) != 0 && \ PSA_ALG_IS_AEAD_ON_BLOCK_CIPHER(alg) ? \ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ - 0) + 0u) /** A sufficient plaintext buffer size for psa_aead_verify(), for any of the * supported key types and AEAD algorithms. @@ -579,8 +579,8 @@ #define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \ (PSA_ALG_IS_RSA_OAEP(alg) ? \ - 2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1 : \ - 11 /*PKCS#1v1.5*/) + 2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1u : \ + 11u /*PKCS#1v1.5*/) /** * \brief ECDSA signature size for a given curve bit size @@ -621,7 +621,7 @@ #define PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg) \ (PSA_KEY_TYPE_IS_RSA(key_type) ? ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_ECDSA_SIGNATURE_SIZE(key_bits) : \ - ((void) alg, 0)) + ((void) alg, 0u)) #define PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE \ PSA_ECDSA_SIGNATURE_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS) @@ -666,7 +666,7 @@ #define PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \ (PSA_KEY_TYPE_IS_RSA(key_type) ? \ ((void) alg, PSA_BITS_TO_BYTES(key_bits)) : \ - 0) + 0u) /** A sufficient output buffer size for psa_asymmetric_encrypt(), for any * supported asymmetric encryption. @@ -705,7 +705,7 @@ #define PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg) \ (PSA_KEY_TYPE_IS_RSA(key_type) ? \ PSA_BITS_TO_BYTES(key_bits) - PSA_RSA_MINIMUM_PADDING_SIZE(alg) : \ - 0) + 0u) /** A sufficient output buffer size for psa_asymmetric_decrypt(), for any * supported asymmetric decryption. @@ -728,7 +728,7 @@ * - 0 to 1 bytes of leading 0 due to the sign bit. */ #define PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(bits) \ - ((bits) / 8 + 5) + ((bits) / 8u + 5u) /* Maximum size of the export encoding of an RSA public key. * Assumes that the public exponent is less than 2^32. @@ -742,7 +742,7 @@ * - 7 bytes for the public exponent. */ #define PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) \ - (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11) + (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11u) /* Maximum size of the export encoding of an RSA key pair. * Assumes that the public exponent is less than 2^32 and that the size @@ -767,7 +767,7 @@ * - 7 bytes for the public exponent. */ #define PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(key_bits) \ - (9 * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2 + 1) + 14) + (9u * PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE((key_bits) / 2u + 1u) + 14u) /* Maximum size of the export encoding of a DSA public key. * @@ -786,7 +786,7 @@ * - 1 + 1 + 32 bytes for 1 sub-size INTEGER (q <= 256 bits). */ #define PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) \ - (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 59) + (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 59u) /* Maximum size of the export encoding of a DSA key pair. * @@ -805,7 +805,7 @@ * - 2 * (1 + 1 + 32) bytes for 2 sub-size INTEGERs (q, x <= 256 bits). */ #define PSA_KEY_EXPORT_DSA_KEY_PAIR_MAX_SIZE(key_bits) \ - (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3 + 75) + (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) * 3u + 75u) /* Maximum size of the export encoding of an ECC public key. * @@ -818,7 +818,7 @@ * - 1 byte + 2 * point size. */ #define PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) \ - (2 * PSA_BITS_TO_BYTES(key_bits) + 1) + (2u * PSA_BITS_TO_BYTES(key_bits) + 1u) /* Maximum size of the export encoding of an ECC key pair. * @@ -887,7 +887,7 @@ (key_type) == PSA_KEY_TYPE_DSA_PUBLIC_KEY ? PSA_KEY_EXPORT_DSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) ? PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ - 0) + 0u) /** Sufficient output buffer size for psa_export_public_key(). * @@ -938,7 +938,7 @@ (PSA_KEY_TYPE_IS_RSA(key_type) ? PSA_KEY_EXPORT_RSA_PUBLIC_KEY_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_ECC(key_type) ? PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits) : \ PSA_KEY_TYPE_IS_DH(key_type) ? PSA_BITS_TO_BYTES(key_bits) : \ - 0) + 0u) /** Sufficient buffer size for exporting any asymmetric key pair. * @@ -993,7 +993,7 @@ */ #define PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(key_type, key_bits) \ ((PSA_KEY_TYPE_IS_ECC_KEY_PAIR(key_type) || \ - PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0) + PSA_KEY_TYPE_IS_DH_KEY_PAIR(key_type)) ? PSA_BITS_TO_BYTES(key_bits) : 0u) /** Maximum size of the output from psa_raw_key_agreement(). * @@ -1041,15 +1041,15 @@ (alg) == PSA_ALG_CBC_NO_PADDING || \ (alg) == PSA_ALG_CBC_PKCS7) ? PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ (key_type) == PSA_KEY_TYPE_CHACHA20 && \ - (alg) == PSA_ALG_STREAM_CIPHER ? 12 : \ - (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13 : \ - 0) + (alg) == PSA_ALG_STREAM_CIPHER ? 12u : \ + (alg) == PSA_ALG_CCM_STAR_NO_TAG ? 13u : \ + 0u) /** The maximum IV size for all supported cipher algorithms, in bytes. * * See also #PSA_CIPHER_IV_LENGTH(). */ -#define PSA_CIPHER_IV_MAX_SIZE 16 +#define PSA_CIPHER_IV_MAX_SIZE 16u /** The maximum size of the output of psa_cipher_encrypt(), in bytes. * @@ -1074,15 +1074,15 @@ * recognized, or the parameters are incompatible, * return 0. */ -#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ - (alg == PSA_ALG_CBC_PKCS7 ? \ - (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \ - PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \ - (input_length) + 1) + \ - PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0) : \ - (PSA_ALG_IS_CIPHER(alg) ? \ - (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \ - 0)) +#define PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ + (alg == PSA_ALG_CBC_PKCS7 ? \ + (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \ + PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \ + (input_length) + 1u) + \ + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : 0u) : \ + (PSA_ALG_IS_CIPHER(alg) ? \ + (input_length) + PSA_CIPHER_IV_LENGTH((key_type), (alg)) : \ + 0u)) /** A sufficient output buffer size for psa_cipher_encrypt(), for any of the * supported key types and cipher algorithms. @@ -1095,9 +1095,9 @@ * \param input_length Size of the input in bytes. * */ -#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \ - (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \ - (input_length) + 1) + \ +#define PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input_length) \ + (PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE, \ + (input_length) + 1u) + \ PSA_CIPHER_IV_MAX_SIZE) /** The maximum size of the output of psa_cipher_decrypt(), in bytes. @@ -1119,11 +1119,11 @@ * recognized, or the parameters are incompatible, * return 0. */ -#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ - (PSA_ALG_IS_CIPHER(alg) && \ +#define PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_length) \ + (PSA_ALG_IS_CIPHER(alg) && \ ((key_type) & PSA_KEY_TYPE_CATEGORY_MASK) == PSA_KEY_TYPE_CATEGORY_SYMMETRIC ? \ - (input_length) : \ - 0) + (input_length) : \ + 0u) /** A sufficient output buffer size for psa_cipher_decrypt(), for any of the * supported key types and cipher algorithms. @@ -1156,16 +1156,16 @@ * algorithm. If the key type or cipher algorithm is not * recognized, or the parameters are incompatible, return 0. */ -#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \ - (PSA_ALG_IS_CIPHER(alg) ? \ - (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \ - (((alg) == PSA_ALG_CBC_PKCS7 || \ - (alg) == PSA_ALG_CBC_NO_PADDING || \ - (alg) == PSA_ALG_ECB_NO_PADDING) ? \ - PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \ - input_length) : \ - (input_length)) : 0) : \ - 0) +#define PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input_length) \ + (PSA_ALG_IS_CIPHER(alg) ? \ + (PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) != 0 ? \ + (((alg) == PSA_ALG_CBC_PKCS7 || \ + (alg) == PSA_ALG_CBC_NO_PADDING || \ + (alg) == PSA_ALG_ECB_NO_PADDING) ? \ + PSA_ROUND_UP_TO_MULTIPLE(PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type), \ + input_length) : \ + (input_length)) : 0u) : \ + 0u) /** A sufficient output buffer size for psa_cipher_update(), for any of the * supported key types and cipher algorithms. @@ -1201,8 +1201,8 @@ (PSA_ALG_IS_CIPHER(alg) ? \ (alg == PSA_ALG_CBC_PKCS7 ? \ PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type) : \ - 0) : \ - 0) + 0u) : \ + 0u) /** A sufficient ciphertext buffer size for psa_cipher_finish(), for any of the * supported key types and cipher algorithms. From ca57d78a6e0ae3e51e0740ed5ef9530d160f8aab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Jul 2023 19:08:06 +0200 Subject: [PATCH 039/350] Fix PBKDF2 with empty salt on platforms where malloc(0)=NULL Signed-off-by: Gilles Peskine --- library/psa_crypto.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8c4d8603b8..c67094026b 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6679,7 +6679,9 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_ERROR_BAD_STATE; } - if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { + if (data_length == 0) { + /* Nothing to do */ + } else if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { pbkdf2->salt = mbedtls_calloc(1, data_length); if (pbkdf2->salt == NULL) { return PSA_ERROR_INSUFFICIENT_MEMORY; From 9d5952dba861aaa3c447d26d4ce3c967a2317906 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Jul 2023 20:11:21 +0200 Subject: [PATCH 040/350] Fix some dependencies on symmetric crypto in some TLS 1.3 tests Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.data | 10 +++++----- tests/suites/test_suite_ssl.function | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 361c1606a7..8f2252ee5d 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -3234,7 +3234,7 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1 # - App data payload: 70696e67 # - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5 # - Padding used: No (== granularity 1) -depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5" SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2 @@ -3245,7 +3245,7 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2 # - App data payload: 706f6e67 # - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7 # - Padding used: No (== granularity 1) -depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7" SSL TLS 1.3 Record Encryption RFC 8448 Example #1 @@ -3264,7 +3264,7 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #1 # 62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6 # 3a ee bb 21 69 49 15 e4 # - Padding used: No (== granularity 1) -depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4" SSL TLS 1.3 Record Encryption RFC 8448 Example #2 @@ -3283,12 +3283,12 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #2 # fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54 # 0d d0 32 e1 67 c2 95 5d # - Padding used: No (== granularity 1) -depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d" SSL TLS 1.3 Key schedule: Application secrets derivation helper # Vector from RFC 8448 -depends_on:MBEDTLS_AES_C:MBEDTLS_PK_CAN_ECDSA_SOME:PSA_WANT_ALG_SHA_256:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +depends_on:PSA_WANT_ALG_SHA_256 ssl_tls13_derive_application_secrets:PSA_ALG_SHA_256:"e2d32d4ed66dd37897a0e80c84107503ce58bf8aad4cb55a5002d77ecb890ece":"b0aeffc46a2cfe33114e6fd7d51f9f04b1ca3c497dab08934a774a9d9ad7dbf3":"2abbf2b8e381d23dbebe1dd2a7d16a8bf484cb4950d23fb7fb7fa8547062d9a1":"cc21f1bf8feb7dd5fa505bd9c4b468a9984d554a993dc49e6d285598fb672691":"3fd93d4ffddc98e64b14dd107aedf8ee4add23f4510f58a4592d0b201bee56b4" SSL TLS 1.3 Key schedule: Resumption secrets derivation helper diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 82298849bd..c069ee8596 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2005,7 +2005,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_MD_CAN_SHA256 */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3 */ void ssl_tls13_record_protection(int ciphersuite, int endpoint, int ctr, From 5fd88b7f75ca08e73aa2664a4eabaa146d97f82b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 20 Jul 2023 22:18:23 +0200 Subject: [PATCH 041/350] Simplify the logic in a test Signed-off-by: Gilles Peskine --- tests/suites/test_suite_ssl.function | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index c069ee8596..3aee2ba718 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1403,19 +1403,16 @@ void ssl_crypt_record_small(int cipher_type, int hash_id, ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec, mbedtls_test_rnd_std_rand, NULL); - if ((mode == 1 || mode == 2) && seen_success) { - TEST_ASSERT(ret == 0); - } else { - TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL); - if (ret == 0) { - seen_success = 1; - } - } - - if (ret != 0) { + if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) { + /* It's ok if the output buffer is too small. We do insist + * on at least one mode succeeding; this is tracked by + * seen_success. */ continue; } + TEST_EQUAL(ret, 0); + seen_success = 1; + #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if (rec.cid_len != 0) { /* DTLS 1.2 + CID hides the real content type and From e3268afb117bc4e66bce2107cf6058fc7e10b633 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 25 Jul 2023 17:33:55 +0100 Subject: [PATCH 042/350] Add PSA SHA3 tests for hash_verify and multipart Signed-off-by: Dave Rodgman --- tests/suites/test_suite_psa_crypto_hash.data | 80 ++++++++++++++++++++ 1 file changed, 80 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data index 1133c398db..769df58e1d 100644 --- a/tests/suites/test_suite_psa_crypto_hash.data +++ b/tests/suites/test_suite_psa_crypto_hash.data @@ -310,6 +310,22 @@ PSA hash verify: RIPEMD160 depends_on:PSA_WANT_ALG_RIPEMD160 hash_verify:PSA_ALG_RIPEMD160:"bd":"5089265ee5d9af75d12dbf7ea2f27dbdee435b37" +PSA hash verify: SHA3-224 +depends_on:PSA_WANT_ALG_SHA3_224 +hash_verify:PSA_ALG_SHA3_224:"bd":"79bd1a58a357d1a0ac15b43400bc396d17bdc6d3d90369f16f650b25" + +PSA hash verify: SHA3-256 +depends_on:PSA_WANT_ALG_SHA3_256 +hash_verify:PSA_ALG_SHA3_256:"bd":"b389fa0f45f21196cc2736e8de396497a2414be31e7a500a499918b8cf3257b2" + +PSA hash verify: SHA3-384 +depends_on:PSA_WANT_ALG_SHA3_384 +hash_verify:PSA_ALG_SHA3_384:"bd":"5a337b67965736040c5b1f2d4df7f9ca76cf01866c7d64ed8dd812b97995da9b14ef07f9c4d9190888e4b15c4df2203d" + +PSA hash verify: SHA3-512 +depends_on:PSA_WANT_ALG_SHA3_512 +hash_verify:PSA_ALG_SHA3_512:"bd":"72bacd82495cb72a44523cda462f0f02c9f33b6312e24e44f5c40deed2bbc37854b606cb2f62cce6a394b4157d8e6e89b22682380dc129dddd402693ffa98a6c" + PSA hash multi part: SHA-1 Test Vector NIST CAVS #1 depends_on:PSA_WANT_ALG_SHA_1 hash_multi_part:PSA_ALG_SHA_1:"":"da39a3ee5e6b4b0d3255bfef95601890afd80709" @@ -529,3 +545,67 @@ hash_multi_part:PSA_ALG_RIPEMD160:"4142434445464748494a4b4c4d4e4f505152535455565 PSA hash multi part: RIPEMD160 Test vector from paper #8 depends_on:PSA_WANT_ALG_RIPEMD160 hash_multi_part:PSA_ALG_RIPEMD160:"3132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930313233343536373839303132333435363738393031323334353637383930":"9b752e45573d4b39f4dbd3323cab82bf63326bfb" + +PSA hash multi part: SHA3-224 Test Vector NIST "" +depends_on:PSA_WANT_ALG_SHA3_224 +hash_multi_part:PSA_ALG_SHA3_224:"":"6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3f5b5a6bc7" + +PSA hash multi part: SHA3-256 Test Vector NIST "" +depends_on:PSA_WANT_ALG_SHA3_256 +hash_multi_part:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532" + +PSA hash multi part: SHA3-384 Test Vector NIST "" +depends_on:PSA_WANT_ALG_SHA3_384 +hash_multi_part:PSA_ALG_SHA3_384:"":"0c63a75b845e4f7d01107d852e4c2485c51a50aaaa94fc61995e71bbee983a2ac3713831264adb47fb6bd1e058d5f004" + +PSA hash multi part: SHA3-512 Test Vector NIST "" +depends_on:PSA_WANT_ALG_SHA3_512 +hash_multi_part:PSA_ALG_SHA3_512:"":"a69f73cca23a9ac5c8b567dc185a756e97c982164fe25859e0d1dcc1475c80a615b2123af1f5f94c11e3e9402c3ac558f500199d95b6d3e301758586281dcd26" + +PSA hash multi part: SHA3-224 Test Vector NIST "abc" +depends_on:PSA_WANT_ALG_SHA3_224 +hash_multi_part:PSA_ALG_SHA3_224:"616263":"e642824c3f8cf24ad09234ee7d3c766fc9a3a5168d0c94ad73b46fdf" + +PSA hash multi part: SHA3-256 Test Vector NIST "abc" +depends_on:PSA_WANT_ALG_SHA3_256 +hash_multi_part:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532" + +PSA hash multi part: SHA3-384 Test Vector NIST "abc" +depends_on:PSA_WANT_ALG_SHA3_384 +hash_multi_part:PSA_ALG_SHA3_384:"616263":"ec01498288516fc926459f58e2c6ad8df9b473cb0fc08c2596da7cf0e49be4b298d88cea927ac7f539f1edf228376d25" + +PSA hash multi part: SHA3-512 Test Vector NIST "abc" +depends_on:PSA_WANT_ALG_SHA3_512 +hash_multi_part:PSA_ALG_SHA3_512:"616263":"b751850b1a57168a5693cd924b6b096e08f621827444f70d884f5d0240d2712e10e116e9192af3c91a7ec57647e3934057340b4cf408d5a56592f8274eec53f0" + +PSA hash multi part: SHA3-224 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +depends_on:PSA_WANT_ALG_SHA3_224 +hash_multi_part:PSA_ALG_SHA3_224:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"8a24108b154ada21c9fd5574494479ba5c7e7ab76ef264ead0fcce33" + +PSA hash multi part: SHA3-256 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +depends_on:PSA_WANT_ALG_SHA3_256 +hash_multi_part:PSA_ALG_SHA3_256:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"41c0dba2a9d6240849100376a8235e2c82e1b9998a999e21db32dd97496d3376" + +PSA hash multi part: SHA3-384 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +depends_on:PSA_WANT_ALG_SHA3_384 +hash_multi_part:PSA_ALG_SHA3_384:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"991c665755eb3a4b6bbdfb75c78a492e8c56a22c5c4d7e429bfdbc32b9d4ad5aa04a1f076e62fea19eef51acd0657c22" + +PSA hash multi part: SHA3-512 Test Vector NIST 448 bits: "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" +depends_on:PSA_WANT_ALG_SHA3_512 +hash_multi_part:PSA_ALG_SHA3_512:"6162636462636465636465666465666765666768666768696768696a68696a6b696a6b6c6a6b6c6d6b6c6d6e6c6d6e6f6d6e6f706e6f7071":"04a371e84ecfb5b8b77cb48610fca8182dd457ce6f326a0fd3d7ec2f1e91636dee691fbe0c985302ba1b0d8dc78c086346b533b49c030d99a27daf1139d6e75e" + +PSA hash multi part: SHA3-224 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +depends_on:PSA_WANT_ALG_SHA3_224 +hash_multi_part:PSA_ALG_SHA3_224:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"543e6868e1666c1a643630df77367ae5a62a85070a51c14cbf665cbc" + +PSA hash multi part: SHA3-256 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +depends_on:PSA_WANT_ALG_SHA3_256 +hash_multi_part:PSA_ALG_SHA3_256:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"916f6061fe879741ca6469b43971dfdb28b1a32dc36cb3254e812be27aad1d18" + +PSA hash multi part: SHA3-384 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +depends_on:PSA_WANT_ALG_SHA3_384 +hash_multi_part:PSA_ALG_SHA3_384:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"79407d3b5916b59c3e30b09822974791c313fb9ecc849e406f23592d04f625dc8c709b98b43b3852b337216179aa7fc7" + +PSA hash multi part: SHA3-512 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" +depends_on:PSA_WANT_ALG_SHA3_512 +hash_multi_part:PSA_ALG_SHA3_512:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"afebb2ef542e6579c50cad06d2e578f9f8dd6881d7dc824d26360feebf18a4fa73e3261122948efcfd492e74e82e2189ed0fb440d187f382270cb455f21dd185" From 6b9017045fbfeffaa9dfb53fc4c24f71679a78a1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Jul 2023 18:43:39 +0200 Subject: [PATCH 043/350] Don't call psa_crypto_init with uninitialized local contexts (entropy) psa_crypto_init can fail, and if it does we'll try calling free() on the local variable, which is uninitialized. This commit fixes memory corruption when a test fails. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_entropy.function | 26 +++++++++++------------- 1 file changed, 12 insertions(+), 14 deletions(-) diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 617c875a7b..0e013b740d 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -166,11 +166,10 @@ void entropy_init_free(int reinit) void entropy_seed_file(char *path, int ret) { mbedtls_entropy_context ctx; + mbedtls_entropy_init(&ctx); MD_PSA_INIT(); - mbedtls_entropy_init(&ctx); - TEST_ASSERT(mbedtls_entropy_write_seed_file(&ctx, path) == ret); TEST_ASSERT(mbedtls_entropy_update_seed_file(&ctx, path) == ret); @@ -184,11 +183,10 @@ exit: void entropy_write_base_seed_file(int ret) { mbedtls_entropy_context ctx; + mbedtls_entropy_init(&ctx); MD_PSA_INIT(); - mbedtls_entropy_init(&ctx); - TEST_ASSERT(mbedtls_entropy_write_seed_file(&ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE) == ret); TEST_ASSERT(mbedtls_entropy_update_seed_file(&ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE) == ret); @@ -249,10 +247,10 @@ void entropy_func_len(int len, int ret) unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE + 10] = { 0 }; size_t i, j; - MD_PSA_INIT(); - mbedtls_entropy_init(&ctx); + MD_PSA_INIT(); + /* * See comments in mbedtls_entropy_self_test() */ @@ -286,10 +284,10 @@ void entropy_source_fail(char *path) unsigned char buf[16]; entropy_dummy_context dummy = { DUMMY_FAIL, 0, 0 }; - MD_PSA_INIT(); - mbedtls_entropy_init(&ctx); + MD_PSA_INIT(); + TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source, &dummy, 16, MBEDTLS_ENTROPY_SOURCE_WEAK) @@ -324,11 +322,11 @@ void entropy_threshold(int threshold, int chunk_size, int result) unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; int ret; - MD_PSA_INIT(); - mbedtls_entropy_init(&ctx); entropy_clear_sources(&ctx); + MD_PSA_INIT(); + /* Set strong source that reaches its threshold immediately and * a weak source whose threshold is a test parameter. */ TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source, @@ -374,11 +372,11 @@ void entropy_calls(int strength1, int strength2, unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 }; int ret; - MD_PSA_INIT(); - mbedtls_entropy_init(&ctx); entropy_clear_sources(&ctx); + MD_PSA_INIT(); + TEST_ASSERT(mbedtls_entropy_add_source(&ctx, entropy_dummy_source, &dummy1, threshold, strength1) == 0); @@ -473,8 +471,6 @@ void entropy_nv_seed(data_t *read_seed) unsigned char check_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; unsigned char check_entropy[MBEDTLS_ENTROPY_BLOCK_SIZE]; - MD_PSA_INIT(); - memset(entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); memset(buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); memset(empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE); @@ -488,6 +484,8 @@ void entropy_nv_seed(data_t *read_seed) mbedtls_entropy_init(&ctx); entropy_clear_sources(&ctx); + MD_PSA_INIT(); + TEST_ASSERT(mbedtls_entropy_add_source(&ctx, mbedtls_nv_seed_poll, NULL, MBEDTLS_ENTROPY_BLOCK_SIZE, MBEDTLS_ENTROPY_SOURCE_STRONG) == 0); From fe5adfe54708b146ddda295961c635bb5472f27f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 26 Jul 2023 17:58:48 +0100 Subject: [PATCH 044/350] Add HMAC test-cases for SHA3 Signed-off-by: Dave Rodgman --- tests/suites/test_suite_psa_crypto_hash.data | 19 ++++++++++ .../test_suite_psa_crypto_hash.function | 35 +++++++++++++++++++ 2 files changed, 54 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data index 769df58e1d..58bf0cf50b 100644 --- a/tests/suites/test_suite_psa_crypto_hash.data +++ b/tests/suites/test_suite_psa_crypto_hash.data @@ -609,3 +609,22 @@ hash_multi_part:PSA_ALG_SHA3_384:"6162636465666768626364656667686963646566676869 PSA hash multi part: SHA3-512 Test Vector NIST 896 bits: "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" depends_on:PSA_WANT_ALG_SHA3_512 hash_multi_part:PSA_ALG_SHA3_512:"61626364656667686263646566676869636465666768696a6465666768696a6b65666768696a6b6c666768696a6b6c6d6768696a6b6c6d6e68696a6b6c6d6e6f696a6b6c6d6e6f706a6b6c6d6e6f70716b6c6d6e6f7071726c6d6e6f707172736d6e6f70717273746e6f707172737475":"afebb2ef542e6579c50cad06d2e578f9f8dd6881d7dc824d26360feebf18a4fa73e3261122948efcfd492e74e82e2189ed0fb440d187f382270cb455f21dd185" + +# HMAC test vectors generated in python with e.g. +# import hmac; hmac.new(bytes([0xaa]*32), b'abc', 'SHA3-224').hexdigest() + +PSA HMAC SHA3-224 +depends_on:PSA_WANT_ALG_SHA3_224 +hmac:PSA_ALG_SHA3_224:"abc":"bf0905154ad610b6a3d6d0b9a1c692494e987337d956624a066d7a1f" + +PSA HMAC SHA3-256 +depends_on:PSA_WANT_ALG_SHA3_256 +hmac:PSA_ALG_SHA3_256:"abc":"a986419a162b6d4731a8e96e44a2c6e784d50137907b457c9fb77c62705dc4d9" + +PSA HMAC SHA3-384 +depends_on:PSA_WANT_ALG_SHA3_384 +hmac:PSA_ALG_SHA3_384:"abc":"87b864ee25f8bfebd516eddd7cdd400d3c368a09e4b1fabaee5636da8a9c876c3f802c366537663910f2e6c5a8426381" + +PSA HMAC SHA3-512 +depends_on:PSA_WANT_ALG_SHA3_512 +hmac:PSA_ALG_SHA3_512:"abc":"2cef45b6950e41a70bc85cb431b2161d47c9e2932187fa15d80e3b7af1da38aa8fe823a72efd7e536e5236a5b0798418d8c8f08b0de5fc262867bb3752b6482d" diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function index f12541d686..75dde55308 100644 --- a/tests/suites/test_suite_psa_crypto_hash.function +++ b/tests/suites/test_suite_psa_crypto_hash.function @@ -1,6 +1,7 @@ /* BEGIN_HEADER */ #include +#include "psa/crypto.h" /* END_HEADER */ @@ -34,6 +35,40 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void hmac(int alg_arg, char *input, data_t *expected_mac) +{ + psa_algorithm_t alg = PSA_ALG_HMAC(alg_arg); + + mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; + psa_key_type_t key_type = PSA_KEY_TYPE_HMAC; + const uint8_t key_data[] = { // 32 bytes of 0xaa + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, + 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa, 0xaa + }; + psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; + + PSA_ASSERT(psa_crypto_init()); + + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); + psa_set_key_algorithm(&attributes, alg); + psa_set_key_type(&attributes, key_type); + PSA_ASSERT(psa_import_key(&attributes, key_data, sizeof(key_data), &key)); + + uint8_t mac[PSA_MAC_MAX_SIZE + 10] = { 0 }; + size_t mac_length = 0; + + PSA_ASSERT(psa_mac_compute(key, alg, (uint8_t const *) input, strlen(input), mac, sizeof(mac), &mac_length)); + + ASSERT_COMPARE(expected_mac->x, expected_mac->len, mac, mac_length); + + PSA_ASSERT(psa_destroy_key(key)); +exit: + PSA_DONE(); +} +/* END_CASE */ + /* BEGIN_CASE */ void hash_verify(int alg_arg, data_t *input, data_t *expected_hash) { From faff45c917fee85ea3d624c07d2044f7c3c4fb27 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 26 Jul 2023 18:13:58 +0100 Subject: [PATCH 045/350] Add HMAC tests for other digest algorithms Signed-off-by: Dave Rodgman --- tests/suites/test_suite_psa_crypto_hash.data | 24 ++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data index 58bf0cf50b..5f4313a15e 100644 --- a/tests/suites/test_suite_psa_crypto_hash.data +++ b/tests/suites/test_suite_psa_crypto_hash.data @@ -628,3 +628,27 @@ hmac:PSA_ALG_SHA3_384:"abc":"87b864ee25f8bfebd516eddd7cdd400d3c368a09e4b1fabaee5 PSA HMAC SHA3-512 depends_on:PSA_WANT_ALG_SHA3_512 hmac:PSA_ALG_SHA3_512:"abc":"2cef45b6950e41a70bc85cb431b2161d47c9e2932187fa15d80e3b7af1da38aa8fe823a72efd7e536e5236a5b0798418d8c8f08b0de5fc262867bb3752b6482d" + +PSA HMAC SHA-1 +depends_on:PSA_WANT_ALG_SHA_1 +hmac:PSA_ALG_SHA_1:"abc":"0b3a7f96afea3e14a0835f7c9468a24649f85596" + +PSA HMAC SHA-224 +depends_on:PSA_WANT_ALG_SHA_224 +hmac:PSA_ALG_SHA_224:"abc":"249c405cef8bcd3ceeafdb9a933179739fb9b1d7f174df4667ec82f3" + +PSA HMAC SHA-256 +depends_on:PSA_WANT_ALG_SHA_256 +hmac:PSA_ALG_SHA_256:"abc":"b89a1b878289c739595104da55b6f7a8afec3e0757fc166080dc267c09c46841" + +PSA HMAC SHA-384 +depends_on:PSA_WANT_ALG_SHA_384 +hmac:PSA_ALG_SHA_384:"abc":"25a8b55c884bc38286305f76332631726498f5586280b88bc6179cd00c6878fb7d1bb3ee1643fcd2fb02b95823ff1af2" + +PSA HMAC SHA-512 +depends_on:PSA_WANT_ALG_SHA_512 +hmac:PSA_ALG_SHA_512:"abc":"d6e5eebb5cf27f5b686fefc416ee8c431bb10770216aa3c6ba13897ef3fc040b98abc53b95039f2c50622473f958af64a3cae1afbea8ffffa8d35ca24f31e222" + +PSA HMAC RIPEMD160 +depends_on:PSA_WANT_ALG_RIPEMD160 +hmac:PSA_ALG_RIPEMD160:"abc":"114a5cf4637f57c044472e1a0b87cce9137190b2" From 44fae4908d8fed4b07f73f33ebc1b88184b2dc7c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 26 Jul 2023 18:45:19 +0100 Subject: [PATCH 046/350] Add PSA HMAC MD5 test Signed-off-by: Dave Rodgman --- tests/suites/test_suite_psa_crypto_hash.data | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data index 5f4313a15e..33ced8239d 100644 --- a/tests/suites/test_suite_psa_crypto_hash.data +++ b/tests/suites/test_suite_psa_crypto_hash.data @@ -652,3 +652,7 @@ hmac:PSA_ALG_SHA_512:"abc":"d6e5eebb5cf27f5b686fefc416ee8c431bb10770216aa3c6ba13 PSA HMAC RIPEMD160 depends_on:PSA_WANT_ALG_RIPEMD160 hmac:PSA_ALG_RIPEMD160:"abc":"114a5cf4637f57c044472e1a0b87cce9137190b2" + +PSA HMAC MD5 +depends_on:PSA_WANT_ALG_MD5 +hmac:PSA_ALG_MD5:"abc":"39677b12b80118927387aa4a65d16a5e" From 1997f3022fcf8f76434ff5fe69327a5a9ddd6c43 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 26 Jul 2023 18:45:20 +0200 Subject: [PATCH 047/350] PSA_CRYPTO_DRIVER_TEST_ALL is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG Explain how PSA_CRYPTO_DRIVER_TEST_ALL works and why we have it. Note that it is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG. As a consequence, disable that option in component_test_psa_crypto_drivers. MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is in the full config, so there's no need to add it explicitly. Signed-off-by: Gilles Peskine --- tests/configs/user-config-for-test.h | 20 ++++++++++++++++++++ tests/scripts/all.sh | 6 +++--- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h index 8c2680d4a0..9151532c69 100644 --- a/tests/configs/user-config-for-test.h +++ b/tests/configs/user-config-for-test.h @@ -23,11 +23,31 @@ */ #if defined(PSA_CRYPTO_DRIVER_TEST_ALL) +/* PSA_CRYPTO_DRIVER_TEST_ALL activates test drivers while keeping the + * built-in implementations active. Normally setting MBEDTLS_PSA_ACCEL_xxx + * would disable MBEDTLS_PSA_BUILTIN_xxx unless fallback is activated, but + * here we arrange to have both active so that psa_crypto_*.c includes + * the built-in implementations and the driver code can call the built-in + * implementations. + * + * The point of this test mode is to verify that the + * driver entry points are called when they should be in a lightweight + * way, without requiring an actual driver. This is different from builds + * with libtestdriver1, where we make a copy of the library source code + * and use that as an external driver. + */ /* Enable the use of the test driver in the library, and build the generic * part of the test driver. */ #define PSA_CRYPTO_DRIVER_TEST +/* With MBEDTLS_PSA_CRYPTO_CONFIG, if we set up the acceleration, the + * built-in implementations won't be enabled. */ +#if defined(MBEDTLS_PSA_CRYPTO_CONFIG) +#error \ + "PSA_CRYPTO_DRIVER_TEST_ALL sets up a nonstandard configuration that is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG" +#endif + /* Use the accelerator driver for all cryptographic mechanisms for which * the test driver implemented. */ #define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 16b46dcdfe..1d517ea0c3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3933,16 +3933,16 @@ component_test_se_default () { } component_test_psa_crypto_drivers () { - msg "build: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + test drivers" + msg "build: full + test drivers dispatching to builtins" scripts/config.py full - scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL" loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" loc_cflags="${loc_cflags} -I../tests/include -O2" make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS" - msg "test: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS + test drivers" + msg "test: full + test drivers dispatching to builtins" make test } From 0c383858580d24888e57377f9946b97972fb5c43 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 27 Jul 2023 12:54:09 +0100 Subject: [PATCH 048/350] Use psa_mac_compare in tests; add some HMAC edge-cases Signed-off-by: Dave Rodgman --- tests/suites/test_suite_psa_crypto_hash.data | 12 ++++++++++++ tests/suites/test_suite_psa_crypto_hash.function | 7 +++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data index 33ced8239d..f957bf16d3 100644 --- a/tests/suites/test_suite_psa_crypto_hash.data +++ b/tests/suites/test_suite_psa_crypto_hash.data @@ -656,3 +656,15 @@ hmac:PSA_ALG_RIPEMD160:"abc":"114a5cf4637f57c044472e1a0b87cce9137190b2" PSA HMAC MD5 depends_on:PSA_WANT_ALG_MD5 hmac:PSA_ALG_MD5:"abc":"39677b12b80118927387aa4a65d16a5e" + +PSA HMAC input length 0 +depends_on:PSA_WANT_ALG_SHA_256 +hmac:PSA_ALG_SHA_256:"":"63210aee265762634fa3db8c1aa920dcd07d31ec297309580394a21412f83372" + +PSA HMAC input length 1 +depends_on:PSA_WANT_ALG_SHA_256 +hmac:PSA_ALG_SHA_256:"x":"f61c11d66441e3c0b9902a8491caa2da5a0d0d95ef0fc61d8a3b5ea5e0416f5c" + +PSA HMAC input length 2890 +depends_on:PSA_WANT_ALG_SHA_256 +hmac:PSA_ALG_SHA_256:"0123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999":"dd2e08786029097be5f634fda74a7e20e3e1638e71282892c4fd21d9a71ae418" diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function index 75dde55308..8ee459e435 100644 --- a/tests/suites/test_suite_psa_crypto_hash.function +++ b/tests/suites/test_suite_psa_crypto_hash.function @@ -51,7 +51,7 @@ void hmac(int alg_arg, char *input, data_t *expected_mac) PSA_ASSERT(psa_crypto_init()); - psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE); + psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE); psa_set_key_algorithm(&attributes, alg); psa_set_key_type(&attributes, key_type); PSA_ASSERT(psa_import_key(&attributes, key_data, sizeof(key_data), &key)); @@ -59,10 +59,13 @@ void hmac(int alg_arg, char *input, data_t *expected_mac) uint8_t mac[PSA_MAC_MAX_SIZE + 10] = { 0 }; size_t mac_length = 0; - PSA_ASSERT(psa_mac_compute(key, alg, (uint8_t const *) input, strlen(input), mac, sizeof(mac), &mac_length)); + size_t input_len = strlen(input); + PSA_ASSERT(psa_mac_compute(key, alg, (uint8_t const *) input, input_len, mac, sizeof(mac), &mac_length)); ASSERT_COMPARE(expected_mac->x, expected_mac->len, mac, mac_length); + PSA_ASSERT(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x, expected_mac->len)); + PSA_ASSERT(psa_destroy_key(key)); exit: PSA_DONE(); From d2c9f6d256990628f8179ad6e3006f38f6db166d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 27 Jul 2023 13:00:02 +0100 Subject: [PATCH 049/350] Strengthen psa_mac_verify testing Signed-off-by: Dave Rodgman --- tests/suites/test_suite_psa_crypto_hash.function | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function index 8ee459e435..bd3012c4d1 100644 --- a/tests/suites/test_suite_psa_crypto_hash.function +++ b/tests/suites/test_suite_psa_crypto_hash.function @@ -62,10 +62,16 @@ void hmac(int alg_arg, char *input, data_t *expected_mac) size_t input_len = strlen(input); PSA_ASSERT(psa_mac_compute(key, alg, (uint8_t const *) input, input_len, mac, sizeof(mac), &mac_length)); + // manual comparison against expected MAC ASSERT_COMPARE(expected_mac->x, expected_mac->len, mac, mac_length); + // use psa_mac_verify to compare to expected MAC PSA_ASSERT(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x, expected_mac->len)); + // corrupt the MAC and check that psa_mac_verify fails + expected_mac->x[0] ^= 0x7f; + TEST_EQUAL(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x, expected_mac->len), PSA_ERROR_INVALID_SIGNATURE); + PSA_ASSERT(psa_destroy_key(key)); exit: PSA_DONE(); From 5c603822011b726498f52e914109bd351c50b008 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 27 Jul 2023 13:28:41 +0100 Subject: [PATCH 050/350] code style Signed-off-by: Dave Rodgman --- tests/suites/test_suite_psa_crypto_hash.function | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function index bd3012c4d1..de009a3ad6 100644 --- a/tests/suites/test_suite_psa_crypto_hash.function +++ b/tests/suites/test_suite_psa_crypto_hash.function @@ -60,17 +60,20 @@ void hmac(int alg_arg, char *input, data_t *expected_mac) size_t mac_length = 0; size_t input_len = strlen(input); - PSA_ASSERT(psa_mac_compute(key, alg, (uint8_t const *) input, input_len, mac, sizeof(mac), &mac_length)); + PSA_ASSERT(psa_mac_compute(key, alg, (uint8_t const *) input, input_len, mac, sizeof(mac), + &mac_length)); // manual comparison against expected MAC ASSERT_COMPARE(expected_mac->x, expected_mac->len, mac, mac_length); // use psa_mac_verify to compare to expected MAC - PSA_ASSERT(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x, expected_mac->len)); + PSA_ASSERT(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x, + expected_mac->len)); // corrupt the MAC and check that psa_mac_verify fails expected_mac->x[0] ^= 0x7f; - TEST_EQUAL(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x, expected_mac->len), PSA_ERROR_INVALID_SIGNATURE); + TEST_EQUAL(psa_mac_verify(key, alg, (uint8_t const *) input, input_len, expected_mac->x, + expected_mac->len), PSA_ERROR_INVALID_SIGNATURE); PSA_ASSERT(psa_destroy_key(key)); exit: From 2d626cc44fc32112d1e95160f6fd28d32ed8535a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 27 Jul 2023 14:43:55 +0100 Subject: [PATCH 051/350] Fix missing opening brace in comments Signed-off-by: Dave Rodgman --- include/mbedtls/oid.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index f894205892..133e5d41b2 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -270,13 +270,13 @@ #define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x07" /**< id-sha3-224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-224(7) } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x08" /**< id-sha3-256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-256(8) } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x09" /**< id-sha3-384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-384(9) } */ -#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */ +#define MBEDTLS_OID_DIGEST_ALG_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x0a" /**< id-sha3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) sha3-512(10) } */ #define MBEDTLS_OID_HMAC_SHA1 MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */ From a2cdc840de5aa0363d45ce9ebbba95cdda8ed7a9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 27 Jul 2023 14:44:13 +0100 Subject: [PATCH 052/350] Fix pre-existing missing closing #endif comment Signed-off-by: Dave Rodgman --- library/oid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/oid.c b/library/oid.c index 9ea41cbae2..43fa0003d9 100644 --- a/library/oid.c +++ b/library/oid.c @@ -820,7 +820,7 @@ static const oid_md_hmac_t oid_md_hmac[] = OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224"), MBEDTLS_MD_SHA224, }, -#endif +#endif /* MBEDTLS_MD_CAN_SHA224 */ #if defined(MBEDTLS_MD_CAN_SHA256) { OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256"), From 5cc67a3ee2fc2676d84b71dfc5bbaad6caec01eb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 27 Jul 2023 14:44:35 +0100 Subject: [PATCH 053/350] Add OIDs for HMAC-SHA3 Signed-off-by: Dave Rodgman --- include/mbedtls/oid.h | 8 ++++++++ library/oid.c | 24 ++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 133e5d41b2..3c9831be54 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -289,6 +289,14 @@ #define MBEDTLS_OID_HMAC_SHA512 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */ +#define MBEDTLS_OID_HMAC_SHA3_224 MBEDTLS_OID_NIST_ALG "\x02\x0d" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-224(13) } */ + +#define MBEDTLS_OID_HMAC_SHA3_256 MBEDTLS_OID_NIST_ALG "\x02\x0e" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-256(14) } */ + +#define MBEDTLS_OID_HMAC_SHA3_384 MBEDTLS_OID_NIST_ALG "\x02\x0f" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-384(15) } */ + +#define MBEDTLS_OID_HMAC_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x10" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-512(16) } */ + /* * Encryption algorithms */ diff --git a/library/oid.c b/library/oid.c index 43fa0003d9..e12f92485c 100644 --- a/library/oid.c +++ b/library/oid.c @@ -839,6 +839,30 @@ static const oid_md_hmac_t oid_md_hmac[] = MBEDTLS_MD_SHA512, }, #endif /* MBEDTLS_MD_CAN_SHA512 */ +#if defined(MBEDTLS_MD_CAN_SHA3_224) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_224, "hmacSHA3-224", "HMAC-SHA3-224"), + MBEDTLS_MD_SHA3_224, + }, +#endif /* MBEDTLS_MD_CAN_SHA3_224 */ +#if defined(MBEDTLS_MD_CAN_SHA3_256) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_256, "hmacSHA3-256", "HMAC-SHA3-256"), + MBEDTLS_MD_SHA3_256, + }, +#endif /* MBEDTLS_MD_CAN_SHA3_256 */ +#if defined(MBEDTLS_MD_CAN_SHA3_384) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_384, "hmacSHA3-384", "HMAC-SHA3-384"), + MBEDTLS_MD_SHA3_384, + }, +#endif /* MBEDTLS_MD_CAN_SHA3_384 */ +#if defined(MBEDTLS_MD_CAN_SHA3_512) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_SHA3_512, "hmacSHA3-512", "HMAC-SHA3-512"), + MBEDTLS_MD_SHA3_512, + }, +#endif /* MBEDTLS_MD_CAN_SHA3_512 */ { NULL_OID_DESCRIPTOR, MBEDTLS_MD_NONE, From f2e3eb8bd9f4c5bde788076e2cb6a42979295822 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 27 Jul 2023 15:46:05 +0100 Subject: [PATCH 054/350] Add OID for HMAC-RIPEMD160 Signed-off-by: Dave Rodgman --- include/mbedtls/oid.h | 2 ++ library/oid.c | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 3c9831be54..9545072296 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -297,6 +297,8 @@ #define MBEDTLS_OID_HMAC_SHA3_512 MBEDTLS_OID_NIST_ALG "\x02\x10" /**< id-hmacWithSHA3-512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) hashalgs(2) hmacWithSHA3-512(16) } */ +#define MBEDTLS_OID_HMAC_RIPEMD160 MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */ + /* * Encryption algorithms */ diff --git a/library/oid.c b/library/oid.c index e12f92485c..608b6c8ca8 100644 --- a/library/oid.c +++ b/library/oid.c @@ -863,6 +863,12 @@ static const oid_md_hmac_t oid_md_hmac[] = MBEDTLS_MD_SHA3_512, }, #endif /* MBEDTLS_MD_CAN_SHA3_512 */ +#if defined(MBEDTLS_MD_CAN_RIPEMD160) + { + OID_DESCRIPTOR(MBEDTLS_OID_HMAC_RIPEMD160, "hmacRIPEMD160", "HMAC-RIPEMD160"), + MBEDTLS_MD_RIPEMD160, + }, +#endif /* MBEDTLS_MD_CAN_RIPEMD160 */ { NULL_OID_DESCRIPTOR, MBEDTLS_MD_NONE, From a0f81e8ef853f4dfef1e6f776b722fbb073a5e82 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 27 Jul 2023 15:46:33 +0100 Subject: [PATCH 055/350] Add OID tests for HMAC-xxx Signed-off-by: Dave Rodgman --- tests/suites/test_suite_oid.data | 40 ++++++++++++++++++++++++++++ tests/suites/test_suite_oid.function | 23 ++++++++++++++++ 2 files changed, 63 insertions(+) diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data index cc23c5b665..f8f1d43aa1 100644 --- a/tests/suites/test_suite_oid.data +++ b/tests/suites/test_suite_oid.data @@ -201,3 +201,43 @@ oid_from_numeric_string:"2.4294967215":0:"8FFFFFFF7F" OID from numeric string - OID with overflowing subidentifier oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:"" + +mbedtls_oid_get_md_hmac - RIPEMD160 +depends_on:MBEDTLS_MD_CAN_RIPEMD160 +mbedtls_oid_get_md_hmac:"2B06010505080104":MBEDTLS_MD_RIPEMD160 + +mbedtls_oid_get_md_hmac - SHA1 +depends_on:MBEDTLS_MD_CAN_SHA1 +mbedtls_oid_get_md_hmac:"2A864886F70D0207":MBEDTLS_MD_SHA1 + +mbedtls_oid_get_md_hmac - SHA224 +depends_on:MBEDTLS_MD_CAN_SHA224 +mbedtls_oid_get_md_hmac:"2A864886F70D0208":MBEDTLS_MD_SHA224 + +mbedtls_oid_get_md_hmac - SHA256 +depends_on:MBEDTLS_MD_CAN_SHA256 +mbedtls_oid_get_md_hmac:"2A864886F70D0209":MBEDTLS_MD_SHA256 + +mbedtls_oid_get_md_hmac - SHA384 +depends_on:MBEDTLS_MD_CAN_SHA384 +mbedtls_oid_get_md_hmac:"2A864886F70D020A":MBEDTLS_MD_SHA384 + +mbedtls_oid_get_md_hmac - SHA512 +depends_on:MBEDTLS_MD_CAN_SHA512 +mbedtls_oid_get_md_hmac:"2A864886F70D020B":MBEDTLS_MD_SHA512 + +mbedtls_oid_get_md_hmac - SHA3_224 +depends_on:MBEDTLS_MD_CAN_SHA3_224 +mbedtls_oid_get_md_hmac:"60864801650304020D":MBEDTLS_MD_SHA3_224 + +mbedtls_oid_get_md_hmac - SHA3_256 +depends_on:MBEDTLS_MD_CAN_SHA3_256 +mbedtls_oid_get_md_hmac:"60864801650304020E":MBEDTLS_MD_SHA3_256 + +mbedtls_oid_get_md_hmac - SHA3_384 +depends_on:MBEDTLS_MD_CAN_SHA3_384 +mbedtls_oid_get_md_hmac:"60864801650304020F":MBEDTLS_MD_SHA3_384 + +mbedtls_oid_get_md_hmac - SHA3_512 +depends_on:MBEDTLS_MD_CAN_SHA3_512 +mbedtls_oid_get_md_hmac:"608648016503040210":MBEDTLS_MD_SHA3_512 diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function index 3adc6af0b5..337f843109 100644 --- a/tests/suites/test_suite_oid.function +++ b/tests/suites/test_suite_oid.function @@ -96,6 +96,29 @@ void oid_get_md_alg_id(data_t *oid, int exp_md_id) } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_oid_get_md_hmac(data_t *oid, int exp_md_id) +{ + mbedtls_asn1_buf md_oid = { 0, 0, NULL }; + int ret; + mbedtls_md_type_t md_id = 0; + + md_oid.tag = MBEDTLS_ASN1_OID; + md_oid.p = oid->x; + md_oid.len = oid->len; + + ret = mbedtls_oid_get_md_hmac(&md_oid, &md_id); + + if (exp_md_id < 0) { + TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND); + TEST_ASSERT(md_id == 0); + } else { + TEST_ASSERT(ret == 0); + TEST_ASSERT((mbedtls_md_type_t) exp_md_id == md_id); + } +} +/* END_CASE */ + /* BEGIN_CASE */ void oid_get_numeric_string(data_t *oid, int error_ret, char *result_str) { From c2ad3ad62a10d7ed5eda8f8be074b0c2723b7f27 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 28 Jul 2023 16:44:18 +0100 Subject: [PATCH 056/350] Fix error in test vectors Signed-off-by: Dave Rodgman --- tests/suites/test_suite_psa_crypto_hash.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_hash.data b/tests/suites/test_suite_psa_crypto_hash.data index f957bf16d3..0a5f8765f1 100644 --- a/tests/suites/test_suite_psa_crypto_hash.data +++ b/tests/suites/test_suite_psa_crypto_hash.data @@ -164,7 +164,7 @@ hash_finish:PSA_ALG_SHA3_224:"":"6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b078e3 PSA hash finish: SHA3-256 Test Vector NIST "" depends_on:PSA_WANT_ALG_SHA3_256 -hash_finish:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532" +hash_finish:PSA_ALG_SHA3_256:"":"a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a" PSA hash finish: SHA3-384 Test Vector NIST "" depends_on:PSA_WANT_ALG_SHA3_384 @@ -552,7 +552,7 @@ hash_multi_part:PSA_ALG_SHA3_224:"":"6b4e03423667dbb73b6e15454f0eb1abd4597f9a1b0 PSA hash multi part: SHA3-256 Test Vector NIST "" depends_on:PSA_WANT_ALG_SHA3_256 -hash_multi_part:PSA_ALG_SHA3_256:"616263":"3a985da74fe225b2045c172d6bd390bd855f086e3e9d525b46bfe24511431532" +hash_multi_part:PSA_ALG_SHA3_256:"":"a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a" PSA hash multi part: SHA3-384 Test Vector NIST "" depends_on:PSA_WANT_ALG_SHA3_384 From 2430a70fcff3ce196f50e7e009a2c25b1b22be41 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 13 Jul 2023 17:22:51 +0200 Subject: [PATCH 057/350] ssl_ciphersuites: adding new internal helper symbols Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 2db5209ea9..843a0e4d19 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -292,6 +292,11 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED #endif +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED +#endif + #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) #define MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED @@ -307,6 +312,13 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED #endif +/* Helper to state that certificated based client authentication through ECDSA + * is supported in TLS 1.2 */ +#if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) && \ + defined(MBEDTLS_PK_CAN_ECDSA_SIGN) && defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) +#define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED +#endif + /* Key exchanges involving server signature in ServerKeyExchange */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ From 45d56f3d2544d1d1b8531f81cdd55e9ea6d580d9 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 13 Jul 2023 17:23:20 +0200 Subject: [PATCH 058/350] tls: replace ECDSA_C and PK_CAN_ECDSA_SOME with key exchange related ones Signed-off-by: Valerio Setti --- library/ssl_ciphersuites.c | 5 ++-- library/ssl_client.c | 2 +- library/ssl_misc.h | 8 +++--- library/ssl_tls.c | 51 ++++++++++++++++++++++---------------- library/ssl_tls12_client.c | 18 ++++++++------ library/ssl_tls12_server.c | 31 +++++++++++++---------- 6 files changed, 66 insertions(+), 49 deletions(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index a0cf5300f1..e26ed1a267 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -2022,7 +2022,7 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersu #endif /* MBEDTLS_PK_C */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_ECDSA_C) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) { @@ -2040,7 +2040,8 @@ int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - * MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ + * MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info) diff --git a/library/ssl_client.c b/library/ssl_client.c index dc2b650b46..eab84c1b3b 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -375,7 +375,7 @@ static int ssl_write_client_hello_cipher_suites( #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_ECDSA_C) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) *tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info); #endif diff --git a/library/ssl_misc.h b/library/ssl_misc.h index f4264fb95f..3012b1d1f1 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -783,7 +783,7 @@ struct mbedtls_ssl_handshake_params { #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ - defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ + defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) uint16_t *curves_tls_id; /*!< List of TLS IDs of supported elliptic curves */ #endif @@ -2313,7 +2313,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( const uint16_t sig_alg) { switch (sig_alg) { -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) #if defined(PSA_WANT_ALG_SHA_256) && defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) case MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256: break; @@ -2326,7 +2326,7 @@ static inline int mbedtls_ssl_tls13_sig_alg_for_cert_verify_is_supported( case MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512: break; #endif /* PSA_WANT_ALG_SHA_512 && MBEDTLS_ECP_DP_SECP521R1_ENABLED */ -#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ #if defined(MBEDTLS_PKCS1_V21) #if defined(PSA_WANT_ALG_SHA_256) @@ -2482,7 +2482,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported( break; #endif -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) case MBEDTLS_SSL_SIG_ECDSA: break; #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 37b52f5818..db16e4787e 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1208,7 +1208,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) { continue; } -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) sig_algs_len += sizeof(uint16_t); #endif @@ -1236,7 +1236,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) if (hash == MBEDTLS_SSL_HASH_NONE) { continue; } -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) *p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA); p++; #endif @@ -4161,7 +4161,7 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl) #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ - defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ + defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* explicit void pointer cast for buggy MS compiler */ mbedtls_free((void *) handshake->curves_tls_id); @@ -4981,25 +4981,28 @@ static const int ssl_preset_suiteb_ciphersuites[] = { */ static uint16_t ssl_preset_default_sig_algs[] = { -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ defined(MBEDTLS_MD_CAN_SHA256) && \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, -#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_MD_CAN_SHA256 && +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED && + MBEDTLS_MD_CAN_SHA256 && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ defined(MBEDTLS_MD_CAN_SHA384) && \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, -#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_MD_CAN_SHA384&& +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED && + MBEDTLS_MD_CAN_SHA384&& MBEDTLS_ECP_DP_SECP384R1_ENABLED */ -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) && \ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ defined(MBEDTLS_MD_CAN_SHA512) && \ defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512, -#endif /* MBEDTLS_PK_CAN_ECDSA_SOME && MBEDTLS_MD_CAN_SHA384&& +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED && + MBEDTLS_MD_CAN_SHA384&& MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ @@ -5039,7 +5042,7 @@ static uint16_t ssl_preset_default_sig_algs[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_MD_CAN_SHA512) -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512), #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) @@ -5050,7 +5053,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #endif #endif /* MBEDTLS_MD_CAN_SHA512*/ #if defined(MBEDTLS_MD_CAN_SHA384) -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) @@ -5061,7 +5064,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #endif #endif /* MBEDTLS_MD_CAN_SHA384*/ #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256), #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) @@ -5077,16 +5080,20 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { /* NOTICE: see above */ static uint16_t ssl_preset_suiteb_sig_algs[] = { -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_MD_CAN_SHA256) && \ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ + defined(MBEDTLS_MD_CAN_SHA256) && \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_MD_CAN_SHA256&& +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED && + MBEDTLS_MD_CAN_SHA256 && MBEDTLS_ECP_DP_SECP256R1_ENABLED */ -#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_MD_CAN_SHA384) && \ +#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ + defined(MBEDTLS_MD_CAN_SHA384) && \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, -#endif /* MBEDTLS_ECDSA_C && MBEDTLS_MD_CAN_SHA384&& +#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED && + MBEDTLS_MD_CAN_SHA384 && MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ @@ -5106,7 +5113,7 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256), #endif #if defined(MBEDTLS_RSA_C) @@ -5114,7 +5121,7 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #endif #endif /* MBEDTLS_MD_CAN_SHA256*/ #if defined(MBEDTLS_MD_CAN_SHA384) -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), #endif #if defined(MBEDTLS_RSA_C) @@ -5405,7 +5412,7 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) } #if defined(MBEDTLS_PK_C) && \ - (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_CAN_ECDSA_SOME)) + (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED)) /* * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX */ @@ -5416,7 +5423,7 @@ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk) return MBEDTLS_SSL_SIG_RSA; } #endif -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) { return MBEDTLS_SSL_SIG_ECDSA; } @@ -5444,7 +5451,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig) case MBEDTLS_SSL_SIG_RSA: return MBEDTLS_PK_RSA; #endif -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) case MBEDTLS_SSL_SIG_ECDSA: return MBEDTLS_PK_ECDSA; #endif @@ -5452,7 +5459,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig) return MBEDTLS_PK_NONE; } } -#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_PK_CAN_ECDSA_SOME ) */ +#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED ) */ /* * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index a0560b0f08..52211128e1 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -100,7 +100,7 @@ static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_RENEGOTIATION */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_ECDSA_C) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -132,7 +132,8 @@ static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -549,7 +550,7 @@ int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_ECDSA_C) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (uses_ec) { if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end, @@ -818,7 +819,7 @@ static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_ECDSA_C) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, @@ -863,7 +864,8 @@ static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -1548,7 +1550,8 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: MBEDTLS_SSL_DEBUG_MSG(3, ("found supported_point_formats extension")); @@ -1559,7 +1562,8 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) } break; -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_ECDSA_C || +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 9b992d611f..4cb6aeeb06 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -149,7 +149,7 @@ static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * Function for parsing a supported groups (TLS 1.3) or supported elliptic @@ -294,7 +294,8 @@ static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -669,7 +670,7 @@ static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, /* * Return 0 if the given key uses one of the acceptable curves, -1 otherwise */ -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_check_key_curve(mbedtls_pk_context *pk, uint16_t *curves_tls_id) @@ -688,7 +689,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk, return -1; } -#endif /* MBEDTLS_PK_CAN_ECDSA_SOME */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ /* * Try picking a certificate for this ciphersuite, @@ -773,7 +774,7 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, continue; } -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) if (pk_alg == MBEDTLS_PK_ECDSA && ssl_check_key_curve(&cur->cert->pk, ssl->handshake->curves_tls_id) != 0) { @@ -838,7 +839,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_PK_CAN_ECDSA_SOME) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) && (ssl->handshake->curves_tls_id == NULL || ssl->handshake->curves_tls_id[0] == 0)) { @@ -1383,7 +1384,7 @@ read_record_header: #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_PK_CAN_ECDSA_SOME) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension")); @@ -1404,7 +1405,8 @@ read_record_header: } break; #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || \ - MBEDTLS_PK_CAN_ECDSA_SOME || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_ECJPAKE_KKPP: @@ -1513,7 +1515,7 @@ read_record_header: if (!sig_hash_alg_ext_present) { uint16_t *received_sig_algs = ssl->handshake->received_sig_algs; const uint16_t default_sig_algs[] = { -#if defined(MBEDTLS_PK_CAN_ECDSA_SOME) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA1), #endif @@ -1898,7 +1900,8 @@ static void ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, unsigned char *buf, size_t *olen) @@ -1925,7 +1928,8 @@ static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, *olen = 6; } -#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || MBEDTLS_ECDSA_C || +#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -2356,7 +2360,8 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) const mbedtls_ssl_ciphersuite_t *suite = mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite); if (suite != NULL && mbedtls_ssl_ciphersuite_uses_ec(suite)) { @@ -2479,7 +2484,7 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl) #if defined(MBEDTLS_RSA_C) p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_RSA_SIGN; #endif -#if defined(MBEDTLS_ECDSA_C) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) p[1 + ct_len++] = MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN; #endif From 5a57e2abab9b0958683dd25923d362ae1dd003eb Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 2 Aug 2023 11:30:50 +0200 Subject: [PATCH 059/350] test: add new components for testing without ECDHE-ECDSA and TLS13 Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b6f6b600c8..0334016ff1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2750,6 +2750,41 @@ component_test_psa_crypto_config_accel_all_curves_except_x25519 () { psa_crypto_config_accel_all_curves_except_one MBEDTLS_ECP_DP_CURVE25519_ENABLED } +# Common helper for component_full_without_ecdhe_ecdsa() and +# component_full_without_ecdhe_ecdsa_and_tls13() which: +# - starts from the "full" configuration minus the list of symbols passed in +# as 1st parameter +# - build +# - test only TLS (i.e. test_suite_tls and ssl-opt) +build_full_minus_something_and_test_tls () { + SYMBOLS_TO_DISABLE="$1" + + msg "build: full minus something, test TLS" + + scripts/config.py full + for SYM in $SYMBOLS_TO_DISABLE; do + echo "Disabling $SYM" + scripts/config.py unset $SYM + done + + make + + msg "test: full minus something, test TLS" + ( cd tests; ./test_suite_ssl ) + + msg "ssl-opt: full minus something, test TLS" + tests/ssl-opt.sh +} + +component_full_without_ecdhe_ecdsa () { + build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" +} + +component_full_without_ecdhe_ecdsa_and_tls13 () { + build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED + MBEDTLS_SSL_PROTO_TLS1_3" +} + # This is an helper used by: # - component_test_psa_ecc_key_pair_no_derive # - component_test_psa_ecc_key_pair_no_generate From c8ccc8f86de4522f8fecd2c62a971bc42ad6d4f5 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 2 Aug 2023 20:00:13 +0200 Subject: [PATCH 060/350] tls: add new symbol for generic TLS 1.2 and 1.3 support Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 843a0e4d19..910c6789f0 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -292,6 +292,8 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED #endif +/* Key exchanges in either TLS 1.2 or 1.3 which are using an ECDSA + * signature */ #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) #define MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED @@ -319,6 +321,12 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED #endif +/* ECDSA required for certificates in either TLS 1.2 or 1.3 */ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ + defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) +#define MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED +#endif + /* Key exchanges involving server signature in ServerKeyExchange */ #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ From e9646ecd08c375e6dc4596ea5d7dff164546bc77 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 2 Aug 2023 20:02:28 +0200 Subject: [PATCH 061/350] tls: fix guards for ECDSA support Signed-off-by: Valerio Setti --- library/ssl_ciphersuites.c | 4 ++-- library/ssl_client.c | 2 +- library/ssl_misc.h | 4 ++-- library/ssl_tls.c | 23 ++++++++++++----------- library/ssl_tls12_client.c | 14 +++++++------- library/ssl_tls12_server.c | 24 ++++++++++++------------ 6 files changed, 36 insertions(+), 35 deletions(-) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index e26ed1a267..429d920bb9 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -2022,7 +2022,7 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersu #endif /* MBEDTLS_PK_C */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) { @@ -2040,7 +2040,7 @@ int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info) } } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - * MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + * MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || * MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED*/ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) diff --git a/library/ssl_client.c b/library/ssl_client.c index eab84c1b3b..c0d02143e9 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -375,7 +375,7 @@ static int ssl_write_client_hello_cipher_suites( #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ (defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) *tls12_uses_ec |= mbedtls_ssl_ciphersuite_uses_ec(ciphersuite_info); #endif diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 3012b1d1f1..f4ae20e704 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -783,7 +783,7 @@ struct mbedtls_ssl_handshake_params { #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) uint16_t *curves_tls_id; /*!< List of TLS IDs of supported elliptic curves */ #endif @@ -2482,7 +2482,7 @@ static inline int mbedtls_ssl_tls12_sig_alg_is_supported( break; #endif -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) case MBEDTLS_SSL_SIG_ECDSA: break; #endif diff --git a/library/ssl_tls.c b/library/ssl_tls.c index db16e4787e..af51616126 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1208,7 +1208,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) { continue; } -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) sig_algs_len += sizeof(uint16_t); #endif @@ -1236,7 +1236,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl) if (hash == MBEDTLS_SSL_HASH_NONE) { continue; } -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) *p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA); p++; #endif @@ -5042,7 +5042,7 @@ static uint16_t ssl_preset_default_sig_algs[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static uint16_t ssl_tls12_preset_default_sig_algs[] = { #if defined(MBEDTLS_MD_CAN_SHA512) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512), #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) @@ -5053,7 +5053,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #endif #endif /* MBEDTLS_MD_CAN_SHA512*/ #if defined(MBEDTLS_MD_CAN_SHA384) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) @@ -5064,7 +5064,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { #endif #endif /* MBEDTLS_MD_CAN_SHA384*/ #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256), #endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) @@ -5113,7 +5113,7 @@ static uint16_t ssl_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #if defined(MBEDTLS_MD_CAN_SHA256) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256), #endif #if defined(MBEDTLS_RSA_C) @@ -5121,7 +5121,7 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = { #endif #endif /* MBEDTLS_MD_CAN_SHA256*/ #if defined(MBEDTLS_MD_CAN_SHA384) -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384), #endif #if defined(MBEDTLS_RSA_C) @@ -5412,7 +5412,7 @@ void mbedtls_ssl_config_free(mbedtls_ssl_config *conf) } #if defined(MBEDTLS_PK_C) && \ - (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED)) + (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED)) /* * Convert between MBEDTLS_PK_XXX and SSL_SIG_XXX */ @@ -5423,7 +5423,7 @@ unsigned char mbedtls_ssl_sig_from_pk(mbedtls_pk_context *pk) return MBEDTLS_SSL_SIG_RSA; } #endif -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) if (mbedtls_pk_can_do(pk, MBEDTLS_PK_ECDSA)) { return MBEDTLS_SSL_SIG_ECDSA; } @@ -5451,7 +5451,7 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig) case MBEDTLS_SSL_SIG_RSA: return MBEDTLS_PK_RSA; #endif -#if defined(MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) case MBEDTLS_SSL_SIG_ECDSA: return MBEDTLS_PK_ECDSA; #endif @@ -5459,7 +5459,8 @@ mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig(unsigned char sig) return MBEDTLS_PK_NONE; } } -#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_WITH_ECDSA_ANY_ENABLED ) */ +#endif /* MBEDTLS_PK_C && + ( MBEDTLS_RSA_C || MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED ) */ /* * Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 52211128e1..80f7ca2034 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -100,7 +100,7 @@ static int ssl_write_renegotiation_ext(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_RENEGOTIATION */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL @@ -132,7 +132,7 @@ static int ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -550,7 +550,7 @@ int mbedtls_ssl_tls12_write_client_hello_exts(mbedtls_ssl_context *ssl, #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if (uses_ec) { if ((ret = ssl_write_supported_point_formats_ext(ssl, p, end, @@ -819,7 +819,7 @@ static int ssl_parse_session_ticket_ext(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, @@ -864,7 +864,7 @@ static int ssl_parse_supported_point_formats_ext(mbedtls_ssl_context *ssl, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -1550,7 +1550,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: MBEDTLS_SSL_DEBUG_MSG(3, @@ -1563,7 +1563,7 @@ static int ssl_parse_server_hello(mbedtls_ssl_context *ssl) break; #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 4cb6aeeb06..aa5d102e32 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -149,7 +149,7 @@ static int ssl_parse_renegotiation_info(mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) /* * Function for parsing a supported groups (TLS 1.3) or supported elliptic @@ -294,7 +294,7 @@ static int ssl_parse_supported_point_formats(mbedtls_ssl_context *ssl, return 0; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -670,7 +670,7 @@ static int ssl_parse_use_srtp_ext(mbedtls_ssl_context *ssl, /* * Return 0 if the given key uses one of the acceptable curves, -1 otherwise */ -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_CHECK_RETURN_CRITICAL static int ssl_check_key_curve(mbedtls_pk_context *pk, uint16_t *curves_tls_id) @@ -689,7 +689,7 @@ static int ssl_check_key_curve(mbedtls_pk_context *pk, return -1; } -#endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */ +#endif /* MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED */ /* * Try picking a certificate for this ciphersuite, @@ -774,7 +774,7 @@ static int ssl_pick_cert(mbedtls_ssl_context *ssl, continue; } -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) if (pk_alg == MBEDTLS_PK_ECDSA && ssl_check_key_curve(&cur->cert->pk, ssl->handshake->curves_tls_id) != 0) { @@ -839,7 +839,7 @@ static int ssl_ciphersuite_match(mbedtls_ssl_context *ssl, int suite_id, #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) if (mbedtls_ssl_ciphersuite_uses_ec(suite_info) && (ssl->handshake->curves_tls_id == NULL || ssl->handshake->curves_tls_id[0] == 0)) { @@ -1384,7 +1384,7 @@ read_record_header: #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_GROUPS: MBEDTLS_SSL_DEBUG_MSG(3, ("found supported elliptic curves extension")); @@ -1405,7 +1405,7 @@ read_record_header: } break; #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || \ - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -1515,7 +1515,7 @@ read_record_header: if (!sig_hash_alg_ext_present) { uint16_t *received_sig_algs = ssl->handshake->received_sig_algs; const uint16_t default_sig_algs[] = { -#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA1), #endif @@ -1900,7 +1900,7 @@ static void ssl_write_max_fragment_length_ext(mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, unsigned char *buf, @@ -1929,7 +1929,7 @@ static void ssl_write_supported_point_formats_ext(mbedtls_ssl_context *ssl, *olen = 6; } #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED || - MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED || + MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) @@ -2360,7 +2360,7 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) #endif #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) const mbedtls_ssl_ciphersuite_t *suite = mbedtls_ssl_ciphersuite_from_id(ssl->session_negotiate->ciphersuite); From 726ffbf642476ea793f15d92f7cfbe2ef4523b2b Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 2 Aug 2023 20:02:44 +0200 Subject: [PATCH 062/350] ssl-opt: don't assume TLS 1.3 usage for external tool that don't have support Signed-off-by: Valerio Setti --- tests/ssl-opt.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 6113eeba94..b214c65550 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1628,13 +1628,18 @@ run_test() { requires_config_enabled MBEDTLS_SSL_PROTO_DTLS fi - # If the client or server requires certain features that can be detected - # from their command-line arguments, check that they're enabled. - TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") - # Check if we are trying to use an external tool wich does not support ECDH EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD") + # Guess the TLS version which is going to be used + if [ "$EXT_WO_ECDH" = "no" ]; then + TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") + else + TLS_VERSION="TLS12" + fi + + # If the client or server requires certain features that can be detected + # from their command-line arguments, check that they're enabled. detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" From 831a2e6369d3e648f7b655ceb427bd699777a9a8 Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Thu, 29 Jun 2023 12:03:24 +0100 Subject: [PATCH 063/350] test_suite_ecp: Fixed curve bit-length. Signed-off-by: Minos Galanakis --- tests/suites/test_suite_ecp.function | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 16f5f8cd7b..819d5279f5 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1324,8 +1324,8 @@ void ecp_mod_p_generic_raw(int curve_id, #endif #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) && defined(MBEDTLS_ECP_NIST_OPTIM) case MBEDTLS_ECP_DP_SECP521R1: - limbs = BITS_TO_LIMBS(522) * 2; - curve_bits = 522; + limbs = BITS_TO_LIMBS(521) * 2; + curve_bits = 521; curve_func = &mbedtls_ecp_mod_p521_raw; break; #endif From 2cae93610750e8c0898aad5f33aadf6570c7dcce Mon Sep 17 00:00:00 2001 From: Minos Galanakis Date: Mon, 3 Jul 2023 11:51:35 +0100 Subject: [PATCH 064/350] test_suite_ecp: Moved curve bitlenth check after quasi reduction. Signed-off-by: Minos Galanakis --- tests/suites/test_suite_ecp.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 819d5279f5..cf16ae9751 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -1377,8 +1377,8 @@ void ecp_mod_p_generic_raw(int curve_id, TEST_EQUAL((*curve_func)(X, limbs_X), 0); - TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), curve_bits); mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m); + TEST_LE_U(mbedtls_mpi_core_bitlen(X, limbs_X), curve_bits); TEST_MEMORY_COMPARE(X, bytes, res, bytes); exit: From 935ff2300c2d710bc22c4b932775924613029ff2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Aug 2023 19:48:02 +0200 Subject: [PATCH 065/350] More unsigned literal in size macros Signed-off-by: Gilles Peskine --- include/psa/crypto_sizes.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h index bb0eee5f4b..0c80dabc32 100644 --- a/include/psa/crypto_sizes.h +++ b/include/psa/crypto_sizes.h @@ -116,7 +116,7 @@ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_256 ? 136u : \ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_384 ? 104u : \ PSA_ALG_HMAC_GET_HASH(alg) == PSA_ALG_SHA3_512 ? 72u : \ - 0) + 0u) /** \def PSA_HASH_MAX_SIZE * @@ -579,7 +579,7 @@ #define PSA_RSA_MINIMUM_PADDING_SIZE(alg) \ (PSA_ALG_IS_RSA_OAEP(alg) ? \ - 2 * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1u : \ + 2u * PSA_HASH_LENGTH(PSA_ALG_RSA_OAEP_GET_HASH(alg)) + 1u : \ 11u /*PKCS#1v1.5*/) /** @@ -591,7 +591,7 @@ * \note This macro returns a compile-time constant if its argument is one. */ #define PSA_ECDSA_SIGNATURE_SIZE(curve_bits) \ - (PSA_BITS_TO_BYTES(curve_bits) * 2) + (PSA_BITS_TO_BYTES(curve_bits) * 2u) /** Sufficient signature buffer size for psa_sign_hash(). * From 9b8dead74a0825c55537a72991e57e4b8c92062d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Aug 2023 19:48:42 +0200 Subject: [PATCH 066/350] Minor readability improvement Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1d517ea0c3..9627bb05a4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1468,6 +1468,9 @@ component_test_full_no_cipher () { msg "build: full minus CIPHER" scripts/config.py full scripts/config.py unset MBEDTLS_CIPHER_C + # Don't pull in cipher via PSA mechanisms + # (currently ignored anyway because we completely disable PSA) + scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG # Direct dependencies scripts/config.py unset MBEDTLS_CCM_C scripts/config.py unset MBEDTLS_CMAC_C @@ -1480,7 +1483,6 @@ component_test_full_no_cipher () { scripts/config.py unset MBEDTLS_SSL_TICKET_C # Indirect dependencies scripts/config.py unset MBEDTLS_SSL_CLI_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.py unset MBEDTLS_SSL_DTLS_ANTI_REPLAY @@ -1501,6 +1503,9 @@ component_test_crypto_full_no_cipher () { msg "build: crypto_full minus CIPHER" scripts/config.py crypto_full scripts/config.py unset MBEDTLS_CIPHER_C + # Don't pull in cipher via PSA mechanisms + # (currently ignored anyway because we completely disable PSA) + scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG # Direct dependencies scripts/config.py unset MBEDTLS_CCM_C scripts/config.py unset MBEDTLS_CMAC_C @@ -1510,7 +1515,6 @@ component_test_crypto_full_no_cipher () { scripts/config.py unset MBEDTLS_PKCS5_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # Indirect dependencies - scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO From b7d577e46be5176338f6cba74ce51b550b86f4f0 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Aug 2023 19:48:58 +0200 Subject: [PATCH 067/350] Fix copypasta Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9627bb05a4..847a415f94 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2394,7 +2394,7 @@ component_test_psa_crypto_config_accel_ffdh () { } component_test_psa_crypto_config_reference_ffdh () { - msg "build: full with accelerated FFDH" + msg "build: full with non-accelerated FFDH" # Start with full (USE_PSA and TLS 1.3) helper_libtestdriver1_adjust_config "full" From d1fba7cdf0ffcc3fb3d5c2cd37728b2de7ed133a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 28 Jul 2023 16:42:58 +0200 Subject: [PATCH 068/350] pk: return PK_USE_PSA_EC_DATA to pk.h Signed-off-by: Valerio Setti --- include/mbedtls/pk.h | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 41e980d627..28ec29d6ba 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -222,6 +222,28 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_USE_PSA_EC_DATA #endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ +/* Internal helper to define which fields in the pk_context structure below + * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) + * format. It should be noticed that this only affect how data is stored, not + * which functions are used for various operations. The overall picture looks + * like this: + * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure + * and legacy functions + * - if USE_PSA is defined and + * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly + * format and use PSA functions + * - if !ECP_C then use new raw data and PSA functions directly. + * + * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long + * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the + * ecp_keypair structure inside the pk_context so he/she can modify it using + * ECP functions which are not under PK module's control. + */ +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ + !defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_USE_PSA_EC_DATA +#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ + /** * \brief Types for interfacing with the debug module */ From c5c4bd225e6168fa328f1bdfd096653de0e94351 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 3 Aug 2023 14:28:20 +0200 Subject: [PATCH 069/350] test: add component testing TFM configuration and P256M driver Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 71 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 2afc18166f..55ce05c4f9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2780,6 +2780,77 @@ component_test_psa_crypto_config_reference_ecc_no_bignum () { #tests/ssl-opt.sh } +component_test_tfm_config_p256m_driver_accel_ec () { + msg "build: TFM config + p256m driver + accel ECDH(E)/ECDSA" + + # Replace "mbedtls_config.h" and "cypto_config.h" with TFM ones + cp configs/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H" + cp configs/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" + + # Create a fake "mbedtls_entropy_nv_seed_config.h" which is required by + # the TFM configuration. It will be deleted on exit. + touch "include/mbedtls/mbedtls_entropy_nv_seed_config.h" + + # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + + # Unset PSA_CRYPTO_SPM because test and sample programs aren't equipped + # for the modified names used when MBEDTLS_PSA_CRYPTO_SPM is active. + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SPM + # Use our implementation of AES + scripts/config.py unset MBEDTLS_AES_DECRYPT_ALT + scripts/config.py unset MBEDTLS_AES_SETKEY_DEC_ALT + # Configure entropy support + scripts/config.py unset MBEDTLS_NO_PLATFORM_ENTROPY + scripts/config.py set MBEDTLS_ENTROPY_NV_SEED + # Enable crypto storage + scripts/config.py set MBEDTLS_PSA_CRYPTO_STORAGE_C + + # Set the list of accelerated components in order to remove them from + # builtin support. We don't set IMPORT and EXPORT because P256M does not + # support these operations. + loc_accel_list="ALG_ECDSA \ + ALG_ECDH \ + KEY_TYPE_ECC_KEY_PAIR_BASIC \ + KEY_TYPE_ECC_KEY_PAIR_GENERATE \ + KEY_TYPE_ECC_PUBLIC_KEY" + loc_accel_flags="$( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" + # Add missing symbols from "tfm_mbedcrypto_config_profile_medium.h". All of + # them fix missing items: + # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS + # - FS_IO for the plaform + entropy modules + # - ECP_C and BIGNUM because P256M does not have support for import and export + # of keys so we need the builtin support for that + # - ASN1_[PARSE/WRITE]_C and OID_C found by check_config.h + cflags="-DMBEDTLS_USE_PSA_CRYPTO \ + -DMBEDTLS_ASN1_PARSE_C \ + -DMBEDTLS_ASN1_WRITE_C \ + -DMBEDTLS_OID_C \ + -DMBEDTLS_FS_IO \ + -DMBEDTLS_ECP_C \ + -DMBEDTLS_BIGNUM_C \ + -DMBEDTLS_PSA_ITS_FILE_C" + # Build crypto library specifying we want to use P256M code for EC operations + make CFLAGS="$cflags $loc_accel_flags -DMBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED -O0 -g" + + # Make sure any built-in EC alg was not re-enabled by accident (additive config) + #not grep mbedtls_ecdsa_ library/ecdsa.o # this is needed for deterministic ECDSA + not grep mbedtls_ecdh_ library/ecdh.o + not grep mbedtls_ecjpake_ library/ecjpake.o + # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled + #not grep mbedtls_ecp_ library/ecp.o # this is needed for import/export EC keys (explained above) + not grep mbedtls_rsa_ library/rsa.o + not grep mbedtls_dhm_ library/dhm.o + #not grep mbedtls_mpi_ library/bignum.o # this is needed from ECP module + + # Run the tests + msg "test: TFM config + p256m driver + accel ECDH(E)/ECDSA" + make test + + # Remove unnecessary files generated for the test + rm "include/mbedtls/mbedtls_entropy_nv_seed_config.h" +} + # Helper function used in: # - component_test_psa_crypto_config_accel_all_curves_except_p192 # - component_test_psa_crypto_config_accel_all_curves_except_x25519 From 983923c914a9ee23a820d8d86bdec29055e8b3d1 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Thu, 3 Aug 2023 15:33:24 +0200 Subject: [PATCH 070/350] p256m: minor fixes to the driver interface Signed-off-by: Valerio Setti --- 3rdparty/p256-m/p256-m_driver_entrypoints.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c index 8828909189..90dce1e18c 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.c +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c @@ -114,7 +114,7 @@ psa_status_t p256_transparent_key_agreement( /* * Check that private key = 32 bytes, peer public key = 65 bytes, * and that the shared secret buffer is big enough. */ - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; if (key_buffer_size != 32 || shared_secret_size < 32 || peer_key_length != 65) { return status; @@ -150,7 +150,7 @@ psa_status_t p256_transparent_sign_hash( (void) alg; psa_status_t status = PSA_ERROR_NOT_SUPPORTED; - if (key_buffer_size != 32 || signature_size != 64) { + if (key_buffer_size != 32 || signature_size < 64) { return status; } From 52ba0e37183b7f27ac886393b65c179334126369 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 4 Aug 2023 12:43:03 +0200 Subject: [PATCH 071/350] test: improve accelerated TFM configuration test and add reference Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 91 ++++++++++++++++++++++++++------------------ 1 file changed, 54 insertions(+), 37 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 55ce05c4f9..6a94cc6217 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2780,31 +2780,55 @@ component_test_psa_crypto_config_reference_ecc_no_bignum () { #tests/ssl-opt.sh } -component_test_tfm_config_p256m_driver_accel_ec () { - msg "build: TFM config + p256m driver + accel ECDH(E)/ECDSA" - - # Replace "mbedtls_config.h" and "cypto_config.h" with TFM ones +common_tfm_config () { + # Enable TF-M config cp configs/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H" cp configs/crypto_config_profile_medium.h "$CRYPTO_CONFIG_H" - # Create a fake "mbedtls_entropy_nv_seed_config.h" which is required by - # the TFM configuration. It will be deleted on exit. - touch "include/mbedtls/mbedtls_entropy_nv_seed_config.h" + # Adjust for the fact that we're building outside the TF-M environment. + # + # TF-M has separation, our build doesn't + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SPM + scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER + # TF-M provdes its own (dummy) implemenation, from their tree + scripts/config.py unset MBEDTLS_AES_DECRYPT_ALT + scripts/config.py unset MBEDTLS_AES_SETKEY_DEC_ALT + # We have an OS that provides entropy, use it + scripts/config.py unset MBEDTLS_NO_PLATFORM_ENTROPY + + # Other config adjustments to make the tests pass. + # Those are a surprise and should be investigated and fixed. + # + # pkparse.c and pkwrite.c fail to link without this + echo "#define MBEDTLS_OID_C" >> "$CONFIG_H" + + # Config adjustements for better test coverage in our environment. + # These are not needed just to build and pass tests. + # + # Enable filesystem I/O for the benefit of PK parse/write tests. + echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H" +} + +component_test_tfm_config_p256m_driver_accel_ec () { + msg "build: TF-M config + p256m driver + accel ECDH(E)/ECDSA" + + common_tfm_config # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - # Unset PSA_CRYPTO_SPM because test and sample programs aren't equipped - # for the modified names used when MBEDTLS_PSA_CRYPTO_SPM is active. - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SPM - # Use our implementation of AES - scripts/config.py unset MBEDTLS_AES_DECRYPT_ALT - scripts/config.py unset MBEDTLS_AES_SETKEY_DEC_ALT - # Configure entropy support - scripts/config.py unset MBEDTLS_NO_PLATFORM_ENTROPY - scripts/config.py set MBEDTLS_ENTROPY_NV_SEED - # Enable crypto storage - scripts/config.py set MBEDTLS_PSA_CRYPTO_STORAGE_C + # Add missing symbols from "tfm_mbedcrypto_config_profile_medium.h" + # + # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS + echo "#define MBEDTLS_USE_PSA_CRYPTO" >> "$CONFIG_H" + # - ECP_C and BIGNUM because P256M does not have support for import and export + # of keys so we need the builtin support for that + echo "#define MBEDTLS_ECP_C" >> "$CONFIG_H" + echo "#define MBEDTLS_BIGNUM_C" >> "$CONFIG_H" + # - ASN1_[PARSE/WRITE]_C and OID_C found by check_config.h + echo "#define MBEDTLS_ASN1_PARSE_C" >> "$CONFIG_H" + echo "#define MBEDTLS_ASN1_WRITE_C" >> "$CONFIG_H" + echo "#define MBEDTLS_OID_C" >> "$CONFIG_H" # Set the list of accelerated components in order to remove them from # builtin support. We don't set IMPORT and EXPORT because P256M does not @@ -2815,23 +2839,9 @@ component_test_tfm_config_p256m_driver_accel_ec () { KEY_TYPE_ECC_KEY_PAIR_GENERATE \ KEY_TYPE_ECC_PUBLIC_KEY" loc_accel_flags="$( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" - # Add missing symbols from "tfm_mbedcrypto_config_profile_medium.h". All of - # them fix missing items: - # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS - # - FS_IO for the plaform + entropy modules - # - ECP_C and BIGNUM because P256M does not have support for import and export - # of keys so we need the builtin support for that - # - ASN1_[PARSE/WRITE]_C and OID_C found by check_config.h - cflags="-DMBEDTLS_USE_PSA_CRYPTO \ - -DMBEDTLS_ASN1_PARSE_C \ - -DMBEDTLS_ASN1_WRITE_C \ - -DMBEDTLS_OID_C \ - -DMBEDTLS_FS_IO \ - -DMBEDTLS_ECP_C \ - -DMBEDTLS_BIGNUM_C \ - -DMBEDTLS_PSA_ITS_FILE_C" + # Build crypto library specifying we want to use P256M code for EC operations - make CFLAGS="$cflags $loc_accel_flags -DMBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED -O0 -g" + make CFLAGS="$loc_accel_flags -DMBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED" # Make sure any built-in EC alg was not re-enabled by accident (additive config) #not grep mbedtls_ecdsa_ library/ecdsa.o # this is needed for deterministic ECDSA @@ -2844,11 +2854,18 @@ component_test_tfm_config_p256m_driver_accel_ec () { #not grep mbedtls_mpi_ library/bignum.o # this is needed from ECP module # Run the tests - msg "test: TFM config + p256m driver + accel ECDH(E)/ECDSA" + msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" make test +} - # Remove unnecessary files generated for the test - rm "include/mbedtls/mbedtls_entropy_nv_seed_config.h" +component_test_tfm_config() { + common_tfm_config + + msg "build: TF-M config" + make tests + + msg "test: TF-M config" + make test } # Helper function used in: From ac6d35f793eb138d4f501d08c718c763d770ec98 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 4 Aug 2023 12:49:11 +0200 Subject: [PATCH 072/350] test: update components' descriptions Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6a94cc6217..255eefcc50 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2780,6 +2780,9 @@ component_test_psa_crypto_config_reference_ecc_no_bignum () { #tests/ssl-opt.sh } +# Helper for setting common configurations between: +# - component_test_tfm_config_p256m_driver_accel_ec() +# - component_test_tfm_config() common_tfm_config () { # Enable TF-M config cp configs/tfm_mbedcrypto_config_profile_medium.h "$CONFIG_H" @@ -2809,6 +2812,8 @@ common_tfm_config () { echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H" } +# Keep this in sync with component_test_tfm_config() as they are both meant +# to be used in analyze_outcomes.py for driver's coverage analysis. component_test_tfm_config_p256m_driver_accel_ec () { msg "build: TF-M config + p256m driver + accel ECDH(E)/ECDSA" @@ -2858,6 +2863,9 @@ component_test_tfm_config_p256m_driver_accel_ec () { make test } +# Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as +# they are both meant to be used in analyze_outcomes.py for driver's coverage +# analysis. component_test_tfm_config() { common_tfm_config From f01d6486770505b1884c85034500f98195e07929 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 4 Aug 2023 13:51:18 +0200 Subject: [PATCH 073/350] analyze_outcome: add new check for parity for TFM configuration Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 60 +++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index ee51513b73..ac97a99dd9 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -402,6 +402,66 @@ TASKS = { 'ignored_tests': {} } }, + 'analyze_driver_vs_reference_tfm_config': { + 'test_function': do_analyze_driver_vs_reference, + 'args': { + 'component_ref': 'test_tfm_config', + 'component_driver': 'test_tfm_config_p256m_driver_accel_ec', + # Ignore test suites for the modules that are disabled in the + # accelerated test case. + 'ignored_suites': ['ecdh', 'ecdsa'], + 'ignored_tests': { + # Ignore all tests that require DERIVE support which is disabled + # in the driver version + 'test_suite_psa_crypto': [ + 'PSA key agreement setup: ECDH + HKDF-SHA-256: good', + ('PSA key agreement setup: ECDH + HKDF-SHA-256: good, key algorithm broader ' + 'than required'), + 'PSA key agreement setup: ECDH + HKDF-SHA-256: public key not on curve', + 'PSA key agreement setup: KDF instead of a key agreement algorithm', + 'PSA key agreement setup: bad key agreement algorithm', + 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160', + 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 0+32', + 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 1+31', + 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 31+1', + 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0', + 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+32', + 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 64+0', + 'PSA key derivation: ECDH on P256 with HKDF-SHA256, info first', + 'PSA key derivation: ECDH on P256 with HKDF-SHA256, key output', + 'PSA key derivation: ECDH on P256 with HKDF-SHA256, missing info', + 'PSA key derivation: ECDH on P256 with HKDF-SHA256, omitted salt', + 'PSA key derivation: ECDH on P256 with HKDF-SHA256, raw output', + 'PSA key derivation: ECDH on P256 with HKDF-SHA256, salt after secret', + 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, good case', + 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label', + 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label and secret', + 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, no inputs', + 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1', + 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)', + 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA', + 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ka', + 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ka', + 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ka', + 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #1, ka', + 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #3, ka', + 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #4, ka', + 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC MONTGOMERY (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)', + 'PSA raw key agreement: ECDH SECP256R1 (RFC 5903)', + ], + 'test_suite_psa_crypto_pake': [ + 'PSA PAKE: ecjpake size macros', + ] + } + } + } } def main(): From 132240f01a9e7b1d725d3525b3fc35be488cf5b4 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 7 Aug 2023 14:34:53 +0200 Subject: [PATCH 074/350] test: use ASAN flags for testing the accelerated TFM configuration Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 255eefcc50..3482df33a5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2798,6 +2798,8 @@ common_tfm_config () { scripts/config.py unset MBEDTLS_AES_SETKEY_DEC_ALT # We have an OS that provides entropy, use it scripts/config.py unset MBEDTLS_NO_PLATFORM_ENTROPY + # Disable buffer allocator and use dynamic memory for calloc/free + scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # Other config adjustments to make the tests pass. # Those are a surprise and should be investigated and fixed. @@ -2846,7 +2848,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { loc_accel_flags="$( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" # Build crypto library specifying we want to use P256M code for EC operations - make CFLAGS="$loc_accel_flags -DMBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED" + make CFLAGS="$ASAN_CFLAGS $loc_accel_flags -DMBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED" LDFLAGS="$ASAN_CFLAGS" # Make sure any built-in EC alg was not re-enabled by accident (additive config) #not grep mbedtls_ecdsa_ library/ecdsa.o # this is needed for deterministic ECDSA From ecb95bea1da239175d73041dd542777de6742e61 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 11 Aug 2023 16:41:04 +0100 Subject: [PATCH 075/350] Fix incorrect size used for zeroization of buffer Signed-off-by: Paul Elliott --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6ed8a863e9..7a1f85531f 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7722,7 +7722,7 @@ static int ssl_calc_finished_tls_generic(mbedtls_ssl_context *ssl, void *ctx, MBEDTLS_SSL_DEBUG_BUF(3, "calc finished result", buf, len); - mbedtls_platform_zeroize(padbuf, sizeof(padbuf)); + mbedtls_platform_zeroize(padbuf, hlen); MBEDTLS_SSL_DEBUG_MSG(2, ("<= calc finished")); From 4e2f244ab481d0761da97229dfb25c6640638f12 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 15 Aug 2023 10:10:26 +0200 Subject: [PATCH 076/350] test: add accelerated and reference test for ECC+FFDH without BN Since most of the code in "ECC+FFDH without BN" scenario was shared with the "ECC without BN" one, I tried to reuse part of the code in order to avoid duplications. Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 152 +++++++++++++++++++++++++++++++++---------- 1 file changed, 117 insertions(+), 35 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ef3345e657..5265c93b30 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2622,16 +2622,29 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { tests/ssl-opt.sh } -# This function is really similar to config_psa_crypto_no_ecp_at_all() above so -# its description is basically the same. The main difference in this case is -# that when the EC built-in implementation is disabled, then also Bignum module -# and its dependencies are disabled as well. -# -# This is the common helper between: +# This is a common configuration helper used directly from: +# - common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum +# - common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum +# and indirectly from: # - component_test_psa_crypto_config_accel_ecc_no_bignum +# - accelerate all EC algs, disable RSA and FFDH # - component_test_psa_crypto_config_reference_ecc_no_bignum -config_psa_crypto_config_accel_ecc_no_bignum() { +# - this is the reference component of the above +# - it still disables RSA and FFDH, but it uses builtin EC algs +# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum +# - accelerate all EC and FFDH algs, disable only RSA +# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum +# - this is the reference component of the above +# - it still disables RSA, but it uses builtin EC and FFDH algs +# +# This function accepts 2 parameters: +# $1: it is a boolean values which states if we are testing an accelerated +# scenario or not. +# $2: it is a string value which states which are the tested components. Allowed +# values are "ECC" or "ECC_DH". +config_psa_crypto_config_accel_ecc_ffdh_no_bignum() { DRIVER_ONLY="$1" + TEST_TARGET="$2" # start with full config for maximum coverage (also enables USE_PSA) helper_libtestdriver1_adjust_config "full" @@ -2666,13 +2679,23 @@ config_psa_crypto_config_accel_ecc_no_bignum() { scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED - # Disable FFDH because it also depends on BIGNUM. - scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH - scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" - scripts/config.py unset MBEDTLS_DHM_C - # Also disable key exchanges that depend on FFDH - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED - scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + if [ "$TEST_TARGET" = "ECC" ]; then + # When testing ECC only, we disable FFDH support, both from builtin and + # PSA sides, and also disable the key exchanges that depend on DHM. + scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH + scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*" + scripts/config.py unset MBEDTLS_DHM_C + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + else + # When testing ECC and DH instead, we disable DHM and depending key + # exchanges only in the accelerated build + if [ "$DRIVER_ONLY" -eq 1 ]; then + scripts/config.py unset MBEDTLS_DHM_C + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED + fi + fi # Restartable feature is not yet supported by PSA. Once it will in # the future, the following line could be removed (see issues @@ -2680,15 +2703,32 @@ config_psa_crypto_config_accel_ecc_no_bignum() { scripts/config.py unset MBEDTLS_ECP_RESTARTABLE } -# Build and test a configuration where driver accelerates all EC algs while -# all support and dependencies from ECP and ECP_LIGHT are removed on the library -# side. +# Common helper used by: +# - component_test_psa_crypto_config_accel_ecc_no_bignum +# - component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum # -# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_bignum() -component_test_psa_crypto_config_accel_ecc_no_bignum () { - msg "build: full + accelerated EC algs + USE_PSA - ECP - BIGNUM" +# The goal is to build and test accelerating either: +# - ECC only or +# - both ECC and FFDH +# +# It is meant to be used in conjunction with +# common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers' +# coverage analysis in "analyze_outcomes.py" script. +common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { + TEST_TARGET="$1" - # Algorithms and key types to accelerate + # This is an internal helper to simplify text messages' handling + if [ "$TEST_TARGET" = "ECC_DH" ]; then + ACCEL_TEXT="ECC/FFDH" + REMOVED_TEXT="ECP - DH" + else + ACCEL_TEXT="ECC" + REMOVED_TEXT="ECP" + fi + + msg "build: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - BIGNUM" + + # By default we accelerate all EC keys/algs loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \ ALG_ECDH \ ALG_JPAKE \ @@ -2697,12 +2737,22 @@ component_test_psa_crypto_config_accel_ecc_no_bignum () { KEY_TYPE_ECC_KEY_PAIR_EXPORT \ KEY_TYPE_ECC_KEY_PAIR_GENERATE \ KEY_TYPE_ECC_PUBLIC_KEY" + # Optionally we can also add DH to the list of accelerated items + if [ "$TEST_TARGET" = "ECC_DH" ]; then + loc_accel_list="$loc_accel_list \ + ALG_FFDH \ + KEY_TYPE_DH_KEY_PAIR_BASIC \ + KEY_TYPE_DH_KEY_PAIR_IMPORT \ + KEY_TYPE_DH_KEY_PAIR_EXPORT \ + KEY_TYPE_DH_KEY_PAIR_GENERATE \ + KEY_TYPE_DH_PUBLIC_KEY" + fi # Configure # --------- # Set common configurations between library's and driver's builds - config_psa_crypto_config_accel_ecc_no_bignum 1 + config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$TEST_TARGET" # Build # ----- @@ -2719,41 +2769,73 @@ component_test_psa_crypto_config_accel_ecc_no_bignum () { not grep mbedtls_ecdsa_ library/ecdsa.o not grep mbedtls_ecdh_ library/ecdh.o not grep mbedtls_ecjpake_ library/ecjpake.o - # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled + # Also ensure that ECP, RSA, [DHM] or BIGNUM modules were not re-enabled not grep mbedtls_ecp_ library/ecp.o not grep mbedtls_rsa_ library/rsa.o - not grep mbedtls_dhm_ library/dhm.o not grep mbedtls_mpi_ library/bignum.o + not grep mbedtls_dhm_ library/dhm.o # Run the tests # ------------- - msg "test suites: full + accelerated EC algs + USE_PSA - ECP - BIGNUM" + msg "test suites: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - DHM - BIGNUM" + make test - # The following will be enabled in #7756 - msg "ssl-opt: full + accelerated EC algs + USE_PSA - ECP - BIGNUM" + msg "ssl-opt: full + accelerated $ACCEL_TEXT algs + USE_PSA - $REMOVED_TEXT - BIGNUM" tests/ssl-opt.sh } -# Reference function used for driver's coverage analysis in analyze_outcomes.py -# in conjunction with component_test_psa_crypto_config_accel_ecc_no_bignum(). -# Keep in sync with its accelerated counterpart. -component_test_psa_crypto_config_reference_ecc_no_bignum () { - msg "build: full + non accelerated EC algs + USE_PSA" +# Common helper used by: +# - component_test_psa_crypto_config_reference_ecc_no_bignum +# - component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum +# +# The goal is to build and test a reference scenario (i.e. with builtin +# components) compared to the ones used in +# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() above. +# +# It is meant to be used in conjunction with +# common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum() for drivers' +# coverage analysis in "analyze_outcomes.py" script. +common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { + TEST_TARGET="$1" - config_psa_crypto_config_accel_ecc_no_bignum 0 + # This is an internal helper to simplify text messages' handling + if [ "$TEST_TARGET" = "ECC_DH" ]; then + ACCEL_TEXT="ECC/FFDH" + else + ACCEL_TEXT="ECC" + fi + + msg "build: full + non accelerated $ACCEL_TEXT algs + USE_PSA" + + config_psa_crypto_config_accel_ecc_ffdh_no_bignum 0 "$TEST_TARGET" make msg "test suites: full + non accelerated EC algs + USE_PSA" make test - # The following will be enabled in #7756 - msg "ssl-opt: full + non accelerated EC algs + USE_PSA" + msg "ssl-opt: full + non accelerated $ACCEL_TEXT algs + USE_PSA" tests/ssl-opt.sh } +component_test_psa_crypto_config_accel_ecc_no_bignum () { + common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC" +} + +component_test_psa_crypto_config_reference_ecc_no_bignum () { + common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC" +} + +component_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { + common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum "ECC_DH" +} + +component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { + common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC_DH" +} + # Helper function used in: # - component_test_psa_crypto_config_accel_all_curves_except_p192 # - component_test_psa_crypto_config_accel_all_curves_except_x25519 From 307810babba2277f8811b6917c9dbede9522463e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 15 Aug 2023 10:12:25 +0200 Subject: [PATCH 077/350] analyze_outcomes: add case for "ECC+FFDH w/o BN" Signed-off-by: Valerio Setti --- tests/scripts/analyze_outcomes.py | 96 ++++++++++++++++++++++++++++++- 1 file changed, 95 insertions(+), 1 deletion(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index c6891bb432..56d41cc6c5 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -310,7 +310,7 @@ TASKS = { } } }, - 'analyze_driver_vs_reference_no_bignum': { + 'analyze_driver_vs_reference_ecc_no_bignum': { 'test_function': do_analyze_driver_vs_reference, 'args': { 'component_ref': 'test_psa_crypto_config_reference_ecc_no_bignum', @@ -403,6 +403,100 @@ TASKS = { } } }, + 'analyze_driver_vs_reference_ecc_ffdh_no_bignum': { + 'test_function': do_analyze_driver_vs_reference, + 'args': { + 'component_ref': 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum', + 'component_driver': 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum', + 'ignored_suites': [ + # Ignore test suites for the modules that are disabled in the + # accelerated test case. + 'ecp', + 'ecdsa', + 'ecdh', + 'ecjpake', + 'bignum_core', + 'bignum_random', + 'bignum_mod', + 'bignum_mod_raw', + 'bignum.generated', + 'bignum.misc', + 'dhm', + ], + 'ignored_tests': { + 'test_suite_random': [ + 'PSA classic wrapper: ECDSA signature (SECP256R1)', + ], + 'test_suite_psa_crypto': [ + 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1', + 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)', + 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA', + 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1', + 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0', + 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1', + 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)', + 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)', + ], + 'test_suite_pkparse': [ + # See the description provided above in the + # analyze_driver_vs_reference_no_ecp_at_all component. + 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)', + 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)', + 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)', + 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)', + 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)', + 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)', + 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)', + 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)', + 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)', + 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)', + 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)', + 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)', + 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)', + 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)', + 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)', + 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)', + ], + 'test_suite_asn1parse': [ + # This test depends on BIGNUM_C + 'INTEGER too large for mpi', + ], + 'test_suite_asn1write': [ + # Following tests depends on BIGNUM_C + 'ASN.1 Write mpi 0 (1 limb)', + 'ASN.1 Write mpi 0 (null)', + 'ASN.1 Write mpi 0x100', + 'ASN.1 Write mpi 0x7f', + 'ASN.1 Write mpi 0x7f with leading 0 limb', + 'ASN.1 Write mpi 0x80', + 'ASN.1 Write mpi 0x80 with leading 0 limb', + 'ASN.1 Write mpi 0xff', + 'ASN.1 Write mpi 1', + 'ASN.1 Write mpi, 127*8 bits', + 'ASN.1 Write mpi, 127*8+1 bits', + 'ASN.1 Write mpi, 127*8-1 bits', + 'ASN.1 Write mpi, 255*8 bits', + 'ASN.1 Write mpi, 255*8-1 bits', + 'ASN.1 Write mpi, 256*8-1 bits', + ], + 'test_suite_debug': [ + # Following tests depends on BIGNUM_C + 'Debug print mbedtls_mpi #2: 3 bits', + 'Debug print mbedtls_mpi: 0 (empty representation)', + 'Debug print mbedtls_mpi: 0 (non-empty representation)', + 'Debug print mbedtls_mpi: 49 bits', + 'Debug print mbedtls_mpi: 759 bits', + 'Debug print mbedtls_mpi: 764 bits #1', + 'Debug print mbedtls_mpi: 764 bits #2', + ], + } + } + }, 'analyze_driver_vs_reference_ffdh_alg': { 'test_function': do_analyze_driver_vs_reference, 'args': { From 6a9fb932fbb0ecc804731c8f750d665807fb5f5f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 16 Aug 2023 17:50:36 +0100 Subject: [PATCH 078/350] Use MBEDTLS_GET_UINT16_BE in mbedtls_ecp_tls_read_group_id Signed-off-by: Dave Rodgman --- library/ecp.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index f9b6672e9c..5f2a7b0c06 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -958,9 +958,8 @@ int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp, /* * Next two bytes are the namedcurve value */ - tls_id = *(*buf)++; - tls_id <<= 8; - tls_id |= *(*buf)++; + tls_id = MBEDTLS_GET_UINT16_BE(*buf, 0); + *buf += 2; if ((curve_info = mbedtls_ecp_curve_info_from_tls_id(tls_id)) == NULL) { return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE; From 58c8b942d2b04fd4db58bd4b27b79cb23b960067 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 16 Aug 2023 17:51:04 +0100 Subject: [PATCH 079/350] Eliminate redundant version of mbedtls_ct_memcmp Signed-off-by: Dave Rodgman --- library/psa_crypto_core.h | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 8bc1b647c0..6d44768443 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -21,6 +21,8 @@ #ifndef PSA_CRYPTO_CORE_H #define PSA_CRYPTO_CORE_H +#include "mbedtls/constant_time.h" + #include "mbedtls/build_info.h" #include "psa/crypto.h" @@ -49,14 +51,7 @@ int psa_can_do_hash(psa_algorithm_t hash_alg); static inline int mbedtls_psa_safer_memcmp( const uint8_t *a, const uint8_t *b, size_t n) { - size_t i; - unsigned char diff = 0; - - for (i = 0; i < n; i++) { - diff |= a[i] ^ b[i]; - } - - return diff; + return mbedtls_ct_memcmp(a, b, n); } /** The data structure representing a key slot, containing key material From 164614af3d54543153c14bb512f81ef91ce77a85 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 16 Aug 2023 17:56:28 +0100 Subject: [PATCH 080/350] Reduce code-size to access key slots init flag Signed-off-by: Dave Rodgman --- library/psa_crypto_slot_management.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index a10cb2b476..ef285acb1b 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -38,7 +38,7 @@ typedef struct { psa_key_slot_t key_slots[MBEDTLS_PSA_KEY_SLOT_COUNT]; - unsigned key_slots_initialized : 1; + uint8_t key_slots_initialized; } psa_global_data_t; static psa_global_data_t global_data; From 864f594acc7c20315201ae6dde4b8e09b36d070b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 16 Aug 2023 18:04:44 +0100 Subject: [PATCH 081/350] Adjust layout of some stucts Signed-off-by: Dave Rodgman --- include/mbedtls/entropy.h | 2 +- library/psa_crypto.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index e17245efd5..c2bba41d2f 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -115,10 +115,10 @@ mbedtls_entropy_source_state; * \brief Entropy context structure */ typedef struct mbedtls_entropy_context { + mbedtls_md_context_t MBEDTLS_PRIVATE(accumulator); int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init. * 1 after the first update. * -1 after free. */ - mbedtls_md_context_t MBEDTLS_PRIVATE(accumulator); int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */ mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES]; #if defined(MBEDTLS_THREADING_C) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2b9eca8f28..0a5ecc857c 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -104,9 +104,9 @@ static int key_type_is_raw_bytes(psa_key_type_t type) #define RNG_SEEDED 2 typedef struct { - unsigned initialized : 1; - unsigned rng_state : 2; - unsigned drivers_initialized : 1; + uint8_t initialized; + uint8_t rng_state; + uint8_t drivers_initialized; mbedtls_psa_random_context_t rng; } psa_global_data_t; From 6f6820345a8ceabfda3f3d57c4284c27f0500cfc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 16 Aug 2023 18:44:32 +0100 Subject: [PATCH 082/350] add #ifdefs to reduce switch size Signed-off-by: Dave Rodgman --- library/psa_crypto.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 0a5ecc857c..c3b8335ae5 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -392,45 +392,71 @@ psa_ecc_family_t mbedtls_ecc_group_to_psa(mbedtls_ecp_group_id grpid, size_t *bits) { switch (grpid) { +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) case MBEDTLS_ECP_DP_SECP192R1: *bits = 192; return PSA_ECC_FAMILY_SECP_R1; +#endif +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) case MBEDTLS_ECP_DP_SECP224R1: *bits = 224; return PSA_ECC_FAMILY_SECP_R1; +#endif +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) case MBEDTLS_ECP_DP_SECP256R1: *bits = 256; return PSA_ECC_FAMILY_SECP_R1; +#endif +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) case MBEDTLS_ECP_DP_SECP384R1: *bits = 384; return PSA_ECC_FAMILY_SECP_R1; +#endif +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) case MBEDTLS_ECP_DP_SECP521R1: *bits = 521; return PSA_ECC_FAMILY_SECP_R1; +#endif +#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) case MBEDTLS_ECP_DP_BP256R1: *bits = 256; return PSA_ECC_FAMILY_BRAINPOOL_P_R1; +#endif +#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) case MBEDTLS_ECP_DP_BP384R1: *bits = 384; return PSA_ECC_FAMILY_BRAINPOOL_P_R1; +#endif +#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) case MBEDTLS_ECP_DP_BP512R1: *bits = 512; return PSA_ECC_FAMILY_BRAINPOOL_P_R1; +#endif +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) case MBEDTLS_ECP_DP_CURVE25519: *bits = 255; return PSA_ECC_FAMILY_MONTGOMERY; +#endif +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) case MBEDTLS_ECP_DP_SECP192K1: *bits = 192; return PSA_ECC_FAMILY_SECP_K1; +#endif +#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) case MBEDTLS_ECP_DP_SECP224K1: *bits = 224; return PSA_ECC_FAMILY_SECP_K1; +#endif +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) case MBEDTLS_ECP_DP_SECP256K1: *bits = 256; return PSA_ECC_FAMILY_SECP_K1; +#endif +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) case MBEDTLS_ECP_DP_CURVE448: *bits = 448; return PSA_ECC_FAMILY_MONTGOMERY; +#endif default: *bits = 0; return 0; From 509b567911279915fda0d0400420871dc5a9d564 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 16 Aug 2023 19:26:23 +0100 Subject: [PATCH 083/350] add ifdefs to reduce size of mbedtls_to_psa_error Signed-off-by: Dave Rodgman --- library/psa_crypto.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c3b8335ae5..94139afaa4 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -152,9 +152,13 @@ psa_status_t mbedtls_to_psa_error(int ret) case 0: return PSA_SUCCESS; +#if defined(PSA_WANT_KEY_TYPE_AES) case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: return PSA_ERROR_NOT_SUPPORTED; +#endif + +#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_ASN1_WRITE_C) case MBEDTLS_ERR_ASN1_OUT_OF_DATA: case MBEDTLS_ERR_ASN1_UNEXPECTED_TAG: case MBEDTLS_ERR_ASN1_INVALID_LENGTH: @@ -165,26 +169,36 @@ psa_status_t mbedtls_to_psa_error(int ret) return PSA_ERROR_INSUFFICIENT_MEMORY; case MBEDTLS_ERR_ASN1_BUF_TOO_SMALL: return PSA_ERROR_BUFFER_TOO_SMALL; +#endif +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) #if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA: #endif case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH: return PSA_ERROR_NOT_SUPPORTED; +#endif +#if defined(PSA_WANT_ALG_CCM) case MBEDTLS_ERR_CCM_BAD_INPUT: return PSA_ERROR_INVALID_ARGUMENT; case MBEDTLS_ERR_CCM_AUTH_FAILED: return PSA_ERROR_INVALID_SIGNATURE; +#endif +#if defined(PSA_WANT_KEY_TYPE_CHACHA20) case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA: return PSA_ERROR_INVALID_ARGUMENT; +#endif +#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE: return PSA_ERROR_BAD_STATE; case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED: return PSA_ERROR_INVALID_SIGNATURE; +#endif +#if defined(MBEDTLS_CIPHER_C) case MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE: return PSA_ERROR_NOT_SUPPORTED; case MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA: @@ -199,6 +213,7 @@ psa_status_t mbedtls_to_psa_error(int ret) return PSA_ERROR_INVALID_SIGNATURE; case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT: return PSA_ERROR_CORRUPTION_DETECTED; +#endif #if !(defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \ defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)) @@ -213,20 +228,24 @@ psa_status_t mbedtls_to_psa_error(int ret) return PSA_ERROR_INSUFFICIENT_ENTROPY; #endif +#if defined(PSA_WANT_KEY_TYPE_DES) case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH: return PSA_ERROR_NOT_SUPPORTED; +#endif case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED: case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE: case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED: return PSA_ERROR_INSUFFICIENT_ENTROPY; +#if defined(PSA_WANT_ALG_GCM) case MBEDTLS_ERR_GCM_AUTH_FAILED: return PSA_ERROR_INVALID_SIGNATURE; case MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL: return PSA_ERROR_BUFFER_TOO_SMALL; case MBEDTLS_ERR_GCM_BAD_INPUT: return PSA_ERROR_INVALID_ARGUMENT; +#endif #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE) @@ -241,17 +260,24 @@ psa_status_t mbedtls_to_psa_error(int ret) return PSA_ERROR_INSUFFICIENT_ENTROPY; #endif +#if defined(MBEDTLS_MD_C) case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE: return PSA_ERROR_NOT_SUPPORTED; case MBEDTLS_ERR_MD_BAD_INPUT_DATA: return PSA_ERROR_INVALID_ARGUMENT; case MBEDTLS_ERR_MD_ALLOC_FAILED: return PSA_ERROR_INSUFFICIENT_MEMORY; +#if defined(MBEDTLS_FS_IO) case MBEDTLS_ERR_MD_FILE_IO_ERROR: return PSA_ERROR_STORAGE_FAILURE; +#endif +#endif +#if defined(MBEDTLS_BIGNUM_C) +#if defined(MBEDTLS_FS_IO) case MBEDTLS_ERR_MPI_FILE_IO_ERROR: return PSA_ERROR_STORAGE_FAILURE; +#endif case MBEDTLS_ERR_MPI_BAD_INPUT_DATA: return PSA_ERROR_INVALID_ARGUMENT; case MBEDTLS_ERR_MPI_INVALID_CHARACTER: @@ -266,14 +292,19 @@ psa_status_t mbedtls_to_psa_error(int ret) return PSA_ERROR_INVALID_ARGUMENT; case MBEDTLS_ERR_MPI_ALLOC_FAILED: return PSA_ERROR_INSUFFICIENT_MEMORY; +#endif +#if defined(MBEDTLS_PK_C) case MBEDTLS_ERR_PK_ALLOC_FAILED: return PSA_ERROR_INSUFFICIENT_MEMORY; case MBEDTLS_ERR_PK_TYPE_MISMATCH: case MBEDTLS_ERR_PK_BAD_INPUT_DATA: return PSA_ERROR_INVALID_ARGUMENT; +#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) || defined(MBEDTLS_FS_IO) || \ + defined(MBEDTLS_PSA_ITS_FILE_C) case MBEDTLS_ERR_PK_FILE_IO_ERROR: return PSA_ERROR_STORAGE_FAILURE; +#endif case MBEDTLS_ERR_PK_KEY_INVALID_VERSION: case MBEDTLS_ERR_PK_KEY_INVALID_FORMAT: return PSA_ERROR_INVALID_ARGUMENT; @@ -292,12 +323,14 @@ psa_status_t mbedtls_to_psa_error(int ret) return PSA_ERROR_INVALID_SIGNATURE; case MBEDTLS_ERR_PK_BUFFER_TOO_SMALL: return PSA_ERROR_BUFFER_TOO_SMALL; +#endif case MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED: return PSA_ERROR_HARDWARE_FAILURE; case MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED: return PSA_ERROR_NOT_SUPPORTED; +#if defined(MBEDTLS_RSA_C) case MBEDTLS_ERR_RSA_BAD_INPUT_DATA: return PSA_ERROR_INVALID_ARGUMENT; case MBEDTLS_ERR_RSA_INVALID_PADDING: @@ -315,7 +348,9 @@ psa_status_t mbedtls_to_psa_error(int ret) return PSA_ERROR_BUFFER_TOO_SMALL; case MBEDTLS_ERR_RSA_RNG_FAILED: return PSA_ERROR_INSUFFICIENT_ENTROPY; +#endif +#if defined(MBEDTLS_ECP_C) case MBEDTLS_ERR_ECP_BAD_INPUT_DATA: case MBEDTLS_ERR_ECP_INVALID_KEY: return PSA_ERROR_INVALID_ARGUMENT; @@ -331,8 +366,11 @@ psa_status_t mbedtls_to_psa_error(int ret) case MBEDTLS_ERR_ECP_RANDOM_FAILED: return PSA_ERROR_INSUFFICIENT_ENTROPY; +#if defined(MBEDTLS_ECP_RESTARTABLE) case MBEDTLS_ERR_ECP_IN_PROGRESS: return PSA_OPERATION_INCOMPLETE; +#endif +#endif case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED: return PSA_ERROR_CORRUPTION_DETECTED; From 2aaf888e0bb5e560c8d1770e14a3907d6ad7a08d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 16 Aug 2023 19:48:10 +0100 Subject: [PATCH 084/350] Adjust struct layout for small size win Signed-off-by: Dave Rodgman --- include/mbedtls/sha256.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h index 87e5cc61a4..87e259f5be 100644 --- a/include/mbedtls/sha256.h +++ b/include/mbedtls/sha256.h @@ -50,9 +50,9 @@ extern "C" { * made in the call to mbedtls_sha256_starts(). */ typedef struct mbedtls_sha256_context { + unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */ uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */ uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */ - unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being processed. */ int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use: 0: Use SHA-256, or 1: Use SHA-224. */ } From f4efd19dd0d83326f2137daa2e79f9a5e6bf3c78 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 16 Aug 2023 19:54:41 +0100 Subject: [PATCH 085/350] Reduce code size in ccm Signed-off-by: Dave Rodgman --- include/mbedtls/ccm.h | 11 +++++------ library/ccm.c | 1 - 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 6c2255281c..a1f601ff64 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -77,7 +77,8 @@ extern "C" { typedef struct mbedtls_ccm_context { unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working buffer */ unsigned char MBEDTLS_PRIVATE(ctr)[16]; /*!< The counter buffer */ - mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ + int MBEDTLS_PRIVATE(state); /*!< Working value holding context's + state. Used for chunked data input */ size_t MBEDTLS_PRIVATE(plaintext_len); /*!< Total plaintext length */ size_t MBEDTLS_PRIVATE(add_len); /*!< Total authentication data length */ size_t MBEDTLS_PRIVATE(tag_len); /*!< Total tag length */ @@ -87,15 +88,13 @@ typedef struct mbedtls_ccm_context { and plaintext/ciphertext. This variable is set to zero after auth data input is finished. */ - unsigned char MBEDTLS_PRIVATE(q); /*!< The Q working value */ - unsigned char MBEDTLS_PRIVATE(mode); /*!< The operation to perform: + unsigned int MBEDTLS_PRIVATE(q); /*!< The Q working value */ + unsigned int MBEDTLS_PRIVATE(mode); /*!< The operation to perform: #MBEDTLS_CCM_ENCRYPT or #MBEDTLS_CCM_DECRYPT or #MBEDTLS_CCM_STAR_ENCRYPT or #MBEDTLS_CCM_STAR_DECRYPT. */ - int MBEDTLS_PRIVATE(state); /*!< Working value holding context's - state. Used for chunked data - input */ + mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ } mbedtls_ccm_context; diff --git a/library/ccm.c b/library/ccm.c index cd689c806a..bc613762db 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -400,7 +400,6 @@ int mbedtls_ccm_update(mbedtls_ccm_context *ctx, mbedtls_xor(ctx->y + offset, ctx->y + offset, local_output, use_len); memcpy(output, local_output, use_len); - mbedtls_platform_zeroize(local_output, 16); if (use_len + offset == 16 || ctx->processed == ctx->plaintext_len) { if ((ret = From d31b28485bbf77bb7634c58eff68319d2ee5e7e2 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 15 Aug 2023 10:59:58 +0200 Subject: [PATCH 086/350] driver-only-builds: update EC and FFDH sections Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 39 +++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index a55bbc5697..1a42a3f3e7 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -76,10 +76,6 @@ TODO Elliptic-curve cryptography (ECC) --------------------------------- -Note: things are still evolving. This section describes the situation right -after #7452 has been merged. It will be updated again in #7757 when bignum is -done. - It is possible to have most ECC operations provided only by a driver: - the ECDH, ECDSA and EC J-PAKE algorithms; - key import, export, and random generation. @@ -107,6 +103,11 @@ without `MBEDTLS_ECP_C` provided the corresponding RSA or FFDH, then you can also disable `MBEDTLS_BIGNUM_C` for further code size saving. +[Coming soon] As noted in the "Limitations regarding the selection of curves" +section below, there is an upcoming requirement for all the required curves to +be also accelerated in the PSA driver in order to exclude the builtin algs +support. + ### Limitations regarding fully removing `ecp.c` A limited subset of `ecp.c` will still be automatically re-enabled if any of @@ -144,10 +145,34 @@ timeline, please let us know if you're interested. ### Limitations regarding the selection of curves -TODO: apparently we don't really support having some curves built-in and -others driver-only... investigate and describe the situation. See also #7899. +There is an ongoing work which tries to establish a link/constrain between +the list of supported curves and supported algorithms both in builtin and PSA +sides. In particular: + +- #8014 ensures that the curves supported on the PSA side (`PSA_WANT_ECC_xxx`) + are always a superset of the builtin ones (`MBEDTLS_ECP_DP_xxx`) +- #8016 forces builtin alg support as soon as there is at least one builtin + curve. In other words, in order to exclue all builtin algs, all the required + curves should be supported and accelerated by the PSA driver. Finite-field Diffie-Hellman --------------------------- -TODO +Support is pretty similar to the "Elliptic-curve cryptography (ECC)" section +above. +Key management and usage can be enabled by means of the usual `PSA_WANT` + +`MBEDTLS_PSA_ACCEL` pairs: + +- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_PUBLIC_KEY`; +- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_BASIC`; +- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_IMPORT`; +- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_EXPORT`; +- `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_GENERATE`; + +The same holds for the associated algorithm: +`[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow to build accelerating FFDH and +removing builtin support (i.e. `MBEDTLS_DHM_C`). + +### Limitations +Support for deterministic derivation of a DH keypair +(i.e. `PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE`) is not supported. From ac7a04ac150cc68ab566cbe499c39186b8c8b852 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Fri, 18 Aug 2023 13:47:47 +0530 Subject: [PATCH 087/350] Move parse_binary_string function to psa_crypto_helpers Add test code for pbkdf2 in psa_exercise_key Signed-off-by: Kusumit Ghoderao --- tests/include/test/psa_crypto_helpers.h | 4 +++- tests/include/test/psa_exercise_key.h | 1 + tests/src/psa_crypto_helpers.c | 11 +++++++++++ tests/src/psa_exercise_key.c | 12 ++++++++++++ tests/suites/test_suite_psa_crypto.function | 11 ----------- 5 files changed, 27 insertions(+), 12 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index c0f76c894a..a280331e3d 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -241,7 +241,9 @@ int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len); int mbedtls_test_inject_entropy_restore(void); #endif /* MBEDTLS_PSA_INJECT_ENTROPY */ - +/** Parse binary string and convert it to a long integer + */ +uint64_t parse_binary_string(data_t *bin_string); /** Skip a test case if the given key is a 192 bits AES key and the AES * implementation is at least partially provided by an accelerator or diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h index b5e3d35426..46f4d08107 100644 --- a/tests/include/test/psa_exercise_key.h +++ b/tests/include/test/psa_exercise_key.h @@ -119,6 +119,7 @@ * The inputs \p input1 and \p input2 are, in order: * - HKDF: salt, info. * - TKS 1.2 PRF, TLS 1.2 PSK-to-MS: seed, label. + * - PBKDF2: input cost, salt. * * \param operation The operation object to use. * It must be in the initialized state. diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index cab96ab967..18eac060f5 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -149,6 +149,17 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename) } } +uint64_t parse_binary_string(data_t *bin_string) +{ + uint64_t result = 0; + TEST_LE_U(bin_string->len, 8); + for (size_t i = 0; i < bin_string->len; i++) { + result = result << 8 | bin_string->x[i]; + } +exit: + return result; /* returns 0 if len > 8 */ +} + #if defined(MBEDTLS_PSA_INJECT_ENTROPY) #include diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 9ff408cb05..83359771c1 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -437,6 +437,18 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_ASSERT(psa_key_derivation_input_bytes(operation, PSA_KEY_DERIVATION_INPUT_LABEL, input2, input2_length)); + } else if (PSA_ALG_IS_PBKDF2(alg)) { + data_t input_cost = { (unsigned char *) input1, (uint32_t) input1_length }; + PSA_ASSERT(psa_key_derivation_input_integer(operation, + PSA_KEY_DERIVATION_INPUT_COST, + parse_binary_string(&input_cost))); + PSA_ASSERT(psa_key_derivation_input_bytes(operation, + PSA_KEY_DERIVATION_INPUT_SALT, + input2, + input2_length)); + PSA_ASSERT(psa_key_derivation_input_key(operation, + PSA_KEY_DERIVATION_INPUT_PASSWORD, + key)); } else { TEST_FAIL("Key derivation algorithm not supported"); } diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 2396590b2d..d1ae15b73f 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -296,17 +296,6 @@ exit: #define INPUT_INTEGER 0x10000 /* Out of range of psa_key_type_t */ -uint64_t parse_binary_string(data_t *bin_string) -{ - uint64_t result = 0; - TEST_LE_U(bin_string->len, 8); - for (size_t i = 0; i < bin_string->len; i++) { - result = result << 8 | bin_string->x[i]; - } -exit: - return result; /* returns 0 if len > 8 */ -} - /* An overapproximation of the amount of storage needed for a key of the * given type and with the given content. The API doesn't make it easy * to find a good value for the size. The current implementation doesn't From e8f6a0d791fbdb1918944478d7dbdb1b7a1c77d9 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Fri, 18 Aug 2023 13:50:37 +0530 Subject: [PATCH 088/350] Add tests for derive_key_exercise for pbkdf2 Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 48 +++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 410ae6463d..122599d299 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6568,6 +6568,54 @@ PSA key derivation: TLS 1.2 PRF SHA-256, exercise HKDF-SHA-256 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DERIVE:400:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256) +PSA key derivation: PBKDF2-HMAC-SHA-256, exercise AES128-CTR +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES +derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR + +PSA key derivation: PBKDF2-HMAC-SHA-256, exercise AES256-CTR +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR + +PSA key derivation: PBKDF2-HMAC-SHA-256, exercise DES-CBC +depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DES +derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7 + +PSA key derivation: PBKDF2-HMAC-SHA-256, exercise 2-key 3DES-CBC +depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DES +derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7 + +PSA key derivation: PBKDF2-HMAC-SHA-256, exercise 3-key 3DES-CBC +depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DES +derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7 + +PSA key derivation: PBKDF2-HMAC-SHA-256, exercise HMAC-SHA-256 +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_HMAC +derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256) + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise AES128-CTR +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise AES256-CTR +depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise DES-CBC +depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:PSA_WANT_KEY_TYPE_DES +derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:64:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise 2-key 3DES-CBC +depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:PSA_WANT_KEY_TYPE_DES +derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise 3-key 3DES-CBC +depends_on:PSA_WANT_ALG_CBC_PKCS7:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:PSA_WANT_KEY_TYPE_DES +derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_DES:192:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_PKCS7 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, exercise HMAC-SHA-256 +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_ALG_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_KEY_TYPE_HMAC +derive_key_exercise:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_HMAC:256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_HMAC(PSA_ALG_SHA_256) + PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256:MBEDTLS_ECP_LIGHT derive_key_exercise:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY From 1fe806a1a001aaa42a4de4c2b06ecf824d17407d Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Fri, 18 Aug 2023 13:51:45 +0530 Subject: [PATCH 089/350] Add tests in derive_key_export for pbkdf2 Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 122599d299..cc5e33c678 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6640,6 +6640,22 @@ PSA key derivation: TLS 1.2 PRF SHA-256, derive key export, 1+41 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF derive_key_export:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":1:41 +PSA key derivation: PBKDF2-HMAC-SHA-256, derive key export, 16+32 +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_key_export:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":16:32 + +PSA key derivation: PBKDF2-HMAC-SHA-256, derive key export, 1+41 +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_key_export:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":1:41 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, derive key export, 16+32 +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_key_export:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":16:32 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, derive key export, 1+41 +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_key_export:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":1:41 + PSA key derivation: HKDF-SHA-256 -> AES-128 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_AES:128:"3cb25f25faacd57a90434f64d0362f2a" From 1dd596541b1ee8af8aebf0500d7a4bd12733c3e6 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Fri, 18 Aug 2023 13:52:23 +0530 Subject: [PATCH 090/350] Add tests in derive_key_type for pbkdf2 Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index cc5e33c678..0d6f0eba88 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6748,6 +6748,22 @@ PSA key derivation: HKDF-SHA-256 -> ECC curve448 #7 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_MONTGOMERY_448 derive_key_type:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):448:"cc9d06c33cec5b3d08221a7228050e6919150a43592ae710162c97c0a2855b25c373305784895a1c48ca511ee42fc50c3f67d419569007ea" +PSA key derivation: PBKDF2-HMAC-SHA-256 -> AES-128 +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES +derive_key_type:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:128:"55ac046e56e3089fec1691c22544b605" + +PSA key derivation: PBKDF2-HMAC-SHA-256 -> AES-256 +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +derive_key_type:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc" + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128-> AES-128 +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_key_type:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:128:"28e288c6345bb5ecf7ca70274208a3ba" + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128-> AES-256 +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +derive_key_type:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:256:"28e288c6345bb5ecf7ca70274208a3ba0f1148b5868537d5e09d3ee6813b1f52" + PSA key derivation: invalid type (0) depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0 From 8eb55891ad71140c64eb10c2703493ef77af0483 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Fri, 18 Aug 2023 13:53:21 +0530 Subject: [PATCH 091/350] Add tests in derive_key for pbkdf2 Signed-off-by: Kusumit Ghoderao --- tests/suites/test_suite_psa_crypto.data | 59 ++++++++++++++++++++++++- 1 file changed, 58 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 0d6f0eba88..5136568ae8 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6913,7 +6913,6 @@ depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:!PSA_WANT_KEY_TYPE_ECC_KEY_PAI # The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):7:PSA_ERROR_NOT_SUPPORTED:0 - PSA key derivation: raw data, 8 bits depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:8:PSA_SUCCESS:0 @@ -6922,6 +6921,56 @@ PSA key derivation: invalid length (9 bits) depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:9:PSA_ERROR_INVALID_ARGUMENT:0 +PSA key derivation: PBKDF2-HMAC-SHA-256, invalid type (0) +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0 + +PSA key derivation: PBKDF2-HMAC-SHA-256, invalid type (PSA_KEY_TYPE_CATEGORY_MASK) +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_NOT_SUPPORTED:0 + +PSA key derivation: PBKDF2-HMAC-SHA-256, invalid length PSA_KEY_TYPE_RAW_DATA (0) +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED +derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT:0 + +PSA key derivation: PBKDF2-HMAC-SHA-256, invalid length PSA_KEY_TYPE_RAW_DATA (7 bits) +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:7:PSA_ERROR_INVALID_ARGUMENT:0 + +PSA key derivation: PBKDF2-HMAC-SHA-256, raw data, 8 bits +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:8:PSA_SUCCESS:0 + +PSA key derivation: PBKDF2-HMAC-SHA-256, invalid length (9 bits) +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:9:PSA_ERROR_INVALID_ARGUMENT:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid type (0) +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_NONE:128:PSA_ERROR_NOT_SUPPORTED:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid type (PSA_KEY_TYPE_CATEGORY_MASK) +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_CATEGORY_MASK:128:PSA_ERROR_NOT_SUPPORTED:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid length PSA_KEY_TYPE_RAW_DATA (0) +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED +derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:0:PSA_ERROR_INVALID_ARGUMENT:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid length PSA_KEY_TYPE_RAW_DATA (7 bits) +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:7:PSA_ERROR_INVALID_ARGUMENT:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, raw data, 8 bits +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:8:PSA_SUCCESS:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, invalid length (9 bits) +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:9:PSA_ERROR_INVALID_ARGUMENT:0 + # This test assumes that PSA_MAX_KEY_BITS (currently 65536-8 bits = 8191 bytes # and not expected to be raised any time soon) is less than the maximum # output from HKDF-SHA512 (255*64 = 16320 bytes). @@ -6933,6 +6982,14 @@ PSA key derivation: key too large depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512 derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS + 1:PSA_ERROR_NOT_SUPPORTED:0 +PSA key derivation: PBKDF2-HMAC-SHA-256, key too large +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_key:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS + 1:PSA_ERROR_NOT_SUPPORTED:0 + +PSA key derivation: PBKDF2-AES-CMAC-PRF-128, key too large +depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES +derive_key:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:"706173737764":"01":"73616c74":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS + 1:PSA_ERROR_NOT_SUPPORTED:0 + PSA key agreement setup: ECDH + HKDF-SHA-256: good depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_SECP_R1_256 key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS From 2ea44d28de575c673c40c5ad0947e212865f1530 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 18 Aug 2023 18:36:02 +0100 Subject: [PATCH 092/350] Fix: Set type_id in x509_get_other_name() When parsing a subject alternative name of type otherName, retain the type-id field of the otherName. Previously this was not copied to the mbedtls_x509_san_other_name struct when it should have been. Signed-off-by: David Horstmann --- library/x509.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/x509.c b/library/x509.c index ba8d719606..cee854c0c3 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1097,6 +1097,7 @@ static int x509_get_other_name(const mbedtls_x509_buf *subject_alt_name, if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) { return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; } + other_name->type_id = cur_oid; p += len; if ((ret = mbedtls_asn1_get_tag(&p, end, &len, From cfae6a1ae99aaf5e3e4172f0722623ec59d49b0e Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 18 Aug 2023 19:12:59 +0100 Subject: [PATCH 093/350] Fix incorrect detection of HardwareModuleName The hardware module name otherName SAN contains 2 OIDs: OtherName ::= SEQUENCE { type-id OBJECT IDENTIFIER, value [0] EXPLICIT ANY DEFINED BY type-id } HardwareModuleName ::= SEQUENCE { hwType OBJECT IDENTIFIER, hwSerialNum OCTET STRING } The first, type-id, is the one that identifies the otherName as a HardwareModuleName. The second, hwType, identifies the type of hardware. This change fixes 2 issues: 1. We were erroneously trying to identify HardwareModuleNames by looking at hwType, not type-id. 2. We accidentally inverted the check so that we were checking that hwType did NOT match HardwareModuleName. This fix ensures that type-id is correctly checked to make sure that it matches the OID for HardwareModuleName. Signed-off-by: David Horstmann --- library/x509.c | 2 +- tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509.c b/library/x509.c index cee854c0c3..ee7a2b2f3a 100644 --- a/library/x509.c +++ b/library/x509.c @@ -1489,7 +1489,7 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size, MBEDTLS_X509_SAFE_SNPRINTF; if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, - &other_name->value.hardware_module_name.oid) != 0) { + &other_name->type_id) == 0) { ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix); MBEDTLS_X509_SAFE_SNPRINTF; ret = diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 7a2bbefd91..ce80e569ea 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -242,7 +242,7 @@ int verify_parse_san(mbedtls_x509_subject_alternative_name *san, MBEDTLS_X509_SAFE_SNPRINTF; if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, - &san->san.other_name.value.hardware_module_name.oid) != 0) { + &san->san.other_name.type_id) == 0) { ret = mbedtls_snprintf(p, n, " hardware module name :"); MBEDTLS_X509_SAFE_SNPRINTF; ret = mbedtls_snprintf(p, n, " hardware type : "); From 1923c91e15db4e726e50ac17b291c78daff10f8c Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 18 Aug 2023 19:01:10 +0100 Subject: [PATCH 094/350] Add ChangeLog entry for otherName SAN fixes Signed-off-by: David Horstmann --- ChangeLog.d/initialize-struct-get-other-name.txt | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 ChangeLog.d/initialize-struct-get-other-name.txt diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt new file mode 100644 index 0000000000..6bba4cbcc5 --- /dev/null +++ b/ChangeLog.d/initialize-struct-get-other-name.txt @@ -0,0 +1,8 @@ +Bugfix + * Fix an issue when parsing an otherName subject alternative name into a + mbedtls_x509_san_other_name struct. The type-id of the otherName was not + copied to the struct. This meant that the struct had incomplete + information about the otherName SAN and contained uninitialized memory. + * Fix the detection of HardwareModuleName otherName SANs. These were being + detected by comparing the wrong field and the check was erroneously + inverted. \ No newline at end of file From ead1766b5f910dd2a8d6368982b6539ed618634d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 20 Aug 2023 22:02:51 +0200 Subject: [PATCH 095/350] Fix PBKDF2 with empty salt segment on platforms where malloc(0)=NULL "Fix PBKDF2 with empty salt on platforms where malloc(0)=NULL" took care of making an empty salt work. But it didn't fix the case of an empty salt segment followed by a non-empty salt segment, which still invoked memcpy with a potentially null pointer as the source. This commit fixes that case, and also simplifies the logic in the function a little. Test data obtained with: ``` pip3 install cryptodome python3 -c 'import sys; from Crypto.Hash import SHA256; from Crypto.Protocol.KDF import PBKDF2; cost = int(sys.argv[1], 0); salt = bytes.fromhex(sys.argv[2]); password = bytes.fromhex(sys.argv[3]); n = int(sys.argv[4], 0); print(PBKDF2(password=password, salt=salt, dkLen=n, count=cost, hmac_hash_module=SHA256).hex())' 1 "" "706173737764" 64 ``` Signed-off-by: Gilles Peskine --- library/psa_crypto.c | 26 ++++++++++--------------- tests/suites/test_suite_psa_crypto.data | 14 ++++++++++++- 2 files changed, 23 insertions(+), 17 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index c4a48f8305..35d71e7a93 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -6684,22 +6684,17 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, const uint8_t *data, size_t data_length) { - if (pbkdf2->state != PSA_PBKDF2_STATE_INPUT_COST_SET && - pbkdf2->state != PSA_PBKDF2_STATE_SALT_SET) { + if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { + pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET; + } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { + /* Appending to existing salt. No state change. */ + } else { return PSA_ERROR_BAD_STATE; } if (data_length == 0) { - /* Nothing to do */ - } else if (pbkdf2->state == PSA_PBKDF2_STATE_INPUT_COST_SET) { - pbkdf2->salt = mbedtls_calloc(1, data_length); - if (pbkdf2->salt == NULL) { - return PSA_ERROR_INSUFFICIENT_MEMORY; - } - - memcpy(pbkdf2->salt, data, data_length); - pbkdf2->salt_length = data_length; - } else if (pbkdf2->state == PSA_PBKDF2_STATE_SALT_SET) { + /* Appending an empty string, nothing to do. */ + } else { uint8_t *next_salt; next_salt = mbedtls_calloc(1, data_length + pbkdf2->salt_length); @@ -6707,15 +6702,14 @@ static psa_status_t psa_pbkdf2_set_salt(psa_pbkdf2_key_derivation_t *pbkdf2, return PSA_ERROR_INSUFFICIENT_MEMORY; } - memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length); + if (pbkdf2->salt_length != 0) { + memcpy(next_salt, pbkdf2->salt, pbkdf2->salt_length); + } memcpy(next_salt + pbkdf2->salt_length, data, data_length); pbkdf2->salt_length += data_length; mbedtls_free(pbkdf2->salt); pbkdf2->salt = next_salt; } - - pbkdf2->state = PSA_PBKDF2_STATE_SALT_SET; - return PSA_SUCCESS; } diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 410ae6463d..2237a41e73 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6377,10 +6377,22 @@ PSA key derivation: PBKDF2-HMAC(SHA-1), RFC6070 #6 depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_1 derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_COST:"1000":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361006c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"7061737300776f7264":PSA_SUCCESS:0:"":PSA_SUCCESS:"":16:"56fa6aa75548099dcc37d7f03425e0c3":"":0:1:0 -PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt in two step +PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt=2+2 depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"7361":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"6c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:0 +PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt=0+4 +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:0 + +PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, salt=4+0 +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:0 + +PSA key derivation: PBKDF2-HMAC(SHA-256), salt=0+0 +depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 +derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:"":64:"b03ada2451aa1084ce14cf51c93eeea9d2bd435db3f93a70031b2de39fdef45d2ccb1fe2078e79773c148311d3e6ec5dec9da7f30d78584ec21c94de839671b2":"":0:1:0 + PSA key derivation: PBKDF2-HMAC(SHA-256), RFC7914 #1, password as key, derive key depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256 derive_output:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_COST:"01":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SALT:"73616c74":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_PASSWORD:"706173737764":PSA_SUCCESS:0:"":PSA_SUCCESS:"":64:"55ac046e56e3089fec1691c22544b605f94185216dde0465e68b9d57c20dacbc49ca9cccf179b645991664b39d77ef317c71b845b1e30bd509112041d3a19783":"":0:1:1 From 568799fe226fb414c845bebf01bfe74bbe02181a Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Fri, 18 Aug 2023 16:27:00 +0200 Subject: [PATCH 096/350] ssl_ciphersuites: fix typo Signed-off-by: Valerio Setti --- include/mbedtls/ssl_ciphersuites.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 910c6789f0..62c138d3a2 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -314,7 +314,7 @@ typedef enum { #define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED #endif -/* Helper to state that certificated based client authentication through ECDSA +/* Helper to state that certificate-based client authentication through ECDSA * is supported in TLS 1.2 */ #if defined(MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED) && \ defined(MBEDTLS_PK_CAN_ECDSA_SIGN) && defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) From 43f7602fcc13c4290a88f19898ffe74de8e2d1e4 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Mon, 21 Aug 2023 17:34:45 +0100 Subject: [PATCH 097/350] Fixup incorrectly-formatted ChangeLog entry Signed-off-by: David Horstmann --- ChangeLog.d/initialize-struct-get-other-name.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt index 6bba4cbcc5..dc8395d408 100644 --- a/ChangeLog.d/initialize-struct-get-other-name.txt +++ b/ChangeLog.d/initialize-struct-get-other-name.txt @@ -1,8 +1,8 @@ Bugfix * Fix an issue when parsing an otherName subject alternative name into a mbedtls_x509_san_other_name struct. The type-id of the otherName was not - copied to the struct. This meant that the struct had incomplete + copied to the struct. This meant that the struct had incomplete information about the otherName SAN and contained uninitialized memory. * Fix the detection of HardwareModuleName otherName SANs. These were being detected by comparing the wrong field and the check was erroneously - inverted. \ No newline at end of file + inverted. From 48513b8639056eb3b8093842cb197a02e4f5d1e7 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 20 Jul 2023 16:19:05 +0100 Subject: [PATCH 098/350] Escape special characters RFC 4514 This escapes special characters according to RFC 4514 in mbedtls_x509_dn_gets and de-escapes in mbedtls_x509_string_to_names. This commit does not handle hexpairs. Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 14 +++++++++----- library/x509_create.c | 4 ++-- tests/suites/test_suite_x509write.data | 11 ++++++++++- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/library/x509.c b/library/x509.c index ba8d719606..2764ba6006 100644 --- a/library/x509.c +++ b/library/x509.c @@ -855,12 +855,16 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) } c = name->val.p[i]; - // Special characters requiring escaping, RFC 1779 - if (c && strchr(",=+<>#;\"\\", c)) { - if (j + 1 >= sizeof(s) - 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + // Special characters requiring escaping, RFC 4514 Section 2.4 + if (c) { + if (strchr(",=+<>;\"\\+", c) || + ((i == 0) && strchr("# ", c)) || + ((i == name->val.len-1 ) && (c == ' '))) { + if (j + 1 >= sizeof(s) - 1) { + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + } + s[j++] = '\\'; } - s[j++] = '\\'; } if (c < 32 || c >= 127) { s[j] = '?'; diff --git a/library/x509_create.c b/library/x509_create.c index bd772d3ac7..170a6bc29c 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -153,8 +153,8 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam if (!in_tag && *c == '\\' && c != end) { c++; - /* Check for valid escaped characters */ - if (c == end || *c != ',') { + /* Check for valid escaped characters in RFC 4514 in Section 3*/ + if (c == end || !strchr(" ,=+<>#;\"\\+", *c)) { ret = MBEDTLS_ERR_X509_INVALID_NAME; goto exit; } diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 0848550199..e50f590dbc 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -184,8 +184,17 @@ mbedtls_x509_string_to_names:"C=NL, O=Offspark\\a Inc., OU=PolarSSL":"":MBEDTLS_ X509 String to Names #6 (Escape at end) mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NAME -X509 String to Names #6 (Invalid, no '=' or ',') +X509 String to Names #7 (Invalid, no '=' or ',') mbedtls_x509_string_to_names:"ABC123":"":MBEDTLS_ERR_X509_INVALID_NAME +X509 String to Names #8 (Escape valid characters) +mbedtls_x509_string_to_names:"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":0 + +X509 String to Names #9 (Escape '#' at beginning of string) +mbedtls_x509_string_to_names:"C=NL, O=#Offspark#, OU=PolarSSL":"C=NL, O=\\#Offspark#, OU=PolarSSL":0 + +X509 String to Names #10 (Escape ' ' at beginning and end of string) +mbedtls_x509_string_to_names:"C=NL, O= Off spark , OU=PolarSSL":"C=NL, O=\\ Off spark\\ , OU=PolarSSL":0 + Check max serial length x509_set_serial_check: From ef2decbe4aa625e097ebd7baba006be08b707581 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 21 Jul 2023 15:47:47 +0100 Subject: [PATCH 099/350] Escape hexpairs characters RFC 4514 Converts none ascii to escaped hexpairs in mbedtls_x509_dn_gets and interprets hexpairs in mbedtls_x509_string_to_names. Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 21 +++++++++++++++++---- library/x509_create.c | 20 ++++++++++++++++++-- tests/suites/test_suite_x509write.data | 9 +++++++++ 3 files changed, 44 insertions(+), 6 deletions(-) diff --git a/library/x509.c b/library/x509.c index 2764ba6006..5025d774b4 100644 --- a/library/x509.c +++ b/library/x509.c @@ -810,6 +810,12 @@ int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, return 0; } +/* Converts only the 4 least significant bits */ +static char x509_int_to_hexdigit(int i) +{ + return (i < 10) ? (i | 0x30) : ((i - 9) | 0x40); +} + /* * Store the name in printable form into buf; no more * than size characters will be written @@ -857,9 +863,9 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) c = name->val.p[i]; // Special characters requiring escaping, RFC 4514 Section 2.4 if (c) { - if (strchr(",=+<>;\"\\+", c) || - ((i == 0) && strchr("# ", c)) || - ((i == name->val.len-1 ) && (c == ' '))) { + if (strchr(",=+<>;\"\\+", c) || + ((i == 0) && strchr("# ", c)) || + ((i == name->val.len-1) && (c == ' '))) { if (j + 1 >= sizeof(s) - 1) { return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } @@ -867,7 +873,14 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) } } if (c < 32 || c >= 127) { - s[j] = '?'; + if (j + 3 >= sizeof(s) - 1) { + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + } + s[j++] = '\\'; + char lowbits = (c & 0x0F); + char highbits = c>>4; + s[j++] = x509_int_to_hexdigit(highbits); + s[j] = x509_int_to_hexdigit(lowbits); } else { s[j] = c; } diff --git a/library/x509_create.c b/library/x509_create.c index 170a6bc29c..9652a20c6d 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -123,6 +123,16 @@ static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name, return cur; } +static int x509_is_char_hex(char c) +{ + return ('0' <= c && c <= '9') || ('a' <= c && c <= 'f') || ('A' <= c && c <= 'F'); +} + +static int x509_hex_to_int(char c) +{ + return ((c & 0x40) ? (c + 9) : c) & 0x0F; +} + int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name) { int ret = MBEDTLS_ERR_X509_INVALID_NAME; @@ -131,6 +141,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam const char *oid = NULL; const x509_attr_descriptor_t *attr_descr = NULL; int in_tag = 1; + int hexpair = 0; char data[MBEDTLS_X509_MAX_DN_NAME_SIZE]; char *d = data; @@ -154,7 +165,11 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam c++; /* Check for valid escaped characters in RFC 4514 in Section 3*/ - if (c == end || !strchr(" ,=+<>#;\"\\+", *c)) { + if (c + 1 < end && x509_is_char_hex(*c) && x509_is_char_hex(*(c+1))) { + hexpair = 1; + *(d++) = (x509_hex_to_int(*c) << 4) + x509_hex_to_int(*(c+1)); + c++; + } else if (c == end || !strchr(" ,=+<>#;\"\\+", *c)) { ret = MBEDTLS_ERR_X509_INVALID_NAME; goto exit; } @@ -182,7 +197,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam ret = 0; } - if (!in_tag && s != c + 1) { + if (!hexpair && !in_tag && s != c + 1) { *(d++) = *c; if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) { @@ -191,6 +206,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam } } + hexpair = 0; c++; } diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index e50f590dbc..0987faef2a 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -196,5 +196,14 @@ mbedtls_x509_string_to_names:"C=NL, O=#Offspark#, OU=PolarSSL":"C=NL, O=\\#Offsp X509 String to Names #10 (Escape ' ' at beginning and end of string) mbedtls_x509_string_to_names:"C=NL, O= Off spark , OU=PolarSSL":"C=NL, O=\\ Off spark\\ , OU=PolarSSL":0 +X509 String to Names #11 (Escape ascii hexpairs) +mbedtls_x509_string_to_names:"C=NL, O=Of\\66spark, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 + +X509 String to Names #12 (Escape non-ascii hexpairs) +mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"C=NL, O=Of\\00spark, OU=PolarSSL":0 + +X509 String to Names #13 (Invalid hexpairs) +mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME + Check max serial length x509_set_serial_check: From dba8a641fefba60c7c9d3fa17e180453c9eb2e03 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 24 Jul 2023 14:41:34 +0100 Subject: [PATCH 100/350] Add and update tests for x509write and x509parse Due to change in handling non-ascii characters, existing tests had to be updated to handle the new implementation. New tests and certificates are added to test the escaping functionality in edge cases. Signed-off-by: Agathiyan Bragadeesh --- tests/data_files/Makefile | 11 ++++++++++- tests/data_files/server1.hashsymbol.crt | 20 ++++++++++++++++++++ tests/data_files/server1.spaces.crt | 20 ++++++++++++++++++++ tests/suites/test_suite_x509parse.data | 12 ++++++++++-- 4 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 tests/data_files/server1.hashsymbol.crt create mode 100644 tests/data_files/server1.spaces.crt diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index b5f0844c9d..2009ad6699 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1441,6 +1441,11 @@ all_final += server1.req.cert_type_empty parse_input/server1.req.commas.sha256: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL\, Commas,CN=PolarSSL Server 1" md=SHA256 +parse_input/server1.req.hashsymbol.sha256: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=\#PolarSSL,CN=PolarSSL Server 1" md=SHA256 + +parse_input/server1.req.spaces.sha256: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O= PolarSSL ,CN=PolarSSL Server 1" md=SHA256 # server2* server2_pwd_ec = PolarSSLTest @@ -1590,7 +1595,11 @@ server1.der: server1.crt $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ server1.commas.crt: server1.key parse_input/server1.req.commas.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.commas.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ -all_final += server1.crt server1.noauthid.crt parse_input/server1.crt.der server1.commas.crt +server1.hashsymbol.crt: server1.key parse_input/server1.req.hashsymbol.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.hashsymbol.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ +server1.spaces.crt: server1.key parse_input/server1.req.spaces.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.spaces.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ +all_final += server1.crt server1.noauthid.crt parse_input/server1.crt.der server1.commas.crt server1.hashsymbol.crt server1.spaces.crt parse_input/server1.key_usage.crt: parse_input/server1.req.sha256 server1.key_usage.crt: server1.req.sha256 diff --git a/tests/data_files/server1.hashsymbol.crt b/tests/data_files/server1.hashsymbol.crt new file mode 100644 index 0000000000..9db73009dd --- /dev/null +++ b/tests/data_files/server1.hashsymbol.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA9MQswCQYDVQQGEwJOTDESMBAG +A1UECgwJI1BvbGFyU1NMMRowGAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J +v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB +Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl +XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk +65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP +cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA +AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw +HwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQAD +ggEBAJcKcv/Xro61Sxm0GH42pYu7AvtD2b8nynvA8BW9gCHmiIHvHQWNO9NTMuno +1+HdzQVF1JxHC/A/hvXsczxGEc3jVnVeg1fwi8mZ/Fy1XtAVCTA0yJu7JTaaYbg+ +IU2y7Nu36FSOztLpOfHGmwVDoJ1+wCzG/id64hXwJRrHvUfGK4EvIsV97swhk2Do +zSAfDA9N+QNV4zeiF9mLMOpUhCUBq8r41EDqm9lM0wSd3HNen8jwO20F4F1b1dYm +L+bMarvUgHq91f128m2fF3sWNnz4RGoagSI/aOU/AP6Ksq8SUruGHpqrVWLClA6n +EyyTPlNTwYIRCydZt7zlsw1/4h4= +-----END CERTIFICATE----- diff --git a/tests/data_files/server1.spaces.crt b/tests/data_files/server1.spaces.crt new file mode 100644 index 0000000000..b77132a190 --- /dev/null +++ b/tests/data_files/server1.spaces.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQTCCAimgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA+MQswCQYDVQQGEwJOTDETMBEG +A1UECgwKIFBvbGFyU1NMIDEaMBgGA1UEAwwRUG9sYXJTU0wgU2VydmVyIDEwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAh89QGrVVVOL/TbugmUuFWFe +ib+46EWQ2+6IFlLT8UNQR5YSWWSHa/0r4Eb5c77dz5LhkVvtZqBviSl5RYDQg2rV +QUN3Xzl8CQRHgrBXOXDto+wVGR6oMwhHwQVCqf1Mw7Tf3QYfTRBRQGdzEw9A+G2B +JV8KsVPGMH4VOaz5Wu5/kp6mBVvnE5eFtSOS2dQkBtUJJYl1B92mGo8/CRm+rWUs +ZOuVm9z+QV4XptpsW2nMAroULBYknErczdD3Umdz8S2gI/1+9DHKLXDKiQsE2y6m +T3Buns69WIniU1meblqSZeKIPwyUGaPd5eidlRPtKdurcBLcWsprF6tSglSxAgMB +AAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKm +MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA +A4IBAQBsR3jOFh7uGF5MCvEK8DrSmmvcFJzMmTRp0hCMeb0wEULhrMKeRDIa2yvr +FrHHCUNAk2HjsjJevpCM8f3ibDqecckfbxE2vT9IUCmPrtOWmhQR/Il5TR9FvYns +4BF1KUPRqGUFAXoIN+xKcYdp+myIluGHumM4Bop7tAZ5gg68IV/UJh5RqShxiLgV +rxHzrp6oM1kn199m2wc1Twy2YwcNmfJDSOLV6K4xWjwcc8Eq+rLhuWUs5GNdrSEY +ZjWmF1AlbVVChU3Dl5XOAY8T6+wJst5RIwkf1Fl1TPCZX8FWzGM9HYiYW0cC7cno +IdSS7mVGxNrNe+6/Cu+zfqeiLdN2 +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 7af9de9cf1..a2a43d3823 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -184,11 +184,11 @@ x509_cert_info:"data_files/parse_input/server3.crt":"cert. version \: 3\nser X509 CRT information Bitstring in subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 -x509_cert_info:"data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n" +x509_cert_info:"data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=\\007101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n" X509 CRT information Non-ASCII string in issuer name and subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 -x509_cert_info:"data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" +x509_cert_info:"data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 Ltd, CN=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 CA\nsubject name \: C=JP, ST=Tokyo, O=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 Ltd, CN=\\C3\\A3\\C2\\83\\C2\\86\\C3\\A3\\C2\\82\\C2\\B9\\C3\\A3\\C2\\83\\C2\\88 CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" X509 CRT information Parsing IPv4 and IPv6 IP names depends_on:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C @@ -447,6 +447,14 @@ X509 Get Distinguished Name #5 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 mbedtls_x509_dn_gets:"data_files/server1.commas.crt":"subject":"C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1" +X509 Get Distinguished Name #6 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 +mbedtls_x509_dn_gets:"data_files/server1.hashsymbol.crt":"subject":"C=NL, O=\\#PolarSSL, CN=PolarSSL Server 1" + +X509 Get Distinguished Name #7 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 +mbedtls_x509_dn_gets:"data_files/server1.spaces.crt":"subject":"C=NL, O=\\ PolarSSL\\ , CN=PolarSSL Server 1" + X509 Get Modified DN #1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 mbedtls_x509_dn_gets_subject_replace:"data_files/server1.crt":"Modified":"C=NL, O=Modified, CN=PolarSSL Server 1":0 From 9d2507c81dae277e5f82abf85c8de01a3bef9973 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 24 Jul 2023 16:35:57 +0100 Subject: [PATCH 101/350] Rename x509_int_to_hexdigit to nibble_to_hex_digit Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/x509.c b/library/x509.c index 5025d774b4..b8a866ac38 100644 --- a/library/x509.c +++ b/library/x509.c @@ -810,8 +810,7 @@ int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, return 0; } -/* Converts only the 4 least significant bits */ -static char x509_int_to_hexdigit(int i) +static char nibble_to_hex_digit(int i) { return (i < 10) ? (i | 0x30) : ((i - 9) | 0x40); } @@ -879,8 +878,8 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) s[j++] = '\\'; char lowbits = (c & 0x0F); char highbits = c>>4; - s[j++] = x509_int_to_hexdigit(highbits); - s[j] = x509_int_to_hexdigit(lowbits); + s[j++] = nibble_to_hex_digit(highbits); + s[j] = nibble_to_hex_digit(lowbits); } else { s[j] = c; } From f0e1ac59d863f03a90d7db204f468e3dca4b6e0e Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 24 Jul 2023 16:43:36 +0100 Subject: [PATCH 102/350] Rewrite nibble_to_hex_digit for readability Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509.c b/library/x509.c index b8a866ac38..b36e27a274 100644 --- a/library/x509.c +++ b/library/x509.c @@ -812,7 +812,7 @@ int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end, static char nibble_to_hex_digit(int i) { - return (i < 10) ? (i | 0x30) : ((i - 9) | 0x40); + return (i < 10) ? (i + '0') : (i - 10 + 'A'); } /* From 404b4bb9ab3effee68c51b2c3ccf77c7ce95ca88 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 24 Jul 2023 16:56:10 +0100 Subject: [PATCH 103/350] Add x509 tests for upper and lowercase hexpairs Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_x509write.data | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 0987faef2a..0827f948c2 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -196,13 +196,16 @@ mbedtls_x509_string_to_names:"C=NL, O=#Offspark#, OU=PolarSSL":"C=NL, O=\\#Offsp X509 String to Names #10 (Escape ' ' at beginning and end of string) mbedtls_x509_string_to_names:"C=NL, O= Off spark , OU=PolarSSL":"C=NL, O=\\ Off spark\\ , OU=PolarSSL":0 -X509 String to Names #11 (Escape ascii hexpairs) -mbedtls_x509_string_to_names:"C=NL, O=Of\\66spark, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 +X509 String to Names #11 (Escape ascii hexpairs uppercase encoded) +mbedtls_x509_string_to_names:"C=NL, O=\\4F\\66\\66\\73\\70\\61\\72\\6B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 -X509 String to Names #12 (Escape non-ascii hexpairs) +X509 String to Names #12 (Escape ascii hexpairs lowercase encoded) +mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6b, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 + +X509 String to Names #13 (Escape non-ascii hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"C=NL, O=Of\\00spark, OU=PolarSSL":0 -X509 String to Names #13 (Invalid hexpairs) +X509 String to Names #14 (Invalid hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME Check max serial length From e119f3c0ea898b9f0338d3fbcaecfd556ec4506b Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 24 Jul 2023 17:21:14 +0100 Subject: [PATCH 104/350] Refactor mbedtls_x509_string_to_names This refactor is to accomodate future support of numericoid/hexstring attributetype value pairs. Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 138 ++++++++++++++++++++++++++++++------------ 1 file changed, 100 insertions(+), 38 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 9652a20c6d..8f27cba534 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -28,6 +28,8 @@ #include +#include "mbedtls/platform.h" + /* Structure linking OIDs for X.509 DN AttributeTypes to their * string representations and default string encodings used by Mbed TLS. */ typedef struct { @@ -35,7 +37,8 @@ typedef struct { * "CN" or "emailAddress". */ size_t name_len; /* Length of 'name', without trailing 0 byte. */ const char *oid; /* String representation of OID of AttributeType, - * as per RFC 5280, Appendix A.1. */ + * as per RFC 5280, Appendix A.1. encoded as per + * X.690 */ int default_tag; /* The default character encoding used for the * given attribute type, e.g. * MBEDTLS_ASN1_UTF8_STRING for UTF-8. */ @@ -123,27 +126,99 @@ static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name, return cur; } -static int x509_is_char_hex(char c) +static const x509_attr_descriptor_t *x509_attr_descr_from_numericoid(const char *numericoid, size_t numericoid_len) { - return ('0' <= c && c <= '9') || ('a' <= c && c <= 'f') || ('A' <= c && c <= 'F'); + const x509_attr_descriptor_t *cur; + mbedtls_asn1_buf *oid = mbedtls_calloc(1,sizeof(mbedtls_asn1_buf)); + int ret; + + ret = mbedtls_oid_from_numeric_string(oid, numericoid, numericoid_len); + if((ret == MBEDTLS_ERR_X509_ALLOC_FAILED) || (ret == MBEDTLS_ERR_ASN1_INVALID_DATA)) { + return NULL; + } + + for (cur = x509_attrs; cur->oid != NULL; cur++) { + if (sizeof(cur->oid) == oid->len && + strncmp(cur->oid, (const char*) oid->p, oid->len) == 0) { + break; + } + } + + mbedtls_free(oid->p); + if (cur->oid == NULL) { + return NULL; + } + + return cur; } -static int x509_hex_to_int(char c) +static int hex_to_int(char c) { - return ((c & 0x40) ? (c + 9) : c) & 0x0F; + return ('0' <= c && c <= '9') ? (c - '0') : + ('a' <= c && c <= 'f') ? (c - 'a' + 10) : + ('A' <= c && c <= 'F') ? (c - 'A' + 10) : -1; +} + +static int hexpair_to_int(char c1, char c2) +{ + int n1 = hex_to_int(c1); + int n2 = hex_to_int(c2); + if (n1 != -1 && n2 != -1) { + return (n1 << 4) | n2; + } else { + return -1; + } +} + +static int parse_attribute_value_string(const char *s, int len, char *data, int *data_len) { + const char *c = s; + const char *end = c + len; + int hexpair = 0; + char *d = data; + int n; + while(c < end) { + if (*c == '\\') { + c++; + + /* Check for valid escaped characters in RFC 4514 in Section 3*/ + if (c + 1 < end && (n = hexpair_to_int(*c, *(c+1))) != -1) { + hexpair = 1; + *(d++) = n; + c++; + } else if (c == end || !strchr(" ,=+<>#;\"\\+", *c)) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } + } + if (!hexpair) { + *(d++) = *c; + } + if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } + + hexpair = 0; + c++; + } + *data_len = d - data; + return 0; +} + +static int parse_attribute_value_ber_encoded(const char *s, int len, char *data, int *data_len) { + return 0; } int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name) { int ret = MBEDTLS_ERR_X509_INVALID_NAME; + int parse_ret = 0; const char *s = name, *c = s; const char *end = s + strlen(s); const char *oid = NULL; const x509_attr_descriptor_t *attr_descr = NULL; int in_tag = 1; - int hexpair = 0; + int numericoid = 0; char data[MBEDTLS_X509_MAX_DN_NAME_SIZE]; - char *d = data; + int data_len = 0; /* Clear existing chain if present */ mbedtls_asn1_free_named_data_list(head); @@ -151,34 +226,35 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam while (c <= end) { if (in_tag && *c == '=') { if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) { - ret = MBEDTLS_ERR_X509_UNKNOWN_OID; - goto exit; + if ((attr_descr = x509_attr_descr_from_numericoid(s, c - s)) == NULL) { + return MBEDTLS_ERR_X509_UNKNOWN_OID; + } else { + numericoid = 1; + } + } else { + numericoid = 0; } oid = attr_descr->oid; s = c + 1; in_tag = 0; - d = data; } - if (!in_tag && *c == '\\' && c != end) { - c++; - - /* Check for valid escaped characters in RFC 4514 in Section 3*/ - if (c + 1 < end && x509_is_char_hex(*c) && x509_is_char_hex(*(c+1))) { - hexpair = 1; - *(d++) = (x509_hex_to_int(*c) << 4) + x509_hex_to_int(*(c+1)); - c++; - } else if (c == end || !strchr(" ,=+<>#;\"\\+", *c)) { - ret = MBEDTLS_ERR_X509_INVALID_NAME; - goto exit; + if(!in_tag && ((*c == ',' && *(c-1) != '\\') || c == end)) { + if(!numericoid) { + if((parse_ret = parse_attribute_value_string(s, c - s, data, &data_len)) != 0) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } + } + if(numericoid) { + if((parse_ret = parse_attribute_value_ber_encoded(s, c - s, data, &data_len)) != 0) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } } - } else if (!in_tag && (*c == ',' || c == end)) { mbedtls_asn1_named_data *cur = mbedtls_asn1_store_named_data(head, oid, strlen(oid), (unsigned char *) data, - d - data); - + data_len); if (cur == NULL) { return MBEDTLS_ERR_X509_ALLOC_FAILED; } @@ -196,22 +272,8 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam /* Successfully parsed one name, update ret to success */ ret = 0; } - - if (!hexpair && !in_tag && s != c + 1) { - *(d++) = *c; - - if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) { - ret = MBEDTLS_ERR_X509_INVALID_NAME; - goto exit; - } - } - - hexpair = 0; c++; } - -exit: - return ret; } From b73778d8f9e191bc12b9674eef8cb484c777d68b Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 26 Jul 2023 11:55:31 +0100 Subject: [PATCH 105/350] Implement parse_attribute_value_ber_encoded Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 54 ++++++++++++++++++++++++++++++------------- 1 file changed, 38 insertions(+), 16 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 8f27cba534..de3d33fe0f 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -126,20 +126,21 @@ static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name, return cur; } -static const x509_attr_descriptor_t *x509_attr_descr_from_numericoid(const char *numericoid, size_t numericoid_len) +static const x509_attr_descriptor_t *x509_attr_descr_from_numericoid(const char *numericoid, + size_t numericoid_len) { const x509_attr_descriptor_t *cur; - mbedtls_asn1_buf *oid = mbedtls_calloc(1,sizeof(mbedtls_asn1_buf)); + mbedtls_asn1_buf *oid = mbedtls_calloc(1, sizeof(mbedtls_asn1_buf)); int ret; ret = mbedtls_oid_from_numeric_string(oid, numericoid, numericoid_len); - if((ret == MBEDTLS_ERR_X509_ALLOC_FAILED) || (ret == MBEDTLS_ERR_ASN1_INVALID_DATA)) { - return NULL; + if ((ret == MBEDTLS_ERR_X509_ALLOC_FAILED) || (ret == MBEDTLS_ERR_ASN1_INVALID_DATA)) { + return NULL; } for (cur = x509_attrs; cur->oid != NULL; cur++) { - if (sizeof(cur->oid) == oid->len && - strncmp(cur->oid, (const char*) oid->p, oid->len) == 0) { + if (strlen(cur->oid) == oid->len && + strncmp(cur->oid, (const char *) oid->p, oid->len) == 0) { break; } } @@ -170,13 +171,14 @@ static int hexpair_to_int(char c1, char c2) } } -static int parse_attribute_value_string(const char *s, int len, char *data, int *data_len) { +static int parse_attribute_value_string(const char *s, int len, char *data, int *data_len) +{ const char *c = s; const char *end = c + len; int hexpair = 0; char *d = data; int n; - while(c < end) { + while (c < end) { if (*c == '\\') { c++; @@ -203,7 +205,26 @@ static int parse_attribute_value_string(const char *s, int len, char *data, int return 0; } -static int parse_attribute_value_ber_encoded(const char *s, int len, char *data, int *data_len) { +static int parse_attribute_value_ber_encoded(const char *s, int len, char *data, int *data_len) +{ + const char *c = s; + const char *end = c + len; + char *d = data; + int tag, n; + if ((len < 5) || (*c != '#') || + ((tag = + hexpair_to_int(*(c+1), *(c+2))) == -1) || ((*data_len = hexpair_to_int(*(c+3), *(c+4))) == -1)) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } + c += 5; + + while (c < end) { + if ((c + 1 >= end) || (n = hexpair_to_int(*c, *(c+1))) == -1) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } + *(d++) = n; + c += 2; + } return 0; } @@ -240,15 +261,16 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam in_tag = 0; } - if(!in_tag && ((*c == ',' && *(c-1) != '\\') || c == end)) { - if(!numericoid) { - if((parse_ret = parse_attribute_value_string(s, c - s, data, &data_len)) != 0) { - return MBEDTLS_ERR_X509_INVALID_NAME; + if (!in_tag && ((*c == ',' && *(c-1) != '\\') || c == end)) { + if (!numericoid) { + if ((parse_ret = parse_attribute_value_string(s, c - s, data, &data_len)) != 0) { + return MBEDTLS_ERR_X509_INVALID_NAME; } } - if(numericoid) { - if((parse_ret = parse_attribute_value_ber_encoded(s, c - s, data, &data_len)) != 0) { - return MBEDTLS_ERR_X509_INVALID_NAME; + if (numericoid) { + if ((parse_ret = + parse_attribute_value_ber_encoded(s, c - s, data, &data_len)) != 0) { + return MBEDTLS_ERR_X509_INVALID_NAME; } } mbedtls_asn1_named_data *cur = From ef299d67355f15744f47e39e89649749bf73db38 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 26 Jul 2023 14:53:04 +0100 Subject: [PATCH 106/350] Add more tests for RFC 4514 Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_x509parse.data | 2 +- tests/suites/test_suite_x509write.data | 13 +++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a2a43d3823..d47ac3c6b4 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -184,7 +184,7 @@ x509_cert_info:"data_files/parse_input/server3.crt":"cert. version \: 3\nser X509 CRT information Bitstring in subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 -x509_cert_info:"data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=\\007101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n" +x509_cert_info:"data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=#030B0037313031303132323535\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n rfc822Name \: client@example.com\next key usage \: TLS Web Client Authentication\n" X509 CRT information Non-ASCII string in issuer name and subject name depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 0827f948c2..98017d6e72 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -202,11 +202,20 @@ mbedtls_x509_string_to_names:"C=NL, O=\\4F\\66\\66\\73\\70\\61\\72\\6B, OU=Polar X509 String to Names #12 (Escape ascii hexpairs lowercase encoded) mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6b, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 -X509 String to Names #13 (Escape non-ascii hexpairs) +X509 String to Names #13 (Invalid hexpair escape at end of string) +mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME + +X509 String to Names #14 (Escape non-ascii hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"C=NL, O=Of\\00spark, OU=PolarSSL":0 -X509 String to Names #14 (Invalid hexpairs) +X509 String to Names #15 (Invalid hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +X509 String to Names #16 (Accept numercoid/hexstring) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 + +X509 String to Names #17 (Accept numercoid/hexstring, output as bitstring) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#03084F6666737061726B, OU=PolarSSL":"C=NL, O=#03084F6666737061726B, OU=PolarSSL":0 + Check max serial length x509_set_serial_check: From ddc720d2090b8dc4a0ad5a2f778dbde1c9ada8f5 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 26 Jul 2023 15:51:49 +0100 Subject: [PATCH 107/350] Add mbedtls_x509_dn_gets hexstring output If the data is a bitstring or an octet string, instead use the hexstring of the BER encoding (RFC 4514 Section 2.4) Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 104 ++++++++++++++++++++++++++++++++++++------------- 1 file changed, 76 insertions(+), 28 deletions(-) diff --git a/library/x509.c b/library/x509.c index b36e27a274..5298693e42 100644 --- a/library/x509.c +++ b/library/x509.c @@ -43,6 +43,10 @@ #include "mbedtls/pem.h" #endif +#if defined(MBEDTLS_ASN1_WRITE_C) +#include "mbedtls/asn1write.h" +#endif + #include "mbedtls/platform.h" #if defined(MBEDTLS_HAVE_TIME) @@ -822,11 +826,16 @@ static char nibble_to_hex_digit(int i) int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, j, n; + size_t i, j, n, asn1_len_size; + unsigned char asn1_len_buf[5]; + int asn1_len_start; + unsigned char *asn1_len_p; unsigned char c, merge = 0; const mbedtls_x509_name *name; const char *short_name = NULL; + char numericoid[MBEDTLS_X509_MAX_DN_NAME_SIZE]; char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p; + int is_numericoid = 0; memset(s, 0, sizeof(s)); @@ -845,43 +854,82 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) MBEDTLS_X509_SAFE_SNPRINTF; } - ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name); + is_numericoid = (name->val.tag == MBEDTLS_ASN1_BIT_STRING) || (name->val.tag == MBEDTLS_ASN1_OCTET_STRING); - if (ret == 0) { - ret = mbedtls_snprintf(p, n, "%s=", short_name); - } else { - ret = mbedtls_snprintf(p, n, "\?\?="); + if(is_numericoid) { + ret = mbedtls_oid_get_numeric_string(numericoid,MBEDTLS_X509_MAX_DN_NAME_SIZE,&name->oid); + if (ret > 0) { + ret = mbedtls_snprintf(p, n, "%s=", numericoid); + } else { + ret = mbedtls_snprintf(p, n, "\?\?="); + } + MBEDTLS_X509_SAFE_SNPRINTF; } - MBEDTLS_X509_SAFE_SNPRINTF; - - for (i = 0, j = 0; i < name->val.len; i++, j++) { - if (j >= sizeof(s) - 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + else { + ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name); + if (ret == 0) { + ret = mbedtls_snprintf(p, n, "%s=", short_name); + } else { + ret = mbedtls_snprintf(p, n, "\?\?="); } + MBEDTLS_X509_SAFE_SNPRINTF; + } - c = name->val.p[i]; - // Special characters requiring escaping, RFC 4514 Section 2.4 - if (c) { - if (strchr(",=+<>;\"\\+", c) || - ((i == 0) && strchr("# ", c)) || - ((i == name->val.len-1) && (c == ' '))) { - if (j + 1 >= sizeof(s) - 1) { - return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - s[j++] = '\\'; - } - } - if (c < 32 || c >= 127) { - if (j + 3 >= sizeof(s) - 1) { + if(is_numericoid) { + s[0] = '#'; + c = name->val.tag; + char lowbits = (c & 0x0F); + char highbits = c>>4; + s[1] = nibble_to_hex_digit(highbits); + s[2] = nibble_to_hex_digit(lowbits); + asn1_len_p = asn1_len_buf+5; + asn1_len_size = mbedtls_asn1_write_len(&asn1_len_p,asn1_len_buf,name->val.len); + asn1_len_start = 5 - asn1_len_size; + for (i = 0, j = 3; i < asn1_len_size + name->val.len; i++, j++) { + if (j + 1 >= sizeof(s) - 1) { return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } - s[j++] = '\\'; + if(i < asn1_len_size) { + c = asn1_len_buf[asn1_len_start+i]; + } + else { + c = name->val.p[i-asn1_len_size]; + } char lowbits = (c & 0x0F); char highbits = c>>4; s[j++] = nibble_to_hex_digit(highbits); s[j] = nibble_to_hex_digit(lowbits); - } else { - s[j] = c; + } + } else { + for (i = 0, j = 0; i < name->val.len; i++, j++) { + if (j >= sizeof(s) - 1) { + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + } + + c = name->val.p[i]; + // Special characters requiring escaping, RFC 4514 Section 2.4 + if (c) { + if (strchr(",=+<>;\"\\+", c) || + ((i == 0) && strchr("# ", c)) || + ((i == name->val.len-1) && (c == ' '))) { + if (j + 1 >= sizeof(s) - 1) { + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + } + s[j++] = '\\'; + } + } + if (c < 32 || c >= 127) { + if (j + 3 >= sizeof(s) - 1) { + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + } + s[j++] = '\\'; + char lowbits = (c & 0x0F); + char highbits = c>>4; + s[j++] = nibble_to_hex_digit(highbits); + s[j] = nibble_to_hex_digit(lowbits); + } else { + s[j] = c; + } } } s[j] = '\0'; From 6cbfae591ace476615344abf08a710de6a5224c0 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 27 Jul 2023 14:34:11 +0100 Subject: [PATCH 108/350] Parse DER tag mbedtls_x509_string_to_names Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 64 +++++++++++++++++++++++++++++-------------- 1 file changed, 43 insertions(+), 21 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index de3d33fe0f..b2b6bcddaa 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -30,6 +30,10 @@ #include "mbedtls/platform.h" +#if defined(MBEDTLS_ASN1_PARSE_C) +#include "mbedtls/asn1.h" +#endif + /* Structure linking OIDs for X.509 DN AttributeTypes to their * string representations and default string encodings used by Mbed TLS. */ typedef struct { @@ -171,12 +175,12 @@ static int hexpair_to_int(char c1, char c2) } } -static int parse_attribute_value_string(const char *s, int len, char *data, int *data_len) +static int parse_attribute_value_string(const char *s, int len, unsigned char *data, size_t *data_len) { const char *c = s; const char *end = c + len; int hexpair = 0; - char *d = data; + unsigned char *d = data; int n; while (c < end) { if (*c == '\\') { @@ -205,26 +209,42 @@ static int parse_attribute_value_string(const char *s, int len, char *data, int return 0; } -static int parse_attribute_value_ber_encoded(const char *s, int len, char *data, int *data_len) +static int parse_attribute_value_ber_encoded(const char *s, int len, unsigned char *data, size_t *data_len, int *tag) { const char *c = s; const char *end = c + len; - char *d = data; - int tag, n; - if ((len < 5) || (*c != '#') || - ((tag = - hexpair_to_int(*(c+1), *(c+2))) == -1) || ((*data_len = hexpair_to_int(*(c+3), *(c+4))) == -1)) { - return MBEDTLS_ERR_X509_INVALID_NAME; - } - c += 5; - - while (c < end) { + unsigned char asn1_der_buf[256]; + unsigned char *asn1_der_end; + unsigned char *p; + unsigned char *d; + int n; + /* Converting from hexstring to raw binary so we can use asn1parse.c*/ + if ((len < 5) || (*c != '#')) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } + c++; + if((*tag = hexpair_to_int(*c, *(c+1))) == -1) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } + c += 2; + p = asn1_der_buf; + for (p = asn1_der_buf; c < end; c += 2) { if ((c + 1 >= end) || (n = hexpair_to_int(*c, *(c+1))) == -1) { return MBEDTLS_ERR_X509_INVALID_NAME; } - *(d++) = n; - c += 2; + *(p++) = n; } + asn1_der_end = p; + + p = asn1_der_buf; + if(mbedtls_asn1_get_len(&p, asn1_der_end, data_len) != 0) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } + + for (d = data; p < asn1_der_end; p++) { + *(d++) = *p; + } + return 0; } @@ -237,9 +257,10 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam const char *oid = NULL; const x509_attr_descriptor_t *attr_descr = NULL; int in_tag = 1; + int tag; int numericoid = 0; - char data[MBEDTLS_X509_MAX_DN_NAME_SIZE]; - int data_len = 0; + unsigned char data[MBEDTLS_X509_MAX_DN_NAME_SIZE]; + size_t data_len = 0; /* Clear existing chain if present */ mbedtls_asn1_free_named_data_list(head); @@ -264,13 +285,14 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam if (!in_tag && ((*c == ',' && *(c-1) != '\\') || c == end)) { if (!numericoid) { if ((parse_ret = parse_attribute_value_string(s, c - s, data, &data_len)) != 0) { - return MBEDTLS_ERR_X509_INVALID_NAME; + return parse_ret; } + tag = attr_descr->default_tag; } if (numericoid) { if ((parse_ret = - parse_attribute_value_ber_encoded(s, c - s, data, &data_len)) != 0) { - return MBEDTLS_ERR_X509_INVALID_NAME; + parse_attribute_value_ber_encoded(s, c - s, data, &data_len, &tag)) != 0) { + return parse_ret; } } mbedtls_asn1_named_data *cur = @@ -282,7 +304,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam } // set tagType - cur->val.tag = attr_descr->default_tag; + cur->val.tag = tag; while (c < end && *(c + 1) == ' ') { c++; From 0eb6673a8083223bd25e55f3ce10c844a7d0ecc6 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 31 Jul 2023 16:10:07 +0100 Subject: [PATCH 109/350] Add preprocessor config guards Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 6 ++++++ library/x509_create.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/library/x509.c b/library/x509.c index 5298693e42..87f48207fd 100644 --- a/library/x509.c +++ b/library/x509.c @@ -876,12 +876,15 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) } if(is_numericoid) { + #if defined(MBEDTLS_ASN1_WRITE_C) s[0] = '#'; + c = name->val.tag; char lowbits = (c & 0x0F); char highbits = c>>4; s[1] = nibble_to_hex_digit(highbits); s[2] = nibble_to_hex_digit(lowbits); + asn1_len_p = asn1_len_buf+5; asn1_len_size = mbedtls_asn1_write_len(&asn1_len_p,asn1_len_buf,name->val.len); asn1_len_start = 5 - asn1_len_size; @@ -900,6 +903,9 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) s[j++] = nibble_to_hex_digit(highbits); s[j] = nibble_to_hex_digit(lowbits); } + #else + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + #endif } else { for (i = 0, j = 0; i < name->val.len; i++, j++) { if (j >= sizeof(s) - 1) { diff --git a/library/x509_create.c b/library/x509_create.c index b2b6bcddaa..59f1905e18 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -209,6 +209,7 @@ static int parse_attribute_value_string(const char *s, int len, unsigned char *d return 0; } +#if defined(MBEDTLS_ASN1_PARSE_C) static int parse_attribute_value_ber_encoded(const char *s, int len, unsigned char *data, size_t *data_len, int *tag) { const char *c = s; @@ -247,6 +248,7 @@ static int parse_attribute_value_ber_encoded(const char *s, int len, unsigned ch return 0; } +#endif int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name) { @@ -290,10 +292,14 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam tag = attr_descr->default_tag; } if (numericoid) { + #if defined(MBEDTLS_ASN1_PARSE_C) if ((parse_ret = parse_attribute_value_ber_encoded(s, c - s, data, &data_len, &tag)) != 0) { return parse_ret; } + #else + return MBEDTLS_ERR_X509_INVALID_NAME; + #endif } mbedtls_asn1_named_data *cur = mbedtls_asn1_store_named_data(head, oid, strlen(oid), From c9d74f3109633c891d8c1691117cf894a423268d Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 31 Jul 2023 17:25:44 +0100 Subject: [PATCH 110/350] Refactor AttributeType in mbedtls_x509_dn_gets Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) diff --git a/library/x509.c b/library/x509.c index 87f48207fd..c5eca2a78e 100644 --- a/library/x509.c +++ b/library/x509.c @@ -833,9 +833,9 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) unsigned char c, merge = 0; const mbedtls_x509_name *name; const char *short_name = NULL; - char numericoid[MBEDTLS_X509_MAX_DN_NAME_SIZE]; + char numericoid[256]; char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p; - int is_numericoid = 0; + int print_hexstring; memset(s, 0, sizeof(s)); @@ -854,28 +854,21 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) MBEDTLS_X509_SAFE_SNPRINTF; } - is_numericoid = (name->val.tag == MBEDTLS_ASN1_BIT_STRING) || (name->val.tag == MBEDTLS_ASN1_OCTET_STRING); + print_hexstring = (name->val.tag == MBEDTLS_ASN1_BIT_STRING) || (name->val.tag == MBEDTLS_ASN1_OCTET_STRING); - if(is_numericoid) { - ret = mbedtls_oid_get_numeric_string(numericoid,MBEDTLS_X509_MAX_DN_NAME_SIZE,&name->oid); - if (ret > 0) { + if ((ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name)) == 0) { + ret = mbedtls_snprintf(p, n, "%s=", short_name); + } else { + if ((ret = mbedtls_oid_get_numeric_string(numericoid,256,&name->oid)) > 0) { ret = mbedtls_snprintf(p, n, "%s=", numericoid); + print_hexstring = 1; } else { ret = mbedtls_snprintf(p, n, "\?\?="); } - MBEDTLS_X509_SAFE_SNPRINTF; - } - else { - ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name); - if (ret == 0) { - ret = mbedtls_snprintf(p, n, "%s=", short_name); - } else { - ret = mbedtls_snprintf(p, n, "\?\?="); - } - MBEDTLS_X509_SAFE_SNPRINTF; } + MBEDTLS_X509_SAFE_SNPRINTF; - if(is_numericoid) { + if(print_hexstring) { #if defined(MBEDTLS_ASN1_WRITE_C) s[0] = '#'; From 4987c8fcb0514b5c053be595c3d02408baa73f66 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 1 Aug 2023 11:10:52 +0100 Subject: [PATCH 111/350] Fix code style on x509.c and x509_create.c Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 14 +++++----- library/x509_create.c | 59 ++++++++++++++++++++++++------------------- 2 files changed, 40 insertions(+), 33 deletions(-) diff --git a/library/x509.c b/library/x509.c index c5eca2a78e..82b5af3aad 100644 --- a/library/x509.c +++ b/library/x509.c @@ -854,12 +854,13 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) MBEDTLS_X509_SAFE_SNPRINTF; } - print_hexstring = (name->val.tag == MBEDTLS_ASN1_BIT_STRING) || (name->val.tag == MBEDTLS_ASN1_OCTET_STRING); + print_hexstring = (name->val.tag == MBEDTLS_ASN1_BIT_STRING) || + (name->val.tag == MBEDTLS_ASN1_OCTET_STRING); if ((ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name)) == 0) { ret = mbedtls_snprintf(p, n, "%s=", short_name); } else { - if ((ret = mbedtls_oid_get_numeric_string(numericoid,256,&name->oid)) > 0) { + if ((ret = mbedtls_oid_get_numeric_string(numericoid, 256, &name->oid)) > 0) { ret = mbedtls_snprintf(p, n, "%s=", numericoid); print_hexstring = 1; } else { @@ -868,7 +869,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) } MBEDTLS_X509_SAFE_SNPRINTF; - if(print_hexstring) { + if (print_hexstring) { #if defined(MBEDTLS_ASN1_WRITE_C) s[0] = '#'; @@ -879,16 +880,15 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) s[2] = nibble_to_hex_digit(lowbits); asn1_len_p = asn1_len_buf+5; - asn1_len_size = mbedtls_asn1_write_len(&asn1_len_p,asn1_len_buf,name->val.len); + asn1_len_size = mbedtls_asn1_write_len(&asn1_len_p, asn1_len_buf, name->val.len); asn1_len_start = 5 - asn1_len_size; for (i = 0, j = 3; i < asn1_len_size + name->val.len; i++, j++) { if (j + 1 >= sizeof(s) - 1) { return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } - if(i < asn1_len_size) { + if (i < asn1_len_size) { c = asn1_len_buf[asn1_len_start+i]; - } - else { + } else { c = name->val.p[i-asn1_len_size]; } char lowbits = (c & 0x0F); diff --git a/library/x509_create.c b/library/x509_create.c index 59f1905e18..80beff2dfe 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -175,7 +175,10 @@ static int hexpair_to_int(char c1, char c2) } } -static int parse_attribute_value_string(const char *s, int len, unsigned char *data, size_t *data_len) +static int parse_attribute_value_string(const char *s, + int len, + unsigned char *data, + size_t *data_len) { const char *c = s; const char *end = c + len; @@ -210,41 +213,45 @@ static int parse_attribute_value_string(const char *s, int len, unsigned char *d } #if defined(MBEDTLS_ASN1_PARSE_C) -static int parse_attribute_value_ber_encoded(const char *s, int len, unsigned char *data, size_t *data_len, int *tag) +static int parse_attribute_value_ber_encoded(const char *s, + int len, + unsigned char *data, + size_t *data_len, + int *tag) { const char *c = s; const char *end = c + len; unsigned char asn1_der_buf[256]; - unsigned char *asn1_der_end; - unsigned char *p; + unsigned char *asn1_der_end; + unsigned char *p; unsigned char *d; int n; - /* Converting from hexstring to raw binary so we can use asn1parse.c*/ - if ((len < 5) || (*c != '#')) { - return MBEDTLS_ERR_X509_INVALID_NAME; - } - c++; - if((*tag = hexpair_to_int(*c, *(c+1))) == -1) { - return MBEDTLS_ERR_X509_INVALID_NAME; - } - c += 2; - p = asn1_der_buf; + /* Converting from hexstring to raw binary so we can use asn1parse.c*/ + if ((len < 5) || (*c != '#')) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } + c++; + if ((*tag = hexpair_to_int(*c, *(c+1))) == -1) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } + c += 2; + p = asn1_der_buf; for (p = asn1_der_buf; c < end; c += 2) { if ((c + 1 >= end) || (n = hexpair_to_int(*c, *(c+1))) == -1) { return MBEDTLS_ERR_X509_INVALID_NAME; } *(p++) = n; } - asn1_der_end = p; + asn1_der_end = p; - p = asn1_der_buf; - if(mbedtls_asn1_get_len(&p, asn1_der_end, data_len) != 0) { - return MBEDTLS_ERR_X509_INVALID_NAME; - } + p = asn1_der_buf; + if (mbedtls_asn1_get_len(&p, asn1_der_end, data_len) != 0) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } - for (d = data; p < asn1_der_end; p++) { - *(d++) = *p; - } + for (d = data; p < asn1_der_end; p++) { + *(d++) = *p; + } return 0; } @@ -292,14 +299,14 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam tag = attr_descr->default_tag; } if (numericoid) { - #if defined(MBEDTLS_ASN1_PARSE_C) + #if defined(MBEDTLS_ASN1_PARSE_C) if ((parse_ret = parse_attribute_value_ber_encoded(s, c - s, data, &data_len, &tag)) != 0) { return parse_ret; } - #else - return MBEDTLS_ERR_X509_INVALID_NAME; - #endif + #else + return MBEDTLS_ERR_X509_INVALID_NAME; + #endif } mbedtls_asn1_named_data *cur = mbedtls_asn1_store_named_data(head, oid, strlen(oid), From 47cc76f0705ef1fac821c7dccc8f59c74c621c91 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 2 Aug 2023 14:12:44 +0100 Subject: [PATCH 112/350] Update x509 test for numericoid/hexstring output Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_x509parse.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index d47ac3c6b4..b154db924f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2381,7 +2381,7 @@ x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b05003 X509 CRT ASN1 (Name with composite RDN) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 -x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, ??=US, ??=Delaware, O=Authorize.Net LLC, ??=Private Organization, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0 +x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, 1.3.6.1.4.1.311.60.2.1.3=#13025553, 1.3.6.1.4.1.311.60.2.1.2=#130844656C6177617265, O=Authorize.Net LLC, 2.5.4.15=#131450726976617465204F7267616E697A6174696F6E, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0 X509 CRT ASN1 (Name with PKCS9 email) depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256 From 0a4b6d88d0367b5cd24171285810f42cfa5bb87c Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 2 Aug 2023 15:05:57 +0100 Subject: [PATCH 113/350] Alter conditions on hexstring output dn_gets Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/x509.c b/library/x509.c index 82b5af3aad..ee1dc704ea 100644 --- a/library/x509.c +++ b/library/x509.c @@ -854,8 +854,9 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) MBEDTLS_X509_SAFE_SNPRINTF; } - print_hexstring = (name->val.tag == MBEDTLS_ASN1_BIT_STRING) || - (name->val.tag == MBEDTLS_ASN1_OCTET_STRING); + print_hexstring = (name->val.tag != MBEDTLS_ASN1_UTF8_STRING) && + (name->val.tag != MBEDTLS_ASN1_PRINTABLE_STRING) && + (name->val.tag != MBEDTLS_ASN1_IA5_STRING); if ((ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name)) == 0) { ret = mbedtls_snprintf(p, n, "%s=", short_name); From a1f5c2d06fa15daf89d26934d4813db2b6c613a2 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 2 Aug 2023 17:08:52 +0100 Subject: [PATCH 114/350] Move declaration of variables in dn_gets to top Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/library/x509.c b/library/x509.c index ee1dc704ea..f3f3c87730 100644 --- a/library/x509.c +++ b/library/x509.c @@ -833,6 +833,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) unsigned char c, merge = 0; const mbedtls_x509_name *name; const char *short_name = NULL; + char lowbits, highbits; char numericoid[256]; char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p; int print_hexstring; @@ -875,8 +876,8 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) s[0] = '#'; c = name->val.tag; - char lowbits = (c & 0x0F); - char highbits = c>>4; + lowbits = (c & 0x0F); + highbits = c>>4; s[1] = nibble_to_hex_digit(highbits); s[2] = nibble_to_hex_digit(lowbits); @@ -892,8 +893,8 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) } else { c = name->val.p[i-asn1_len_size]; } - char lowbits = (c & 0x0F); - char highbits = c>>4; + lowbits = (c & 0x0F); + highbits = c>>4; s[j++] = nibble_to_hex_digit(highbits); s[j] = nibble_to_hex_digit(lowbits); } @@ -923,8 +924,8 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } s[j++] = '\\'; - char lowbits = (c & 0x0F); - char highbits = c>>4; + lowbits = (c & 0x0F); + highbits = c>>4; s[j++] = nibble_to_hex_digit(highbits); s[j] = nibble_to_hex_digit(lowbits); } else { From f818e01edbff211227fa6aafa3e87db0f82a564c Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 3 Aug 2023 14:37:50 +0100 Subject: [PATCH 115/350] FIx memory leak in x509_attr_descr_from_numericoid; Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/x509_create.c b/library/x509_create.c index 80beff2dfe..8ce3584aee 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -150,6 +150,7 @@ static const x509_attr_descriptor_t *x509_attr_descr_from_numericoid(const char } mbedtls_free(oid->p); + mbedtls_free(oid); if (cur->oid == NULL) { return NULL; } From 39ba121d3a73d8987e6d5010fd9aab5967aac907 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 3 Aug 2023 16:00:15 +0100 Subject: [PATCH 116/350] Fix memory leak in alternative code route If no oid is found, and x509_attr_descr_from_numericoid returns NULL, previously the memory allocated for the oid wasn't freed. Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/x509_create.c b/library/x509_create.c index 8ce3584aee..dd47748ece 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -139,6 +139,8 @@ static const x509_attr_descriptor_t *x509_attr_descr_from_numericoid(const char ret = mbedtls_oid_from_numeric_string(oid, numericoid, numericoid_len); if ((ret == MBEDTLS_ERR_X509_ALLOC_FAILED) || (ret == MBEDTLS_ERR_ASN1_INVALID_DATA)) { + mbedtls_free(oid->p); + mbedtls_free(oid); return NULL; } From 7f639fc7ab054d13d672d13b12102d089772577c Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 4 Aug 2023 14:57:36 +0100 Subject: [PATCH 117/350] Fix Windows x64 build errors with type conversions Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 3 +-- library/x509_create.c | 4 ++-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/library/x509.c b/library/x509.c index f3f3c87730..8145fb815d 100644 --- a/library/x509.c +++ b/library/x509.c @@ -826,9 +826,8 @@ static char nibble_to_hex_digit(int i) int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, j, n, asn1_len_size; + size_t i, j, n, asn1_len_size, asn1_len_start; unsigned char asn1_len_buf[5]; - int asn1_len_start; unsigned char *asn1_len_p; unsigned char c, merge = 0; const mbedtls_x509_name *name; diff --git a/library/x509_create.c b/library/x509_create.c index dd47748ece..6d11529f9a 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -296,7 +296,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam if (!in_tag && ((*c == ',' && *(c-1) != '\\') || c == end)) { if (!numericoid) { - if ((parse_ret = parse_attribute_value_string(s, c - s, data, &data_len)) != 0) { + if ((parse_ret = parse_attribute_value_string(s, (int) (c - s), data, &data_len)) != 0) { return parse_ret; } tag = attr_descr->default_tag; @@ -304,7 +304,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam if (numericoid) { #if defined(MBEDTLS_ASN1_PARSE_C) if ((parse_ret = - parse_attribute_value_ber_encoded(s, c - s, data, &data_len, &tag)) != 0) { + parse_attribute_value_ber_encoded(s, (int) (c - s), data, &data_len, &tag)) != 0) { return parse_ret; } #else From 97178f231facf559991b6667a7ead953eb21e35e Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 7 Aug 2023 12:19:43 +0100 Subject: [PATCH 118/350] Fix code style in mbedtls_x509_string_to_names Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 6d11529f9a..b82c9973d5 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -296,7 +296,8 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam if (!in_tag && ((*c == ',' && *(c-1) != '\\') || c == end)) { if (!numericoid) { - if ((parse_ret = parse_attribute_value_string(s, (int) (c - s), data, &data_len)) != 0) { + if ((parse_ret = + parse_attribute_value_string(s, (int) (c - s), data, &data_len)) != 0) { return parse_ret; } tag = attr_descr->default_tag; @@ -304,7 +305,8 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam if (numericoid) { #if defined(MBEDTLS_ASN1_PARSE_C) if ((parse_ret = - parse_attribute_value_ber_encoded(s, (int) (c - s), data, &data_len, &tag)) != 0) { + parse_attribute_value_ber_encoded(s, (int) (c - s), data, &data_len, + &tag)) != 0) { return parse_ret; } #else From ed88eefe8e72844671ddd608254480e1516730a8 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 10 Aug 2023 13:51:38 +0100 Subject: [PATCH 119/350] Rename in_tag to in_attr_type Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index b82c9973d5..2c91e784d3 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -268,7 +268,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam const char *end = s + strlen(s); const char *oid = NULL; const x509_attr_descriptor_t *attr_descr = NULL; - int in_tag = 1; + int in_attr_type = 1; int tag; int numericoid = 0; unsigned char data[MBEDTLS_X509_MAX_DN_NAME_SIZE]; @@ -278,7 +278,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam mbedtls_asn1_free_named_data_list(head); while (c <= end) { - if (in_tag && *c == '=') { + if (in_attr_type && *c == '=') { if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) { if ((attr_descr = x509_attr_descr_from_numericoid(s, c - s)) == NULL) { return MBEDTLS_ERR_X509_UNKNOWN_OID; @@ -291,10 +291,10 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam oid = attr_descr->oid; s = c + 1; - in_tag = 0; + in_attr_type = 0; } - if (!in_tag && ((*c == ',' && *(c-1) != '\\') || c == end)) { + if (!in_attr_type && ((*c == ',' && *(c-1) != '\\') || c == end)) { if (!numericoid) { if ((parse_ret = parse_attribute_value_string(s, (int) (c - s), data, &data_len)) != 0) { @@ -329,7 +329,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam } s = c + 1; - in_tag = 1; + in_attr_type = 1; /* Successfully parsed one name, update ret to success */ ret = 0; From ee642d93a8d97876ff5fd1b31efb2b37fca07cfc Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 10 Aug 2023 14:08:27 +0100 Subject: [PATCH 120/350] Format preprocessor conditionals Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 6 +++--- library/x509_create.c | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/x509.c b/library/x509.c index 8145fb815d..85aaf06e9f 100644 --- a/library/x509.c +++ b/library/x509.c @@ -871,7 +871,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) MBEDTLS_X509_SAFE_SNPRINTF; if (print_hexstring) { - #if defined(MBEDTLS_ASN1_WRITE_C) +#if defined(MBEDTLS_ASN1_WRITE_C) s[0] = '#'; c = name->val.tag; @@ -897,9 +897,9 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) s[j++] = nibble_to_hex_digit(highbits); s[j] = nibble_to_hex_digit(lowbits); } - #else +#else return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; - #endif +#endif } else { for (i = 0, j = 0; i < name->val.len; i++, j++) { if (j >= sizeof(s) - 1) { diff --git a/library/x509_create.c b/library/x509_create.c index 2c91e784d3..e673be6d06 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -303,15 +303,15 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam tag = attr_descr->default_tag; } if (numericoid) { - #if defined(MBEDTLS_ASN1_PARSE_C) +#if defined(MBEDTLS_ASN1_PARSE_C) if ((parse_ret = parse_attribute_value_ber_encoded(s, (int) (c - s), data, &data_len, &tag)) != 0) { return parse_ret; } - #else +#else return MBEDTLS_ERR_X509_INVALID_NAME; - #endif +#endif } mbedtls_asn1_named_data *cur = mbedtls_asn1_store_named_data(head, oid, strlen(oid), From e18a1789fd80f4c0501e57a91c282cf6db024e07 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 10 Aug 2023 14:12:28 +0100 Subject: [PATCH 121/350] Use MBEDTLS_X509_MAX_DN_NAME_SIZE for buffer size Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index e673be6d06..a666e2d22f 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -224,10 +224,10 @@ static int parse_attribute_value_ber_encoded(const char *s, { const char *c = s; const char *end = c + len; - unsigned char asn1_der_buf[256]; + unsigned char asn1_der_buf[MBEDTLS_X509_MAX_DN_NAME_SIZE]; unsigned char *asn1_der_end; unsigned char *p; - unsigned char *d; + unsigned char *d = data; int n; /* Converting from hexstring to raw binary so we can use asn1parse.c*/ if ((len < 5) || (*c != '#')) { @@ -252,8 +252,8 @@ static int parse_attribute_value_ber_encoded(const char *s, return MBEDTLS_ERR_X509_INVALID_NAME; } - for (d = data; p < asn1_der_end; p++) { - *(d++) = *p; + while (p < asn1_der_end) { + *(d++) = *(p++); } return 0; From 2bf09a61a34e0ef50f77845300f149323cc52db8 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 10 Aug 2023 14:37:00 +0100 Subject: [PATCH 122/350] Fix style on left shift operations Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/x509.c b/library/x509.c index 85aaf06e9f..f44860bfef 100644 --- a/library/x509.c +++ b/library/x509.c @@ -876,7 +876,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) c = name->val.tag; lowbits = (c & 0x0F); - highbits = c>>4; + highbits = c >> 4; s[1] = nibble_to_hex_digit(highbits); s[2] = nibble_to_hex_digit(lowbits); @@ -893,7 +893,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) c = name->val.p[i-asn1_len_size]; } lowbits = (c & 0x0F); - highbits = c>>4; + highbits = c >> 4; s[j++] = nibble_to_hex_digit(highbits); s[j] = nibble_to_hex_digit(lowbits); } @@ -924,7 +924,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) } s[j++] = '\\'; lowbits = (c & 0x0F); - highbits = c>>4; + highbits = c >> 4; s[j++] = nibble_to_hex_digit(highbits); s[j] = nibble_to_hex_digit(lowbits); } else { From 5adffb24882e69c8950963b5a27f7a5df884361e Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 10 Aug 2023 15:50:57 +0100 Subject: [PATCH 123/350] Refactor dn_gets use library function to write tag Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/library/x509.c b/library/x509.c index f44860bfef..e2bb2fd9ca 100644 --- a/library/x509.c +++ b/library/x509.c @@ -826,8 +826,8 @@ static char nibble_to_hex_digit(int i) int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t i, j, n, asn1_len_size, asn1_len_start; - unsigned char asn1_len_buf[5]; + size_t i, j, n, asn1_len_size, asn1_tag_size, asn1_tag_len_buf_start; + unsigned char asn1_tag_len_buf[10]; unsigned char *asn1_len_p; unsigned char c, merge = 0; const mbedtls_x509_name *name; @@ -874,28 +874,29 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) #if defined(MBEDTLS_ASN1_WRITE_C) s[0] = '#'; - c = name->val.tag; - lowbits = (c & 0x0F); - highbits = c >> 4; - s[1] = nibble_to_hex_digit(highbits); - s[2] = nibble_to_hex_digit(lowbits); - - asn1_len_p = asn1_len_buf+5; - asn1_len_size = mbedtls_asn1_write_len(&asn1_len_p, asn1_len_buf, name->val.len); - asn1_len_start = 5 - asn1_len_size; - for (i = 0, j = 3; i < asn1_len_size + name->val.len; i++, j++) { + asn1_len_p = asn1_tag_len_buf + 10; + asn1_len_size = mbedtls_asn1_write_len(&asn1_len_p, asn1_tag_len_buf, name->val.len); + asn1_tag_size = mbedtls_asn1_write_tag(&asn1_len_p,asn1_tag_len_buf,name->val.tag); + asn1_tag_len_buf_start = 10 - asn1_len_size - asn1_tag_size; + for (i = 0, j = 1; i < asn1_len_size + asn1_tag_size; i++) { if (j + 1 >= sizeof(s) - 1) { return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; } - if (i < asn1_len_size) { - c = asn1_len_buf[asn1_len_start+i]; - } else { - c = name->val.p[i-asn1_len_size]; - } + c = asn1_tag_len_buf[asn1_tag_len_buf_start+i]; lowbits = (c & 0x0F); highbits = c >> 4; s[j++] = nibble_to_hex_digit(highbits); - s[j] = nibble_to_hex_digit(lowbits); + s[j++] = nibble_to_hex_digit(lowbits); + } + for (i = 0; i < name->val.len; i++) { + if (j + 1 >= sizeof(s) - 1) { + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + } + c = name->val.p[i]; + lowbits = (c & 0x0F); + highbits = c >> 4; + s[j++] = nibble_to_hex_digit(highbits); + s[j++] = nibble_to_hex_digit(lowbits); } #else return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; From 5ca98485138e48e69d9da92e9484ca67502884d3 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 10 Aug 2023 16:01:03 +0100 Subject: [PATCH 124/350] Reword test in test_suite_x509write Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_x509write.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 98017d6e72..490df804d9 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -214,7 +214,7 @@ mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X X509 String to Names #16 (Accept numercoid/hexstring) mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 -X509 String to Names #17 (Accept numercoid/hexstring, output as bitstring) +X509 String to Names #17 (Output attributetype as bitstring) mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#03084F6666737061726B, OU=PolarSSL":"C=NL, O=#03084F6666737061726B, OU=PolarSSL":0 Check max serial length From a7f96309255ebf97d0ff3263eec7537a92c04cc1 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 10 Aug 2023 16:03:27 +0100 Subject: [PATCH 125/350] Remove duplicate '+' in comparison string Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 2 +- library/x509_create.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509.c b/library/x509.c index e2bb2fd9ca..b487b43cf5 100644 --- a/library/x509.c +++ b/library/x509.c @@ -910,7 +910,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) c = name->val.p[i]; // Special characters requiring escaping, RFC 4514 Section 2.4 if (c) { - if (strchr(",=+<>;\"\\+", c) || + if (strchr(",=+<>;\"\\", c) || ((i == 0) && strchr("# ", c)) || ((i == name->val.len-1) && (c == ' '))) { if (j + 1 >= sizeof(s) - 1) { diff --git a/library/x509_create.c b/library/x509_create.c index a666e2d22f..4c5261113e 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -197,7 +197,7 @@ static int parse_attribute_value_string(const char *s, hexpair = 1; *(d++) = n; c++; - } else if (c == end || !strchr(" ,=+<>#;\"\\+", *c)) { + } else if (c == end || !strchr(" ,=+<>#;\"\\", *c)) { return MBEDTLS_ERR_X509_INVALID_NAME; } } From af70c7dce772076cfa17c0d07c266fae8919a913 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Thu, 10 Aug 2023 16:39:23 +0100 Subject: [PATCH 126/350] Write numeric oid directly to buffer mbedtls_oid_get_numeric_string now points to output buffer in dn_gets Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/x509.c b/library/x509.c index b487b43cf5..74b2fd6a12 100644 --- a/library/x509.c +++ b/library/x509.c @@ -833,7 +833,6 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) const mbedtls_x509_name *name; const char *short_name = NULL; char lowbits, highbits; - char numericoid[256]; char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p; int print_hexstring; @@ -861,8 +860,9 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) if ((ret = mbedtls_oid_get_attr_short_name(&name->oid, &short_name)) == 0) { ret = mbedtls_snprintf(p, n, "%s=", short_name); } else { - if ((ret = mbedtls_oid_get_numeric_string(numericoid, 256, &name->oid)) > 0) { - ret = mbedtls_snprintf(p, n, "%s=", numericoid); + if ((ret = mbedtls_oid_get_numeric_string(p, n, &name->oid)) > 0) { + MBEDTLS_X509_SAFE_SNPRINTF; + ret = mbedtls_snprintf(p, n, "="); print_hexstring = 1; } else { ret = mbedtls_snprintf(p, n, "\?\?="); From f88bd5ac8657302a42b7c12223aaaaa480b3dde5 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 11 Aug 2023 11:48:26 +0100 Subject: [PATCH 127/350] Accept any valid oid in string_to_names Instead of using x509_attrs, use generic oid conversion. Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 43 +++++++++++++++++++------------------------ 1 file changed, 19 insertions(+), 24 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 4c5261113e..6483b39d3d 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -130,34 +130,27 @@ static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name, return cur; } -static const x509_attr_descriptor_t *x509_attr_descr_from_numericoid(const char *numericoid, +static char *x509_oid_from_numericoid(const char *numericoid, size_t numericoid_len) { - const x509_attr_descriptor_t *cur; - mbedtls_asn1_buf *oid = mbedtls_calloc(1, sizeof(mbedtls_asn1_buf)); + char *oid; + mbedtls_asn1_buf *oid_buf = mbedtls_calloc(1, sizeof(mbedtls_asn1_buf)); int ret; - ret = mbedtls_oid_from_numeric_string(oid, numericoid, numericoid_len); - if ((ret == MBEDTLS_ERR_X509_ALLOC_FAILED) || (ret == MBEDTLS_ERR_ASN1_INVALID_DATA)) { - mbedtls_free(oid->p); - mbedtls_free(oid); - return NULL; - } - - for (cur = x509_attrs; cur->oid != NULL; cur++) { - if (strlen(cur->oid) == oid->len && - strncmp(cur->oid, (const char *) oid->p, oid->len) == 0) { - break; + ret = mbedtls_oid_from_numeric_string(oid_buf, numericoid, numericoid_len); + if (ret != 0) { + if(ret != MBEDTLS_ERR_ASN1_ALLOC_FAILED) { + mbedtls_free(oid_buf->p); } - } - - mbedtls_free(oid->p); - mbedtls_free(oid); - if (cur->oid == NULL) { + mbedtls_free(oid_buf); return NULL; } - - return cur; + oid = calloc(1, oid_buf->len + 1); + memcpy(oid, oid_buf->p, oid_buf->len); + oid[oid_buf->len + 1] = '\0'; + mbedtls_free(oid_buf->p); + mbedtls_free(oid_buf); + return oid; } static int hex_to_int(char c) @@ -266,7 +259,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam int parse_ret = 0; const char *s = name, *c = s; const char *end = s + strlen(s); - const char *oid = NULL; + char *oid = NULL; const x509_attr_descriptor_t *attr_descr = NULL; int in_attr_type = 1; int tag; @@ -280,16 +273,17 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam while (c <= end) { if (in_attr_type && *c == '=') { if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) { - if ((attr_descr = x509_attr_descr_from_numericoid(s, c - s)) == NULL) { + if ((oid = x509_oid_from_numericoid(s, c - s)) == NULL) { return MBEDTLS_ERR_X509_UNKNOWN_OID; } else { numericoid = 1; } } else { + oid = malloc(strlen(attr_descr->oid)); + strcpy(oid,attr_descr->oid); numericoid = 0; } - oid = attr_descr->oid; s = c + 1; in_attr_type = 0; } @@ -317,6 +311,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam mbedtls_asn1_store_named_data(head, oid, strlen(oid), (unsigned char *) data, data_len); + mbedtls_free(oid); if (cur == NULL) { return MBEDTLS_ERR_X509_ALLOC_FAILED; } From e59dedbce218c80e519fdddd385536c622f8b094 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 11 Aug 2023 12:07:55 +0100 Subject: [PATCH 128/350] Add test reject null characters in string to names Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_x509write.data | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 490df804d9..77ac53a0e0 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -205,16 +205,19 @@ mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6b, OU=Polar X509 String to Names #13 (Invalid hexpair escape at end of string) mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME -X509 String to Names #14 (Escape non-ascii hexpairs) +X509 String to Names #14 (Reject escaped null hexpair) +mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME + +X509 String to Names #15 (Escape non-ascii hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"C=NL, O=Of\\00spark, OU=PolarSSL":0 -X509 String to Names #15 (Invalid hexpairs) +X509 String to Names #16 (Invalid hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME -X509 String to Names #16 (Accept numercoid/hexstring) +X509 String to Names #17 (Accept numercoid/hexstring) mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 -X509 String to Names #17 (Output attributetype as bitstring) +X509 String to Names #18 (Output attributetype as bitstring) mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#03084F6666737061726B, OU=PolarSSL":"C=NL, O=#03084F6666737061726B, OU=PolarSSL":0 Check max serial length From afdb187bbc46930b6c798b52f629eb6e5841e398 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 11 Aug 2023 12:41:33 +0100 Subject: [PATCH 129/350] Add more comprehensive string to name tests Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_x509write.data | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 77ac53a0e0..23a05966c6 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -170,7 +170,7 @@ X509 String to Names #1 mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0 X509 String to Names #2 -mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_UNKNOWN_OID +mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME X509 String to Names #3 (Name precisely 255 bytes) mbedtls_x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0 @@ -208,16 +208,22 @@ mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6, OU=PolarS X509 String to Names #14 (Reject escaped null hexpair) mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME -X509 String to Names #15 (Escape non-ascii hexpairs) -mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"C=NL, O=Of\\00spark, OU=PolarSSL":0 - -X509 String to Names #16 (Invalid hexpairs) +X509 String to Names #15 (Invalid hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME -X509 String to Names #17 (Accept numercoid/hexstring) +X509 String to Names #16 (Accept numercoid/hexstring) mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 -X509 String to Names #18 (Output attributetype as bitstring) +X509 String to Names #17 (Odd length hexstring) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME + +X509 String to Names #18 (Invalid OID) +mbedtls_x509_string_to_names:"C=NL, 10.5.4.10=#0C084F6666737061726, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME + +X509 String to Names #19 (Escape non-ascii hexpairs) +mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"C=NL, O=Of\\00spark, OU=PolarSSL":0 + +X509 String to Names #20 (Output attributetype as bitstring) mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#03084F6666737061726B, OU=PolarSSL":"C=NL, O=#03084F6666737061726B, OU=PolarSSL":0 Check max serial length From 17984874afd3d27f06a5eb64fd8672878a748906 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 11 Aug 2023 12:42:03 +0100 Subject: [PATCH 130/350] Change error from unknown oid to invalid name Since the implementation no longer needs to know the oid, it makes more sense for the error message to be an invalid name. Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_create.c b/library/x509_create.c index 6483b39d3d..99115c450e 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -274,7 +274,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam if (in_attr_type && *c == '=') { if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) { if ((oid = x509_oid_from_numericoid(s, c - s)) == NULL) { - return MBEDTLS_ERR_X509_UNKNOWN_OID; + return MBEDTLS_ERR_X509_INVALID_NAME; } else { numericoid = 1; } From 957ca0595d616e40af40b17e378281e8e8807295 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 11 Aug 2023 14:58:14 +0100 Subject: [PATCH 131/350] Accept short name/ber encoded data in DNs Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 25 +++++++++++++++++-------- tests/suites/test_suite_x509write.data | 5 ++++- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 99115c450e..6ce15f9fe7 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -289,6 +289,22 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam } if (!in_attr_type && ((*c == ',' && *(c-1) != '\\') || c == end)) { +#if defined(MBEDTLS_ASN1_PARSE_C) + if ((parse_ret = + parse_attribute_value_ber_encoded(s, (int) (c - s), data, &data_len, + &tag)) != 0) { + if(numericoid) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } + else { + if ((parse_ret = + parse_attribute_value_string(s, (int) (c - s), data, &data_len)) != 0) { + return parse_ret; + } + tag = attr_descr->default_tag; + } + } +#else if (!numericoid) { if ((parse_ret = parse_attribute_value_string(s, (int) (c - s), data, &data_len)) != 0) { @@ -297,16 +313,9 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam tag = attr_descr->default_tag; } if (numericoid) { -#if defined(MBEDTLS_ASN1_PARSE_C) - if ((parse_ret = - parse_attribute_value_ber_encoded(s, (int) (c - s), data, &data_len, - &tag)) != 0) { - return parse_ret; - } -#else return MBEDTLS_ERR_X509_INVALID_NAME; -#endif } +#endif mbedtls_asn1_named_data *cur = mbedtls_asn1_store_named_data(head, oid, strlen(oid), (unsigned char *) data, diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 23a05966c6..814f8f70c1 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -218,7 +218,10 @@ X509 String to Names #17 (Odd length hexstring) mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME X509 String to Names #18 (Invalid OID) -mbedtls_x509_string_to_names:"C=NL, 10.5.4.10=#0C084F6666737061726, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_string_to_names:"C=NL, 10.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME + +X509 String to Names #18 (short name and hexstring) +mbedtls_x509_string_to_names:"C=NL, O=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 X509 String to Names #19 (Escape non-ascii hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"C=NL, O=Of\\00spark, OU=PolarSSL":0 From a953f8ab3642ccb61c2f65e73b02aafbf44cb3ae Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 14 Aug 2023 10:49:26 +0100 Subject: [PATCH 132/350] Remove duplicate test in test_suite_x509write The test for outputing a hexstring representation is actually testing dn_gets, and is tested in test_suite_x509parse. Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_x509write.data | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 814f8f70c1..880172c1fa 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -226,8 +226,5 @@ mbedtls_x509_string_to_names:"C=NL, O=#0C084F6666737061726B, OU=PolarSSL":"C=NL, X509 String to Names #19 (Escape non-ascii hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"C=NL, O=Of\\00spark, OU=PolarSSL":0 -X509 String to Names #20 (Output attributetype as bitstring) -mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#03084F6666737061726B, OU=PolarSSL":"C=NL, O=#03084F6666737061726B, OU=PolarSSL":0 - Check max serial length x509_set_serial_check: From a0ba8aab2e5dac2ae81ac217216d59eaf812a015 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 14 Aug 2023 10:58:08 +0100 Subject: [PATCH 133/350] Add test for non ascii x509 subject name Signed-off-by: Agathiyan Bragadeesh --- tests/data_files/Makefile | 7 ++++++- tests/data_files/server1.asciichars.crt | 20 ++++++++++++++++++++ tests/suites/test_suite_x509parse.data | 4 ++++ 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 tests/data_files/server1.asciichars.crt diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 2009ad6699..c41b559a17 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1446,6 +1446,9 @@ parse_input/server1.req.hashsymbol.sha256: server1.key parse_input/server1.req.spaces.sha256: server1.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O= PolarSSL ,CN=PolarSSL Server 1" md=SHA256 + +parse_input/server1.req.asciichars.sha256: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=极地SSL,CN=PolarSSL Server 1" md=SHA256 # server2* server2_pwd_ec = PolarSSLTest @@ -1599,7 +1602,9 @@ server1.hashsymbol.crt: server1.key parse_input/server1.req.hashsymbol.sha256 $( $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.hashsymbol.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ server1.spaces.crt: server1.key parse_input/server1.req.spaces.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.spaces.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ -all_final += server1.crt server1.noauthid.crt parse_input/server1.crt.der server1.commas.crt server1.hashsymbol.crt server1.spaces.crt +server1.asciichars.crt: server1.key parse_input/server1.req.asciichars.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=parse_input/server1.req.asciichars.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@ +all_final += server1.crt server1.noauthid.crt parse_input/server1.crt.der server1.commas.crt server1.hashsymbol.crt server1.spaces.crt server1.asciichars.crt parse_input/server1.key_usage.crt: parse_input/server1.req.sha256 server1.key_usage.crt: server1.req.sha256 diff --git a/tests/data_files/server1.asciichars.crt b/tests/data_files/server1.asciichars.crt new file mode 100644 index 0000000000..824e46e06c --- /dev/null +++ b/tests/data_files/server1.asciichars.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA9MQswCQYDVQQGEwJOTDESMBAG +A1UECgwJ5p6B5ZywU1NMMRowGAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J +v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB +Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl +XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk +65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP +cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA +AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw +HwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQAD +ggEBAHqJLYmgkQ6yqml3PZM6iwbmo+lZLyDEPFpl/thHZm5LI8TTYOeU+wMAZ6KI +VumyjZxypmLF2MiiJ2f3zQooU7H1waAcTpsafTuD6RRYdthYYxs1L9gCm1ZT2Ga8 +fgn3wrugPLUrtSM/TkTj6F4XkSlluzZpEKsSYLSoyde+uQgdbtR+3Tc+3oU8xBMM +N6uq4VQC49avIQkI+598E3vKrjGGt3l2a1Ts1qvXWjo9mpJW5GM4e1zfogKnc8XQ +K1hYQ39wL42l9Hijwre85O0PSBfbNOv1BPSDm8das3VNzGsUIz8InkAKAKCKwxG6 +BCw3D/CE8s6DCnpb+eK1sVJwZ4E= +-----END CERTIFICATE----- diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b154db924f..e1db7178b3 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -455,6 +455,10 @@ X509 Get Distinguished Name #7 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 mbedtls_x509_dn_gets:"data_files/server1.spaces.crt":"subject":"C=NL, O=\\ PolarSSL\\ , CN=PolarSSL Server 1" +X509 Get Distinguished Name #8 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 +mbedtls_x509_dn_gets:"data_files/server1.asciichars.crt":"subject":"C=NL, O=\\E6\\9E\\81\\E5\\9C\\B0SSL, CN=PolarSSL Server 1" + X509 Get Modified DN #1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA1 mbedtls_x509_dn_gets_subject_replace:"data_files/server1.crt":"Modified":"C=NL, O=Modified, CN=PolarSSL Server 1":0 From cab79188ca063d79e6cb8bd429e0ad6a2e3b9263 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 14 Aug 2023 10:59:36 +0100 Subject: [PATCH 134/350] Remove redundant tests in test_suite_x509write Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_x509write.data | 28 ++++++++++---------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 880172c1fa..fb0abd4a5f 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -187,43 +187,37 @@ mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NA X509 String to Names #7 (Invalid, no '=' or ',') mbedtls_x509_string_to_names:"ABC123":"":MBEDTLS_ERR_X509_INVALID_NAME -X509 String to Names #8 (Escape valid characters) +X509 String to Names #8 (Escaped valid characters) mbedtls_x509_string_to_names:"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":"C=NL, O=Offspark\\+ \\> \\=, OU=PolarSSL":0 -X509 String to Names #9 (Escape '#' at beginning of string) -mbedtls_x509_string_to_names:"C=NL, O=#Offspark#, OU=PolarSSL":"C=NL, O=\\#Offspark#, OU=PolarSSL":0 - -X509 String to Names #10 (Escape ' ' at beginning and end of string) -mbedtls_x509_string_to_names:"C=NL, O= Off spark , OU=PolarSSL":"C=NL, O=\\ Off spark\\ , OU=PolarSSL":0 - -X509 String to Names #11 (Escape ascii hexpairs uppercase encoded) +X509 String to Names #9 (Escaped ascii hexpairs uppercase encoded) mbedtls_x509_string_to_names:"C=NL, O=\\4F\\66\\66\\73\\70\\61\\72\\6B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 -X509 String to Names #12 (Escape ascii hexpairs lowercase encoded) +X509 String to Names #10 (Escaped ascii hexpairs lowercase encoded) mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6b, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 -X509 String to Names #13 (Invalid hexpair escape at end of string) +X509 String to Names #11 (Invalid hexpair escape at end of string) mbedtls_x509_string_to_names:"C=NL, O=\\4f\\66\\66\\73\\70\\61\\72\\6, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME -X509 String to Names #14 (Reject escaped null hexpair) +X509 String to Names #12 (Reject escaped null hexpair) mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME -X509 String to Names #15 (Invalid hexpairs) +X509 String to Names #13 (Invalid hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME -X509 String to Names #16 (Accept numercoid/hexstring) +X509 String to Names #14 (Accept numercoid/hexstring) mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 -X509 String to Names #17 (Odd length hexstring) +X509 String to Names #15 (Odd length hexstring) mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME -X509 String to Names #18 (Invalid OID) +X509 String to Names #16 (Invalid OID) mbedtls_x509_string_to_names:"C=NL, 10.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME -X509 String to Names #18 (short name and hexstring) +X509 String to Names #17 (short name and hexstring) mbedtls_x509_string_to_names:"C=NL, O=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 -X509 String to Names #19 (Escape non-ascii hexpairs) +X509 String to Names #18 (Escape non-ascii hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"C=NL, O=Of\\00spark, OU=PolarSSL":0 Check max serial length From bdf20a0d555e50077d8cc83cf506d7b0913f5576 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 14 Aug 2023 15:26:03 +0100 Subject: [PATCH 135/350] Alter MBEDTLS_ASN1_IS_STRING_TAG macro Signed-off-by: Agathiyan Bragadeesh --- include/mbedtls/asn1.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 002c8dee06..6dfc551cc2 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -103,8 +103,7 @@ (1u << MBEDTLS_ASN1_T61_STRING) | \ (1u << MBEDTLS_ASN1_IA5_STRING) | \ (1u << MBEDTLS_ASN1_UNIVERSAL_STRING) | \ - (1u << MBEDTLS_ASN1_PRINTABLE_STRING) | \ - (1u << MBEDTLS_ASN1_BIT_STRING))) != 0)) + (1u << MBEDTLS_ASN1_PRINTABLE_STRING))) != 0)) /* * Bit masks for each of the components of an ASN.1 tag as specified in From 01e9392c3f28f3055e45a07f9f7c322283388d9f Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 14 Aug 2023 15:29:49 +0100 Subject: [PATCH 136/350] Add malformatted DER test for string_to_names Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_x509write.data | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index fb0abd4a5f..7b8d083ccc 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -208,16 +208,19 @@ mbedtls_x509_string_to_names:"C=NL, O=Of\\flspark, OU=PolarSSL":"":MBEDTLS_ERR_X X509 String to Names #14 (Accept numercoid/hexstring) mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 -X509 String to Names #15 (Odd length hexstring) +X509 String to Names #15 (Odd length DER hexstring) mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C084F6666737061726, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME -X509 String to Names #16 (Invalid OID) +X509 String to Names #16 (Length mismatch DER hexstring) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#0C0B4F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME + +X509 String to Names #17 (Invalid OID) mbedtls_x509_string_to_names:"C=NL, 10.5.4.10=#0C084F6666737061726B, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME -X509 String to Names #17 (short name and hexstring) +X509 String to Names #18 (short name and hexstring) mbedtls_x509_string_to_names:"C=NL, O=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 -X509 String to Names #18 (Escape non-ascii hexpairs) +X509 String to Names #19 (Escape non-ascii hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"C=NL, O=Of\\00spark, OU=PolarSSL":0 Check max serial length From 9caaa6d967cb5a2ae4dac243ee3e3c0a30ed16f8 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 14 Aug 2023 15:38:39 +0100 Subject: [PATCH 137/350] Reject escaped null hexpairs in DNs Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/x509_create.c b/library/x509_create.c index 6ce15f9fe7..500f21306c 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -187,6 +187,9 @@ static int parse_attribute_value_string(const char *s, /* Check for valid escaped characters in RFC 4514 in Section 3*/ if (c + 1 < end && (n = hexpair_to_int(*c, *(c+1))) != -1) { + if(n == 0) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } hexpair = 1; *(d++) = n; c++; From ea3e83f36a119f94d2098e4f8db1cd7454e1bdd2 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 14 Aug 2023 15:44:47 +0100 Subject: [PATCH 138/350] Amend test in test_suite_x509write Needed since we now reject escaped null hexpairs in strings Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_x509write.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 7b8d083ccc..2c6f59eeaf 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -220,8 +220,8 @@ mbedtls_x509_string_to_names:"C=NL, 10.5.4.10=#0C084F6666737061726B, OU=PolarSSL X509 String to Names #18 (short name and hexstring) mbedtls_x509_string_to_names:"C=NL, O=#0C084F6666737061726B, OU=PolarSSL":"C=NL, O=Offspark, OU=PolarSSL":0 -X509 String to Names #19 (Escape non-ascii hexpairs) -mbedtls_x509_string_to_names:"C=NL, O=Of\\00spark, OU=PolarSSL":"C=NL, O=Of\\00spark, OU=PolarSSL":0 +X509 String to Names #19 (Accept non-ascii hexpairs) +mbedtls_x509_string_to_names:"C=NL, O=Of\\CCspark, OU=PolarSSL":"C=NL, O=Of\\CCspark, OU=PolarSSL":0 Check max serial length x509_set_serial_check: From af3e548c77397f9e3ad340589a0fee54c6e057d1 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 14 Aug 2023 16:25:03 +0100 Subject: [PATCH 139/350] Make MBEDTLS_ASN1_IS_STRING_TAG to take signed int Since mbedtls_asn1_buf uses a signed int for tags. Signed-off-by: Agathiyan Bragadeesh --- include/mbedtls/asn1.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 6dfc551cc2..4eabea0435 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -97,13 +97,13 @@ /* Slightly smaller way to check if tag is a string tag * compared to canonical implementation. */ #define MBEDTLS_ASN1_IS_STRING_TAG(tag) \ - ((tag) < 32u && ( \ - ((1u << (tag)) & ((1u << MBEDTLS_ASN1_BMP_STRING) | \ - (1u << MBEDTLS_ASN1_UTF8_STRING) | \ - (1u << MBEDTLS_ASN1_T61_STRING) | \ - (1u << MBEDTLS_ASN1_IA5_STRING) | \ - (1u << MBEDTLS_ASN1_UNIVERSAL_STRING) | \ - (1u << MBEDTLS_ASN1_PRINTABLE_STRING))) != 0)) + ((tag) < 32 && ( \ + ((1 << (tag)) & ((1 << MBEDTLS_ASN1_BMP_STRING) | \ + (1 << MBEDTLS_ASN1_UTF8_STRING) | \ + (1 << MBEDTLS_ASN1_T61_STRING) | \ + (1 << MBEDTLS_ASN1_IA5_STRING) | \ + (1 << MBEDTLS_ASN1_UNIVERSAL_STRING) | \ + (1 << MBEDTLS_ASN1_PRINTABLE_STRING))) != 0)) /* * Bit masks for each of the components of an ASN.1 tag as specified in From eb55867520c2cd67932c888b81d06d9f2bcc2d28 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 14 Aug 2023 16:31:11 +0100 Subject: [PATCH 140/350] Fix code style Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 2 +- library/x509_create.c | 20 ++++++++++---------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/library/x509.c b/library/x509.c index 74b2fd6a12..62bc39b21e 100644 --- a/library/x509.c +++ b/library/x509.c @@ -876,7 +876,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) asn1_len_p = asn1_tag_len_buf + 10; asn1_len_size = mbedtls_asn1_write_len(&asn1_len_p, asn1_tag_len_buf, name->val.len); - asn1_tag_size = mbedtls_asn1_write_tag(&asn1_len_p,asn1_tag_len_buf,name->val.tag); + asn1_tag_size = mbedtls_asn1_write_tag(&asn1_len_p, asn1_tag_len_buf, name->val.tag); asn1_tag_len_buf_start = 10 - asn1_len_size - asn1_tag_size; for (i = 0, j = 1; i < asn1_len_size + asn1_tag_size; i++) { if (j + 1 >= sizeof(s) - 1) { diff --git a/library/x509_create.c b/library/x509_create.c index 500f21306c..66f680643b 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -131,7 +131,7 @@ static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name, } static char *x509_oid_from_numericoid(const char *numericoid, - size_t numericoid_len) + size_t numericoid_len) { char *oid; mbedtls_asn1_buf *oid_buf = mbedtls_calloc(1, sizeof(mbedtls_asn1_buf)); @@ -139,7 +139,7 @@ static char *x509_oid_from_numericoid(const char *numericoid, ret = mbedtls_oid_from_numeric_string(oid_buf, numericoid, numericoid_len); if (ret != 0) { - if(ret != MBEDTLS_ERR_ASN1_ALLOC_FAILED) { + if (ret != MBEDTLS_ERR_ASN1_ALLOC_FAILED) { mbedtls_free(oid_buf->p); } mbedtls_free(oid_buf); @@ -187,7 +187,7 @@ static int parse_attribute_value_string(const char *s, /* Check for valid escaped characters in RFC 4514 in Section 3*/ if (c + 1 < end && (n = hexpair_to_int(*c, *(c+1))) != -1) { - if(n == 0) { + if (n == 0) { return MBEDTLS_ERR_X509_INVALID_NAME; } hexpair = 1; @@ -283,7 +283,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam } } else { oid = malloc(strlen(attr_descr->oid)); - strcpy(oid,attr_descr->oid); + strcpy(oid, attr_descr->oid); numericoid = 0; } @@ -294,14 +294,14 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam if (!in_attr_type && ((*c == ',' && *(c-1) != '\\') || c == end)) { #if defined(MBEDTLS_ASN1_PARSE_C) if ((parse_ret = - parse_attribute_value_ber_encoded(s, (int) (c - s), data, &data_len, - &tag)) != 0) { - if(numericoid) { + parse_attribute_value_ber_encoded(s, (int) (c - s), data, &data_len, + &tag)) != 0) { + if (numericoid) { return MBEDTLS_ERR_X509_INVALID_NAME; - } - else { + } else { if ((parse_ret = - parse_attribute_value_string(s, (int) (c - s), data, &data_len)) != 0) { + parse_attribute_value_string(s, (int) (c - s), data, + &data_len)) != 0) { return parse_ret; } tag = attr_descr->default_tag; From f826d1113e30577dd5c662cacc92e1369b8cf37f Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 14 Aug 2023 16:32:22 +0100 Subject: [PATCH 141/350] Reject null bytes in DER encoded values in DNs Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/x509_create.c b/library/x509_create.c index 66f680643b..8a648e3813 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -239,6 +239,9 @@ static int parse_attribute_value_ber_encoded(const char *s, if ((c + 1 >= end) || (n = hexpair_to_int(*c, *(c+1))) == -1) { return MBEDTLS_ERR_X509_INVALID_NAME; } + if (MBEDTLS_ASN1_IS_STRING_TAG(*tag) && n == 0) { + return MBEDTLS_ERR_X509_INVALID_NAME; + } *(p++) = n; } asn1_der_end = p; From 55d93192b1601f01ba0aa3bc2cd4034afefe6c87 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 15 Aug 2023 15:05:03 +0100 Subject: [PATCH 142/350] Fix oid memory leak Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/library/x509_create.c b/library/x509_create.c index 8a648e3813..0f1b8d0e59 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -285,7 +285,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam numericoid = 1; } } else { - oid = malloc(strlen(attr_descr->oid)); + oid = calloc(1, strlen(attr_descr->oid)); strcpy(oid, attr_descr->oid); numericoid = 0; } @@ -300,11 +300,13 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam parse_attribute_value_ber_encoded(s, (int) (c - s), data, &data_len, &tag)) != 0) { if (numericoid) { + mbedtls_free(oid); return MBEDTLS_ERR_X509_INVALID_NAME; } else { if ((parse_ret = parse_attribute_value_string(s, (int) (c - s), data, &data_len)) != 0) { + mbedtls_free(oid); return parse_ret; } tag = attr_descr->default_tag; @@ -314,11 +316,13 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam if (!numericoid) { if ((parse_ret = parse_attribute_value_string(s, (int) (c - s), data, &data_len)) != 0) { + mbedtls_free(oid); return parse_ret; } tag = attr_descr->default_tag; } if (numericoid) { + mbedtls_free(oid); return MBEDTLS_ERR_X509_INVALID_NAME; } #endif @@ -327,6 +331,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam (unsigned char *) data, data_len); mbedtls_free(oid); + oid = NULL; if (cur == NULL) { return MBEDTLS_ERR_X509_ALLOC_FAILED; } @@ -346,6 +351,9 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam } c++; } + if (oid != NULL) { + mbedtls_free(oid); + } return ret; } From 4294ccc608eaecffe3f78d5271e9de1159ce03b2 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 15 Aug 2023 16:32:00 +0100 Subject: [PATCH 143/350] Use mbedtls_calloc instead of calloc Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 0f1b8d0e59..46ffc9c8de 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -145,7 +145,7 @@ static char *x509_oid_from_numericoid(const char *numericoid, mbedtls_free(oid_buf); return NULL; } - oid = calloc(1, oid_buf->len + 1); + oid = mbedtls_calloc(1, oid_buf->len + 1); memcpy(oid, oid_buf->p, oid_buf->len); oid[oid_buf->len + 1] = '\0'; mbedtls_free(oid_buf->p); @@ -285,7 +285,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam numericoid = 1; } } else { - oid = calloc(1, strlen(attr_descr->oid)); + oid = mbedtls_calloc(1, strlen(attr_descr->oid)); strcpy(oid, attr_descr->oid); numericoid = 0; } From fb94702762ec71cf2a7a6cb13c6aff13190a4b1f Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 15 Aug 2023 16:32:42 +0100 Subject: [PATCH 144/350] Add catch for alloc error x509_oid_from_numericoid Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/x509_create.c b/library/x509_create.c index 46ffc9c8de..9d40db095a 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -146,6 +146,11 @@ static char *x509_oid_from_numericoid(const char *numericoid, return NULL; } oid = mbedtls_calloc(1, oid_buf->len + 1); + if(oid == NULL) { + mbedtls_free(oid_buf->p); + mbedtls_free(oid_buf); + return MBEDTLS_ERR_X509_ALLOC_FAILED; + } memcpy(oid, oid_buf->p, oid_buf->len); oid[oid_buf->len + 1] = '\0'; mbedtls_free(oid_buf->p); From 12b9d7040e90570a4622ca323a9e7634d52bab44 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 15 Aug 2023 17:42:33 +0100 Subject: [PATCH 145/350] Remove x509_oid_from_numericoid Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 51 ++++++++++--------------------------------- 1 file changed, 12 insertions(+), 39 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 9d40db095a..daf17a6dfe 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -130,34 +130,6 @@ static const x509_attr_descriptor_t *x509_attr_descr_from_name(const char *name, return cur; } -static char *x509_oid_from_numericoid(const char *numericoid, - size_t numericoid_len) -{ - char *oid; - mbedtls_asn1_buf *oid_buf = mbedtls_calloc(1, sizeof(mbedtls_asn1_buf)); - int ret; - - ret = mbedtls_oid_from_numeric_string(oid_buf, numericoid, numericoid_len); - if (ret != 0) { - if (ret != MBEDTLS_ERR_ASN1_ALLOC_FAILED) { - mbedtls_free(oid_buf->p); - } - mbedtls_free(oid_buf); - return NULL; - } - oid = mbedtls_calloc(1, oid_buf->len + 1); - if(oid == NULL) { - mbedtls_free(oid_buf->p); - mbedtls_free(oid_buf); - return MBEDTLS_ERR_X509_ALLOC_FAILED; - } - memcpy(oid, oid_buf->p, oid_buf->len); - oid[oid_buf->len + 1] = '\0'; - mbedtls_free(oid_buf->p); - mbedtls_free(oid_buf); - return oid; -} - static int hex_to_int(char c) { return ('0' <= c && c <= '9') ? (c - '0') : @@ -270,7 +242,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam int parse_ret = 0; const char *s = name, *c = s; const char *end = s + strlen(s); - char *oid = NULL; + mbedtls_asn1_buf oid = { .p = NULL, .len = 0, .tag = 5 }; const x509_attr_descriptor_t *attr_descr = NULL; int in_attr_type = 1; int tag; @@ -284,14 +256,15 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam while (c <= end) { if (in_attr_type && *c == '=') { if ((attr_descr = x509_attr_descr_from_name(s, c - s)) == NULL) { - if ((oid = x509_oid_from_numericoid(s, c - s)) == NULL) { + if ((mbedtls_oid_from_numeric_string(&oid, s, c - s)) != 0) { return MBEDTLS_ERR_X509_INVALID_NAME; } else { numericoid = 1; } } else { - oid = mbedtls_calloc(1, strlen(attr_descr->oid)); - strcpy(oid, attr_descr->oid); + oid.len = strlen(attr_descr->oid); + oid.p = mbedtls_calloc(1, oid.len); + memcpy(oid.p, attr_descr->oid, oid.len); numericoid = 0; } @@ -305,13 +278,13 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam parse_attribute_value_ber_encoded(s, (int) (c - s), data, &data_len, &tag)) != 0) { if (numericoid) { - mbedtls_free(oid); + mbedtls_free(oid.p); return MBEDTLS_ERR_X509_INVALID_NAME; } else { if ((parse_ret = parse_attribute_value_string(s, (int) (c - s), data, &data_len)) != 0) { - mbedtls_free(oid); + mbedtls_free(oid.p); return parse_ret; } tag = attr_descr->default_tag; @@ -332,11 +305,11 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam } #endif mbedtls_asn1_named_data *cur = - mbedtls_asn1_store_named_data(head, oid, strlen(oid), + mbedtls_asn1_store_named_data(head, (char *) oid.p, oid.len, (unsigned char *) data, data_len); - mbedtls_free(oid); - oid = NULL; + mbedtls_free(oid.p); + oid.p = NULL; if (cur == NULL) { return MBEDTLS_ERR_X509_ALLOC_FAILED; } @@ -356,8 +329,8 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam } c++; } - if (oid != NULL) { - mbedtls_free(oid); + if (oid.p != NULL) { + mbedtls_free(oid.p); } return ret; } From ba386ec23ea2a6894c27f9c7f858afdc1c2a98c6 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 16 Aug 2023 11:31:17 +0100 Subject: [PATCH 146/350] Remove magic number for null tag Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_create.c b/library/x509_create.c index daf17a6dfe..dba76a990e 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -242,7 +242,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam int parse_ret = 0; const char *s = name, *c = s; const char *end = s + strlen(s); - mbedtls_asn1_buf oid = { .p = NULL, .len = 0, .tag = 5 }; + mbedtls_asn1_buf oid = { .p = NULL, .len = 0, .tag = MBEDTLS_ASN1_NULL }; const x509_attr_descriptor_t *attr_descr = NULL; int in_attr_type = 1; int tag; From dc23236f0a9c9ad4a0be35a4d03af92801839404 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 16 Jun 2023 17:05:22 +0200 Subject: [PATCH 147/350] Revert "Install cryptography only on linux platform" This reverts commit eb2c39ed2bc6a126ae7bdb6eab0457ebd6a32cfc. We temporarily turned off the cryptography requirement on Windows due to a CI instance that had an old, incompatible verison of pip. That CI instance has been upgraded so we no longer need the workaround. Signed-off-by: Gilles Peskine --- scripts/ci.requirements.txt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index 3ddc417051..ac9c25acf4 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -14,5 +14,4 @@ mypy >= 0.780 # Install cryptography to avoid import-error reported by pylint. # What we really need is cryptography >= 35.0.0, which is only # available for Python >= 3.6. -cryptography >= 35.0.0; sys_platform == 'linux' and python_version >= '3.6' -cryptography; sys_platform == 'linux' and python_version < '3.6' +cryptography # >= 35.0.0 From 07f472a88bcde3695886da927a44454f2b003217 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 22 Aug 2023 16:29:39 +0100 Subject: [PATCH 148/350] Add corruption detected return when writing asn1 Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/library/x509.c b/library/x509.c index 62bc39b21e..18e6a18de9 100644 --- a/library/x509.c +++ b/library/x509.c @@ -875,8 +875,14 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) s[0] = '#'; asn1_len_p = asn1_tag_len_buf + 10; - asn1_len_size = mbedtls_asn1_write_len(&asn1_len_p, asn1_tag_len_buf, name->val.len); - asn1_tag_size = mbedtls_asn1_write_tag(&asn1_len_p, asn1_tag_len_buf, name->val.tag); + if((ret = mbedtls_asn1_write_len(&asn1_len_p, asn1_tag_len_buf, name->val.len)) < 0) { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } + asn1_len_size = ret; + if((ret = mbedtls_asn1_write_tag(&asn1_len_p, asn1_tag_len_buf, name->val.tag)) < 0) { + return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + } + asn1_tag_size = ret; asn1_tag_len_buf_start = 10 - asn1_len_size - asn1_tag_size; for (i = 0, j = 1; i < asn1_len_size + asn1_tag_size; i++) { if (j + 1 >= sizeof(s) - 1) { From f3b9724dcde58ebcd61c87b40c38702ed5be16f9 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 22 Aug 2023 16:37:11 +0100 Subject: [PATCH 149/350] Remove questionable use of macro. MBEDTLS_X509_SAFE_SNPRINTF was used after mbedtls_oid_get_numeric_string so instead we have expanded the macro and kept the relevant code. Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/x509.c b/library/x509.c index 18e6a18de9..446bf249a8 100644 --- a/library/x509.c +++ b/library/x509.c @@ -861,7 +861,8 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) ret = mbedtls_snprintf(p, n, "%s=", short_name); } else { if ((ret = mbedtls_oid_get_numeric_string(p, n, &name->oid)) > 0) { - MBEDTLS_X509_SAFE_SNPRINTF; + n -= ret; + p += ret; ret = mbedtls_snprintf(p, n, "="); print_hexstring = 1; } else { From 8aa74ab6a9c820ba44469f293c954cdaaafc9292 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 22 Aug 2023 16:42:27 +0100 Subject: [PATCH 150/350] Add return for buffer too small when reading OIDs Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/x509.c b/library/x509.c index 446bf249a8..f574055e10 100644 --- a/library/x509.c +++ b/library/x509.c @@ -865,7 +865,10 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) p += ret; ret = mbedtls_snprintf(p, n, "="); print_hexstring = 1; - } else { + } else if (ret == MBEDTLS_ERR_OID_BUF_TOO_SMALL) { + return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; + } + else { ret = mbedtls_snprintf(p, n, "\?\?="); } } From d9d79bb74bd54b2d71dd82cc4951e6ef173e0251 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 22 Aug 2023 16:43:58 +0100 Subject: [PATCH 151/350] Rename parse_attribute_value_ber_encoded Now renamed to parse_attribute_value_der_encoded to be consistent with names elsewhere Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index dba76a990e..77f50667ae 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -189,7 +189,7 @@ static int parse_attribute_value_string(const char *s, } #if defined(MBEDTLS_ASN1_PARSE_C) -static int parse_attribute_value_ber_encoded(const char *s, +static int parse_attribute_value_der_encoded(const char *s, int len, unsigned char *data, size_t *data_len, @@ -275,7 +275,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam if (!in_attr_type && ((*c == ',' && *(c-1) != '\\') || c == end)) { #if defined(MBEDTLS_ASN1_PARSE_C) if ((parse_ret = - parse_attribute_value_ber_encoded(s, (int) (c - s), data, &data_len, + parse_attribute_value_der_encoded(s, (int) (c - s), data, &data_len, &tag)) != 0) { if (numericoid) { mbedtls_free(oid.p); From 022f86f108890c14f2cb7e821a1bcdcec29f7f13 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 22 Aug 2023 16:56:04 +0100 Subject: [PATCH 152/350] Prevent output of escaped null characters dn gets Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/x509.c b/library/x509.c index f574055e10..42839e8f80 100644 --- a/library/x509.c +++ b/library/x509.c @@ -919,7 +919,10 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) c = name->val.p[i]; // Special characters requiring escaping, RFC 4514 Section 2.4 - if (c) { + if (c == '\0') { + return MBEDTLS_ERR_X509_INVALID_NAME; + } + else { if (strchr(",=+<>;\"\\", c) || ((i == 0) && strchr("# ", c)) || ((i == name->val.len-1) && (c == ' '))) { From 4606bf3f38286777e2f8b725f2d3129e960ba0b9 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 22 Aug 2023 17:29:18 +0100 Subject: [PATCH 153/350] Refactor reading AttributeValue in dn gets Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 77f50667ae..475d2ba377 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -273,14 +273,23 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam } if (!in_attr_type && ((*c == ',' && *(c-1) != '\\') || c == end)) { + if (*s == '#') { #if defined(MBEDTLS_ASN1_PARSE_C) - if ((parse_ret = - parse_attribute_value_der_encoded(s, (int) (c - s), data, &data_len, - &tag)) != 0) { - if (numericoid) { + if ((parse_ret = + parse_attribute_value_der_encoded(s, (int) (c - s), data, &data_len, + &tag)) != 0) { mbedtls_free(oid.p); return MBEDTLS_ERR_X509_INVALID_NAME; - } else { + } +#else + return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE +#endif + } else { + if(numericoid) { + mbedtls_free(oid.p); + return MBEDTLS_ERR_X509_INVALID_NAME; + } + else { if ((parse_ret = parse_attribute_value_string(s, (int) (c - s), data, &data_len)) != 0) { @@ -290,20 +299,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam tag = attr_descr->default_tag; } } -#else - if (!numericoid) { - if ((parse_ret = - parse_attribute_value_string(s, (int) (c - s), data, &data_len)) != 0) { - mbedtls_free(oid); - return parse_ret; - } - tag = attr_descr->default_tag; - } - if (numericoid) { - mbedtls_free(oid); - return MBEDTLS_ERR_X509_INVALID_NAME; - } -#endif + mbedtls_asn1_named_data *cur = mbedtls_asn1_store_named_data(head, (char *) oid.p, oid.len, (unsigned char *) data, From 15df01240d339a0bf897b49854b966fd117db91a Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 22 Aug 2023 17:50:00 +0100 Subject: [PATCH 154/350] Fix code style Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 10 ++++------ library/x509_create.c | 11 +++++------ 2 files changed, 9 insertions(+), 12 deletions(-) diff --git a/library/x509.c b/library/x509.c index 42839e8f80..40da61d068 100644 --- a/library/x509.c +++ b/library/x509.c @@ -867,8 +867,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) print_hexstring = 1; } else if (ret == MBEDTLS_ERR_OID_BUF_TOO_SMALL) { return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; - } - else { + } else { ret = mbedtls_snprintf(p, n, "\?\?="); } } @@ -879,11 +878,11 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) s[0] = '#'; asn1_len_p = asn1_tag_len_buf + 10; - if((ret = mbedtls_asn1_write_len(&asn1_len_p, asn1_tag_len_buf, name->val.len)) < 0) { + if ((ret = mbedtls_asn1_write_len(&asn1_len_p, asn1_tag_len_buf, name->val.len)) < 0) { return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } asn1_len_size = ret; - if((ret = mbedtls_asn1_write_tag(&asn1_len_p, asn1_tag_len_buf, name->val.tag)) < 0) { + if ((ret = mbedtls_asn1_write_tag(&asn1_len_p, asn1_tag_len_buf, name->val.tag)) < 0) { return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } asn1_tag_size = ret; @@ -921,8 +920,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) // Special characters requiring escaping, RFC 4514 Section 2.4 if (c == '\0') { return MBEDTLS_ERR_X509_INVALID_NAME; - } - else { + } else { if (strchr(",=+<>;\"\\", c) || ((i == 0) && strchr("# ", c)) || ((i == name->val.len-1) && (c == ' '))) { diff --git a/library/x509_create.c b/library/x509_create.c index 475d2ba377..677b568454 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -276,20 +276,19 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam if (*s == '#') { #if defined(MBEDTLS_ASN1_PARSE_C) if ((parse_ret = - parse_attribute_value_der_encoded(s, (int) (c - s), data, &data_len, - &tag)) != 0) { + parse_attribute_value_der_encoded(s, (int) (c - s), data, &data_len, + &tag)) != 0) { mbedtls_free(oid.p); return MBEDTLS_ERR_X509_INVALID_NAME; - } + } #else return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE #endif } else { - if(numericoid) { + if (numericoid) { mbedtls_free(oid.p); return MBEDTLS_ERR_X509_INVALID_NAME; - } - else { + } else { if ((parse_ret = parse_attribute_value_string(s, (int) (c - s), data, &data_len)) != 0) { From 926221a26ed28e07167309a49da8fae724073bb3 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 18 Aug 2023 15:09:02 +0800 Subject: [PATCH 155/350] Add target platform detection macros Now we have arm/x86 32/64 detection Signed-off-by: Jerry Yu --- include/mbedtls/build_info.h | 49 ++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index c0424da82f..198481363a 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -49,6 +49,55 @@ #define MBEDTLS_VERSION_STRING "3.4.1" #define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.4.1" +/* Macros for build-time platform detection */ + +#if !defined(MBEDTLS_ARCH_IS_ARM64) && \ + (defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC)) +#define MBEDTLS_ARCH_IS_ARM64 +#endif + +#if !defined(MBEDTLS_ARCH_IS_ARM32) && \ + (defined(__arm__) || defined(_M_ARM) || \ + defined(_M_ARMT) || defined(__thumb__) || defined(__thumb2__)) +#define MBEDTLS_ARCH_IS_ARM32 +#endif + +#if !defined(MBEDTLS_ARCH_IS_X64) && \ + (defined(__amd64__) || defined(__x86_64__) || \ + ((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC))) +#define MBEDTLS_ARCH_IS_X64 +#endif + +#if !defined(MBEDTLS_ARCH_IS_X86) && \ + (defined(__i386__) || defined(_X86_) || \ + (defined(_M_IX86) && !defined(_M_I86))) +#define MBEDTLS_ARCH_IS_X86 +#endif +/* Macros for build-time platform detection */ + +#if !defined(MBEDTLS_ARCH_IS_ARM64) && \ + (defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC)) +#define MBEDTLS_ARCH_IS_ARM64 +#endif + +#if !defined(MBEDTLS_ARCH_IS_ARM32) && \ + (defined(__arm__) || defined(_M_ARM) || \ + defined(_M_ARMT) || defined(__thumb__) || defined(__thumb2__)) +#define MBEDTLS_ARCH_IS_ARM32 +#endif + +#if !defined(MBEDTLS_ARCH_IS_X64) && \ + (defined(__amd64__) || defined(__x86_64__) || \ + ((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC))) +#define MBEDTLS_ARCH_IS_X64 +#endif + +#if !defined(MBEDTLS_ARCH_IS_X86) && \ + (defined(__i386__) || defined(_X86_) || \ + (defined(_M_IX86) && !defined(_M_I86))) +#define MBEDTLS_ARCH_IS_X86 +#endif + #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #define _CRT_SECURE_NO_DEPRECATE 1 #endif From 72fd0bdc713ca43e72b77e164240fa49b0942105 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 18 Aug 2023 16:31:01 +0800 Subject: [PATCH 156/350] replace arm64 macro and aesce enable flag Signed-off-by: Jerry Yu --- library/aes.c | 10 +++++----- library/aesce.c | 4 ++-- library/aesce.h | 12 +++++------- library/gcm.c | 6 +++--- 4 files changed, 15 insertions(+), 17 deletions(-) diff --git a/library/aes.c b/library/aes.c index 47a5e3e822..c9610f59da 100644 --- a/library/aes.c +++ b/library/aes.c @@ -34,7 +34,7 @@ #include "mbedtls/platform_util.h" #include "mbedtls/error.h" -#if defined(__aarch64__) +#if defined(MBEDTLS_ARCH_IS_ARM64) #if !defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_AES_USE_HARDWARE_ONLY) #error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites" #endif @@ -652,7 +652,7 @@ int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, } #endif -#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64) +#if defined(MBEDTLS_AESCE_HAVE_CODE) if (MBEDTLS_AESCE_HAS_SUPPORT()) { return mbedtls_aesce_setkey_enc((unsigned char *) RK, key, keybits); } @@ -764,7 +764,7 @@ int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx, const unsigned char *key, } #endif -#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64) +#if defined(MBEDTLS_AESCE_HAVE_CODE) if (MBEDTLS_AESCE_HAS_SUPPORT()) { mbedtls_aesce_inverse_key( (unsigned char *) RK, @@ -1091,7 +1091,7 @@ int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, } #endif -#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64) +#if defined(MBEDTLS_AESCE_HAVE_CODE) if (MBEDTLS_AESCE_HAS_SUPPORT()) { return mbedtls_aesce_crypt_ecb(ctx, mode, input, output); } @@ -1910,7 +1910,7 @@ int mbedtls_aes_self_test(int verbose) mbedtls_printf(" AES note: using VIA Padlock.\n"); } else #endif -#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64) +#if defined(MBEDTLS_AESCE_HAVE_CODE) if (MBEDTLS_AESCE_HAS_SUPPORT()) { mbedtls_printf(" AES note: using AESCE.\n"); } else diff --git a/library/aesce.c b/library/aesce.c index 6f75a67d7f..8b42b034f5 100644 --- a/library/aesce.c +++ b/library/aesce.c @@ -46,7 +46,7 @@ #include "aesce.h" -#if defined(MBEDTLS_HAVE_ARM64) +#if defined(MBEDTLS_ARCH_IS_ARM64) /* Compiler version checks. */ #if defined(__clang__) @@ -510,6 +510,6 @@ void mbedtls_aesce_gcm_mult(unsigned char c[16], #undef MBEDTLS_POP_TARGET_PRAGMA #endif -#endif /* MBEDTLS_HAVE_ARM64 */ +#endif /* MBEDTLS_ARCH_IS_ARM64 */ #endif /* MBEDTLS_AESCE_C */ diff --git a/library/aesce.h b/library/aesce.h index 735c8cfad2..91aa7d2bb3 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -30,13 +30,11 @@ #include "mbedtls/aes.h" -#if !defined(MBEDTLS_HAVE_ARM64) -#if defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC) -#define MBEDTLS_HAVE_ARM64 -#endif -#endif +#include "common.h" -#if defined(MBEDTLS_HAVE_ARM64) +#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARM64) + +#define MBEDTLS_AESCE_HAVE_CODE #ifdef __cplusplus extern "C" { @@ -131,6 +129,6 @@ int mbedtls_aesce_setkey_enc(unsigned char *rk, } #endif -#endif /* MBEDTLS_HAVE_ARM64 */ +#endif /* MBEDTLS_AESCE_C && MBEDTLS_ARCH_IS_ARM64 */ #endif /* MBEDTLS_AESCE_H */ diff --git a/library/gcm.c b/library/gcm.c index 786290f2f9..b06ca4a317 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -97,7 +97,7 @@ static int gcm_gen_table(mbedtls_gcm_context *ctx) } #endif -#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64) +#if defined(MBEDTLS_AESCE_HAVE_CODE) if (MBEDTLS_AESCE_HAS_SUPPORT()) { return 0; } @@ -208,7 +208,7 @@ static void gcm_mult(mbedtls_gcm_context *ctx, const unsigned char x[16], } #endif /* MBEDTLS_AESNI_HAVE_CODE */ -#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64) +#if defined(MBEDTLS_AESCE_HAVE_CODE) if (MBEDTLS_AESCE_HAS_SUPPORT()) { unsigned char h[16]; @@ -885,7 +885,7 @@ int mbedtls_gcm_self_test(int verbose) } else #endif -#if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_HAVE_ARM64) +#if defined(MBEDTLS_AESCE_HAVE_CODE) if (MBEDTLS_AESCE_HAS_SUPPORT()) { mbedtls_printf(" GCM note: using AESCE.\n"); } else From d6e312dde4c636cc25478e729227b9a9677bd579 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Fri, 18 Aug 2023 17:19:51 +0800 Subject: [PATCH 157/350] replace aesni target detection macros Signed-off-by: Jerry Yu --- library/aes.c | 5 ++--- library/aesni.h | 15 ++------------- 2 files changed, 4 insertions(+), 16 deletions(-) diff --git a/library/aes.c b/library/aes.c index c9610f59da..0a7b26ce90 100644 --- a/library/aes.c +++ b/library/aes.c @@ -40,14 +40,13 @@ #endif #endif -#if defined(__amd64__) || defined(__x86_64__) || \ - ((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC)) +#if defined(MBEDTLS_ARCH_IS_X64) #if !defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_AES_USE_HARDWARE_ONLY) #error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites" #endif #endif -#if defined(__i386__) || defined(_M_IX86) +#if defined(MBEDTLS_ARCH_IS_X86) #if defined(MBEDTLS_AES_USE_HARDWARE_ONLY) && !defined(MBEDTLS_AESNI_C) #error "MBEDTLS_AES_USE_HARDWARE_ONLY defined, but not all prerequisites" #endif diff --git a/library/aesni.h b/library/aesni.h index 332a0f0722..e9064eeb96 100644 --- a/library/aesni.h +++ b/library/aesni.h @@ -35,20 +35,9 @@ /* Can we do AESNI with inline assembly? * (Only implemented with gas syntax, only for 64-bit.) */ -#if !defined(MBEDTLS_HAVE_X86_64) && \ - (defined(__amd64__) || defined(__x86_64__) || \ - defined(_M_X64) || defined(_M_AMD64)) && \ - !defined(_M_ARM64EC) -#define MBEDTLS_HAVE_X86_64 -#endif - -#if !defined(MBEDTLS_HAVE_X86) && \ - (defined(__i386__) || defined(_M_IX86)) -#define MBEDTLS_HAVE_X86 -#endif #if defined(MBEDTLS_AESNI_C) && \ - (defined(MBEDTLS_HAVE_X86_64) || defined(MBEDTLS_HAVE_X86)) + (defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_X86)) /* Can we do AESNI with intrinsics? * (Only implemented with certain compilers, only for certain targets.) @@ -75,7 +64,7 @@ #if defined(MBEDTLS_AESNI_HAVE_INTRINSICS) #define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics #elif defined(MBEDTLS_HAVE_ASM) && \ - defined(__GNUC__) && defined(MBEDTLS_HAVE_X86_64) + defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X64) #define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly #elif defined(__GNUC__) # error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C" From 782b966666ba04c3076cd07d4f1cecf69af49e1a Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 21 Aug 2023 11:25:01 +0800 Subject: [PATCH 158/350] replace target arch macros in padlock Signed-off-by: Jerry Yu --- library/padlock.c | 4 ++-- library/padlock.h | 8 ++------ 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/library/padlock.c b/library/padlock.c index f42c40ff93..563d40e7c1 100644 --- a/library/padlock.c +++ b/library/padlock.c @@ -31,7 +31,7 @@ #include -#if defined(MBEDTLS_HAVE_X86) +#if defined(MBEDTLS_VIA_PADLOCK_HAVE_CODE) /* * PadLock detection routine @@ -162,6 +162,6 @@ int mbedtls_padlock_xcryptcbc(mbedtls_aes_context *ctx, return 0; } -#endif /* MBEDTLS_HAVE_X86 */ +#endif /* MBEDTLS_VIA_PADLOCK_HAVE_CODE */ #endif /* MBEDTLS_PADLOCK_C */ diff --git a/library/padlock.h b/library/padlock.h index ae5c486541..d3ed2c39ef 100644 --- a/library/padlock.h +++ b/library/padlock.h @@ -39,15 +39,11 @@ #endif /* Some versions of ASan result in errors about not enough registers */ -#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__) && \ - !defined(MBEDTLS_HAVE_ASAN) +#if defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \ + defined(MBEDTLS_HAVE_ASM) && !defined(MBEDTLS_HAVE_ASAN) #define MBEDTLS_VIA_PADLOCK_HAVE_CODE -#ifndef MBEDTLS_HAVE_X86 -#define MBEDTLS_HAVE_X86 -#endif - #include #define MBEDTLS_PADLOCK_RNG 0x000C From 4c7d7bf583ffb7cde2d568d465e6565bb4d21b21 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 23 Aug 2023 11:28:30 +0100 Subject: [PATCH 159/350] Add guard for empty AttributeValue Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/x509_create.c b/library/x509_create.c index 677b568454..63894a590f 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -273,7 +273,10 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam } if (!in_attr_type && ((*c == ',' && *(c-1) != '\\') || c == end)) { - if (*s == '#') { + if (s >= end) { + mbedtls_free(oid.p); + return MBEDTLS_ERR_X509_INVALID_NAME; + } else if (*s == '#') { #if defined(MBEDTLS_ASN1_PARSE_C) if ((parse_ret = parse_attribute_value_der_encoded(s, (int) (c - s), data, &data_len, From 457ac84f0129b8e37cc179d5afb7255048cfba9e Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 23 Aug 2023 11:35:26 +0100 Subject: [PATCH 160/350] Refactor previous fix Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/x509_create.c b/library/x509_create.c index 63894a590f..91957cc733 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -273,7 +273,7 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam } if (!in_attr_type && ((*c == ',' && *(c-1) != '\\') || c == end)) { - if (s >= end) { + if (s == c) { mbedtls_free(oid.p); return MBEDTLS_ERR_X509_INVALID_NAME; } else if (*s == '#') { From de84f9d67adff28c92e9e2ccc94e21424537ddc0 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 23 Aug 2023 11:44:04 +0100 Subject: [PATCH 161/350] Add test for rejecting empty AttributeValue Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_x509write.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 2c6f59eeaf..2240d82de4 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -223,5 +223,8 @@ mbedtls_x509_string_to_names:"C=NL, O=#0C084F6666737061726B, OU=PolarSSL":"C=NL, X509 String to Names #19 (Accept non-ascii hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\CCspark, OU=PolarSSL":"C=NL, O=Of\\CCspark, OU=PolarSSL":0 +X509 String to Names #20 (Reject empty AttributeValue) +mbedtls_x509_string_to_names:"C=NL, O=, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME + Check max serial length x509_set_serial_check: From 733766bc71b9cf7865e9c50b0e251ac6f20769e4 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 23 Aug 2023 15:43:07 +0100 Subject: [PATCH 162/350] Remove trailing whitespace in data file. Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_x509write.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 2240d82de4..f755565eca 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -224,7 +224,7 @@ X509 String to Names #19 (Accept non-ascii hexpairs) mbedtls_x509_string_to_names:"C=NL, O=Of\\CCspark, OU=PolarSSL":"C=NL, O=Of\\CCspark, OU=PolarSSL":0 X509 String to Names #20 (Reject empty AttributeValue) -mbedtls_x509_string_to_names:"C=NL, O=, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +mbedtls_x509_string_to_names:"C=NL, O=, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME Check max serial length x509_set_serial_check: From 7d20138385941cb742ed5bef8731345e604061a8 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 23 Aug 2023 15:45:37 +0100 Subject: [PATCH 163/350] Add Changelog entry for DN changes Signed-off-by: Agathiyan Bragadeesh --- ChangeLog.d/extend-distinguished-names.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/extend-distinguished-names.txt diff --git a/ChangeLog.d/extend-distinguished-names.txt b/ChangeLog.d/extend-distinguished-names.txt new file mode 100644 index 0000000000..b148424cf3 --- /dev/null +++ b/ChangeLog.d/extend-distinguished-names.txt @@ -0,0 +1,3 @@ +Features + * Accept arbitrary AttributeType and AttributeValue in certificate + Distinguished Names using RFC 4514 syntax. From ef483255db50184e8f1201d5cf4de23e6fcf75f5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 23 Aug 2023 18:08:45 +0200 Subject: [PATCH 164/350] Announce that #7420 is fixed This is part of a bigger issue https://github.com/Mbed-TLS/mbedtls/issues/7609 which is still pending since there are still configurations that are not handled correctly. However https://github.com/Mbed-TLS/mbedtls/issues/7420 itself was fixed by https://github.com/Mbed-TLS/mbedtls/pull/7611. Signed-off-by: Gilles Peskine --- ChangeLog.d/config_psa-include-order.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/config_psa-include-order.txt diff --git a/ChangeLog.d/config_psa-include-order.txt b/ChangeLog.d/config_psa-include-order.txt new file mode 100644 index 0000000000..674c286537 --- /dev/null +++ b/ChangeLog.d/config_psa-include-order.txt @@ -0,0 +1,4 @@ +Bugfix + * Fix a build error in some configurations with MBEDTLS_PSA_CRYPTO_CONFIG + enabled, where some low-level modules required by requested PSA crypto + features were not getting automatically enabled. Fixes #7420. From 9a6c45b4367b2353b2cac60db212dffb86d23ac8 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Fri, 14 Jul 2023 12:30:00 +0100 Subject: [PATCH 165/350] Make all.sh PSA-crypto-friendly Introduce changes needed to run all.sh in the psa-crypto repo. Where behaviour must differ, detect that we are in the psa-crypto repo by checking for the 'core' directory. Signed-off-by: David Horstmann --- tests/scripts/all.sh | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 8e978ac727..9f8bd08509 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -123,15 +123,23 @@ set -e -o pipefail -u # Enable ksh/bash extended file matching patterns shopt -s extglob +in_psa_crypto_repo () { + test -d core +} + pre_check_environment () { - if [ -d library -a -d include -a -d tests ]; then :; else - echo "Must be run from mbed TLS root" >&2 + if [ \( -d library -o -d core \) -a -d include -a -d tests ]; then :; else + echo "Must be run from Mbed TLS root" >&2 exit 1 fi } pre_initialize_variables () { - CONFIG_H='include/mbedtls/mbedtls_config.h' + if in_psa_crypto_repo; then + CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h' + else + CONFIG_H='include/mbedtls/mbedtls_config.h' + fi CRYPTO_CONFIG_H='include/psa/crypto_config.h' CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h' @@ -141,8 +149,10 @@ pre_initialize_variables () { backup_suffix='.all.bak' # Files clobbered by config.py files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H" - # Files clobbered by in-tree cmake - files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile" + if ! in_psa_crypto_repo; then + # Files clobbered by in-tree cmake + files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile" + fi append_outcome=0 MEMORY=0 @@ -299,7 +309,9 @@ EOF # Does not remove generated source files. cleanup() { - command make clean + if ! in_psa_crypto_repo; then + command make clean + fi # Remove CMake artefacts find . -name .git -prune -o \ @@ -556,7 +568,7 @@ pre_check_git () { fi if ! git diff --quiet "$CONFIG_H"; then - err_msg "Warning - the configuration file 'include/mbedtls/mbedtls_config.h' has been edited. " + err_msg "Warning - the configuration file '$CONFIG_H' has been edited. " echo "You can either delete or preserve your work, or force the test by rerunning the" echo "script as: $0 --force" exit 1 @@ -5264,7 +5276,9 @@ pre_prepare_outcome_file pre_print_configuration pre_check_tools cleanup -pre_generate_files +if ! in_psa_crypto_repo; then + pre_generate_files +fi # Run the requested tests. for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do From 795d8b523d8870954953cdd27b3770b4a1f21010 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 18 Jul 2023 17:03:03 +0100 Subject: [PATCH 166/350] Modify build_tree.py for the PSA Crypto repo When detecting the root dir, look both for PSA Crypto and Mbed TLS directories. Signed-off-by: David Horstmann --- scripts/mbedtls_dev/build_tree.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index f52b785d95..864085748f 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -19,12 +19,19 @@ import os import inspect +def looks_like_psa_crypto_root(path: str) -> bool: + """Whether the given directory looks like the root of the PSA Crypto source tree.""" + return all(os.path.isdir(os.path.join(path, subdir)) + for subdir in ['include', 'core', 'tests']) def looks_like_mbedtls_root(path: str) -> bool: """Whether the given directory looks like the root of the Mbed TLS source tree.""" return all(os.path.isdir(os.path.join(path, subdir)) for subdir in ['include', 'library', 'programs', 'tests']) +def looks_like_root(path: str) -> bool: + return looks_like_psa_crypto_root(path) or looks_like_mbedtls_root(path) + def check_repo_path(): """ Check that the current working directory is the project root, and throw @@ -42,7 +49,7 @@ def chdir_to_root() -> None: for d in [os.path.curdir, os.path.pardir, os.path.join(os.path.pardir, os.path.pardir)]: - if looks_like_mbedtls_root(d): + if looks_like_root(d): os.chdir(d) return raise Exception('Mbed TLS source tree not found') @@ -62,6 +69,6 @@ def guess_mbedtls_root(): if d in dirs: continue dirs.add(d) - if looks_like_mbedtls_root(d): + if looks_like_root(d): return d raise Exception('Mbed TLS source tree not found') From 1d09184291fd5e05b93c8a8a2fc8b2813dda652d Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 18 Jul 2023 17:39:35 +0100 Subject: [PATCH 167/350] Modify test_psa_compliance.py for psa-crypto repo Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 92db4171a7..a1a02603e8 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -28,6 +28,9 @@ import shutil import subprocess import sys +import scripts_path +from mbedtls_dev import build_tree + # PSA Compliance tests we expect to fail due to known defects in Mbed TLS (or the test suite) # The test numbers correspond to the numbers used by the console output of the test suite. # Test number 2xx corresponds to the files in the folder @@ -53,8 +56,11 @@ PSA_ARCH_TESTS_REF = 'fix-pr-5736' def main(): mbedtls_dir = os.getcwd() - if not os.path.exists('library/libmbedcrypto.a'): - subprocess.check_call(['make', '-C', 'library', 'libmbedcrypto.a']) + is_psa_crypto = build_tree.looks_like_psa_crypto_root(mbedtls_dir) #type: bool + + if not is_psa_crypto: + if not os.path.exists('library/libmbedcrypto.a'): + subprocess.check_call(['make', '-C', 'library', 'libmbedcrypto.a']) psa_arch_tests_dir = 'psa-arch-tests' os.makedirs(psa_arch_tests_dir, exist_ok=True) @@ -74,6 +80,15 @@ def main(): os.mkdir(build_dir) os.chdir(build_dir) + if is_psa_crypto: + psa_crypto_lib_filename = \ + 'mbedtls_out_of_source_build/core/libpsacrypto.a' + else: + psa_crypto_lib_filename = 'library/libmbedcrypto.a' + + extra_includes = (';{}/drivers/builtin/include'.format(mbedtls_dir) + if is_psa_crypto else '') + #pylint: disable=bad-continuation subprocess.check_call([ 'cmake', '..', @@ -81,8 +96,9 @@ def main(): '-DTARGET=tgt_dev_apis_stdc', '-DTOOLCHAIN=HOST_GCC', '-DSUITE=CRYPTO', - '-DPSA_CRYPTO_LIB_FILENAME={}/library/libmbedcrypto.a'.format(mbedtls_dir), - '-DPSA_INCLUDE_PATHS={}/include'.format(mbedtls_dir) + '-DPSA_CRYPTO_LIB_FILENAME={}/{}'.format(mbedtls_dir, + psa_crypto_lib_filename), + ('-DPSA_INCLUDE_PATHS={}/include' + extra_includes).format(mbedtls_dir) ]) subprocess.check_call(['cmake', '--build', '.']) From 42f42f4394ed239fb14e289cb347db21638fdec0 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 18 Jul 2023 17:53:01 +0100 Subject: [PATCH 168/350] Support psa-crypto repo in psa_storage.py Signed-off-by: David Horstmann --- scripts/mbedtls_dev/psa_storage.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/psa_storage.py b/scripts/mbedtls_dev/psa_storage.py index bae99383dc..a2e4c74a40 100644 --- a/scripts/mbedtls_dev/psa_storage.py +++ b/scripts/mbedtls_dev/psa_storage.py @@ -27,6 +27,7 @@ from typing import Dict, List, Optional, Set, Union import unittest from . import c_build_helper +from . import build_tree class Expr: @@ -51,13 +52,16 @@ class Expr: def update_cache(self) -> None: """Update `value_cache` for expressions registered in `unknown_values`.""" expressions = sorted(self.unknown_values) + includes = ['include'] + if build_tree.looks_like_psa_crypto_root('.'): + includes.append('drivers/builtin/include') values = c_build_helper.get_c_expression_values( 'unsigned long', '%lu', expressions, header=""" #include """, - include_path=['include']) #type: List[str] + include_path=includes) #type: List[str] for e, v in zip(expressions, values): self.value_cache[e] = int(v, 0) self.unknown_values.clear() From e31014a681f43bc0f16e097d6ed2d4f600919210 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 19 Jul 2023 11:43:27 +0100 Subject: [PATCH 169/350] Tweak test_psa_compliance pylint annotations Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index a1a02603e8..225e37ceb0 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -28,6 +28,7 @@ import shutil import subprocess import sys +#pylint: disable=unused-import import scripts_path from mbedtls_dev import build_tree @@ -52,11 +53,11 @@ EXPECTED_FAILURES = { PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git' PSA_ARCH_TESTS_REF = 'fix-pr-5736' -#pylint: disable=too-many-branches,too-many-statements +#pylint: disable=too-many-branches,too-many-statements,too-many-locals def main(): mbedtls_dir = os.getcwd() - is_psa_crypto = build_tree.looks_like_psa_crypto_root(mbedtls_dir) #type: bool + is_psa_crypto = build_tree.looks_like_psa_crypto_root(mbedtls_dir) if not is_psa_crypto: if not os.path.exists('library/libmbedcrypto.a'): From 76a77385378600c13d68b58458b39d32853a12be Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 17 Aug 2023 17:32:26 +0100 Subject: [PATCH 170/350] Invert logic for repo detection in all.sh Instead of: ! in_psa_crypto_repo() use in_mbedtls_repo() Signed-off-by: David Horstmann --- tests/scripts/all.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9f8bd08509..33bad39874 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -123,8 +123,8 @@ set -e -o pipefail -u # Enable ksh/bash extended file matching patterns shopt -s extglob -in_psa_crypto_repo () { - test -d core +in_mbedtls_repo () { + test ! -d core } pre_check_environment () { @@ -135,10 +135,10 @@ pre_check_environment () { } pre_initialize_variables () { - if in_psa_crypto_repo; then - CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h' - else + if in_mbedtls_repo; then CONFIG_H='include/mbedtls/mbedtls_config.h' + else + CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h' fi CRYPTO_CONFIG_H='include/psa/crypto_config.h' CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h' @@ -149,7 +149,7 @@ pre_initialize_variables () { backup_suffix='.all.bak' # Files clobbered by config.py files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H" - if ! in_psa_crypto_repo; then + if in_mbedtls_repo; then # Files clobbered by in-tree cmake files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile" fi @@ -309,7 +309,7 @@ EOF # Does not remove generated source files. cleanup() { - if ! in_psa_crypto_repo; then + if in_mbedtls_repo; then command make clean fi @@ -5276,7 +5276,7 @@ pre_prepare_outcome_file pre_print_configuration pre_check_tools cleanup -if ! in_psa_crypto_repo; then +if in_mbedtls_repo; then pre_generate_files fi From 4dcddcfae2a14ef7debc23dd404dc3923751b355 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 17 Aug 2023 18:08:24 +0100 Subject: [PATCH 171/350] Parameterize out of source build directory Use CMake to build the library out-of-source (rather than make) in tests/scripts/test_psa_compliance.py and add a script argument for the out-of-source build directory. Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 30 +++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 225e37ceb0..2987453680 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -22,6 +22,7 @@ to help keep the list of known defects as up to date as possible. # See the License for the specific language governing permissions and # limitations under the License. +import argparse import os import re import shutil @@ -54,14 +55,18 @@ PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git' PSA_ARCH_TESTS_REF = 'fix-pr-5736' #pylint: disable=too-many-branches,too-many-statements,too-many-locals -def main(): +def main(library_build_dir: str): mbedtls_dir = os.getcwd() is_psa_crypto = build_tree.looks_like_psa_crypto_root(mbedtls_dir) - if not is_psa_crypto: - if not os.path.exists('library/libmbedcrypto.a'): - subprocess.check_call(['make', '-C', 'library', 'libmbedcrypto.a']) + if not os.path.exists(library_build_dir + '/library/libmbedcrypto.a'): + subprocess.check_call([ + 'cmake', '.', + '-GUnix Makefiles', + '-B', library_build_dir + ]) + subprocess.check_call(['cmake', '--build', library_build_dir]) psa_arch_tests_dir = 'psa-arch-tests' os.makedirs(psa_arch_tests_dir, exist_ok=True) @@ -83,9 +88,9 @@ def main(): if is_psa_crypto: psa_crypto_lib_filename = \ - 'mbedtls_out_of_source_build/core/libpsacrypto.a' + library_build_dir + '/core/libpsacrypto.a' else: - psa_crypto_lib_filename = 'library/libmbedcrypto.a' + psa_crypto_lib_filename = library_build_dir + '/library/libmbedcrypto.a' extra_includes = (';{}/drivers/builtin/include'.format(mbedtls_dir) if is_psa_crypto else '') @@ -156,4 +161,15 @@ def main(): os.chdir(mbedtls_dir) if __name__ == '__main__': - sys.exit(main()) + # Default build directory + library_build_dir = 'mbedtls_out_of_source_build' + + parser = argparse.ArgumentParser() + parser.add_argument('--build-dir', nargs=1, + help='path to Mbed TLS build directory') + args = parser.parse_args() + + if args.build_dir is not None: + library_build_dir = args.build_dir[0] + + sys.exit(main(library_build_dir)) From 7f93d22ad9cefaf5ffd84cf1faef8bfd40787e3a Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 23 Aug 2023 16:21:40 +0100 Subject: [PATCH 172/350] Rename psa_crypto_lib_filename to just crypto_lib_filename Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 2987453680..abb1790100 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -87,10 +87,10 @@ def main(library_build_dir: str): os.chdir(build_dir) if is_psa_crypto: - psa_crypto_lib_filename = \ + crypto_lib_filename = \ library_build_dir + '/core/libpsacrypto.a' else: - psa_crypto_lib_filename = library_build_dir + '/library/libmbedcrypto.a' + crypto_lib_filename = library_build_dir + '/library/libmbedcrypto.a' extra_includes = (';{}/drivers/builtin/include'.format(mbedtls_dir) if is_psa_crypto else '') @@ -103,7 +103,7 @@ def main(library_build_dir: str): '-DTOOLCHAIN=HOST_GCC', '-DSUITE=CRYPTO', '-DPSA_CRYPTO_LIB_FILENAME={}/{}'.format(mbedtls_dir, - psa_crypto_lib_filename), + crypto_lib_filename), ('-DPSA_INCLUDE_PATHS={}/include' + extra_includes).format(mbedtls_dir) ]) subprocess.check_call(['cmake', '--build', '.']) From 0ac57ca6c6a73d33d2f2e616ce8c0d119b0f15fb Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 23 Aug 2023 16:24:55 +0100 Subject: [PATCH 173/350] Rename is_psa_crypto -> in_psa_crypto_repo (For consistency with all.sh) Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index abb1790100..46d476360a 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -58,7 +58,7 @@ PSA_ARCH_TESTS_REF = 'fix-pr-5736' def main(library_build_dir: str): mbedtls_dir = os.getcwd() - is_psa_crypto = build_tree.looks_like_psa_crypto_root(mbedtls_dir) + in_psa_crypto_repo = build_tree.looks_like_psa_crypto_root(mbedtls_dir) if not os.path.exists(library_build_dir + '/library/libmbedcrypto.a'): subprocess.check_call([ @@ -86,14 +86,14 @@ def main(library_build_dir: str): os.mkdir(build_dir) os.chdir(build_dir) - if is_psa_crypto: + if in_psa_crypto_repo: crypto_lib_filename = \ library_build_dir + '/core/libpsacrypto.a' else: crypto_lib_filename = library_build_dir + '/library/libmbedcrypto.a' extra_includes = (';{}/drivers/builtin/include'.format(mbedtls_dir) - if is_psa_crypto else '') + if in_psa_crypto_repo else '') #pylint: disable=bad-continuation subprocess.check_call([ From f65f71eef35b663e790316de42aa37896b0561d6 Mon Sep 17 00:00:00 2001 From: Jerry Yu Date: Mon, 28 Aug 2023 10:58:24 +0800 Subject: [PATCH 174/350] improve various issues - duplicate definition - wrong comments - redundant include statement Signed-off-by: Jerry Yu --- include/mbedtls/build_info.h | 24 ------------------------ library/aesce.h | 1 - library/aesni.h | 7 +++---- library/padlock.h | 11 ++++++++--- 4 files changed, 11 insertions(+), 32 deletions(-) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 198481363a..92a4e64cb7 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -68,30 +68,6 @@ #define MBEDTLS_ARCH_IS_X64 #endif -#if !defined(MBEDTLS_ARCH_IS_X86) && \ - (defined(__i386__) || defined(_X86_) || \ - (defined(_M_IX86) && !defined(_M_I86))) -#define MBEDTLS_ARCH_IS_X86 -#endif -/* Macros for build-time platform detection */ - -#if !defined(MBEDTLS_ARCH_IS_ARM64) && \ - (defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC)) -#define MBEDTLS_ARCH_IS_ARM64 -#endif - -#if !defined(MBEDTLS_ARCH_IS_ARM32) && \ - (defined(__arm__) || defined(_M_ARM) || \ - defined(_M_ARMT) || defined(__thumb__) || defined(__thumb2__)) -#define MBEDTLS_ARCH_IS_ARM32 -#endif - -#if !defined(MBEDTLS_ARCH_IS_X64) && \ - (defined(__amd64__) || defined(__x86_64__) || \ - ((defined(_M_X64) || defined(_M_AMD64)) && !defined(_M_ARM64EC))) -#define MBEDTLS_ARCH_IS_X64 -#endif - #if !defined(MBEDTLS_ARCH_IS_X86) && \ (defined(__i386__) || defined(_X86_) || \ (defined(_M_IX86) && !defined(_M_I86))) diff --git a/library/aesce.h b/library/aesce.h index 91aa7d2bb3..d24c423b81 100644 --- a/library/aesce.h +++ b/library/aesce.h @@ -30,7 +30,6 @@ #include "mbedtls/aes.h" -#include "common.h" #if defined(MBEDTLS_AESCE_C) && defined(MBEDTLS_ARCH_IS_ARM64) diff --git a/library/aesni.h b/library/aesni.h index e9064eeb96..ba14290298 100644 --- a/library/aesni.h +++ b/library/aesni.h @@ -32,10 +32,6 @@ #define MBEDTLS_AESNI_AES 0x02000000u #define MBEDTLS_AESNI_CLMUL 0x00000002u -/* Can we do AESNI with inline assembly? - * (Only implemented with gas syntax, only for 64-bit.) - */ - #if defined(MBEDTLS_AESNI_C) && \ (defined(MBEDTLS_ARCH_IS_X64) || defined(MBEDTLS_ARCH_IS_X86)) @@ -65,6 +61,9 @@ #define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics #elif defined(MBEDTLS_HAVE_ASM) && \ defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X64) +/* Can we do AESNI with inline assembly? + * (Only implemented with gas syntax, only for 64-bit.) + */ #define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly #elif defined(__GNUC__) # error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C" diff --git a/library/padlock.h b/library/padlock.h index d3ed2c39ef..a00afe04f3 100644 --- a/library/padlock.h +++ b/library/padlock.h @@ -38,9 +38,14 @@ #endif #endif -/* Some versions of ASan result in errors about not enough registers */ -#if defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \ - defined(MBEDTLS_HAVE_ASM) && !defined(MBEDTLS_HAVE_ASAN) +/* + * - `padlock` is implements with GNUC assembly for x86 target. + * - Some versions of ASan result in errors about not enough registers. + */ +#if defined(MBEDTLS_PADLOCK_C) && \ + defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X86) && \ + defined(MBEDTLS_HAVE_ASM) && \ + !defined(MBEDTLS_HAVE_ASAN) #define MBEDTLS_VIA_PADLOCK_HAVE_CODE From 664fea481c13a944a7c065155ec1ccc928a2eaf2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 12 May 2023 12:11:37 +0100 Subject: [PATCH 175/350] Add x86-64 const-time assembly Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 47 ++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 8da15a84cb..73e91ccefe 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -71,6 +71,8 @@ #define MBEDTLS_CT_ARM_ASM #elif defined(__aarch64__) #define MBEDTLS_CT_AARCH64_ASM +#elif defined(__amd64__) || defined(__x86_64__) +#define MBEDTLS_CT_X86_64_ASM #endif #endif @@ -175,6 +177,19 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x) "cc" /* clobbers flag bits */ ); return (mbedtls_ct_condition_t) x; +#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) + uint64_t s; + asm volatile ("mov %[x], %[s] \n\t" + "neg %[s] \n\t" + "or %[x], %[s] \n\t" + "sar $63, %[s] \n\t" + : + [s] "=&a" (s) + : + [x] "D" (x) + : + ); + return (mbedtls_ct_condition_t) s; #else const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x); #if defined(_MSC_VER) @@ -230,6 +245,19 @@ static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition, "cc" ); return (mbedtls_ct_uint_t) condition; +#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) + asm volatile ("and %[condition], %[if1] \n\t" + "not %[condition] \n\t" + "and %[condition], %[if0] \n\t" + "or %[if1], %[if0] \n\t" + : + [condition] "+&D" (condition), + [if1] "+&S" (if1), + [if0] "+&a" (if0) + : + : + ); + return if0; #else mbedtls_ct_condition_t not_cond = (mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(condition)); @@ -274,6 +302,25 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbe "cc" ); return (mbedtls_ct_condition_t) x; +#elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) + uint64_t mask; + asm volatile ("mov %[x], %[mask] \n\t" + "xor %[y], %[mask] \n\t" + "sub %[y], %[x] \n\t" + "and %[mask], %[y] \n\t" + "not %[mask] \n\t" + "and %[mask], %[x] \n\t" + "or %[y], %[x] \n\t" + "mov %[x], %[mask] \n\t" + "sar $63, %[mask] \n\t" + : + [mask] "=&a" (mask), + [x] "+&S" (x), + [y] "+&D" (y) + : + : + ); + return (mbedtls_ct_condition_t) mask; #else /* Ensure that the compiler cannot optimise the following operations over x and y, * even if it knows the value of x and y. From 81673bba77d5551b81394a059906ed0f2f8a2908 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Sat, 13 May 2023 12:32:09 +0100 Subject: [PATCH 176/350] Add x86 const-time assembly Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 47 ++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 73e91ccefe..6fb7b9f6d8 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -73,6 +73,8 @@ #define MBEDTLS_CT_AARCH64_ASM #elif defined(__amd64__) || defined(__x86_64__) #define MBEDTLS_CT_X86_64_ASM +#elif defined(__i386__) +#define MBEDTLS_CT_X86_ASM #endif #endif @@ -190,6 +192,19 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x) : ); return (mbedtls_ct_condition_t) s; +#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32) + uint32_t s; + asm volatile ("mov %[x], %[s] \n\t" + "neg %[s] \n\t" + "or %[s], %[x] \n\t" + "sar $31, %[x] \n\t" + : + [s] "=&c" (s), + [x] "+&a" (x) + : + : + ); + return (mbedtls_ct_condition_t) x; #else const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x); #if defined(_MSC_VER) @@ -258,6 +273,19 @@ static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition, : ); return if0; +#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32) + asm volatile ("and %[condition], %[if1] \n\t" + "not %[condition] \n\t" + "and %[if0], %[condition] \n\t" + "or %[condition], %[if1] \n\t" + : + [condition] "+&c" (condition), + [if1] "+&a" (if1) + : + [if0] "b" (if0) + : + ); + return if1; #else mbedtls_ct_condition_t not_cond = (mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(condition)); @@ -321,6 +349,25 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbe : ); return (mbedtls_ct_condition_t) mask; +#elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32) + uint32_t s; + asm volatile ("mov %[x], %[s] \n\t" + "xor %[y], %[s] \n\t" + "sub %[y], %[x] \n\t" + "not %[s] \n\t" + "and %[s], %[x] \n\t" + "not %[s] \n\t" + "and %[y], %[s] \n\t" + "or %[s], %[x] \n\t" + "sar $31, %[x] \n\t" + : + [s] "=&b" (s), + [x] "+&a" (x) + : + [y] "c" (y) + : + ); + return (mbedtls_ct_condition_t) x; #else /* Ensure that the compiler cannot optimise the following operations over x and y, * even if it knows the value of x and y. From 0cf9dd1056f5253b529a7de6e651146393426e6a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 12 May 2023 16:29:48 +0100 Subject: [PATCH 177/350] Whitespace - tidy up asm and make it more consistent Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 72 +++++++++++++++++++----------------- 1 file changed, 39 insertions(+), 33 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 6fb7b9f6d8..054c71fabe 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -136,7 +136,7 @@ static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) * seem to apply unified syntax globally, which breaks other asm code. */ #if !defined(__clang__) -#define RESTORE_ASM_SYNTAX ".syntax divided \n\t" +#define RESTORE_ASM_SYNTAX ".syntax divided \n\t" #else #define RESTORE_ASM_SYNTAX #endif @@ -154,9 +154,9 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x) */ #if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) mbedtls_ct_uint_t s; - asm volatile ("neg %x[s], %x[x] \n\t" - "orr %x[x], %x[s], %x[x] \n\t" - "asr %x[x], %x[x], 63" + asm volatile ("neg %x[s], %x[x] \n\t" + "orr %x[x], %x[s], %x[x] \n\t" + "asr %x[x], %x[x], 63 \n\t" : [s] "=&r" (s), [x] "+&r" (x) @@ -166,10 +166,10 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x) return (mbedtls_ct_condition_t) x; #elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32) uint32_t s; - asm volatile (".syntax unified \n\t" - "negs %[s], %[x] \n\t" - "orrs %[x], %[x], %[s] \n\t" - "asrs %[x], %[x], #31 \n\t" + asm volatile (".syntax unified \n\t" + "negs %[s], %[x] \n\t" + "orrs %[x], %[x], %[s] \n\t" + "asrs %[x], %[x], #31 \n\t" RESTORE_ASM_SYNTAX : [s] "=&l" (s), @@ -232,9 +232,9 @@ static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition, mbedtls_ct_uint_t if0) { #if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) - asm volatile ("and %x[if1], %x[if1], %x[condition] \n\t" - "mvn %x[condition], %x[condition] \n\t" - "and %x[condition], %x[condition], %x[if0] \n\t" + asm volatile ("and %x[if1], %x[if1], %x[condition] \n\t" + "mvn %x[condition], %x[condition] \n\t" + "and %x[condition], %x[condition], %x[if0] \n\t" "orr %x[condition], %x[if1], %x[condition]" : [condition] "+&r" (condition), @@ -245,11 +245,11 @@ static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition, ); return (mbedtls_ct_uint_t) condition; #elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32) - asm volatile (".syntax unified \n\t" - "ands %[if1], %[if1], %[condition] \n\t" - "mvns %[condition], %[condition] \n\t" - "ands %[condition], %[condition], %[if0] \n\t" - "orrs %[condition], %[if1], %[condition] \n\t" + asm volatile (".syntax unified \n\t" + "ands %[if1], %[if1], %[condition] \n\t" + "mvns %[condition], %[condition] \n\t" + "ands %[condition], %[condition], %[if0] \n\t" + "orrs %[condition], %[if1], %[condition] \n\t" RESTORE_ASM_SYNTAX : [condition] "+&l" (condition), @@ -297,34 +297,40 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbe { #if defined(MBEDTLS_CT_AARCH64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) uint64_t s1; - asm volatile ("eor %x[s1], %x[y], %x[x] \n\t" - "sub %x[x], %x[x], %x[y] \n\t" - "bic %x[x], %x[x], %x[s1] \n\t" - "and %x[s1], %x[s1], %x[y] \n\t" - "orr %x[s1], %x[x], %x[s1] \n\t" + asm volatile ("eor %x[s1], %x[y], %x[x] \n\t" + "sub %x[x], %x[x], %x[y] \n\t" + "bic %x[x], %x[x], %x[s1] \n\t" + "and %x[s1], %x[s1], %x[y] \n\t" + "orr %x[s1], %x[x], %x[s1] \n\t" "asr %x[x], %x[s1], 63" - : [s1] "=&r" (s1), [x] "+&r" (x) - : [y] "r" (y) + : + [s1] "=&r" (s1), + [x] "+&r" (x) + : + [y] "r" (y) : ); return (mbedtls_ct_condition_t) x; #elif defined(MBEDTLS_CT_ARM_ASM) && defined(MBEDTLS_CT_SIZE_32) uint32_t s1; asm volatile ( - ".syntax unified \n\t" + ".syntax unified \n\t" #if defined(__thumb__) && !defined(__thumb2__) - "movs %[s1], %[x] \n\t" - "eors %[s1], %[s1], %[y] \n\t" + "movs %[s1], %[x] \n\t" + "eors %[s1], %[s1], %[y] \n\t" #else - "eors %[s1], %[x], %[y] \n\t" + "eors %[s1], %[x], %[y] \n\t" #endif - "subs %[x], %[x], %[y] \n\t" - "bics %[x], %[x], %[s1] \n\t" - "ands %[y], %[s1], %[y] \n\t" - "orrs %[x], %[x], %[y] \n\t" - "asrs %[x], %[x], #31 \n\t" + "subs %[x], %[x], %[y] \n\t" + "bics %[x], %[x], %[s1] \n\t" + "ands %[y], %[s1], %[y] \n\t" + "orrs %[x], %[x], %[y] \n\t" + "asrs %[x], %[x], #31 \n\t" RESTORE_ASM_SYNTAX - : [s1] "=&l" (s1), [x] "+&l" (x), [y] "+&l" (y) + : + [s1] "=&l" (s1), + [x] "+&l" (x), + [y] "+&l" (y) : : "cc" From d44dd961323f3e15e1e0b8978ff91b5cbfd117f3 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 9 Aug 2023 14:10:14 +0100 Subject: [PATCH 178/350] Improve docs re duplicate declarations Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 054c71fabe..ab32deee9f 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -1,15 +1,6 @@ /** * Constant-time functions * - * For readability, the static inline definitions are here, and - * constant_time_internal.h has only the declarations. - * - * This results in duplicate declarations of the form: - * static inline void f() { ... } - * static inline void f(); - * when constant_time_internal.h is included. This appears to behave - * exactly as if the declaration-without-definition was not present. - * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 * @@ -37,11 +28,20 @@ #include "mbedtls/bignum.h" #endif -/* constant_time_impl.h contains all the static inline implementations, - * so that constant_time_internal.h is more readable. +/* + * To improve readability of constant_time_internal.h, the static inline + * definitions are here, and constant_time_internal.h has only the declarations. * - * gcc generates warnings about duplicate declarations, so disable this - * warning. + * This results in duplicate declarations of the form: + * static inline void f(); // from constant_time_internal.h + * static inline void f() { ... } // from constant_time_impl.h + * when constant_time_internal.h is included. + * + * This appears to behave as if the declaration-without-definition was not present + * (except for warnings if gcc -Wredundant-decls or similar is used). + * + * Disable -Wredundant-decls so that gcc does not warn about this. This is re-enabled + * at the bottom of this file. */ #ifdef __GNUC__ #pragma GCC diagnostic push @@ -531,6 +531,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_bool_not(mbedtls_ct_condition_t } #ifdef __GNUC__ +/* Restore warnings for -Wredundant-decls on gcc */ #pragma GCC diagnostic pop #endif From b69239c604034ccd28971236b423d152c45d5727 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 9 Aug 2023 14:53:18 +0100 Subject: [PATCH 179/350] Improve docs in mbedtls_mpi_lt_mpi_ct Signed-off-by: Dave Rodgman --- library/bignum.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 0a0022cd37..61353ca53d 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -72,7 +72,7 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, } /* - * Set sign_N to 1 if N >= 0, 0 if N < 0. + * Set N_is_negative to MBEDTLS_CT_FALSE if N >= 0, MBEDTLS_CT_TRUE if N < 0. * We know that N->s == 1 if N >= 0 and N->s == -1 if N < 0. */ X_is_negative = mbedtls_ct_bool((X->s & 2) >> 1); @@ -83,7 +83,7 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X, * That is if X is negative (X_is_negative == 1), then X < Y is true and it * is false if X is positive (X_is_negative == 0). */ - different_sign = mbedtls_ct_bool_xor(X_is_negative, Y_is_negative); // non-zero if different sign + different_sign = mbedtls_ct_bool_xor(X_is_negative, Y_is_negative); // true if different sign result = mbedtls_ct_bool_and(different_sign, X_is_negative); /* From 6d5261e38fa977bb579cf556726a87fd91fb4cd8 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 9 Aug 2023 14:57:25 +0100 Subject: [PATCH 180/350] Fix typo in doxygen for mbedtls_ct_memcpy_offset Signed-off-by: Dave Rodgman --- library/constant_time_internal.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index 44b74aec63..ec9f25a993 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -455,8 +455,8 @@ void mbedtls_ct_memcpy_if(mbedtls_ct_condition_t condition, * * memcpy(dst, src + offset, len) * - * This function copies \p len bytes from \p src_base + \p offset to \p - * dst, with a code flow and memory access pattern that does not depend on + * This function copies \p len bytes from \p src + \p offset to + * \p dst, with a code flow and memory access pattern that does not depend on * \p offset, but only on \p offset_min, \p offset_max and \p len. * * \note This function reads from \p dest, but the value that From e97de40e7b952038a5e3ce53c2640b4710137c4b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 29 Aug 2023 09:47:35 +0100 Subject: [PATCH 181/350] Typo fix Signed-off-by: Dave Rodgman --- library/constant_time_internal.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h index ec9f25a993..ff7ccc17b7 100644 --- a/library/constant_time_internal.h +++ b/library/constant_time_internal.h @@ -47,7 +47,7 @@ * These are all named mbedtls_ct__if and mbedtls_ct__if_else_0 * All arguments are considered secret. * example: size_t a = x ? b : c => a = mbedtls_ct_size_if(x, b, c) - * example: unsigned a = x ? b : 0 => a = mbedtls_ct_uint__if_else_0(x, b) + * example: unsigned a = x ? b : 0 => a = mbedtls_ct_uint_if_else_0(x, b) * * - block memory operations * Only some arguments are considered secret, as documented for each From 2fde99962de3a092cc8d7bf2d78e6f216666fd09 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 09:48:39 +0100 Subject: [PATCH 182/350] Improve directory coverage in PSA repo detection Check for the 'drivers' and 'programs' directories additionally to the ones that are already there. Signed-off-by: David Horstmann --- scripts/mbedtls_dev/build_tree.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/build_tree.py b/scripts/mbedtls_dev/build_tree.py index 864085748f..b48a277112 100644 --- a/scripts/mbedtls_dev/build_tree.py +++ b/scripts/mbedtls_dev/build_tree.py @@ -22,7 +22,7 @@ import inspect def looks_like_psa_crypto_root(path: str) -> bool: """Whether the given directory looks like the root of the PSA Crypto source tree.""" return all(os.path.isdir(os.path.join(path, subdir)) - for subdir in ['include', 'core', 'tests']) + for subdir in ['include', 'core', 'drivers', 'programs', 'tests']) def looks_like_mbedtls_root(path: str) -> bool: """Whether the given directory looks like the root of the Mbed TLS source tree.""" From d02b5f8f564a39af2c6f98f313a28ac71513406f Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 09:53:52 +0100 Subject: [PATCH 183/350] Separate directory discernment into 2 functions Have separate in_mbedtls_repo() and in_psa_crypto_repo() functions Signed-off-by: David Horstmann --- tests/scripts/all.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 33bad39874..36a20b3092 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -124,7 +124,11 @@ set -e -o pipefail -u shopt -s extglob in_mbedtls_repo () { - test ! -d core + test -d include -a -d library -a -d programs -a -d tests +} + +in_psa_crypto_repo () { + test -d include -a -d core -a -d drivers -a -d programs -a -d tests } pre_check_environment () { From 58cf7c6c38556d8780ae6bbf6f4baf5091634f30 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 10:15:05 +0100 Subject: [PATCH 184/350] Use repo detection functions at start of all.sh Signed-off-by: David Horstmann --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 36a20b3092..b9ff1fb56f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -132,7 +132,7 @@ in_psa_crypto_repo () { } pre_check_environment () { - if [ \( -d library -o -d core \) -a -d include -a -d tests ]; then :; else + if in_mbedtls_repo || in_psa_crypto_repo; then :; else echo "Must be run from Mbed TLS root" >&2 exit 1 fi From 98af198a3043c616c490da70b1d0f3c157f029ba Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 10:25:26 +0100 Subject: [PATCH 185/350] Correctly detect presence of the built library Use the repo-specific test not just the Mbed TLS specific one. Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 46d476360a..ea171cb01b 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -60,7 +60,13 @@ def main(library_build_dir: str): in_psa_crypto_repo = build_tree.looks_like_psa_crypto_root(mbedtls_dir) - if not os.path.exists(library_build_dir + '/library/libmbedcrypto.a'): + if in_psa_crypto_repo: + crypto_lib_filename = \ + library_build_dir + '/core/libpsacrypto.a' + else: + crypto_lib_filename = library_build_dir + '/library/libmbedcrypto.a' + + if not os.path.exists(crypto_lib_filename): subprocess.check_call([ 'cmake', '.', '-GUnix Makefiles', @@ -86,12 +92,6 @@ def main(library_build_dir: str): os.mkdir(build_dir) os.chdir(build_dir) - if in_psa_crypto_repo: - crypto_lib_filename = \ - library_build_dir + '/core/libpsacrypto.a' - else: - crypto_lib_filename = library_build_dir + '/library/libmbedcrypto.a' - extra_includes = (';{}/drivers/builtin/include'.format(mbedtls_dir) if in_psa_crypto_repo else '') From f757069269e736e557ebbe065bdd81c0196dcc7c Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 10:27:13 +0100 Subject: [PATCH 186/350] Rename 'mbedtls_dir' -> 'root_dir' This makes it more repo-agnostic Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index ea171cb01b..e34940f816 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -56,9 +56,9 @@ PSA_ARCH_TESTS_REF = 'fix-pr-5736' #pylint: disable=too-many-branches,too-many-statements,too-many-locals def main(library_build_dir: str): - mbedtls_dir = os.getcwd() + root_dir = os.getcwd() - in_psa_crypto_repo = build_tree.looks_like_psa_crypto_root(mbedtls_dir) + in_psa_crypto_repo = build_tree.looks_like_psa_crypto_root(root_dir) if in_psa_crypto_repo: crypto_lib_filename = \ @@ -92,7 +92,7 @@ def main(library_build_dir: str): os.mkdir(build_dir) os.chdir(build_dir) - extra_includes = (';{}/drivers/builtin/include'.format(mbedtls_dir) + extra_includes = (';{}/drivers/builtin/include'.format(root_dir) if in_psa_crypto_repo else '') #pylint: disable=bad-continuation @@ -102,9 +102,9 @@ def main(library_build_dir: str): '-DTARGET=tgt_dev_apis_stdc', '-DTOOLCHAIN=HOST_GCC', '-DSUITE=CRYPTO', - '-DPSA_CRYPTO_LIB_FILENAME={}/{}'.format(mbedtls_dir, + '-DPSA_CRYPTO_LIB_FILENAME={}/{}'.format(root_dir, crypto_lib_filename), - ('-DPSA_INCLUDE_PATHS={}/include' + extra_includes).format(mbedtls_dir) + ('-DPSA_INCLUDE_PATHS={}/include' + extra_includes).format(root_dir) ]) subprocess.check_call(['cmake', '--build', '.']) @@ -158,7 +158,7 @@ def main(library_build_dir: str): print('SUCCESS') return 0 finally: - os.chdir(mbedtls_dir) + os.chdir(root_dir) if __name__ == '__main__': # Default build directory From 3b8984af5c055e14292b48a21e4dd89e4b041740 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 10:32:26 +0100 Subject: [PATCH 187/350] Remove or qualify references to Mbed TLS Either remove exclusive references to Mbed TLS or accompany them with references to "PSA Crypto". Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index e34940f816..c31722392b 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -1,10 +1,10 @@ #!/usr/bin/env python3 """Run the PSA Crypto API compliance test suite. Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF, -then compile and run the test suite. The clone is stored at /psa-arch-tests. -Known defects in either the test suite or mbedtls - identified by their test number - are ignored, -while unexpected failures AND successes are reported as errors, -to help keep the list of known defects as up to date as possible. +then compile and run the test suite. The clone is stored at /psa-arch-tests. +Known defects in either the test suite or mbedtls / psa-crypto - identified by their test +number - are ignored, while unexpected failures AND successes are reported as errors, to help +keep the list of known defects as up to date as possible. """ # Copyright The Mbed TLS Contributors @@ -33,7 +33,8 @@ import sys import scripts_path from mbedtls_dev import build_tree -# PSA Compliance tests we expect to fail due to known defects in Mbed TLS (or the test suite) +# PSA Compliance tests we expect to fail due to known defects in Mbed TLS / PSA Crypto +# (or the test suite). # The test numbers correspond to the numbers used by the console output of the test suite. # Test number 2xx corresponds to the files in the folder # psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx @@ -162,11 +163,11 @@ def main(library_build_dir: str): if __name__ == '__main__': # Default build directory - library_build_dir = 'mbedtls_out_of_source_build' + library_build_dir = 'out_of_source_build' parser = argparse.ArgumentParser() parser.add_argument('--build-dir', nargs=1, - help='path to Mbed TLS build directory') + help='path to Mbed TLS / PSA Crypto build directory') args = parser.parse_args() if args.build_dir is not None: From 2ba89bece60aed72a1409fe59d1585367bcb4424 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 10:37:29 +0100 Subject: [PATCH 188/350] Disable pylint error in CMake command Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index c31722392b..8102a88aae 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -68,6 +68,7 @@ def main(library_build_dir: str): crypto_lib_filename = library_build_dir + '/library/libmbedcrypto.a' if not os.path.exists(crypto_lib_filename): + #pylint: disable=bad-continuation subprocess.check_call([ 'cmake', '.', '-GUnix Makefiles', From c69074dcf6415e0fa07c9f13302efb298a45d093 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 13:46:11 +0100 Subject: [PATCH 189/350] Tidy up reference to Mbed TLS in help message Signed-off-by: David Horstmann --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b9ff1fb56f..0abbcf5c63 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -133,7 +133,7 @@ in_psa_crypto_repo () { pre_check_environment () { if in_mbedtls_repo || in_psa_crypto_repo; then :; else - echo "Must be run from Mbed TLS root" >&2 + echo "Must be run from Mbed TLS / psa-crypto root" >&2 exit 1 fi } From beaee2604f2deb449c509e01c55033030022822c Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 13:56:17 +0100 Subject: [PATCH 190/350] Test PSA compliance: Build only the crypto target Use CMake's -t option to build only the crypto target. Parameterize the crypto target to have the right name depending on whether this is Mbed TLS or PSA Crypto. Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 8102a88aae..4ba98dceb2 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -62,10 +62,15 @@ def main(library_build_dir: str): in_psa_crypto_repo = build_tree.looks_like_psa_crypto_root(root_dir) if in_psa_crypto_repo: - crypto_lib_filename = \ - library_build_dir + '/core/libpsacrypto.a' + crypto_name = 'psacrypto' + library_subdir = 'core' else: - crypto_lib_filename = library_build_dir + '/library/libmbedcrypto.a' + crypto_name = 'mbedcrypto' + library_subdir = 'library' + + crypto_lib_filename = (library_build_dir + '/' + + library_subdir + '/' + + 'lib' + crypto_name + '.a') if not os.path.exists(crypto_lib_filename): #pylint: disable=bad-continuation @@ -74,7 +79,8 @@ def main(library_build_dir: str): '-GUnix Makefiles', '-B', library_build_dir ]) - subprocess.check_call(['cmake', '--build', library_build_dir]) + subprocess.check_call(['cmake', '--build', library_build_dir, + '-t', crypto_name]) psa_arch_tests_dir = 'psa-arch-tests' os.makedirs(psa_arch_tests_dir, exist_ok=True) From b48822c8165a80a456b2afa9fa242c4c1ebc7e77 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 14:12:53 +0100 Subject: [PATCH 191/350] Appease pylint by renaming variables Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 4ba98dceb2..5df479df6a 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -169,8 +169,7 @@ def main(library_build_dir: str): os.chdir(root_dir) if __name__ == '__main__': - # Default build directory - library_build_dir = 'out_of_source_build' + BUILD_DIR = 'out_of_source_build' parser = argparse.ArgumentParser() parser.add_argument('--build-dir', nargs=1, @@ -178,6 +177,6 @@ if __name__ == '__main__': args = parser.parse_args() if args.build_dir is not None: - library_build_dir = args.build_dir[0] + BUILD_DIR = args.build_dir[0] - sys.exit(main(library_build_dir)) + sys.exit(main(BUILD_DIR)) From 787011542bafd1c9cab2e95a0a04b0eee5eb2481 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 29 Aug 2023 14:20:18 +0100 Subject: [PATCH 192/350] Fully replace mbedtls_psa_safer_memcmp Signed-off-by: Dave Rodgman --- library/psa_crypto.c | 7 ++++--- library/psa_crypto_core.h | 14 -------------- library/psa_crypto_mac.c | 3 ++- .../psa_crypto_driver_wrappers.c.jinja | 3 ++- 4 files changed, 8 insertions(+), 19 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 94139afaa4..9582f1933a 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -64,6 +64,7 @@ #include "mbedtls/cipher.h" #include "mbedtls/ccm.h" #include "mbedtls/cmac.h" +#include "mbedtls/constant_time.h" #include "mbedtls/des.h" #include "mbedtls/ecdh.h" #include "mbedtls/ecp.h" @@ -2420,7 +2421,7 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation, goto exit; } - if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) { + if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) { status = PSA_ERROR_INVALID_SIGNATURE; } @@ -2469,7 +2470,7 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg, status = PSA_ERROR_INVALID_SIGNATURE; goto exit; } - if (mbedtls_psa_safer_memcmp(hash, actual_hash, actual_hash_length) != 0) { + if (mbedtls_ct_memcmp(hash, actual_hash, actual_hash_length) != 0) { status = PSA_ERROR_INVALID_SIGNATURE; } @@ -2851,7 +2852,7 @@ psa_status_t psa_mac_verify(mbedtls_svc_key_id_t key, status = PSA_ERROR_INVALID_SIGNATURE; goto exit; } - if (mbedtls_psa_safer_memcmp(mac, actual_mac, actual_mac_length) != 0) { + if (mbedtls_ct_memcmp(mac, actual_mac, actual_mac_length) != 0) { status = PSA_ERROR_INVALID_SIGNATURE; goto exit; } diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 6d44768443..4e28f30803 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -40,20 +40,6 @@ */ int psa_can_do_hash(psa_algorithm_t hash_alg); -/** Constant-time buffer comparison - * - * \param[in] a Left-hand buffer for comparison. - * \param[in] b Right-hand buffer for comparison. - * \param n Amount of bytes to compare. - * - * \return 0 if the buffer contents are equal, non-zero otherwise - */ -static inline int mbedtls_psa_safer_memcmp( - const uint8_t *a, const uint8_t *b, size_t n) -{ - return mbedtls_ct_memcmp(a, b, n); -} - /** The data structure representing a key slot, containing key material * and metadata for one key. */ diff --git a/library/psa_crypto_mac.c b/library/psa_crypto_mac.c index 07f123ee05..2f2c51dce5 100644 --- a/library/psa_crypto_mac.c +++ b/library/psa_crypto_mac.c @@ -29,6 +29,7 @@ #include #include +#include "mbedtls/constant_time.h" #include #if defined(MBEDTLS_PSA_BUILTIN_ALG_HMAC) @@ -453,7 +454,7 @@ psa_status_t mbedtls_psa_mac_verify_finish( goto cleanup; } - if (mbedtls_psa_safer_memcmp(mac, actual_mac, mac_length) != 0) { + if (mbedtls_ct_memcmp(mac, actual_mac, mac_length) != 0) { status = PSA_ERROR_INVALID_SIGNATURE; } diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 3ecd74d7c5..1b52066259 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -32,6 +32,7 @@ #include "psa_crypto_rsa.h" #include "mbedtls/platform.h" +#include "mbedtls/constant_time.h" /* END-common headers */ #if defined(MBEDTLS_PSA_CRYPTO_C) @@ -2253,7 +2254,7 @@ psa_status_t psa_driver_wrapper_aead_verify( if( status == PSA_SUCCESS ) { if( tag_length != check_tag_length || - mbedtls_psa_safer_memcmp( tag, check_tag, tag_length ) + mbedtls_ct_memcmp( tag, check_tag, tag_length ) != 0 ) status = PSA_ERROR_INVALID_SIGNATURE; } From 41c316d3b235b957dae0684ac7b60c421fac0a7b Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 14:57:23 +0100 Subject: [PATCH 193/350] Move -B switch into a single argument This will prevent CMake from mistaking the build directory for the source directory Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 5df479df6a..4008a5cd95 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -77,7 +77,7 @@ def main(library_build_dir: str): subprocess.check_call([ 'cmake', '.', '-GUnix Makefiles', - '-B', library_build_dir + '-B' + library_build_dir ]) subprocess.check_call(['cmake', '--build', library_build_dir, '-t', crypto_name]) From fd9264e65b61cd814388a6328828052e7cf595cf Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 16:21:15 +0100 Subject: [PATCH 194/350] Fix pylint errors Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 4008a5cd95..a43428e877 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -125,8 +125,11 @@ def main(library_build_dir: str): ) test = -1 unexpected_successes = set(EXPECTED_FAILURES) - expected_failures = [] - unexpected_failures = [] + expected_failures = [] # type: List[int] + unexpected_failures = [] # type: List[int] + if proc.stdout is None: + return 1 + for line in proc.stdout: print(line, end='') match = test_re.match(line) From 9cc6b2f446cf789c9e7ff14da417482c456e0fcb Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 17:36:35 +0100 Subject: [PATCH 195/350] Add missing import in test_psa_compliance.py Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index a43428e877..53349b3862 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -28,6 +28,7 @@ import re import shutil import subprocess import sys +from typing import List #pylint: disable=unused-import import scripts_path From 33e1f42307e8cc761c425126463ca8d117e9495e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 29 Aug 2023 18:17:29 +0100 Subject: [PATCH 196/350] Fix use of mbedtls_psa_safer_memcmp in test code Signed-off-by: Dave Rodgman --- tests/src/drivers/test_driver_aead.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 8eb5547f47..6dadf5282b 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -25,6 +25,8 @@ #include "test/drivers/aead.h" +#include "mbedtls/constant_time.h" + #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) #include "libtestdriver1/library/psa_crypto_aead.h" #endif @@ -431,7 +433,7 @@ psa_status_t mbedtls_test_transparent_aead_verify( if (mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS) { if (tag_length != check_tag_length || - mbedtls_psa_safer_memcmp(tag, check_tag, tag_length) + mbedtls_ct_memcmp(tag, check_tag, tag_length) != 0) { mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_INVALID_SIGNATURE; From 3ed1871920b07450e47376386218e25b21c3c790 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Tue, 29 Aug 2023 18:20:01 +0100 Subject: [PATCH 197/350] Disable pylint error for non-uppercase names Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 53349b3862..47caa05dad 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -175,6 +175,7 @@ def main(library_build_dir: str): if __name__ == '__main__': BUILD_DIR = 'out_of_source_build' + # pylint: disable=invalid-name parser = argparse.ArgumentParser() parser.add_argument('--build-dir', nargs=1, help='path to Mbed TLS / PSA Crypto build directory') From 8f3ec8ec9de9ebcca2781e3923f7a103f4169eee Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 30 Aug 2023 09:46:20 +0100 Subject: [PATCH 198/350] Use '--target' instead of shortened '-t' This enables compatibility with older versions of CMake that do not have the abbreviated switch. Signed-off-by: David Horstmann --- tests/scripts/test_psa_compliance.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 47caa05dad..359043620b 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -81,7 +81,7 @@ def main(library_build_dir: str): '-B' + library_build_dir ]) subprocess.check_call(['cmake', '--build', library_build_dir, - '-t', crypto_name]) + '--target', crypto_name]) psa_arch_tests_dir = 'psa-arch-tests' os.makedirs(psa_arch_tests_dir, exist_ok=True) From 63f0abe2265ab12e31affcacc30c5658fb38ffc1 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Wed, 30 Aug 2023 18:31:35 +0800 Subject: [PATCH 199/350] check_test_cases: add a comment to explain idx in walk_compat_sh Signed-off-by: Yanray Wang --- tests/scripts/check_test_cases.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 2692371ab8..1395d4d901 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -120,6 +120,8 @@ state may override this method. # Assume compat.sh is responsible for printing identical format of # test case description between --list-test-case and its OUTCOME.CSV description = compat_output.strip().split(b'\n') + # idx indicates the number of test case since there is no line number + # in `compat.sh` for each test case. for idx, descrip in enumerate(description): self.process_test_case(descriptions, file_name, idx, descrip) From 22ec2aefa9745c39a0d1c730fa85e74b5cde3bcc Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Wed, 30 Aug 2023 15:34:34 +0100 Subject: [PATCH 200/350] Fix unnecessary header prefixes in tests Remove unnecessary "../library" prefix from test suite includes. This makes the tests repo-agnostic between the mbedtls and psa-crypto repos. Signed-off-by: David Horstmann --- tests/suites/test_suite_common.function | 2 +- tests/suites/test_suite_psa_its.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_common.function b/tests/suites/test_suite_common.function index a583e46043..5c5700c25b 100644 --- a/tests/suites/test_suite_common.function +++ b/tests/suites/test_suite_common.function @@ -1,5 +1,5 @@ /* BEGIN_HEADER */ -#include "../library/common.h" +#include "common.h" void fill_arrays(unsigned char *a, unsigned char *b, unsigned char *r1, unsigned char *r2, size_t n) { diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function index cb11f189a3..0f66c79517 100644 --- a/tests/suites/test_suite_psa_its.function +++ b/tests/suites/test_suite_psa_its.function @@ -10,7 +10,7 @@ * before changing how test data is constructed or validated. */ -#include "../library/psa_crypto_its.h" +#include "psa_crypto_its.h" #include "test/psa_helpers.h" From ef6abd4062c3d51531a182b5f1ca55f4606c169d Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 30 Aug 2023 15:49:24 +0100 Subject: [PATCH 201/350] Add blank lines after variable declarations Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/x509_create.c b/library/x509_create.c index 91957cc733..9fdd48305b 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -158,6 +158,7 @@ static int parse_attribute_value_string(const char *s, int hexpair = 0; unsigned char *d = data; int n; + while (c < end) { if (*c == '\\') { c++; @@ -202,6 +203,7 @@ static int parse_attribute_value_der_encoded(const char *s, unsigned char *p; unsigned char *d = data; int n; + /* Converting from hexstring to raw binary so we can use asn1parse.c*/ if ((len < 5) || (*c != '#')) { return MBEDTLS_ERR_X509_INVALID_NAME; From e9d1c8e1ebd11cce154d357d85bfebe92c5d451c Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 30 Aug 2023 15:50:12 +0100 Subject: [PATCH 202/350] Reword and reformat comments Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 9fdd48305b..4c982d1f4f 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -163,7 +163,7 @@ static int parse_attribute_value_string(const char *s, if (*c == '\\') { c++; - /* Check for valid escaped characters in RFC 4514 in Section 3*/ + /* Check for valid escaped characters as per RFC 4514 Section 3 */ if (c + 1 < end && (n = hexpair_to_int(*c, *(c+1))) != -1) { if (n == 0) { return MBEDTLS_ERR_X509_INVALID_NAME; @@ -204,7 +204,7 @@ static int parse_attribute_value_der_encoded(const char *s, unsigned char *d = data; int n; - /* Converting from hexstring to raw binary so we can use asn1parse.c*/ + /* Converting from hexstring to raw binary so we can use asn1parse.c */ if ((len < 5) || (*c != '#')) { return MBEDTLS_ERR_X509_INVALID_NAME; } From 1aece47e8ccf5db290b24e0ccb5459e7279247f2 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 30 Aug 2023 16:04:16 +0100 Subject: [PATCH 203/350] Make hexpair_to_int take a char pointer Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 4c982d1f4f..b83fcd9e08 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -137,10 +137,11 @@ static int hex_to_int(char c) ('A' <= c && c <= 'F') ? (c - 'A' + 10) : -1; } -static int hexpair_to_int(char c1, char c2) +static int hexpair_to_int(const char *hexpair) { - int n1 = hex_to_int(c1); - int n2 = hex_to_int(c2); + int n1 = hex_to_int(*hexpair); + int n2 = hex_to_int(*(hexpair + 1)); + if (n1 != -1 && n2 != -1) { return (n1 << 4) | n2; } else { @@ -164,7 +165,7 @@ static int parse_attribute_value_string(const char *s, c++; /* Check for valid escaped characters as per RFC 4514 Section 3 */ - if (c + 1 < end && (n = hexpair_to_int(*c, *(c+1))) != -1) { + if (c + 1 < end && (n = hexpair_to_int(c)) != -1) { if (n == 0) { return MBEDTLS_ERR_X509_INVALID_NAME; } @@ -209,13 +210,13 @@ static int parse_attribute_value_der_encoded(const char *s, return MBEDTLS_ERR_X509_INVALID_NAME; } c++; - if ((*tag = hexpair_to_int(*c, *(c+1))) == -1) { + if ((*tag = hexpair_to_int(c)) == -1) { return MBEDTLS_ERR_X509_INVALID_NAME; } c += 2; p = asn1_der_buf; for (p = asn1_der_buf; c < end; c += 2) { - if ((c + 1 >= end) || (n = hexpair_to_int(*c, *(c+1))) == -1) { + if ((c + 1 >= end) || (n = hexpair_to_int(c)) == -1) { return MBEDTLS_ERR_X509_INVALID_NAME; } if (MBEDTLS_ASN1_IS_STRING_TAG(*tag) && n == 0) { From de02ee268ea0a884f4796acbcc2b6abb9a46d1cd Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 30 Aug 2023 16:12:57 +0100 Subject: [PATCH 204/350] Refactor parse_attribute_value_string Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index b83fcd9e08..307e8be4ce 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -141,7 +141,7 @@ static int hexpair_to_int(const char *hexpair) { int n1 = hex_to_int(*hexpair); int n2 = hex_to_int(*(hexpair + 1)); - + if (n1 != -1 && n2 != -1) { return (n1 << 4) | n2; } else { @@ -154,13 +154,12 @@ static int parse_attribute_value_string(const char *s, unsigned char *data, size_t *data_len) { - const char *c = s; - const char *end = c + len; - int hexpair = 0; + const char *c; + const char *end = s + len; unsigned char *d = data; int n; - while (c < end) { + for (c = s; c < end; c++) { if (*c == '\\') { c++; @@ -169,22 +168,19 @@ static int parse_attribute_value_string(const char *s, if (n == 0) { return MBEDTLS_ERR_X509_INVALID_NAME; } - hexpair = 1; *(d++) = n; c++; + continue; } else if (c == end || !strchr(" ,=+<>#;\"\\", *c)) { return MBEDTLS_ERR_X509_INVALID_NAME; } } - if (!hexpair) { - *(d++) = *c; - } + + *(d++) = *c; + if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) { return MBEDTLS_ERR_X509_INVALID_NAME; } - - hexpair = 0; - c++; } *data_len = d - data; return 0; From 52af0d08b4c1a3bc254bbcf2380f1b6e04b28317 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 30 Aug 2023 16:22:54 +0100 Subject: [PATCH 205/350] Fix unsafe behaviour in MBEDTLS_ASN1_IS_STRING_TAG Signed-off-by: Agathiyan Bragadeesh --- include/mbedtls/asn1.h | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 4eabea0435..3242699e72 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -96,14 +96,14 @@ /* Slightly smaller way to check if tag is a string tag * compared to canonical implementation. */ -#define MBEDTLS_ASN1_IS_STRING_TAG(tag) \ - ((tag) < 32 && ( \ - ((1 << (tag)) & ((1 << MBEDTLS_ASN1_BMP_STRING) | \ - (1 << MBEDTLS_ASN1_UTF8_STRING) | \ - (1 << MBEDTLS_ASN1_T61_STRING) | \ - (1 << MBEDTLS_ASN1_IA5_STRING) | \ - (1 << MBEDTLS_ASN1_UNIVERSAL_STRING) | \ - (1 << MBEDTLS_ASN1_PRINTABLE_STRING))) != 0)) +#define MBEDTLS_ASN1_IS_STRING_TAG(tag) \ + ((unsigned int) (tag) < 32u && ( \ + ((1u << (tag)) & ((1u << MBEDTLS_ASN1_BMP_STRING) | \ + (1u << MBEDTLS_ASN1_UTF8_STRING) | \ + (1u << MBEDTLS_ASN1_T61_STRING) | \ + (1u << MBEDTLS_ASN1_IA5_STRING) | \ + (1u << MBEDTLS_ASN1_UNIVERSAL_STRING) | \ + (1u << MBEDTLS_ASN1_PRINTABLE_STRING))) != 0)) /* * Bit masks for each of the components of an ASN.1 tag as specified in From a2423debcc7175a0e5450ced386283276e95ea1a Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Wed, 30 Aug 2023 16:24:31 +0100 Subject: [PATCH 206/350] Fix code style Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 307e8be4ce..1da1587878 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -158,7 +158,7 @@ static int parse_attribute_value_string(const char *s, const char *end = s + len; unsigned char *d = data; int n; - + for (c = s; c < end; c++) { if (*c == '\\') { c++; @@ -175,9 +175,9 @@ static int parse_attribute_value_string(const char *s, return MBEDTLS_ERR_X509_INVALID_NAME; } } - + *(d++) = *c; - + if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) { return MBEDTLS_ERR_X509_INVALID_NAME; } @@ -200,7 +200,7 @@ static int parse_attribute_value_der_encoded(const char *s, unsigned char *p; unsigned char *d = data; int n; - + /* Converting from hexstring to raw binary so we can use asn1parse.c */ if ((len < 5) || (*c != '#')) { return MBEDTLS_ERR_X509_INVALID_NAME; From 240240dfae0db2c95683bd1fdc262435ce4a4908 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 30 Aug 2023 17:59:42 +0100 Subject: [PATCH 207/350] Regenerate coverity scan token On the advice of travis support, try regenerating the coverity scan token to see if that fixes the connection to coverity scan Signed-off-by: Paul Elliott --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 719654c0af..f411ec38a4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -171,7 +171,7 @@ after_failure: env: global: - SEED=1 - - secure: "JECCru6HASpKZ0OLfHh8f/KXhKkdrCwjquZghd/qbA4ksxsWImjR7KEPERcaPndXEilzhDbKwuFvJiQX2duVgTGoq745YGhLZIjzo1i8tySkceCVd48P8WceYGz+F/bmY7r+m6fFNuxDSoGGSVeA4Lnjvmm8PFUP45YodDV9no4=" + - secure: "GF/Fde5fkm15T/RNykrjrPV5Uh1KJ70cP308igL6Xkk3eJmqkkmWCe9JqRH12J3TeWw2fu9PYPHt6iFSg6jasgqysfUyg+W03knRT5QNn3h5eHgt36cQJiJr6t3whPrRaiM6U9omE0evm+c0cAwlkA3GGSMw8Z+na4EnKI6OFCo=" install: - $PYTHON scripts/min_requirements.py From dbddb0015870f1ff68bdba246be7a93763fb9460 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 30 Aug 2023 18:43:23 +0100 Subject: [PATCH 208/350] Ensure mbedtls_sha3_finish zeroizes the context Signed-off-by: Dave Rodgman --- library/sha3.c | 11 +++++++++-- tests/suites/test_suite_shax.function | 5 ++++- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/library/sha3.c b/library/sha3.c index 4b97a85c5f..982550419b 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -259,10 +259,13 @@ int mbedtls_sha3_update(mbedtls_sha3_context *ctx, int mbedtls_sha3_finish(mbedtls_sha3_context *ctx, uint8_t *output, size_t olen) { + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + /* Catch SHA-3 families, with fixed output length */ if (ctx->olen > 0) { if (ctx->olen > olen) { - return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; + ret = MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; + goto exit; } olen = ctx->olen; } @@ -280,7 +283,11 @@ int mbedtls_sha3_finish(mbedtls_sha3_context *ctx, } } - return 0; + ret = 0; + +exit: + mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha3_context)); + return ret; } /* diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 7dd9166658..629e281008 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -176,9 +176,12 @@ void sha3_invalid_param() TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_NONE), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA); TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0); - TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 0), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA); + + TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0); TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 31), MBEDTLS_ERR_SHA3_BAD_INPUT_DATA); + + TEST_EQUAL(mbedtls_sha3_starts(&ctx, MBEDTLS_SHA3_256), 0); TEST_EQUAL(mbedtls_sha3_finish(&ctx, output, 32), 0); exit: From 984309c2c3c5ce5277ba9c349148ac4e2e0093fc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 30 Aug 2023 19:22:28 +0100 Subject: [PATCH 209/350] Call mbedtls_platform_zeroize via mbedtls_sha3_free Signed-off-by: Dave Rodgman --- library/sha3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/sha3.c b/library/sha3.c index 982550419b..dca5790484 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -286,7 +286,7 @@ int mbedtls_sha3_finish(mbedtls_sha3_context *ctx, ret = 0; exit: - mbedtls_platform_zeroize(ctx, sizeof(mbedtls_sha3_context)); + mbedtls_sha3_free(ctx); return ret; } From 7990a3296df24a1f7bb8875005d78495c7e0076c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 22 Aug 2023 17:27:00 +0200 Subject: [PATCH 210/350] Explain the story about cryptography version requirements Signed-off-by: Gilles Peskine --- scripts/ci.requirements.txt | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/ci.requirements.txt b/scripts/ci.requirements.txt index ac9c25acf4..7dbcfe8e05 100644 --- a/scripts/ci.requirements.txt +++ b/scripts/ci.requirements.txt @@ -11,7 +11,10 @@ pylint == 2.4.4 # See https://github.com/Mbed-TLS/mbedtls/pull/3953 . mypy >= 0.780 -# Install cryptography to avoid import-error reported by pylint. -# What we really need is cryptography >= 35.0.0, which is only -# available for Python >= 3.6. +# At the time of writing, only needed for tests/scripts/audit-validity-dates.py. +# It needs >=35.0.0 for correct operation, and that requires Python >=3.6, +# but our CI has Python 3.5. So let pip install the newest version that's +# compatible with the running Python: this way we get something good enough +# for mypy and pylint under Python 3.5, and we also get something good enough +# to run audit-validity-dates.py on Python >=3.6. cryptography # >= 35.0.0 From 68efcf56ed0c2f63ab41322a861dbf8aad51c85d Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 31 Aug 2023 10:09:05 +0100 Subject: [PATCH 211/350] Remove not-needed #include Signed-off-by: Dave Rodgman --- library/psa_crypto_core.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 4e28f30803..2b4afd7e1d 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -21,8 +21,6 @@ #ifndef PSA_CRYPTO_CORE_H #define PSA_CRYPTO_CORE_H -#include "mbedtls/constant_time.h" - #include "mbedtls/build_info.h" #include "psa/crypto.h" From 09a9e589c154c8e8f93d85c04040d15fea8f3498 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 31 Aug 2023 11:05:22 +0100 Subject: [PATCH 212/350] Add missing error conversion case Signed-off-by: Dave Rodgman --- library/psa_crypto.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9582f1933a..028bdaaafb 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -157,6 +157,8 @@ psa_status_t mbedtls_to_psa_error(int ret) case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: return PSA_ERROR_NOT_SUPPORTED; + case MBEDTLS_ERR_AES_BAD_INPUT_DATA: + return PSA_ERROR_INVALID_ARGUMENT; #endif #if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_ASN1_WRITE_C) From 8d706f6b59b6d987c0c3722b46c81401d1890a7b Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 31 Aug 2023 11:48:44 +0100 Subject: [PATCH 213/350] Simplify camellia error conversion macros Signed-off-by: Dave Rodgman --- library/psa_crypto.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 028bdaaafb..2b6c8d42cb 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -175,9 +175,7 @@ psa_status_t mbedtls_to_psa_error(int ret) #endif #if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA) case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA: -#endif case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH: return PSA_ERROR_NOT_SUPPORTED; #endif From dea266f3f584ca06deda83c557074f7223c118f7 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 31 Aug 2023 11:52:43 +0100 Subject: [PATCH 214/350] Use MBEDTLS_MD_LIGHT instead of MBEDTLS_MD_C Signed-off-by: Dave Rodgman --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 2b6c8d42cb..959b94536e 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -261,7 +261,7 @@ psa_status_t mbedtls_to_psa_error(int ret) return PSA_ERROR_INSUFFICIENT_ENTROPY; #endif -#if defined(MBEDTLS_MD_C) +#if defined(MBEDTLS_MD_LIGHT) case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE: return PSA_ERROR_NOT_SUPPORTED; case MBEDTLS_ERR_MD_BAD_INPUT_DATA: From 4f47f3dac8378f880e3a627563aca66f9de0dcdf Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 31 Aug 2023 12:10:00 +0100 Subject: [PATCH 215/350] Covert PSA guards to MBEDTLS Signed-off-by: Dave Rodgman --- library/psa_crypto.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fb19c14f9e..9ef3f1e067 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -153,7 +153,7 @@ psa_status_t mbedtls_to_psa_error(int ret) case 0: return PSA_SUCCESS; -#if defined(PSA_WANT_KEY_TYPE_AES) +#if defined(MBEDTLS_AES_C) case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH: case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH: return PSA_ERROR_NOT_SUPPORTED; @@ -174,25 +174,25 @@ psa_status_t mbedtls_to_psa_error(int ret) return PSA_ERROR_BUFFER_TOO_SMALL; #endif -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) +#if defined(MBEDTLS_CAMELLIA_C) case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA: case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH: return PSA_ERROR_NOT_SUPPORTED; #endif -#if defined(PSA_WANT_ALG_CCM) +#if defined(MBEDTLS_CCM_C) case MBEDTLS_ERR_CCM_BAD_INPUT: return PSA_ERROR_INVALID_ARGUMENT; case MBEDTLS_ERR_CCM_AUTH_FAILED: return PSA_ERROR_INVALID_SIGNATURE; #endif -#if defined(PSA_WANT_KEY_TYPE_CHACHA20) +#if defined(MBEDTLS_CHACHA20_C) case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA: return PSA_ERROR_INVALID_ARGUMENT; #endif -#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) +#if defined(MBEDTLS_CHACHAPOLY_C) case MBEDTLS_ERR_CHACHAPOLY_BAD_STATE: return PSA_ERROR_BAD_STATE; case MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED: @@ -229,7 +229,7 @@ psa_status_t mbedtls_to_psa_error(int ret) return PSA_ERROR_INSUFFICIENT_ENTROPY; #endif -#if defined(PSA_WANT_KEY_TYPE_DES) +#if defined(MBEDTLS_DES_C) case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH: return PSA_ERROR_NOT_SUPPORTED; #endif @@ -239,7 +239,7 @@ psa_status_t mbedtls_to_psa_error(int ret) case MBEDTLS_ERR_ENTROPY_SOURCE_FAILED: return PSA_ERROR_INSUFFICIENT_ENTROPY; -#if defined(PSA_WANT_ALG_GCM) +#if defined(MBEDTLS_GCM_C) case MBEDTLS_ERR_GCM_AUTH_FAILED: return PSA_ERROR_INVALID_SIGNATURE; case MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL: From c43c3aaf02c1a94441ec93ae1783f427d00b70c3 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 31 Aug 2023 17:06:58 +0100 Subject: [PATCH 216/350] Define all PSA_xxx macros to 1 rather than have them empty, for consistency Signed-off-by: Tom Cosgrove --- include/mbedtls/config_psa.h | 32 ++++++++++++++++---------------- library/psa_crypto_storage.h | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index a5d001bf7e..e7a20cca4e 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -284,7 +284,7 @@ #if defined(PSA_WANT_ALG_PBKDF2_HMAC) #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 -#define PSA_HAVE_SOFT_PBKDF2_HMAC +#define PSA_HAVE_SOFT_PBKDF2_HMAC 1 #if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ @@ -453,7 +453,7 @@ #if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) #if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) #define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 -#define PSA_HAVE_SOFT_PBKDF2_CMAC +#define PSA_HAVE_SOFT_PBKDF2_CMAC 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */ #endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ @@ -821,7 +821,7 @@ #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define PSA_WANT_ALG_HMAC 1 -#define PSA_WANT_KEY_TYPE_HMAC +#define PSA_WANT_KEY_TYPE_HMAC 1 #if defined(MBEDTLS_MD_C) #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 @@ -978,68 +978,68 @@ #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 -#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 +#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 #endif #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 -#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 +#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 #endif #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 -#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 +#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 #endif #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 -#define PSA_WANT_ECC_MONTGOMERY_255 +#define PSA_WANT_ECC_MONTGOMERY_255 1 #endif #if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 -#define PSA_WANT_ECC_MONTGOMERY_448 +#define PSA_WANT_ECC_MONTGOMERY_448 1 #endif #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 -#define PSA_WANT_ECC_SECP_R1_192 +#define PSA_WANT_ECC_SECP_R1_192 1 #endif #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 -#define PSA_WANT_ECC_SECP_R1_224 +#define PSA_WANT_ECC_SECP_R1_224 1 #endif #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 -#define PSA_WANT_ECC_SECP_R1_256 +#define PSA_WANT_ECC_SECP_R1_256 1 #endif #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 -#define PSA_WANT_ECC_SECP_R1_384 +#define PSA_WANT_ECC_SECP_R1_384 1 #endif #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 -#define PSA_WANT_ECC_SECP_R1_521 +#define PSA_WANT_ECC_SECP_R1_521 1 #endif #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 -#define PSA_WANT_ECC_SECP_K1_192 +#define PSA_WANT_ECC_SECP_K1_192 1 #endif /* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */ #if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 -#define PSA_WANT_ECC_SECP_K1_224 +#define PSA_WANT_ECC_SECP_K1_224 1 #endif #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) #define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 -#define PSA_WANT_ECC_SECP_K1_256 +#define PSA_WANT_ECC_SECP_K1_256 1 #endif #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h index edd9b947cd..37ca46e283 100644 --- a/library/psa_crypto_storage.h +++ b/library/psa_crypto_storage.h @@ -202,7 +202,7 @@ psa_status_t psa_parse_key_data_from_storage(const uint8_t *storage_data, #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /** This symbol is defined if transaction support is required. */ -#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS +#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS 1 #endif #if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS) From ac3cf7c20b7df97293de6f1286e1dce4e181ef58 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 31 Aug 2023 15:19:38 +0100 Subject: [PATCH 217/350] Add more protection to mbedtls_platform_zeroize Signed-off-by: Dave Rodgman --- library/platform_util.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/platform_util.c b/library/platform_util.c index 63b7c4152e..d4574f459e 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -125,6 +125,15 @@ void mbedtls_platform_zeroize(void *buf, size_t len) SecureZeroMemory(buf, len); #else memset_func(buf, 0, len); +#endif + +#if defined(__GNUC__) + /* For clang and gcc, pretend that we have some assembly that reads the + * zero'd memory as an additional protection against being optimised away. */ +#pragma clang diagnostic push +#pragma clang diagnostic ignored "-Wvla" + asm volatile ("" : : "m" (*(char (*)[len]) buf) : ); +#pragma clang diagnostic pop #endif } } From ba67451562cdf5c7956d3063f9519018af54eb3c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 1 Sep 2023 10:14:46 +0100 Subject: [PATCH 218/350] Fix gcc compile warnings Signed-off-by: Dave Rodgman --- library/platform_util.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/platform_util.c b/library/platform_util.c index d4574f459e..06c7820844 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -130,10 +130,19 @@ void mbedtls_platform_zeroize(void *buf, size_t len) #if defined(__GNUC__) /* For clang and gcc, pretend that we have some assembly that reads the * zero'd memory as an additional protection against being optimised away. */ +#if defined(__clang__) #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wvla" +#elif defined(MBEDTLS_COMPILER_IS_GCC) +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wvla" +#endif asm volatile ("" : : "m" (*(char (*)[len]) buf) : ); +#if defined(__clang__) #pragma clang diagnostic pop +#elif defined(MBEDTLS_COMPILER_IS_GCC) +#pragma GCC diagnostic pop +#endif #endif } } From 5f6060a1f3a5cd45ad5db71aec6974d16f478dd5 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 1 Sep 2023 11:00:58 +0100 Subject: [PATCH 219/350] Code style Signed-off-by: Dave Rodgman --- library/platform_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index 06c7820844..cfd982e4d2 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -137,7 +137,7 @@ void mbedtls_platform_zeroize(void *buf, size_t len) #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wvla" #endif - asm volatile ("" : : "m" (*(char (*)[len]) buf) : ); + asm volatile ("" : : "m" (*(char (*)[len]) buf) :); #if defined(__clang__) #pragma clang diagnostic pop #elif defined(MBEDTLS_COMPILER_IS_GCC) From fe55320b5c5563ff8bc62a8eb64d681e8a26905e Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 1 Sep 2023 11:15:28 +0100 Subject: [PATCH 220/350] Avoid error from old gcc version Signed-off-by: Dave Rodgman --- library/platform_util.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/platform_util.c b/library/platform_util.c index cfd982e4d2..09216edfbc 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -128,8 +128,9 @@ void mbedtls_platform_zeroize(void *buf, size_t len) #endif #if defined(__GNUC__) - /* For clang and gcc, pretend that we have some assembly that reads the + /* For clang and recent gcc, pretend that we have some assembly that reads the * zero'd memory as an additional protection against being optimised away. */ +#if defined(__clang__) || (__GNUC__ >= 10) #if defined(__clang__) #pragma clang diagnostic push #pragma clang diagnostic ignored "-Wvla" @@ -143,6 +144,7 @@ void mbedtls_platform_zeroize(void *buf, size_t len) #elif defined(MBEDTLS_COMPILER_IS_GCC) #pragma GCC diagnostic pop #endif +#endif #endif } } From 83ae22dbbdf75e55bd9b57f366e29855c39e7453 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 11 Aug 2023 16:46:15 +0100 Subject: [PATCH 221/350] Add Changelog entry Signed-off-by: Paul Elliott --- ChangeLog.d/fix-tls-padbuf-zeroization | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/fix-tls-padbuf-zeroization diff --git a/ChangeLog.d/fix-tls-padbuf-zeroization b/ChangeLog.d/fix-tls-padbuf-zeroization new file mode 100644 index 0000000000..36451cb4bb --- /dev/null +++ b/ChangeLog.d/fix-tls-padbuf-zeroization @@ -0,0 +1,4 @@ +Security + * Fix a case where potentially sensitive information held in memory would not + be completely zeroized during TLS 1.2 handshake, in both server and client + configurations. From 1dab44580435718dc2edbd27391c47c950f39e25 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 1 Sep 2023 09:59:51 +0100 Subject: [PATCH 222/350] Update guard for ecp Signed-off-by: Dave Rodgman --- library/psa_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 9ef3f1e067..456d4e38f3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -351,7 +351,7 @@ psa_status_t mbedtls_to_psa_error(int ret) return PSA_ERROR_INSUFFICIENT_ENTROPY; #endif -#if defined(MBEDTLS_ECP_C) +#if defined(MBEDTLS_ECP_LIGHT) case MBEDTLS_ERR_ECP_BAD_INPUT_DATA: case MBEDTLS_ERR_ECP_INVALID_KEY: return PSA_ERROR_INVALID_ARGUMENT; From 42b02a909cb7407f24e9ceed242a684557fdbba5 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 1 Sep 2023 09:53:42 +0100 Subject: [PATCH 223/350] Add the ability to verify mbedtls_platform_zeroize() calls with -Wsizeof-pointer-memaccess Signed-off-by: Tom Cosgrove --- include/mbedtls/platform_util.h | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index edbde9440e..17e17525b4 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -167,7 +167,28 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; * \param len Length of the buffer in bytes * */ +#if defined(MBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE) +#define MBEDTLS_PLATFORM_ZEROIZE_ALT +#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len) +#include +#else void mbedtls_platform_zeroize(void *buf, size_t len); +#endif + +/* MBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE + * + * Replaces calls to mbedtls_platform_zeroize() with calls to memset(), + * to allow compiler analysis to check for invalid length arguments (e.g. + * specifying sizeof(pointer) rather than sizeof(pointee)). + * + * Note that this option is meant for internal use only and must not be used + * in production builds, because that would lead to zeroization calls being + * optimised out by the compiler. + * + * It is only intended to be used in CFLAGS, with -Wsizeof-pointer-memaccess, + * to check for those incorrect calls to mbedtls_platform_zeroize(). + */ +//#define MBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE #if defined(MBEDTLS_HAVE_TIME_DATE) /** From 351a3910117d0a5dacdbdda5c93bb6d3baeb0680 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 1 Sep 2023 09:54:04 +0100 Subject: [PATCH 224/350] Fix incorrect use of mbedtls_platform_zeroize() in tests Signed-off-by: Tom Cosgrove --- tests/suites/test_suite_pkwrite.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function index 37c06c85d2..730bb881bb 100644 --- a/tests/suites/test_suite_pkwrite.function +++ b/tests/suites/test_suite_pkwrite.function @@ -194,7 +194,7 @@ void pk_write_public_from_private(char *priv_key_file, char *pub_key_file) pub_key_raw, pub_key_len); #if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_platform_zeroize(derived_key_raw, sizeof(derived_key_raw)); + mbedtls_platform_zeroize(derived_key_raw, derived_key_len); TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&priv_key, &opaque_key_id, PSA_ALG_NONE, PSA_KEY_USAGE_EXPORT, From daddf11a3064695b7d52a16659fbfbdace5ed898 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 1 Sep 2023 10:40:15 +0100 Subject: [PATCH 225/350] Add a build to all.sh to check mbedtls_platform_zeroize() calls Signed-off-by: Tom Cosgrove --- tests/scripts/all.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f8df52258a..dad8464fa9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -5117,6 +5117,16 @@ support_build_cmake_custom_config_file () { } +component_build_zeroize_checks () { + msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()" + + scripts/config.py full + + # Only compile - we're looking for sizeof-pointer-memaccess warnings + make CC=gcc CFLAGS='-Werror -DMBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE -Wsizeof-pointer-memaccess' +} + + component_test_zeroize () { # Test that the function mbedtls_platform_zeroize() is not optimized away by # different combinations of compilers and optimization flags by using an From 7eced7d1d2d0bcf7a2318bb565962546c1bb9f23 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 1 Sep 2023 13:55:39 +0100 Subject: [PATCH 226/350] Move zeroize-as-memset into a config file under tests/ Signed-off-by: Tom Cosgrove --- include/mbedtls/platform_util.h | 23 ++++---------- tests/configs/config-wrapper-zeroize-memset.h | 31 +++++++++++++++++++ tests/scripts/all.sh | 2 +- 3 files changed, 38 insertions(+), 18 deletions(-) create mode 100644 tests/configs/config-wrapper-zeroize-memset.h diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 17e17525b4..4dcce36caf 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -167,28 +167,17 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; * \param len Length of the buffer in bytes * */ -#if defined(MBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE) -#define MBEDTLS_PLATFORM_ZEROIZE_ALT -#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len) -#include -#else +#if !defined(MBEDTLS_TEST_DEFINES_ZEROIZE) void mbedtls_platform_zeroize(void *buf, size_t len); #endif -/* MBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE +/* MBEDTLS_TEST_DEFINES_ZEROIZE * - * Replaces calls to mbedtls_platform_zeroize() with calls to memset(), - * to allow compiler analysis to check for invalid length arguments (e.g. - * specifying sizeof(pointer) rather than sizeof(pointee)). - * - * Note that this option is meant for internal use only and must not be used - * in production builds, because that would lead to zeroization calls being - * optimised out by the compiler. - * - * It is only intended to be used in CFLAGS, with -Wsizeof-pointer-memaccess, - * to check for those incorrect calls to mbedtls_platform_zeroize(). + * Indicates that the library is being built by the test framework, and the + * framework is going to provide a replacement mbedtls_platform_zeroize() + * using a pre-processor macro, so the function declaration should be omitted. */ -//#define MBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE +//#define MBEDTLS_TEST_DEFINES_ZEROIZE #if defined(MBEDTLS_HAVE_TIME_DATE) /** diff --git a/tests/configs/config-wrapper-zeroize-memset.h b/tests/configs/config-wrapper-zeroize-memset.h new file mode 100644 index 0000000000..d1bfa17171 --- /dev/null +++ b/tests/configs/config-wrapper-zeroize-memset.h @@ -0,0 +1,31 @@ +/* mbedtls_config.h wrapper that defines mbedtls_platform_zeroize() to be + * memset(), so that the compile can check arguments for us. + * Used for testing. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "mbedtls/mbedtls_config.h" + +#include + +/* Define _ALT so we don't get the built-in implementation. The test code will + * also need to define MBEDTLS_TEST_DEFINES_ZEROIZE so we don't get the + * declaration. */ +#define MBEDTLS_PLATFORM_ZEROIZE_ALT + +#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index dad8464fa9..55cd663922 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -5123,7 +5123,7 @@ component_build_zeroize_checks () { scripts/config.py full # Only compile - we're looking for sizeof-pointer-memaccess warnings - make CC=gcc CFLAGS='-Werror -DMBEDTLS_PLATFORM_ZEROIZE_CHECK_UNSAFE -Wsizeof-pointer-memaccess' + make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/config-wrapper-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" } From d9572c0270d4a315211141ac161c062b0aeac774 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 1 Sep 2023 14:34:37 +0100 Subject: [PATCH 227/350] Move the description of MBEDTLS_TEST_DEFINES_ZEROIZE to before its use Signed-off-by: Tom Cosgrove --- include/mbedtls/platform_util.h | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h index 4dcce36caf..3f23fef55d 100644 --- a/include/mbedtls/platform_util.h +++ b/include/mbedtls/platform_util.h @@ -145,6 +145,11 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; #define MBEDTLS_IGNORE_RETURN(result) ((void) !(result)) #endif +/* If the following macro is defined, the library is being built by the test + * framework, and the framework is going to provide a replacement + * mbedtls_platform_zeroize() using a preprocessor macro, so the function + * declaration should be omitted. */ +#if !defined(MBEDTLS_TEST_DEFINES_ZEROIZE) //no-check-names /** * \brief Securely zeroize a buffer * @@ -167,18 +172,9 @@ MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t; * \param len Length of the buffer in bytes * */ -#if !defined(MBEDTLS_TEST_DEFINES_ZEROIZE) void mbedtls_platform_zeroize(void *buf, size_t len); #endif -/* MBEDTLS_TEST_DEFINES_ZEROIZE - * - * Indicates that the library is being built by the test framework, and the - * framework is going to provide a replacement mbedtls_platform_zeroize() - * using a pre-processor macro, so the function declaration should be omitted. - */ -//#define MBEDTLS_TEST_DEFINES_ZEROIZE - #if defined(MBEDTLS_HAVE_TIME_DATE) /** * \brief Platform-specific implementation of gmtime_r() From b2fafa5a49ef9517cd316ed3c98f7d3c29f5bf76 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Fri, 1 Sep 2023 14:40:21 +0100 Subject: [PATCH 228/350] config-wrapper-zeroize-memset.h should be user-config-zeroize-memset.h and not include mbedtls_config.h Signed-off-by: Tom Cosgrove --- ...-wrapper-zeroize-memset.h => user-config-zeroize-memset.h} | 4 +--- tests/scripts/all.sh | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) rename tests/configs/{config-wrapper-zeroize-memset.h => user-config-zeroize-memset.h} (90%) diff --git a/tests/configs/config-wrapper-zeroize-memset.h b/tests/configs/user-config-zeroize-memset.h similarity index 90% rename from tests/configs/config-wrapper-zeroize-memset.h rename to tests/configs/user-config-zeroize-memset.h index d1bfa17171..fcdd1f099d 100644 --- a/tests/configs/config-wrapper-zeroize-memset.h +++ b/tests/configs/user-config-zeroize-memset.h @@ -1,4 +1,4 @@ -/* mbedtls_config.h wrapper that defines mbedtls_platform_zeroize() to be +/* mbedtls_config.h modifier that defines mbedtls_platform_zeroize() to be * memset(), so that the compile can check arguments for us. * Used for testing. */ @@ -19,8 +19,6 @@ * limitations under the License. */ -#include "mbedtls/mbedtls_config.h" - #include /* Define _ALT so we don't get the built-in implementation. The test code will diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 55cd663922..ffac22289d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -5123,7 +5123,7 @@ component_build_zeroize_checks () { scripts/config.py full # Only compile - we're looking for sizeof-pointer-memaccess warnings - make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/config-wrapper-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" + make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess" } From a1aeff4124ab28003c534d41696ba735a143322d Mon Sep 17 00:00:00 2001 From: Kristian Larsson Date: Mon, 4 Sep 2023 10:19:27 +0200 Subject: [PATCH 229/350] Use quotes include of psa_util_internal.h psa_utils_internal.h was broken out of mbedtls/psa_utils.h, which in some places were included as . But since psa_utils_internals.h should be internal, we should not rely on the system include paths. I suspect a regexp replace gone slightly wrong. Signed-off-by: Kristian Larsson --- library/psa_crypto_pake.c | 2 +- library/psa_crypto_random_impl.h | 2 +- library/psa_util.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto_pake.c b/library/psa_crypto_pake.c index 8de8569ce4..7a904d9de6 100644 --- a/library/psa_crypto_pake.c +++ b/library/psa_crypto_pake.c @@ -28,7 +28,7 @@ #include "psa_crypto_slot_management.h" #include -#include +#include "psa_util_internal.h" #include #include diff --git a/library/psa_crypto_random_impl.h b/library/psa_crypto_random_impl.h index 2a75a439a2..8719d9c700 100644 --- a/library/psa_crypto_random_impl.h +++ b/library/psa_crypto_random_impl.h @@ -30,7 +30,7 @@ #ifndef PSA_CRYPTO_RANDOM_IMPL_H #define PSA_CRYPTO_RANDOM_IMPL_H -#include +#include "psa_util_internal.h" #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) diff --git a/library/psa_util.c b/library/psa_util.c index 3d43b5877d..dd5e13455f 100644 --- a/library/psa_util.c +++ b/library/psa_util.c @@ -25,7 +25,7 @@ #include #include "psa_crypto_core.h" -#include +#include "psa_util_internal.h" /* The following includes are needed for MBEDTLS_ERR_XXX macros */ #include From 7373a6644da93874f89352013d26ac836ea69e18 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 4 Sep 2023 13:59:03 +0200 Subject: [PATCH 230/350] driver-only-builds.md: fix text Signed-off-by: Valerio Setti --- docs/driver-only-builds.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 1a42a3f3e7..277c5e3981 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -105,7 +105,7 @@ size saving. [Coming soon] As noted in the "Limitations regarding the selection of curves" section below, there is an upcoming requirement for all the required curves to -be also accelerated in the PSA driver in order to exclude the builtin algs +also be accelerated in the PSA driver in order to exclude the builtin algs support. ### Limitations regarding fully removing `ecp.c` @@ -146,8 +146,8 @@ timeline, please let us know if you're interested. ### Limitations regarding the selection of curves There is an ongoing work which tries to establish a link/constrain between -the list of supported curves and supported algorithms both in builtin and PSA -sides. In particular: +the list of supported curves and supported algorithms both in the builtin and +PSA sides. In particular: - #8014 ensures that the curves supported on the PSA side (`PSA_WANT_ECC_xxx`) are always a superset of the builtin ones (`MBEDTLS_ECP_DP_xxx`) @@ -170,7 +170,7 @@ Key management and usage can be enabled by means of the usual `PSA_WANT` + - `[PSA_WANT|MBEDTLS_PSA_ACCEL]_KEY_TYPE_DH_KEY_PAIR_GENERATE`; The same holds for the associated algorithm: -`[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow to build accelerating FFDH and +`[PSA_WANT|MBEDTLS_PSA_ACCEL]_ALG_FFDH` allow builds accelerating FFDH and removing builtin support (i.e. `MBEDTLS_DHM_C`). ### Limitations From 86dc08599bf0dc99b41cb497ae5c865a4f5d42a1 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 4 Sep 2023 14:53:30 +0100 Subject: [PATCH 231/350] Add asn1 write tag and len to x509 use c config Signed-off-by: Agathiyan Bragadeesh --- include/mbedtls/asn1write.h | 5 +++++ library/asn1write.c | 4 +++- library/x509.c | 6 ------ 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h index 3c5072c018..6fe57c8f0e 100644 --- a/include/mbedtls/asn1write.h +++ b/include/mbedtls/asn1write.h @@ -48,6 +48,7 @@ extern "C" { #endif +#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) /** * \brief Write a length field in ASN.1 format. * @@ -76,7 +77,9 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, */ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsigned char tag); +#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */ +#if defined(MBEDTLS_ASN1_WRITE_C) /** * \brief Write raw buffer data. * @@ -393,4 +396,6 @@ mbedtls_asn1_named_data *mbedtls_asn1_store_named_data(mbedtls_asn1_named_data * } #endif +#endif /* MBEDTLS_ASN1_WRITE_C */ + #endif /* MBEDTLS_ASN1_WRITE_H */ diff --git a/library/asn1write.c b/library/asn1write.c index c65d9370e2..4123ac3c10 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -19,7 +19,7 @@ #include "common.h" -#if defined(MBEDTLS_ASN1_WRITE_C) +#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) #include "mbedtls/asn1write.h" #include "mbedtls/error.h" @@ -102,7 +102,9 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsign return 1; } +#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */ +#if defined(MBEDTLS_ASN1_WRITE_C) int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start, const unsigned char *buf, size_t size) { diff --git a/library/x509.c b/library/x509.c index 40da61d068..c1d6bd485c 100644 --- a/library/x509.c +++ b/library/x509.c @@ -43,9 +43,7 @@ #include "mbedtls/pem.h" #endif -#if defined(MBEDTLS_ASN1_WRITE_C) #include "mbedtls/asn1write.h" -#endif #include "mbedtls/platform.h" @@ -874,7 +872,6 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) MBEDTLS_X509_SAFE_SNPRINTF; if (print_hexstring) { -#if defined(MBEDTLS_ASN1_WRITE_C) s[0] = '#'; asn1_len_p = asn1_tag_len_buf + 10; @@ -907,9 +904,6 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) s[j++] = nibble_to_hex_digit(highbits); s[j++] = nibble_to_hex_digit(lowbits); } -#else - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; -#endif } else { for (i = 0, j = 0; i < name->val.len; i++, j++) { if (j >= sizeof(s) - 1) { From fca0861e8eb24e67cc08d3c25b970866252d3abc Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 4 Sep 2023 15:45:37 +0100 Subject: [PATCH 232/350] Add asn1 get tag and len to x509 create config Signed-off-by: Agathiyan Bragadeesh --- include/mbedtls/asn1.h | 6 ++++++ library/asn1parse.c | 4 +++- library/x509_create.c | 8 -------- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 3242699e72..825020fe33 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -209,6 +209,7 @@ typedef struct mbedtls_asn1_named_data { } mbedtls_asn1_named_data; +#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) /** * \brief Get the length of an ASN.1 element. * Updates the pointer to immediately behind the length. @@ -271,6 +272,9 @@ int mbedtls_asn1_get_tag(unsigned char **p, * \return An ASN.1 error code if the input does not start with * a valid ASN.1 BOOLEAN. */ +#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */ + +#if defined(MBEDTLS_ASN1_PARSE_C) int mbedtls_asn1_get_bool(unsigned char **p, const unsigned char *end, int *val); @@ -645,4 +649,6 @@ void mbedtls_asn1_free_named_data_list_shallow(mbedtls_asn1_named_data *name); } #endif +#endif /* MBEDTLS_ASN1_PARSE_C */ + #endif /* asn1.h */ diff --git a/library/asn1parse.c b/library/asn1parse.c index d257ef4383..edc4c698ff 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -19,7 +19,7 @@ #include "common.h" -#if defined(MBEDTLS_ASN1_PARSE_C) +#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) #include "mbedtls/asn1.h" #include "mbedtls/platform_util.h" @@ -114,7 +114,9 @@ int mbedtls_asn1_get_tag(unsigned char **p, return mbedtls_asn1_get_len(p, end, len); } +#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */ +#if defined(MBEDTLS_ASN1_PARSE_C) int mbedtls_asn1_get_bool(unsigned char **p, const unsigned char *end, int *val) diff --git a/library/x509_create.c b/library/x509_create.c index 1da1587878..6ef33b0336 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -30,9 +30,7 @@ #include "mbedtls/platform.h" -#if defined(MBEDTLS_ASN1_PARSE_C) #include "mbedtls/asn1.h" -#endif /* Structure linking OIDs for X.509 DN AttributeTypes to their * string representations and default string encodings used by Mbed TLS. */ @@ -186,7 +184,6 @@ static int parse_attribute_value_string(const char *s, return 0; } -#if defined(MBEDTLS_ASN1_PARSE_C) static int parse_attribute_value_der_encoded(const char *s, int len, unsigned char *data, @@ -233,7 +230,6 @@ static int parse_attribute_value_der_encoded(const char *s, return 0; } -#endif int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name) { @@ -276,16 +272,12 @@ int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *nam mbedtls_free(oid.p); return MBEDTLS_ERR_X509_INVALID_NAME; } else if (*s == '#') { -#if defined(MBEDTLS_ASN1_PARSE_C) if ((parse_ret = parse_attribute_value_der_encoded(s, (int) (c - s), data, &data_len, &tag)) != 0) { mbedtls_free(oid.p); return MBEDTLS_ERR_X509_INVALID_NAME; } -#else - return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -#endif } else { if (numericoid) { mbedtls_free(oid.p); From 4ce9ac8463da24796cd504e1cc65bcb756c51452 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Mon, 4 Sep 2023 16:18:26 +0100 Subject: [PATCH 233/350] Add round trip tests for x509 RDNs Signed-off-by: Agathiyan Bragadeesh --- tests/suites/test_suite_x509write.data | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index f755565eca..37679c1539 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -226,5 +226,14 @@ mbedtls_x509_string_to_names:"C=NL, O=Of\\CCspark, OU=PolarSSL":"C=NL, O=Of\\CCs X509 String to Names #20 (Reject empty AttributeValue) mbedtls_x509_string_to_names:"C=NL, O=, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME +X509 Round trip test (Escaped characters) +mbedtls_x509_string_to_names:"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":"CN=Lu\\C4\\8Di\\C4\\87, O=Offspark, OU=PolarSSL":0 + +X509 Round trip test (hexstring output for non string input) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10=#03084F6666737061726B, OU=PolarSSL":"C=NL, O=#03084F6666737061726B, OU=PolarSSL":0 + +X509 Round trip test (numercoid hexstring output for unknown OID) +mbedtls_x509_string_to_names:"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":"C=NL, 2.5.4.10.234.532=#0C084F6666737061726B, OU=PolarSSL":0 + Check max serial length x509_set_serial_check: From 5dfaca4af514faf69d923a908fa0e598997e5605 Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Tue, 5 Sep 2023 08:48:51 +0200 Subject: [PATCH 234/350] all.sh: fix comments Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5265c93b30..2685067fba 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2638,10 +2638,10 @@ component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () { # - it still disables RSA, but it uses builtin EC and FFDH algs # # This function accepts 2 parameters: -# $1: it is a boolean values which states if we are testing an accelerated -# scenario or not. -# $2: it is a string value which states which are the tested components. Allowed -# values are "ECC" or "ECC_DH". +# $1: a boolean value which states if we are testing an accelerated scenario +# or not. +# $2: a string value which states which components are tested. Allowed values +# are "ECC" or "ECC_DH". config_psa_crypto_config_accel_ecc_ffdh_no_bignum() { DRIVER_ONLY="$1" TEST_TARGET="$2" @@ -2712,12 +2712,12 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum() { # - both ECC and FFDH # # It is meant to be used in conjunction with -# common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers' -# coverage analysis in "analyze_outcomes.py" script. +# common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum() for drivers +# coverage analysis in the "analyze_outcomes.py" script. common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { TEST_TARGET="$1" - # This is an internal helper to simplify text messages' handling + # This is an internal helper to simplify text message handling if [ "$TEST_TARGET" = "ECC_DH" ]; then ACCEL_TEXT="ECC/FFDH" REMOVED_TEXT="ECP - DH" @@ -2800,7 +2800,7 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () { TEST_TARGET="$1" - # This is an internal helper to simplify text messages' handling + # This is an internal helper to simplify text message handling if [ "$TEST_TARGET" = "ECC_DH" ]; then ACCEL_TEXT="ECC/FFDH" else From b9664ee6763daec6de1462a966ba8b7912c3e0fe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Sep 2023 16:54:38 +0200 Subject: [PATCH 235/350] Don't include configuration adjustment headers Signed-off-by: Gilles Peskine --- programs/test/generate_cpp_dummy_build.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh index 2541683318..a550516526 100755 --- a/programs/test/generate_cpp_dummy_build.sh +++ b/programs/test/generate_cpp_dummy_build.sh @@ -65,6 +65,7 @@ EOF mbedtls/mbedtls_config.h) :;; # not meant for direct inclusion mbedtls/config_*.h) :;; # not meant for direct inclusion psa/crypto_config.h) :;; # not meant for direct inclusion + psa/crypto_ajdust_config*.h) :;; # not meant for direct inclusion # Some of the psa/crypto_*.h headers are not meant to be included # directly. They do have include guards that make them no-ops if # psa/crypto.h has been included before. Since psa/crypto.h comes From 7b7d903cacd0139bbf9ec71bb1130c2279c116be Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Sep 2023 16:55:14 +0200 Subject: [PATCH 236/350] Split config_psa.h: create and populate psa/crypto_adjust_config_synonyms.h Signed-off-by: Gilles Peskine --- include/mbedtls/config_psa.h | 30 +---------- include/psa/crypto_adjust_config_synonyms.h | 57 +++++++++++++++++++++ 2 files changed, 58 insertions(+), 29 deletions(-) create mode 100644 include/psa/crypto_adjust_config_synonyms.h diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index e7a20cca4e..fedead4f18 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -32,35 +32,7 @@ #include "psa/crypto_legacy.h" - - -/****************************************************************/ -/* De facto synonyms */ -/****************************************************************/ - -#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA) -#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY -#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA) -#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA -#endif - -#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && !defined(PSA_WANT_ALG_CCM) -#define PSA_WANT_ALG_CCM PSA_WANT_ALG_CCM_STAR_NO_TAG -#elif !defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && defined(PSA_WANT_ALG_CCM) -#define PSA_WANT_ALG_CCM_STAR_NO_TAG PSA_WANT_ALG_CCM -#endif - -#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) -#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW -#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) -#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN -#endif - -#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS) -#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT -#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS) -#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS -#endif +#include "psa/crypto_adjust_config_synonyms.h" /****************************************************************/ diff --git a/include/psa/crypto_adjust_config_synonyms.h b/include/psa/crypto_adjust_config_synonyms.h new file mode 100644 index 0000000000..5142ef0aef --- /dev/null +++ b/include/psa/crypto_adjust_config_synonyms.h @@ -0,0 +1,57 @@ +/** + * \file psa/crypto_adjust_config_synonyms.h + * \brief Adjust PSA configuration: enable quasi-synonyms + * + * When two features require almost the same code, we automatically enable + * both when either one is requested, to reduce the combinatorics of + * possible configurations. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H +#define PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H + +/****************************************************************/ +/* De facto synonyms */ +/****************************************************************/ + +#if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA) +#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY +#elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA) +#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA +#endif + +#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && !defined(PSA_WANT_ALG_CCM) +#define PSA_WANT_ALG_CCM PSA_WANT_ALG_CCM_STAR_NO_TAG +#elif !defined(PSA_WANT_ALG_CCM_STAR_NO_TAG) && defined(PSA_WANT_ALG_CCM) +#define PSA_WANT_ALG_CCM_STAR_NO_TAG PSA_WANT_ALG_CCM +#endif + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) +#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW +#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) +#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN +#endif + +#if defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && !defined(PSA_WANT_ALG_RSA_PSS) +#define PSA_WANT_ALG_RSA_PSS PSA_WANT_ALG_RSA_PSS_ANY_SALT +#elif !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT) && defined(PSA_WANT_ALG_RSA_PSS) +#define PSA_WANT_ALG_RSA_PSS_ANY_SALT PSA_WANT_ALG_RSA_PSS +#endif + +#endif /* PSA_CRYPTO_ADJUST_CONFIG_SYNONYMS_H */ From 582397798142f4b08970b550b4b808e2e7758a01 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Sep 2023 16:56:06 +0200 Subject: [PATCH 237/350] Split config_psa.h: create and populate psa/crypto_adjust_auto_enabled.h Signed-off-by: Gilles Peskine --- include/mbedtls/config_psa.h | 6 +---- include/psa/crypto_adjust_auto_enabled.h | 33 ++++++++++++++++++++++++ 2 files changed, 34 insertions(+), 5 deletions(-) create mode 100644 include/psa/crypto_adjust_auto_enabled.h diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index fedead4f18..ed8429133c 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -1062,10 +1062,6 @@ #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 #endif -/* These features are always enabled. */ -#define PSA_WANT_KEY_TYPE_DERIVE 1 -#define PSA_WANT_KEY_TYPE_PASSWORD 1 -#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1 -#define PSA_WANT_KEY_TYPE_RAW_DATA 1 +#include "psa/crypto_adjust_auto_enabled.h" #endif /* MBEDTLS_CONFIG_PSA_H */ diff --git a/include/psa/crypto_adjust_auto_enabled.h b/include/psa/crypto_adjust_auto_enabled.h new file mode 100644 index 0000000000..5e18298c65 --- /dev/null +++ b/include/psa/crypto_adjust_auto_enabled.h @@ -0,0 +1,33 @@ +/** + * \file psa/crypto_adjust_auto_enabled.h + * \brief Adjust PSA configuration: enable always-on features + * + * Always enable certain features which require a negligible amount of code + * to implement, to avoid some edge cases in the configuration combinatorics. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef PSA_CRYPTO_ADJUST_AUTO_ENABLED_H +#define PSA_CRYPTO_ADJUST_AUTO_ENABLED_H + +#define PSA_WANT_KEY_TYPE_DERIVE 1 +#define PSA_WANT_KEY_TYPE_PASSWORD 1 +#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1 +#define PSA_WANT_KEY_TYPE_RAW_DATA 1 + +#endif /* PSA_CRYPTO_ADJUST_AUTO_ENABLED_H */ From eca0178cfa5811bda30a41b82aedf12dc08b9afd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Sep 2023 16:58:54 +0200 Subject: [PATCH 238/350] Split config_psa.h: create and populate mbedtls/config_adjust_psa_superset_legacy.h Signed-off-by: Gilles Peskine --- .../config_adjust_psa_superset_legacy.h | 73 +++++++++++++++++++ include/mbedtls/config_psa.h | 43 +---------- 2 files changed, 74 insertions(+), 42 deletions(-) create mode 100644 include/mbedtls/config_adjust_psa_superset_legacy.h diff --git a/include/mbedtls/config_adjust_psa_superset_legacy.h b/include/mbedtls/config_adjust_psa_superset_legacy.h new file mode 100644 index 0000000000..1738560663 --- /dev/null +++ b/include/mbedtls/config_adjust_psa_superset_legacy.h @@ -0,0 +1,73 @@ +/** + * \file mbedtls/config_adjust_psa_superset_legacy.h + * \brief Adjust PSA configuration: automatic enablement from legacy + * + * To simplify some edge cases, we automatically enable certain cryptographic + * mechanisms in the PSA API if they are enabled in the legacy API. The general + * idea is that if legacy module M uses mechanism A internally, and A has + * both a legacy and a PSA implementation, we enable A through PSA whenever + * it's enabled through legacy. This facilitates the transition to PSA + * implementations of A for users of M. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H +#define MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H + +/****************************************************************/ +/* Hashes that are built in are also enabled in PSA. + * This simplifies dependency declarations especially + * for modules that obey MBEDTLS_USE_PSA_CRYPTO. */ +/****************************************************************/ + +#if defined(MBEDTLS_MD5_C) +#define PSA_WANT_ALG_MD5 1 +#endif + +#if defined(MBEDTLS_RIPEMD160_C) +#define PSA_WANT_ALG_RIPEMD160 1 +#endif + +#if defined(MBEDTLS_SHA1_C) +#define PSA_WANT_ALG_SHA_1 1 +#endif + +#if defined(MBEDTLS_SHA224_C) +#define PSA_WANT_ALG_SHA_224 1 +#endif + +#if defined(MBEDTLS_SHA256_C) +#define PSA_WANT_ALG_SHA_256 1 +#endif + +#if defined(MBEDTLS_SHA384_C) +#define PSA_WANT_ALG_SHA_384 1 +#endif + +#if defined(MBEDTLS_SHA512_C) +#define PSA_WANT_ALG_SHA_512 1 +#endif + +#if defined(MBEDTLS_SHA3_C) +#define PSA_WANT_ALG_SHA3_224 1 +#define PSA_WANT_ALG_SHA3_256 1 +#define PSA_WANT_ALG_SHA3_384 1 +#define PSA_WANT_ALG_SHA3_512 1 +#endif + +#endif /* MBEDTLS_CONFIG_ADJUST_PSA_SUPERSET_LEGACY_H */ diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index ed8429133c..5fe36df0cf 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -34,48 +34,7 @@ #include "psa/crypto_adjust_config_synonyms.h" - -/****************************************************************/ -/* Hashes that are built in are also enabled in PSA. - * This simplifies dependency declarations especially - * for modules that obey MBEDTLS_USE_PSA_CRYPTO. */ -/****************************************************************/ - -#if defined(MBEDTLS_MD5_C) -#define PSA_WANT_ALG_MD5 1 -#endif - -#if defined(MBEDTLS_RIPEMD160_C) -#define PSA_WANT_ALG_RIPEMD160 1 -#endif - -#if defined(MBEDTLS_SHA1_C) -#define PSA_WANT_ALG_SHA_1 1 -#endif - -#if defined(MBEDTLS_SHA224_C) -#define PSA_WANT_ALG_SHA_224 1 -#endif - -#if defined(MBEDTLS_SHA256_C) -#define PSA_WANT_ALG_SHA_256 1 -#endif - -#if defined(MBEDTLS_SHA384_C) -#define PSA_WANT_ALG_SHA_384 1 -#endif - -#if defined(MBEDTLS_SHA512_C) -#define PSA_WANT_ALG_SHA_512 1 -#endif - -#if defined(MBEDTLS_SHA3_C) -#define PSA_WANT_ALG_SHA3_224 1 -#define PSA_WANT_ALG_SHA3_256 1 -#define PSA_WANT_ALG_SHA3_384 1 -#define PSA_WANT_ALG_SHA3_512 1 -#endif - +#include "mbedtls/config_adjust_psa_superset_legacy.h" /****************************************************************/ /* Require built-in implementations based on PSA requirements */ From 10c6f07963fcb26df33f7404c446470c1701ace9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Sep 2023 17:36:35 +0200 Subject: [PATCH 239/350] Split config_psa.h: create and populate mbedtls/config_adjust_psa_from_legacy.h Signed-off-by: Gilles Peskine --- .../mbedtls/config_adjust_psa_from_legacy.h | 346 ++++++++++++++++++ include/mbedtls/config_psa.h | 318 +--------------- 2 files changed, 348 insertions(+), 316 deletions(-) create mode 100644 include/mbedtls/config_adjust_psa_from_legacy.h diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h new file mode 100644 index 0000000000..088711d375 --- /dev/null +++ b/include/mbedtls/config_adjust_psa_from_legacy.h @@ -0,0 +1,346 @@ +/** + * \file mbedtls/config_adjust_psa_from_legacy.h + * \brief Adjust PSA configuration: construct PSA configuration from legacy + * + * When MBEDTLS_PSA_CRYPTO_CONFIG is disabled, we automatically enable + * cryptographic mechanisms through the PSA interface when the corresponding + * legacy mechanism is enabled. In many cases, this just enables the PSA + * wrapper code around the legacy implementation, but we also do this for + * some mechanisms where PSA has its own independent implementation so + * that high-level modules that can use either cryptographic API have the + * same feature set in both cases. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H +#define MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H + +/* + * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG + * is not defined + */ + +#if defined(MBEDTLS_CCM_C) +#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 +#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1 +#define PSA_WANT_ALG_CCM 1 +#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 +#endif /* MBEDTLS_CCM_C */ + +#if defined(MBEDTLS_CMAC_C) +#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 +#define PSA_WANT_ALG_CMAC 1 +#endif /* MBEDTLS_CMAC_C */ + +#if defined(MBEDTLS_ECDH_C) +#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 +#define PSA_WANT_ALG_ECDH 1 +#endif /* MBEDTLS_ECDH_C */ + +#if defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 +#define PSA_WANT_ALG_ECDSA 1 +#define PSA_WANT_ALG_ECDSA_ANY 1 + +// Only add in DETERMINISTIC support if ECDSA is also enabled +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 +#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 +#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ + +#endif /* MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_ECP_C) +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 +/* Normally we wouldn't enable this because it's not implemented in ecp.c, + * but since it used to be available any time ECP_C was enabled, let's enable + * it anyway for the sake of backwards compatibility */ +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 +/* See comment for PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE above. */ +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 +#endif /* MBEDTLS_ECP_C */ + +#if defined(MBEDTLS_DHM_C) +#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 +#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 +#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 +#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 +#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 +#define PSA_WANT_ALG_FFDH 1 +#define PSA_WANT_DH_FAMILY_RFC7919 1 +#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 +#endif /* MBEDTLS_DHM_C */ + +#if defined(MBEDTLS_GCM_C) +#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 +#define PSA_WANT_ALG_GCM 1 +#endif /* MBEDTLS_GCM_C */ + +/* Enable PSA HKDF algorithm if mbedtls HKDF is supported. + * PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when + * PSA HKDF is enabled, so enable both algorithms together + * with PSA HKDF. */ +#if defined(MBEDTLS_HKDF_C) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define PSA_WANT_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 +#define PSA_WANT_ALG_HKDF 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 +#define PSA_WANT_ALG_HKDF_EXTRACT 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 +#define PSA_WANT_ALG_HKDF_EXPAND 1 +#endif /* MBEDTLS_HKDF_C */ + +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define PSA_WANT_ALG_HMAC 1 +#define PSA_WANT_KEY_TYPE_HMAC 1 + +#if defined(MBEDTLS_MD_C) +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 +#define PSA_WANT_ALG_TLS12_PRF 1 +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 +#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 +#endif /* MBEDTLS_MD_C */ + +#if defined(MBEDTLS_MD5_C) +#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1 +#define PSA_WANT_ALG_MD5 1 +#endif + +#if defined(MBEDTLS_ECJPAKE_C) +#define MBEDTLS_PSA_BUILTIN_PAKE 1 +#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1 +#define PSA_WANT_ALG_JPAKE 1 +#endif + +#if defined(MBEDTLS_RIPEMD160_C) +#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1 +#define PSA_WANT_ALG_RIPEMD160 1 +#endif + +#if defined(MBEDTLS_RSA_C) +#if defined(MBEDTLS_PKCS1_V15) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 +#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 +#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 +#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1 +#endif /* MBEDTLS_PKCS1_V15 */ +#if defined(MBEDTLS_PKCS1_V21) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 +#define PSA_WANT_ALG_RSA_OAEP 1 +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 +#define PSA_WANT_ALG_RSA_PSS 1 +#endif /* MBEDTLS_PKCS1_V21 */ +#if defined(MBEDTLS_GENPRIME) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 +#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 +#endif /* MBEDTLS_GENPRIME */ +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 +#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 +#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 +#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 +#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 +#endif /* MBEDTLS_RSA_C */ + +#if defined(MBEDTLS_SHA1_C) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1 +#define PSA_WANT_ALG_SHA_1 1 +#endif + +#if defined(MBEDTLS_SHA224_C) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1 +#define PSA_WANT_ALG_SHA_224 1 +#endif + +#if defined(MBEDTLS_SHA256_C) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 +#define PSA_WANT_ALG_SHA_256 1 +#endif + +#if defined(MBEDTLS_SHA384_C) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1 +#define PSA_WANT_ALG_SHA_384 1 +#endif + +#if defined(MBEDTLS_SHA512_C) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1 +#define PSA_WANT_ALG_SHA_512 1 +#endif + +#if defined(MBEDTLS_SHA3_C) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1 +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1 +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1 +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1 +#define PSA_WANT_ALG_SHA3_224 1 +#define PSA_WANT_ALG_SHA3_256 1 +#define PSA_WANT_ALG_SHA3_384 1 +#define PSA_WANT_ALG_SHA3_512 1 +#endif + +#if defined(MBEDTLS_AES_C) +#define PSA_WANT_KEY_TYPE_AES 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 +#endif + +#if defined(MBEDTLS_ARIA_C) +#define PSA_WANT_KEY_TYPE_ARIA 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1 +#endif + +#if defined(MBEDTLS_CAMELLIA_C) +#define PSA_WANT_KEY_TYPE_CAMELLIA 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 +#endif + +#if defined(MBEDTLS_DES_C) +#define PSA_WANT_KEY_TYPE_DES 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1 +#endif + +#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1 +#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 +#endif + +#if defined(MBEDTLS_CHACHA20_C) +#define PSA_WANT_KEY_TYPE_CHACHA20 1 +#define PSA_WANT_ALG_STREAM_CIPHER 1 +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1 +#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1 +#if defined(MBEDTLS_CHACHAPOLY_C) +#define PSA_WANT_ALG_CHACHA20_POLY1305 1 +#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1 +#endif +#endif + +#if defined(MBEDTLS_CIPHER_MODE_CBC) +#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1 +#define PSA_WANT_ALG_CBC_NO_PADDING 1 +#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) +#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1 +#define PSA_WANT_ALG_CBC_PKCS7 1 +#endif +#endif + +#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \ + defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C) +#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 +#define PSA_WANT_ALG_ECB_NO_PADDING 1 +#endif + +#if defined(MBEDTLS_CIPHER_MODE_CFB) +#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1 +#define PSA_WANT_ALG_CFB 1 +#endif + +#if defined(MBEDTLS_CIPHER_MODE_CTR) +#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1 +#define PSA_WANT_ALG_CTR 1 +#endif + +#if defined(MBEDTLS_CIPHER_MODE_OFB) +#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1 +#define PSA_WANT_ALG_OFB 1 +#endif + +#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) +#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 +#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 +#endif + +#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) +#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 +#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 +#endif + +#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) +#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 +#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 +#endif + +#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) +#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 +#define PSA_WANT_ECC_MONTGOMERY_255 1 +#endif + +#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) +#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 +#define PSA_WANT_ECC_MONTGOMERY_448 1 +#endif + +#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 +#define PSA_WANT_ECC_SECP_R1_192 1 +#endif + +#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 +#define PSA_WANT_ECC_SECP_R1_224 1 +#endif + +#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 +#define PSA_WANT_ECC_SECP_R1_256 1 +#endif + +#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 +#define PSA_WANT_ECC_SECP_R1_384 1 +#endif + +#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 +#define PSA_WANT_ECC_SECP_R1_521 1 +#endif + +#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 +#define PSA_WANT_ECC_SECP_K1_192 1 +#endif + +/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */ +#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 +#define PSA_WANT_ECC_SECP_K1_224 1 +#endif + +#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 +#define PSA_WANT_ECC_SECP_K1_256 1 +#endif + +#endif /* MBEDTLS_CONFIG_ADJUST_PSA_FROM_LEGACY_H */ diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 5fe36df0cf..4d4fa5416b 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -653,325 +653,11 @@ #endif /* PSA_WANT_ECC_SECP_K1_256 */ - -/****************************************************************/ -/* Infer PSA requirements from Mbed TLS capabilities */ -/****************************************************************/ - #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ -/* - * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG - * is not defined - */ +/* Infer PSA requirements from Mbed TLS capabilities */ -#if defined(MBEDTLS_CCM_C) -#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 -#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1 -#define PSA_WANT_ALG_CCM 1 -#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1 -#endif /* MBEDTLS_CCM_C */ - -#if defined(MBEDTLS_CMAC_C) -#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 -#define PSA_WANT_ALG_CMAC 1 -#endif /* MBEDTLS_CMAC_C */ - -#if defined(MBEDTLS_ECDH_C) -#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 -#define PSA_WANT_ALG_ECDH 1 -#endif /* MBEDTLS_ECDH_C */ - -#if defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 -#define PSA_WANT_ALG_ECDSA 1 -#define PSA_WANT_ALG_ECDSA_ANY 1 - -// Only add in DETERMINISTIC support if ECDSA is also enabled -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) -#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 -#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1 -#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ - -#endif /* MBEDTLS_ECDSA_C */ - -#if defined(MBEDTLS_ECP_C) -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -/* Normally we wouldn't enable this because it's not implemented in ecp.c, - * but since it used to be available any time ECP_C was enabled, let's enable - * it anyway for the sake of backwards compatibility */ -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -/* See comment for PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE above. */ -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 -#endif /* MBEDTLS_ECP_C */ - -#if defined(MBEDTLS_DHM_C) -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 -#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 -#define PSA_WANT_ALG_FFDH 1 -#define PSA_WANT_DH_FAMILY_RFC7919 1 -#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 -#endif /* MBEDTLS_DHM_C */ - -#if defined(MBEDTLS_GCM_C) -#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 -#define PSA_WANT_ALG_GCM 1 -#endif /* MBEDTLS_GCM_C */ - -/* Enable PSA HKDF algorithm if mbedtls HKDF is supported. - * PSA HKDF EXTRACT and PSA HKDF EXPAND have minimal cost when - * PSA HKDF is enabled, so enable both algorithms together - * with PSA HKDF. */ -#if defined(MBEDTLS_HKDF_C) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#define PSA_WANT_ALG_HMAC 1 -#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 -#define PSA_WANT_ALG_HKDF 1 -#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 -#define PSA_WANT_ALG_HKDF_EXTRACT 1 -#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 -#define PSA_WANT_ALG_HKDF_EXPAND 1 -#endif /* MBEDTLS_HKDF_C */ - -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#define PSA_WANT_ALG_HMAC 1 -#define PSA_WANT_KEY_TYPE_HMAC 1 - -#if defined(MBEDTLS_MD_C) -#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 -#define PSA_WANT_ALG_TLS12_PRF 1 -#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 -#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1 -#endif /* MBEDTLS_MD_C */ - -#if defined(MBEDTLS_MD5_C) -#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1 -#define PSA_WANT_ALG_MD5 1 -#endif - -#if defined(MBEDTLS_ECJPAKE_C) -#define MBEDTLS_PSA_BUILTIN_PAKE 1 -#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1 -#define PSA_WANT_ALG_JPAKE 1 -#endif - -#if defined(MBEDTLS_RIPEMD160_C) -#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1 -#define PSA_WANT_ALG_RIPEMD160 1 -#endif - -#if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_PKCS1_V15) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 -#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1 -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 -#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1 -#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1 -#endif /* MBEDTLS_PKCS1_V15 */ -#if defined(MBEDTLS_PKCS1_V21) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 -#define PSA_WANT_ALG_RSA_OAEP 1 -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 -#define PSA_WANT_ALG_RSA_PSS 1 -#endif /* MBEDTLS_PKCS1_V21 */ -#if defined(MBEDTLS_GENPRIME) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 -#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 -#endif /* MBEDTLS_GENPRIME */ -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 -#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 -#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 -#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 -#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 -#endif /* MBEDTLS_RSA_C */ - -#if defined(MBEDTLS_SHA1_C) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1 -#define PSA_WANT_ALG_SHA_1 1 -#endif - -#if defined(MBEDTLS_SHA224_C) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1 -#define PSA_WANT_ALG_SHA_224 1 -#endif - -#if defined(MBEDTLS_SHA256_C) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 -#define PSA_WANT_ALG_SHA_256 1 -#endif - -#if defined(MBEDTLS_SHA384_C) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1 -#define PSA_WANT_ALG_SHA_384 1 -#endif - -#if defined(MBEDTLS_SHA512_C) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1 -#define PSA_WANT_ALG_SHA_512 1 -#endif - -#if defined(MBEDTLS_SHA3_C) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1 -#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1 -#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1 -#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1 -#define PSA_WANT_ALG_SHA3_224 1 -#define PSA_WANT_ALG_SHA3_256 1 -#define PSA_WANT_ALG_SHA3_384 1 -#define PSA_WANT_ALG_SHA3_512 1 -#endif - -#if defined(MBEDTLS_AES_C) -#define PSA_WANT_KEY_TYPE_AES 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 -#endif - -#if defined(MBEDTLS_ARIA_C) -#define PSA_WANT_KEY_TYPE_ARIA 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1 -#endif - -#if defined(MBEDTLS_CAMELLIA_C) -#define PSA_WANT_KEY_TYPE_CAMELLIA 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 -#endif - -#if defined(MBEDTLS_DES_C) -#define PSA_WANT_KEY_TYPE_DES 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1 -#endif - -#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256) -#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1 -#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1 -#endif - -#if defined(MBEDTLS_CHACHA20_C) -#define PSA_WANT_KEY_TYPE_CHACHA20 1 -#define PSA_WANT_ALG_STREAM_CIPHER 1 -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1 -#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1 -#if defined(MBEDTLS_CHACHAPOLY_C) -#define PSA_WANT_ALG_CHACHA20_POLY1305 1 -#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1 -#endif -#endif - -#if defined(MBEDTLS_CIPHER_MODE_CBC) -#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1 -#define PSA_WANT_ALG_CBC_NO_PADDING 1 -#if defined(MBEDTLS_CIPHER_PADDING_PKCS7) -#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1 -#define PSA_WANT_ALG_CBC_PKCS7 1 -#endif -#endif - -#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \ - defined(MBEDTLS_ARIA_C) || defined(MBEDTLS_CAMELLIA_C) -#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 -#define PSA_WANT_ALG_ECB_NO_PADDING 1 -#endif - -#if defined(MBEDTLS_CIPHER_MODE_CFB) -#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1 -#define PSA_WANT_ALG_CFB 1 -#endif - -#if defined(MBEDTLS_CIPHER_MODE_CTR) -#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1 -#define PSA_WANT_ALG_CTR 1 -#endif - -#if defined(MBEDTLS_CIPHER_MODE_OFB) -#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1 -#define PSA_WANT_ALG_OFB 1 -#endif - -#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 -#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1 -#endif - -#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 -#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1 -#endif - -#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 -#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1 -#endif - -#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 -#define PSA_WANT_ECC_MONTGOMERY_255 1 -#endif - -#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 -#define PSA_WANT_ECC_MONTGOMERY_448 1 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 -#define PSA_WANT_ECC_SECP_R1_192 1 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 -#define PSA_WANT_ECC_SECP_R1_224 1 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 -#define PSA_WANT_ECC_SECP_R1_256 1 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 -#define PSA_WANT_ECC_SECP_R1_384 1 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 -#define PSA_WANT_ECC_SECP_R1_521 1 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 -#define PSA_WANT_ECC_SECP_K1_192 1 -#endif - -/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */ -#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 -#define PSA_WANT_ECC_SECP_K1_224 1 -#endif - -#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 -#define PSA_WANT_ECC_SECP_K1_256 1 -#endif +#include "mbedtls/config_adjust_psa_from_legacy.h" #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */ From 4fb1542354907d68a801a5f984407524a436892c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Sep 2023 17:41:36 +0200 Subject: [PATCH 240/350] Split config_psa.h: create and populate mbedtls/config_adjust_legacy_from_psa.h Signed-off-by: Gilles Peskine --- .../mbedtls/config_adjust_legacy_from_psa.h | 641 ++++++++++++++++++ include/mbedtls/config_psa.h | 615 +---------------- 2 files changed, 643 insertions(+), 613 deletions(-) create mode 100644 include/mbedtls/config_adjust_legacy_from_psa.h diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h new file mode 100644 index 0000000000..8d864ab6d4 --- /dev/null +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -0,0 +1,641 @@ +/** + * \file mbedtls/config_adjust_legacy_from_psa.h + * \brief Adjust PSA configuration: activate legacy implementations + * + * When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, activate legacy implementations + * of cryptographic mechanisms as needed to fulfill the needs of the PSA + * configuration. Generally speaking, we activate a legacy mechanism if + * it's needed for a requested PSA mechanism and there is no PSA driver + * for it. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H +#define MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H + +#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) +#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 +#define MBEDTLS_ECDSA_DETERMINISTIC +#define MBEDTLS_ECDSA_C +#define MBEDTLS_HMAC_DRBG_C +#define MBEDTLS_MD_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */ +#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */ + +#if defined(PSA_WANT_ALG_ECDH) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) +#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 +#define MBEDTLS_ECDH_C +#define MBEDTLS_ECP_C +#define MBEDTLS_BIGNUM_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */ +#endif /* PSA_WANT_ALG_ECDH */ + +#if defined(PSA_WANT_ALG_ECDSA) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) +#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 +#define MBEDTLS_ECDSA_C +#define MBEDTLS_ECP_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */ +#endif /* PSA_WANT_ALG_ECDSA */ + +#if defined(PSA_WANT_ALG_FFDH) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) +#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 +#define MBEDTLS_BIGNUM_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_FFDH */ +#endif /* PSA_WANT_ALG_FFDH */ + +#if defined(PSA_WANT_ALG_HKDF) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ +#endif /* PSA_WANT_ALG_HKDF */ + +#if defined(PSA_WANT_ALG_HKDF_EXTRACT) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */ +#endif /* PSA_WANT_ALG_HKDF_EXTRACT */ + +#if defined(PSA_WANT_ALG_HKDF_EXPAND) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */ +#endif /* PSA_WANT_ALG_HKDF_EXPAND */ + +#if defined(PSA_WANT_ALG_HMAC) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ +#endif /* PSA_WANT_ALG_HMAC */ + +#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5) +#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1 +#define MBEDTLS_MD5_C +#endif + +#if defined(PSA_WANT_ALG_JPAKE) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) +#define MBEDTLS_PSA_BUILTIN_PAKE 1 +#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1 +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_ECP_C +#define MBEDTLS_ECJPAKE_C +#endif /* MBEDTLS_PSA_ACCEL_ALG_JPAKE */ +#endif /* PSA_WANT_ALG_JPAKE */ + +#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) +#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1 +#define MBEDTLS_RIPEMD160_C +#endif + +#if defined(PSA_WANT_ALG_RSA_OAEP) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PKCS1_V21 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */ +#endif /* PSA_WANT_ALG_RSA_OAEP */ + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PKCS1_V15 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */ +#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */ + +#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PKCS1_V15 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */ +#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ + +#if defined(PSA_WANT_ALG_RSA_PSS) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) +#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PKCS1_V21 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */ +#endif /* PSA_WANT_ALG_RSA_PSS */ + +#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1 +#define MBEDTLS_SHA1_C +#endif + +#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1 +#define MBEDTLS_SHA224_C +#endif + +#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 +#define MBEDTLS_SHA256_C +#endif + +#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1 +#define MBEDTLS_SHA384_C +#endif + +#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1 +#define MBEDTLS_SHA512_C +#endif + +#if defined(PSA_WANT_ALG_SHA3_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1 +#define MBEDTLS_SHA3_C +#endif + +#if defined(PSA_WANT_ALG_SHA3_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1 +#define MBEDTLS_SHA3_C +#endif + +#if defined(PSA_WANT_ALG_SHA3_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1 +#define MBEDTLS_SHA3_C +#endif + +#if defined(PSA_WANT_ALG_SHA3_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512) +#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1 +#define MBEDTLS_SHA3_C +#endif + +#if defined(PSA_WANT_ALG_PBKDF2_HMAC) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 +#define PSA_HAVE_SOFT_PBKDF2_HMAC 1 +#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ +#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ +#endif /* PSA_WANT_ALG_PBKDF2_HMAC */ + +#if defined(PSA_WANT_ALG_TLS12_PRF) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */ +#endif /* PSA_WANT_ALG_TLS12_PRF */ + +#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS) +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */ +#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */ + +#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS) +#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS */ +#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */ + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ +#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT */ +#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */ + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ +#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) +#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE */ +#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */ + +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) +#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC */ +#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) +#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT */ + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) +#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT */ + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) +#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 +#define MBEDTLS_GENPRIME +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */ + +#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) +#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC */ +#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ + +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) +#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */ +#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */ + +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) +#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */ +#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */ + +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) +#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */ +#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */ + +#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) +#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */ +#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */ + +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 +#define MBEDTLS_ECP_C +#define MBEDTLS_BIGNUM_C +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ + +#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 +#define MBEDTLS_BIGNUM_C +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */ +#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */ + +#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 +#define MBEDTLS_RSA_C +#define MBEDTLS_BIGNUM_C +#define MBEDTLS_OID_C +#define MBEDTLS_PK_PARSE_C +#define MBEDTLS_PK_WRITE_C +#define MBEDTLS_PK_C +#define MBEDTLS_ASN1_PARSE_C +#define MBEDTLS_ASN1_WRITE_C +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */ +#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ + +/* If any of the block modes are requested that don't have an + * associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking + * in the block cipher key types. */ +#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \ + (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \ + (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \ + defined(PSA_WANT_ALG_ECB_NO_PADDING) || \ + (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \ + (defined(PSA_WANT_ALG_CBC_PKCS7) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \ + (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)) +#define PSA_HAVE_SOFT_BLOCK_MODE 1 +#endif + +#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \ + (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM)) +#define PSA_HAVE_SOFT_BLOCK_AEAD 1 +#endif + +#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) +#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 +#define PSA_HAVE_SOFT_PBKDF2_CMAC 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */ +#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ + +#if defined(PSA_WANT_KEY_TYPE_AES) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) +#define PSA_HAVE_SOFT_KEY_TYPE_AES 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ +#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ + defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ + defined(PSA_HAVE_SOFT_BLOCK_AEAD) || \ + defined(PSA_HAVE_SOFT_PBKDF2_CMAC) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 +#define MBEDTLS_AES_C +#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */ +#endif /* PSA_WANT_KEY_TYPE_AES */ + +#if defined(PSA_WANT_KEY_TYPE_ARIA) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA) +#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */ +#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ + defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ + defined(PSA_HAVE_SOFT_BLOCK_AEAD) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1 +#define MBEDTLS_ARIA_C +#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */ +#endif /* PSA_WANT_KEY_TYPE_ARIA */ + +#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA) +#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */ +#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \ + defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ + defined(PSA_HAVE_SOFT_BLOCK_AEAD) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 +#define MBEDTLS_CAMELLIA_C +#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */ +#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ + +#if defined(PSA_WANT_KEY_TYPE_DES) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) +#define PSA_HAVE_SOFT_KEY_TYPE_DES 1 +#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */ +#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \ + defined(PSA_HAVE_SOFT_BLOCK_MODE) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1 +#define MBEDTLS_DES_C +#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */ +#endif /* PSA_WANT_KEY_TYPE_DES */ + +#if defined(PSA_WANT_KEY_TYPE_CHACHA20) +#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) +#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1 +#define MBEDTLS_CHACHA20_C +#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */ +#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */ + +/* If any of the software block ciphers are selected, define + * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these + * situations. */ +#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) +#define PSA_HAVE_SOFT_BLOCK_CIPHER 1 +#endif + +#if defined(PSA_WANT_ALG_STREAM_CIPHER) +#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1 +#endif /* PSA_WANT_ALG_STREAM_CIPHER */ + +#if defined(PSA_WANT_ALG_CBC_MAC) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC) +#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS." +#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1 +#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */ +#endif /* PSA_WANT_ALG_CBC_MAC */ + +#if defined(PSA_WANT_ALG_CMAC) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \ + defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || \ + defined(PSA_HAVE_SOFT_PBKDF2_CMAC) +#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 +#define MBEDTLS_CMAC_C +#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ +#endif /* PSA_WANT_ALG_CMAC */ + +#if defined(PSA_HAVE_SOFT_PBKDF2_HMAC) || \ + defined(PSA_HAVE_SOFT_PBKDF2_CMAC) +#define PSA_HAVE_SOFT_PBKDF2 1 +#endif /* PSA_HAVE_SOFT_PBKDF2_HMAC || PSA_HAVE_SOFT_PBKDF2_CMAC */ + +#if defined(PSA_WANT_ALG_CTR) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \ + defined(PSA_HAVE_SOFT_BLOCK_CIPHER) +#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1 +#define MBEDTLS_CIPHER_MODE_CTR +#endif +#endif /* PSA_WANT_ALG_CTR */ + +#if defined(PSA_WANT_ALG_CFB) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \ + defined(PSA_HAVE_SOFT_BLOCK_CIPHER) +#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1 +#define MBEDTLS_CIPHER_MODE_CFB +#endif +#endif /* PSA_WANT_ALG_CFB */ + +#if defined(PSA_WANT_ALG_OFB) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \ + defined(PSA_HAVE_SOFT_BLOCK_CIPHER) +#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1 +#define MBEDTLS_CIPHER_MODE_OFB +#endif +#endif /* PSA_WANT_ALG_OFB */ + +#if defined(PSA_WANT_ALG_ECB_NO_PADDING) && \ + !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING) +#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 +#endif + +#if defined(PSA_WANT_ALG_CBC_NO_PADDING) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \ + defined(PSA_HAVE_SOFT_BLOCK_CIPHER) +#define MBEDTLS_CIPHER_MODE_CBC +#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1 +#endif +#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ + +#if defined(PSA_WANT_ALG_CBC_PKCS7) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \ + defined(PSA_HAVE_SOFT_BLOCK_CIPHER) +#define MBEDTLS_CIPHER_MODE_CBC +#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1 +#define MBEDTLS_CIPHER_PADDING_PKCS7 +#endif +#endif /* PSA_WANT_ALG_CBC_PKCS7 */ + +#if defined(PSA_WANT_ALG_CCM) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) +#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 +#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1 +#define MBEDTLS_CCM_C +#endif +#endif /* PSA_WANT_ALG_CCM */ + +#if defined(PSA_WANT_ALG_GCM) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ + defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) +#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 +#define MBEDTLS_GCM_C +#endif +#endif /* PSA_WANT_ALG_GCM */ + +#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) +#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305) +#if defined(PSA_WANT_KEY_TYPE_CHACHA20) +#define MBEDTLS_CHACHAPOLY_C +#define MBEDTLS_CHACHA20_C +#define MBEDTLS_POLY1305_C +#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1 +#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */ +#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */ +#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ + +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) +#define MBEDTLS_ECP_DP_BP256R1_ENABLED +#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */ +#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */ + +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) +#define MBEDTLS_ECP_DP_BP384R1_ENABLED +#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */ +#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */ + +#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) +#define MBEDTLS_ECP_DP_BP512R1_ENABLED +#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */ +#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */ + +#if defined(PSA_WANT_ECC_MONTGOMERY_255) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) +#define MBEDTLS_ECP_DP_CURVE25519_ENABLED +#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */ +#endif /* PSA_WANT_ECC_MONTGOMERY_255 */ + +#if defined(PSA_WANT_ECC_MONTGOMERY_448) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) +#define MBEDTLS_ECP_DP_CURVE448_ENABLED +#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */ +#endif /* PSA_WANT_ECC_MONTGOMERY_448 */ + +#if defined(PSA_WANT_ECC_SECP_R1_192) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) +#define MBEDTLS_ECP_DP_SECP192R1_ENABLED +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */ +#endif /* PSA_WANT_ECC_SECP_R1_192 */ + +#if defined(PSA_WANT_ECC_SECP_R1_224) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) +#define MBEDTLS_ECP_DP_SECP224R1_ENABLED +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */ +#endif /* PSA_WANT_ECC_SECP_R1_224 */ + +#if defined(PSA_WANT_ECC_SECP_R1_256) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) +#define MBEDTLS_ECP_DP_SECP256R1_ENABLED +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */ +#endif /* PSA_WANT_ECC_SECP_R1_256 */ + +#if defined(PSA_WANT_ECC_SECP_R1_384) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) +#define MBEDTLS_ECP_DP_SECP384R1_ENABLED +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */ +#endif /* PSA_WANT_ECC_SECP_R1_384 */ + +#if defined(PSA_WANT_ECC_SECP_R1_521) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) +#define MBEDTLS_ECP_DP_SECP521R1_ENABLED +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */ +#endif /* PSA_WANT_ECC_SECP_R1_521 */ + +#if defined(PSA_WANT_ECC_SECP_K1_192) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) +#define MBEDTLS_ECP_DP_SECP192K1_ENABLED +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */ +#endif /* PSA_WANT_ECC_SECP_K1_192 */ + +#if defined(PSA_WANT_ECC_SECP_K1_224) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) +/* + * SECP224K1 is buggy via the PSA API in Mbed TLS + * (https://github.com/Mbed-TLS/mbedtls/issues/3541). + */ +#error "SECP224K1 is buggy via the PSA API in Mbed TLS." +#define MBEDTLS_ECP_DP_SECP224K1_ENABLED +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */ +#endif /* PSA_WANT_ECC_SECP_K1_224 */ + +#if defined(PSA_WANT_ECC_SECP_K1_256) +#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) +#define MBEDTLS_ECP_DP_SECP256K1_ENABLED +#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 +#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */ +#endif /* PSA_WANT_ECC_SECP_K1_256 */ + +#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_FROM_PSA_H */ diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h index 4d4fa5416b..bf87d0aa2d 100644 --- a/include/mbedtls/config_psa.h +++ b/include/mbedtls/config_psa.h @@ -36,622 +36,11 @@ #include "mbedtls/config_adjust_psa_superset_legacy.h" -/****************************************************************/ -/* Require built-in implementations based on PSA requirements */ -/****************************************************************/ - #if defined(MBEDTLS_PSA_CRYPTO_CONFIG) -#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA) -#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1 -#define MBEDTLS_ECDSA_DETERMINISTIC -#define MBEDTLS_ECDSA_C -#define MBEDTLS_HMAC_DRBG_C -#define MBEDTLS_MD_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */ -#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */ - -#if defined(PSA_WANT_ALG_ECDH) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH) -#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1 -#define MBEDTLS_ECDH_C -#define MBEDTLS_ECP_C -#define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */ -#endif /* PSA_WANT_ALG_ECDH */ - -#if defined(PSA_WANT_ALG_ECDSA) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) -#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1 -#define MBEDTLS_ECDSA_C -#define MBEDTLS_ECP_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */ -#endif /* PSA_WANT_ALG_ECDSA */ - -#if defined(PSA_WANT_ALG_FFDH) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) -#define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1 -#define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_FFDH */ -#endif /* PSA_WANT_ALG_FFDH */ - -#if defined(PSA_WANT_ALG_HKDF) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ -#endif /* PSA_WANT_ALG_HKDF */ - -#if defined(PSA_WANT_ALG_HKDF_EXTRACT) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */ -#endif /* PSA_WANT_ALG_HKDF_EXTRACT */ - -#if defined(PSA_WANT_ALG_HKDF_EXPAND) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */ -#endif /* PSA_WANT_ALG_HKDF_EXPAND */ - -#if defined(PSA_WANT_ALG_HMAC) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ -#endif /* PSA_WANT_ALG_HMAC */ - -#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5) -#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1 -#define MBEDTLS_MD5_C -#endif - -#if defined(PSA_WANT_ALG_JPAKE) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE) -#define MBEDTLS_PSA_BUILTIN_PAKE 1 -#define MBEDTLS_PSA_BUILTIN_ALG_JPAKE 1 -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_ECP_C -#define MBEDTLS_ECJPAKE_C -#endif /* MBEDTLS_PSA_ACCEL_ALG_JPAKE */ -#endif /* PSA_WANT_ALG_JPAKE */ - -#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160) -#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1 -#define MBEDTLS_RIPEMD160_C -#endif - -#if defined(PSA_WANT_ALG_RSA_OAEP) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1 -#define MBEDTLS_RSA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_OID_C -#define MBEDTLS_PKCS1_V21 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */ -#endif /* PSA_WANT_ALG_RSA_OAEP */ - -#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1 -#define MBEDTLS_RSA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_OID_C -#define MBEDTLS_PKCS1_V15 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */ -#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */ - -#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1 -#define MBEDTLS_RSA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_OID_C -#define MBEDTLS_PKCS1_V15 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */ -#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */ - -#if defined(PSA_WANT_ALG_RSA_PSS) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS) -#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1 -#define MBEDTLS_RSA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_OID_C -#define MBEDTLS_PKCS1_V21 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */ -#endif /* PSA_WANT_ALG_RSA_PSS */ - -#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1 -#define MBEDTLS_SHA1_C -#endif - -#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1 -#define MBEDTLS_SHA224_C -#endif - -#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1 -#define MBEDTLS_SHA256_C -#endif - -#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1 -#define MBEDTLS_SHA384_C -#endif - -#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1 -#define MBEDTLS_SHA512_C -#endif - -#if defined(PSA_WANT_ALG_SHA3_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_224 1 -#define MBEDTLS_SHA3_C -#endif - -#if defined(PSA_WANT_ALG_SHA3_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_256 1 -#define MBEDTLS_SHA3_C -#endif - -#if defined(PSA_WANT_ALG_SHA3_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_384 1 -#define MBEDTLS_SHA3_C -#endif - -#if defined(PSA_WANT_ALG_SHA3_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512) -#define MBEDTLS_PSA_BUILTIN_ALG_SHA3_512 1 -#define MBEDTLS_SHA3_C -#endif - -#if defined(PSA_WANT_ALG_PBKDF2_HMAC) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_HMAC) -#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC 1 -#define PSA_HAVE_SOFT_PBKDF2_HMAC 1 -#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC) -#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */ -#endif /* !MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_HMAC */ -#endif /* PSA_WANT_ALG_PBKDF2_HMAC */ - -#if defined(PSA_WANT_ALG_TLS12_PRF) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF) -#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */ -#endif /* PSA_WANT_ALG_TLS12_PRF */ - -#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS) -#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */ -#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */ - -#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS) -#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS */ -#endif /* PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ -#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT */ -#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ -#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) -#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE */ -#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1 -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC */ -#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ - -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT) -#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT */ -#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT */ - -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT) -#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT */ -#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT */ - -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) -#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1 -#define MBEDTLS_GENPRIME -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE */ -#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE */ - -#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) -#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1 -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_BASIC 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC */ -#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */ - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */ -#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */ - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */ -#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */ - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) -#define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */ -#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */ - -#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) -#define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1 -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */ -#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */ - -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1 -#define MBEDTLS_ECP_C -#define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */ -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ - -#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1 -#define MBEDTLS_BIGNUM_C -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */ -#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */ - -#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1 -#define MBEDTLS_RSA_C -#define MBEDTLS_BIGNUM_C -#define MBEDTLS_OID_C -#define MBEDTLS_PK_PARSE_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PK_C -#define MBEDTLS_ASN1_PARSE_C -#define MBEDTLS_ASN1_WRITE_C -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */ -#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */ - -/* If any of the block modes are requested that don't have an - * associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking - * in the block cipher key types. */ -#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \ - (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \ - (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \ - defined(PSA_WANT_ALG_ECB_NO_PADDING) || \ - (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \ - !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \ - (defined(PSA_WANT_ALG_CBC_PKCS7) && \ - !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \ - (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)) -#define PSA_HAVE_SOFT_BLOCK_MODE 1 -#endif - -#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \ - (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM)) -#define PSA_HAVE_SOFT_BLOCK_AEAD 1 -#endif - -#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128) -#define MBEDTLS_PSA_BUILTIN_ALG_PBKDF2_AES_CMAC_PRF_128 1 -#define PSA_HAVE_SOFT_PBKDF2_CMAC 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_PBKDF2_AES_CMAC_PRF_128 */ -#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */ - -#if defined(PSA_WANT_KEY_TYPE_AES) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) -#define PSA_HAVE_SOFT_KEY_TYPE_AES 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */ -#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ - defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ - defined(PSA_HAVE_SOFT_BLOCK_AEAD) || \ - defined(PSA_HAVE_SOFT_PBKDF2_CMAC) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1 -#define MBEDTLS_AES_C -#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */ -#endif /* PSA_WANT_KEY_TYPE_AES */ - -#if defined(PSA_WANT_KEY_TYPE_ARIA) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA) -#define PSA_HAVE_SOFT_KEY_TYPE_ARIA 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA */ -#if defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ - defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ - defined(PSA_HAVE_SOFT_BLOCK_AEAD) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ARIA 1 -#define MBEDTLS_ARIA_C -#endif /* PSA_HAVE_SOFT_KEY_TYPE_ARIA || PSA_HAVE_SOFT_BLOCK_MODE */ -#endif /* PSA_WANT_KEY_TYPE_ARIA */ - -#if defined(PSA_WANT_KEY_TYPE_CAMELLIA) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA) -#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */ -#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \ - defined(PSA_HAVE_SOFT_BLOCK_MODE) || \ - defined(PSA_HAVE_SOFT_BLOCK_AEAD) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1 -#define MBEDTLS_CAMELLIA_C -#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */ -#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */ - -#if defined(PSA_WANT_KEY_TYPE_DES) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES) -#define PSA_HAVE_SOFT_KEY_TYPE_DES 1 -#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */ -#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \ - defined(PSA_HAVE_SOFT_BLOCK_MODE) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1 -#define MBEDTLS_DES_C -#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */ -#endif /* PSA_WANT_KEY_TYPE_DES */ - -#if defined(PSA_WANT_KEY_TYPE_CHACHA20) -#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20) -#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1 -#define MBEDTLS_CHACHA20_C -#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */ -#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */ - -/* If any of the software block ciphers are selected, define - * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these - * situations. */ -#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) -#define PSA_HAVE_SOFT_BLOCK_CIPHER 1 -#endif - -#if defined(PSA_WANT_ALG_STREAM_CIPHER) -#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1 -#endif /* PSA_WANT_ALG_STREAM_CIPHER */ - -#if defined(PSA_WANT_ALG_CBC_MAC) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC) -#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS." -#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1 -#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */ -#endif /* PSA_WANT_ALG_CBC_MAC */ - -#if defined(PSA_WANT_ALG_CMAC) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || \ - defined(PSA_HAVE_SOFT_PBKDF2_CMAC) -#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1 -#define MBEDTLS_CMAC_C -#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */ -#endif /* PSA_WANT_ALG_CMAC */ - -#if defined(PSA_HAVE_SOFT_PBKDF2_HMAC) || \ - defined(PSA_HAVE_SOFT_PBKDF2_CMAC) -#define PSA_HAVE_SOFT_PBKDF2 1 -#endif /* PSA_HAVE_SOFT_PBKDF2_HMAC || PSA_HAVE_SOFT_PBKDF2_CMAC */ - -#if defined(PSA_WANT_ALG_CTR) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) -#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1 -#define MBEDTLS_CIPHER_MODE_CTR -#endif -#endif /* PSA_WANT_ALG_CTR */ - -#if defined(PSA_WANT_ALG_CFB) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) -#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1 -#define MBEDTLS_CIPHER_MODE_CFB -#endif -#endif /* PSA_WANT_ALG_CFB */ - -#if defined(PSA_WANT_ALG_OFB) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) -#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1 -#define MBEDTLS_CIPHER_MODE_OFB -#endif -#endif /* PSA_WANT_ALG_OFB */ - -#if defined(PSA_WANT_ALG_ECB_NO_PADDING) && \ - !defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING) -#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1 -#endif - -#if defined(PSA_WANT_ALG_CBC_NO_PADDING) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) -#define MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1 -#endif -#endif /* PSA_WANT_ALG_CBC_NO_PADDING */ - -#if defined(PSA_WANT_ALG_CBC_PKCS7) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \ - defined(PSA_HAVE_SOFT_BLOCK_CIPHER) -#define MBEDTLS_CIPHER_MODE_CBC -#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1 -#define MBEDTLS_CIPHER_PADDING_PKCS7 -#endif -#endif /* PSA_WANT_ALG_CBC_PKCS7 */ - -#if defined(PSA_WANT_ALG_CCM) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) -#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1 -#define MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG 1 -#define MBEDTLS_CCM_C -#endif -#endif /* PSA_WANT_ALG_CCM */ - -#if defined(PSA_WANT_ALG_GCM) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_ARIA) || \ - defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) -#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1 -#define MBEDTLS_GCM_C -#endif -#endif /* PSA_WANT_ALG_GCM */ - -#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) -#if !defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305) -#if defined(PSA_WANT_KEY_TYPE_CHACHA20) -#define MBEDTLS_CHACHAPOLY_C -#define MBEDTLS_CHACHA20_C -#define MBEDTLS_POLY1305_C -#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1 -#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */ -#endif /* !MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 */ -#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ - -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256) -#define MBEDTLS_ECP_DP_BP256R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */ -#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */ - -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384) -#define MBEDTLS_ECP_DP_BP384R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */ -#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */ - -#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512) -#define MBEDTLS_ECP_DP_BP512R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */ -#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */ - -#if defined(PSA_WANT_ECC_MONTGOMERY_255) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) -#define MBEDTLS_ECP_DP_CURVE25519_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */ -#endif /* PSA_WANT_ECC_MONTGOMERY_255 */ - -#if defined(PSA_WANT_ECC_MONTGOMERY_448) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) -#define MBEDTLS_ECP_DP_CURVE448_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */ -#endif /* PSA_WANT_ECC_MONTGOMERY_448 */ - -#if defined(PSA_WANT_ECC_SECP_R1_192) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) -#define MBEDTLS_ECP_DP_SECP192R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */ -#endif /* PSA_WANT_ECC_SECP_R1_192 */ - -#if defined(PSA_WANT_ECC_SECP_R1_224) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) -#define MBEDTLS_ECP_DP_SECP224R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */ -#endif /* PSA_WANT_ECC_SECP_R1_224 */ - -#if defined(PSA_WANT_ECC_SECP_R1_256) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) -#define MBEDTLS_ECP_DP_SECP256R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */ -#endif /* PSA_WANT_ECC_SECP_R1_256 */ - -#if defined(PSA_WANT_ECC_SECP_R1_384) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) -#define MBEDTLS_ECP_DP_SECP384R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */ -#endif /* PSA_WANT_ECC_SECP_R1_384 */ - -#if defined(PSA_WANT_ECC_SECP_R1_521) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521) -#define MBEDTLS_ECP_DP_SECP521R1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */ -#endif /* PSA_WANT_ECC_SECP_R1_521 */ - -#if defined(PSA_WANT_ECC_SECP_K1_192) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) -#define MBEDTLS_ECP_DP_SECP192K1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */ -#endif /* PSA_WANT_ECC_SECP_K1_192 */ - -#if defined(PSA_WANT_ECC_SECP_K1_224) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) -/* - * SECP224K1 is buggy via the PSA API in Mbed TLS - * (https://github.com/Mbed-TLS/mbedtls/issues/3541). - */ -#error "SECP224K1 is buggy via the PSA API in Mbed TLS." -#define MBEDTLS_ECP_DP_SECP224K1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */ -#endif /* PSA_WANT_ECC_SECP_K1_224 */ - -#if defined(PSA_WANT_ECC_SECP_K1_256) -#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) -#define MBEDTLS_ECP_DP_SECP256K1_ENABLED -#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1 -#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */ -#endif /* PSA_WANT_ECC_SECP_K1_256 */ +/* Require built-in implementations based on PSA requirements */ +#include "mbedtls/config_adjust_legacy_from_psa.h" #else /* MBEDTLS_PSA_CRYPTO_CONFIG */ From 9d6a63b4fb356191e747a734608f8321ca73e831 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Sep 2023 17:49:07 +0200 Subject: [PATCH 241/350] Split build_info.h: create and populate mbedtls/config_adjust_legacy_crypto.h Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 109 +------------ include/mbedtls/config_adjust_legacy_crypto.h | 146 ++++++++++++++++++ 2 files changed, 147 insertions(+), 108 deletions(-) create mode 100644 include/mbedtls/config_adjust_legacy_crypto.h diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index c0424da82f..510e1a5d60 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -120,114 +120,7 @@ #include "mbedtls/config_psa.h" #endif -/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C. - * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C. - */ -#if defined(MBEDTLS_MD_C) -#define MBEDTLS_MD_LIGHT -#endif - -/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it - * in a previous release, to ensure backwards compatibility. - */ -#if defined(MBEDTLS_ECJPAKE_C) || \ - defined(MBEDTLS_PEM_PARSE_C) || \ - defined(MBEDTLS_ENTROPY_C) || \ - defined(MBEDTLS_PK_C) || \ - defined(MBEDTLS_PKCS12_C) || \ - defined(MBEDTLS_RSA_C) || \ - defined(MBEDTLS_SSL_TLS_C) || \ - defined(MBEDTLS_X509_USE_C) || \ - defined(MBEDTLS_X509_CREATE_C) -#define MBEDTLS_MD_LIGHT -#endif - -/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols: - * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions - * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for - * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well. - * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because - * these features are not supported in PSA so the only way to have them is - * to enable the built-in solution. - * Both of them are temporary dependencies: - * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789 - * - support for compressed points should also be added to PSA, but in this - * case there is no associated issue to track it yet. - * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation - * still depends on ECP_LIGHT. - * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will - * be fixed by #7453. - */ -#if defined(MBEDTLS_ECP_C) || \ - defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \ - defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \ - defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE) -#define MBEDTLS_ECP_LIGHT -#endif - -/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in MbedTLS version 3.5, while - * in previous version compressed points were automatically supported as long - * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward - * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions - * are met. */ -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C) -#define MBEDTLS_PK_PARSE_EC_COMPRESSED -#endif - -/* Helper symbol to state that there is support for ECDH, either through - * library implementation (ECDH_C) or through PSA. */ -#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \ - (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)) -#define MBEDTLS_CAN_ECDH -#endif - -/* PK module can achieve ECDSA functionalities by means of either software - * implementations (ECDSA_C) or through a PSA driver. The following defines - * are meant to list these capabilities in a general way which abstracts how - * they are implemented under the hood. */ -#if !defined(MBEDTLS_USE_PSA_CRYPTO) -#if defined(MBEDTLS_ECDSA_C) -#define MBEDTLS_PK_CAN_ECDSA_SIGN -#define MBEDTLS_PK_CAN_ECDSA_VERIFY -#endif /* MBEDTLS_ECDSA_C */ -#else /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(PSA_WANT_ALG_ECDSA) -#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) -#define MBEDTLS_PK_CAN_ECDSA_SIGN -#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ -#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) -#define MBEDTLS_PK_CAN_ECDSA_VERIFY -#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ -#endif /* PSA_WANT_ALG_ECDSA */ -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - -#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN) -#define MBEDTLS_PK_CAN_ECDSA_SOME -#endif - -/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT - * is defined as well to include all PSA code. - */ -#if defined(MBEDTLS_PSA_CRYPTO_C) -#define MBEDTLS_PSA_CRYPTO_CLIENT -#endif /* MBEDTLS_PSA_CRYPTO_C */ - -/* The PK wrappers need pk_write functions to format RSA key objects - * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO, - * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */ -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) -#define MBEDTLS_PK_C -#define MBEDTLS_PK_WRITE_C -#define MBEDTLS_PK_PARSE_C -#endif - -/* Helper symbol to state that the PK module has support for EC keys. This - * can either be provided through the legacy ECP solution or through the - * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */ -#if defined(MBEDTLS_ECP_C) || \ - (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)) -#define MBEDTLS_PK_HAVE_ECC_KEYS -#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ +#include "mbedtls/config_adjust_legacy_crypto.h" /* The following blocks make it easier to disable all of TLS, * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h new file mode 100644 index 0000000000..3f0ce45714 --- /dev/null +++ b/include/mbedtls/config_adjust_legacy_crypto.h @@ -0,0 +1,146 @@ +/** + * \file mbedtls/config_adjust_legacy_crypto.h + * \brief Adjust legacy configuration configuration + * + * Automatically enable certain dependencies. Generally, MBEDLTS_xxx + * configurations need to be explicitly enabled by the user: enabling + * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a + * compilation error. However, we do automatically enable certain options + * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option + * used to identify parts of a module that are used by other module, and we + * don't want to make the symbol MBEDTLS_xxx_B part of the public API. + * Another case is if A didn't depend on B in earlier versions, and we + * want to use B in A but we need to preserve backward compatibility with + * configurations that explicitly activate MBEDTLS_xxx_A but not + * MBEDTLS_xxx_B. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H +#define MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H + +/* Auto-enable MBEDTLS_MD_LIGHT based on MBEDTLS_MD_C. + * This allows checking for MD_LIGHT rather than MD_LIGHT || MD_C. + */ +#if defined(MBEDTLS_MD_C) +#define MBEDTLS_MD_LIGHT +#endif + +/* Auto-enable MBEDTLS_MD_LIGHT if needed by a module that didn't require it + * in a previous release, to ensure backwards compatibility. + */ +#if defined(MBEDTLS_ECJPAKE_C) || \ + defined(MBEDTLS_PEM_PARSE_C) || \ + defined(MBEDTLS_ENTROPY_C) || \ + defined(MBEDTLS_PK_C) || \ + defined(MBEDTLS_PKCS12_C) || \ + defined(MBEDTLS_RSA_C) || \ + defined(MBEDTLS_SSL_TLS_C) || \ + defined(MBEDTLS_X509_USE_C) || \ + defined(MBEDTLS_X509_CREATE_C) +#define MBEDTLS_MD_LIGHT +#endif + +/* MBEDTLS_ECP_LIGHT is auto-enabled by the following symbols: + * - MBEDTLS_ECP_C because now it consists of MBEDTLS_ECP_LIGHT plus functions + * for curve arithmetic. As a consequence if MBEDTLS_ECP_C is required for + * some reason, then MBEDTLS_ECP_LIGHT should be enabled as well. + * - MBEDTLS_PK_PARSE_EC_EXTENDED and MBEDTLS_PK_PARSE_EC_COMPRESSED because + * these features are not supported in PSA so the only way to have them is + * to enable the built-in solution. + * Both of them are temporary dependencies: + * - PK_PARSE_EC_EXTENDED will be removed after #7779 and #7789 + * - support for compressed points should also be added to PSA, but in this + * case there is no associated issue to track it yet. + * - PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE because Weierstrass key derivation + * still depends on ECP_LIGHT. + * - PK_C + USE_PSA + PSA_WANT_ALG_ECDSA is a temporary dependency which will + * be fixed by #7453. + */ +#if defined(MBEDTLS_ECP_C) || \ + defined(MBEDTLS_PK_PARSE_EC_EXTENDED) || \ + defined(MBEDTLS_PK_PARSE_EC_COMPRESSED) || \ + defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE) +#define MBEDTLS_ECP_LIGHT +#endif + +/* MBEDTLS_PK_PARSE_EC_COMPRESSED is introduced in MbedTLS version 3.5, while + * in previous version compressed points were automatically supported as long + * as PK_PARSE_C and ECP_C were enabled. As a consequence, for backward + * compatibility, we auto-enable PK_PARSE_EC_COMPRESSED when these conditions + * are met. */ +#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_ECP_C) +#define MBEDTLS_PK_PARSE_EC_COMPRESSED +#endif + +/* Helper symbol to state that there is support for ECDH, either through + * library implementation (ECDH_C) or through PSA. */ +#if (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_ECDH)) || \ + (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_ECDH_C)) +#define MBEDTLS_CAN_ECDH +#endif + +/* PK module can achieve ECDSA functionalities by means of either software + * implementations (ECDSA_C) or through a PSA driver. The following defines + * are meant to list these capabilities in a general way which abstracts how + * they are implemented under the hood. */ +#if !defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_ECDSA_C) +#define MBEDTLS_PK_CAN_ECDSA_SIGN +#define MBEDTLS_PK_CAN_ECDSA_VERIFY +#endif /* MBEDTLS_ECDSA_C */ +#else /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(PSA_WANT_ALG_ECDSA) +#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) +#define MBEDTLS_PK_CAN_ECDSA_SIGN +#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */ +#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#define MBEDTLS_PK_CAN_ECDSA_VERIFY +#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */ +#endif /* PSA_WANT_ALG_ECDSA */ +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + +#if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) || defined(MBEDTLS_PK_CAN_ECDSA_SIGN) +#define MBEDTLS_PK_CAN_ECDSA_SOME +#endif + +/* If MBEDTLS_PSA_CRYPTO_C is defined, make sure MBEDTLS_PSA_CRYPTO_CLIENT + * is defined as well to include all PSA code. + */ +#if defined(MBEDTLS_PSA_CRYPTO_C) +#define MBEDTLS_PSA_CRYPTO_CLIENT +#endif /* MBEDTLS_PSA_CRYPTO_C */ + +/* The PK wrappers need pk_write functions to format RSA key objects + * when they are dispatching to the PSA API. This happens under USE_PSA_CRYPTO, + * and also even without USE_PSA_CRYPTO for mbedtls_pk_sign_ext(). */ +#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C) +#define MBEDTLS_PK_C +#define MBEDTLS_PK_WRITE_C +#define MBEDTLS_PK_PARSE_C +#endif + +/* Helper symbol to state that the PK module has support for EC keys. This + * can either be provided through the legacy ECP solution or through the + * PSA friendly MBEDTLS_PK_USE_PSA_EC_DATA (see pk.h for its description). */ +#if defined(MBEDTLS_ECP_C) || \ + (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)) +#define MBEDTLS_PK_HAVE_ECC_KEYS +#endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ + +#endif /* MBEDTLS_CONFIG_ADJUST_LEGACY_CRYPTO_H */ From dc720b0a704e1b543c9a63c51f26eed7ac706150 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Sep 2023 17:50:28 +0200 Subject: [PATCH 242/350] Split build_info.h: create mbedtls/config_adjust_x509.h There isn't anything to put in this file. Create it anyway for consistency with crypto and TLS. Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 2 ++ include/mbedtls/config_adjust_x509.h | 37 ++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 include/mbedtls/config_adjust_x509.h diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 510e1a5d60..872e841b9e 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -122,6 +122,8 @@ #include "mbedtls/config_adjust_legacy_crypto.h" +#include "mbedtls/config_adjust_x509.h" + /* The following blocks make it easier to disable all of TLS, * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all * key exchanges, options and extensions related to them. */ diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/config_adjust_x509.h new file mode 100644 index 0000000000..99a0ace2f8 --- /dev/null +++ b/include/mbedtls/config_adjust_x509.h @@ -0,0 +1,37 @@ +/** + * \file mbedtls/config_adjust_x509.h + * \brief Adjust X.509 configuration + * + * Automatically enable certain dependencies. Generally, MBEDLTS_xxx + * configurations need to be explicitly enabled by the user: enabling + * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a + * compilation error. However, we do automatically enable certain options + * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option + * used to identify parts of a module that are used by other module, and we + * don't want to make the symbol MBEDTLS_xxx_B part of the public API. + * Another case is if A didn't depend on B in earlier versions, and we + * want to use B in A but we need to preserve backward compatibility with + * configurations that explicitly activate MBEDTLS_xxx_A but not + * MBEDTLS_xxx_B. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CONFIG_ADJUST_X509_H +#define MBEDTLS_CONFIG_ADJUST_X509_H + +#endif /* MBEDTLS_CONFIG_ADJUST_X509_H */ From edc237938ae02511cd2d84099b870f5085951af2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 4 Sep 2023 17:53:11 +0200 Subject: [PATCH 243/350] Split build_info.h: create and populate mbedtls/config_adjust_ssl.h Signed-off-by: Gilles Peskine --- include/mbedtls/build_info.h | 51 +---------------- include/mbedtls/config_adjust_ssl.h | 88 +++++++++++++++++++++++++++++ 2 files changed, 89 insertions(+), 50 deletions(-) create mode 100644 include/mbedtls/config_adjust_ssl.h diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 872e841b9e..7fd4fcc13c 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -124,56 +124,7 @@ #include "mbedtls/config_adjust_x509.h" -/* The following blocks make it easier to disable all of TLS, - * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all - * key exchanges, options and extensions related to them. */ - -#if !defined(MBEDTLS_SSL_TLS_C) -#undef MBEDTLS_SSL_CLI_C -#undef MBEDTLS_SSL_SRV_C -#undef MBEDTLS_SSL_PROTO_TLS1_3 -#undef MBEDTLS_SSL_PROTO_TLS1_2 -#undef MBEDTLS_SSL_PROTO_DTLS -#endif - -#if !defined(MBEDTLS_SSL_PROTO_DTLS) -#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY -#undef MBEDTLS_SSL_DTLS_CONNECTION_ID -#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT -#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY -#undef MBEDTLS_SSL_DTLS_SRTP -#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE -#endif - -#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC -#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET -#undef MBEDTLS_SSL_RENEGOTIATION -#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED -#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED -#endif - -#if !defined(MBEDTLS_SSL_PROTO_TLS1_3) -#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED -#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED -#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED -#undef MBEDTLS_SSL_EARLY_DATA -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ - (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) -#define MBEDTLS_SSL_TLS1_2_SOME_ECC -#endif +#include "mbedtls/config_adjust_ssl.h" /* Make sure all configuration symbols are set before including check_config.h, * even the ones that are calculated programmatically. */ diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h new file mode 100644 index 0000000000..2275f3add7 --- /dev/null +++ b/include/mbedtls/config_adjust_ssl.h @@ -0,0 +1,88 @@ +/** + * \file mbedtls/config_adjust_ssl.h + * \brief Adjust TLS configuration + * + * Automatically enable certain dependencies. Generally, MBEDLTS_xxx + * configurations need to be explicitly enabled by the user: enabling + * MBEDTLS_xxx_A but not MBEDTLS_xxx_B when A requires B results in a + * compilation error. However, we do automatically enable certain options + * in some circumstances. One case is if MBEDTLS_xxx_B is an internal option + * used to identify parts of a module that are used by other module, and we + * don't want to make the symbol MBEDTLS_xxx_B part of the public API. + * Another case is if A didn't depend on B in earlier versions, and we + * want to use B in A but we need to preserve backward compatibility with + * configurations that explicitly activate MBEDTLS_xxx_A but not + * MBEDTLS_xxx_B. + */ +/* + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef MBEDTLS_CONFIG_ADJUST_SSL_H +#define MBEDTLS_CONFIG_ADJUST_SSL_H + +/* The following blocks make it easier to disable all of TLS, + * or of TLS 1.2 or 1.3 or DTLS, without having to manually disable all + * key exchanges, options and extensions related to them. */ + +#if !defined(MBEDTLS_SSL_TLS_C) +#undef MBEDTLS_SSL_CLI_C +#undef MBEDTLS_SSL_SRV_C +#undef MBEDTLS_SSL_PROTO_TLS1_3 +#undef MBEDTLS_SSL_PROTO_TLS1_2 +#undef MBEDTLS_SSL_PROTO_DTLS +#endif + +#if !defined(MBEDTLS_SSL_PROTO_DTLS) +#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY +#undef MBEDTLS_SSL_DTLS_CONNECTION_ID +#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT +#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY +#undef MBEDTLS_SSL_DTLS_SRTP +#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE +#endif + +#if !defined(MBEDTLS_SSL_PROTO_TLS1_2) +#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC +#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET +#undef MBEDTLS_SSL_RENEGOTIATION +#undef MBEDTLS_KEY_EXCHANGE_RSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED +#undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +#endif + +#if !defined(MBEDTLS_SSL_PROTO_TLS1_3) +#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED +#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED +#undef MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED +#undef MBEDTLS_SSL_EARLY_DATA +#endif + +#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ + (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)) +#define MBEDTLS_SSL_TLS1_2_SOME_ECC +#endif + +#endif /* MBEDTLS_CONFIG_ADJUST_SSL_H */ From 7c61ffcc446dd226b6a21677aeba925911ce14e2 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 5 Sep 2023 19:29:47 +0530 Subject: [PATCH 244/350] Rename parse_binary_string function Signed-off-by: Kusumit Ghoderao --- tests/include/test/psa_crypto_helpers.h | 2 +- tests/src/psa_crypto_helpers.c | 2 +- tests/suites/test_suite_psa_crypto.function | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index a280331e3d..9ba7dbcd96 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -243,7 +243,7 @@ int mbedtls_test_inject_entropy_restore(void); /** Parse binary string and convert it to a long integer */ -uint64_t parse_binary_string(data_t *bin_string); +uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); /** Skip a test case if the given key is a 192 bits AES key and the AES * implementation is at least partially provided by an accelerator or diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c index 18eac060f5..52ff031862 100644 --- a/tests/src/psa_crypto_helpers.c +++ b/tests/src/psa_crypto_helpers.c @@ -149,7 +149,7 @@ int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename) } } -uint64_t parse_binary_string(data_t *bin_string) +uint64_t mbedtls_test_parse_binary_string(data_t *bin_string) { uint64_t result = 0; TEST_LE_U(bin_string->len, 8); diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index d1ae15b73f..e558d98b95 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -8463,7 +8463,7 @@ exit: void parse_binary_string_test(data_t *input, int output) { uint64_t value; - value = parse_binary_string(input); + value = mbedtls_test_parse_binary_string(input); TEST_EQUAL(value, output); } /* END_CASE */ @@ -8529,7 +8529,7 @@ void derive_input(int alg_arg, if (key_types[i] == INPUT_INTEGER) { TEST_EQUAL(psa_key_derivation_input_integer( &operation, steps[i], - parse_binary_string(inputs[i])), + mbedtls_test_parse_binary_string(inputs[i])), expected_statuses[i]); } else { TEST_EQUAL(psa_key_derivation_input_bytes( @@ -8729,7 +8729,7 @@ void derive_output(int alg_arg, case PSA_KEY_DERIVATION_INPUT_COST: TEST_EQUAL(psa_key_derivation_input_integer( &operation, steps[i], - parse_binary_string(inputs[i])), + mbedtls_test_parse_binary_string(inputs[i])), statuses[i]); if (statuses[i] != PSA_SUCCESS) { goto exit; From 94d319065aa9e5c1e4be2213c1b7386b62e0cab6 Mon Sep 17 00:00:00 2001 From: Kusumit Ghoderao Date: Tue, 5 Sep 2023 19:30:22 +0530 Subject: [PATCH 245/350] Set input cost as 1 for psa_key_exercise test Signed-off-by: Kusumit Ghoderao --- tests/src/psa_exercise_key.c | 3 +-- tests/suites/test_suite_psa_crypto.data | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 83359771c1..c4488b56f1 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -438,10 +438,9 @@ int mbedtls_test_psa_setup_key_derivation_wrap( PSA_KEY_DERIVATION_INPUT_LABEL, input2, input2_length)); } else if (PSA_ALG_IS_PBKDF2(alg)) { - data_t input_cost = { (unsigned char *) input1, (uint32_t) input1_length }; PSA_ASSERT(psa_key_derivation_input_integer(operation, PSA_KEY_DERIVATION_INPUT_COST, - parse_binary_string(&input_cost))); + 1U)); PSA_ASSERT(psa_key_derivation_input_bytes(operation, PSA_KEY_DERIVATION_INPUT_SALT, input2, diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 5136568ae8..89012e94e2 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -6568,6 +6568,7 @@ PSA key derivation: TLS 1.2 PRF SHA-256, exercise HKDF-SHA-256 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF derive_key_exercise:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_DERIVE:400:PSA_KEY_USAGE_DERIVE:PSA_ALG_HKDF(PSA_ALG_SHA_256) +# Input cost is set to 1U for testing purposes. PSA key derivation: PBKDF2-HMAC-SHA-256, exercise AES128-CTR depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES derive_key_exercise:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):"706173737764":"01":"73616c74":PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR From 0364c8a773e80a2a492d139fbd06e3d7cf2af098 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 5 Sep 2023 16:20:19 +0100 Subject: [PATCH 246/350] Introduce MBEDTLS_IGNORE_UNREACHABLE_BEGIN Signed-off-by: Dave Rodgman --- library/common.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/library/common.h b/library/common.h index 3c472c685d..4e1b2fa2dd 100644 --- a/library/common.h +++ b/library/common.h @@ -334,4 +334,23 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE #endif +/* Define macros that can be used to disable warnings about unreachable code. */ +#if defined(__clang__) + +#define MBEDTLS_PRAGMA(x) _Pragma(#x) + +#define MBEDTLS_IGNORE_UNREACHABLE_BEGIN \ + MBEDTLS_PRAGMA(clang diagnostic push) \ + MBEDTLS_PRAGMA(clang diagnostic ignored "-Wunreachable-code") + +#define MBEDTLS_IGNORE_UNREACHABLE_END \ + MBEDTLS_PRAGMA(clang diagnostic pop) + +#else + +#define MBEDTLS_IGNORE_UNREACHABLE_BEGIN +#define MBEDTLS_IGNORE_UNREACHABLE_END + +#endif + #endif /* MBEDTLS_LIBRARY_COMMON_H */ From cfa722324ca1618f03923b407a4ce683221cd277 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 5 Sep 2023 16:20:33 +0100 Subject: [PATCH 247/350] Fix warnings about unreachable code Signed-off-by: Dave Rodgman --- library/bignum_core.c | 2 ++ library/x509_crt.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 48b640bdb9..85dca5530e 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -99,6 +99,7 @@ static mbedtls_mpi_uint mpi_bigendian_to_host(mbedtls_mpi_uint a) /* Nothing to do on bigendian systems. */ return a; } else { +MBEDTLS_IGNORE_UNREACHABLE_BEGIN switch (sizeof(mbedtls_mpi_uint)) { case 4: return (mbedtls_mpi_uint) MBEDTLS_BSWAP32((uint32_t) a); @@ -109,6 +110,7 @@ static mbedtls_mpi_uint mpi_bigendian_to_host(mbedtls_mpi_uint a) /* Fall back to C-based reordering if we don't know the byte order * or we couldn't use a compiler-specific builtin. */ return mpi_bigendian_to_host_c(a); +MBEDTLS_IGNORE_UNREACHABLE_END } } diff --git a/library/x509_crt.c b/library/x509_crt.c index 2cbced210e..8d07694a2c 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2754,8 +2754,8 @@ static int x509_inet_pton_ipv6(const char *src, void *dst) p++; } if (num_digits != 0) { - addr[nonzero_groups++] = MBEDTLS_IS_BIG_ENDIAN ? group : - (group << 8) | (group >> 8); + MBEDTLS_PUT_UINT16_BE(group, addr, nonzero_groups); + nonzero_groups++; if (*p == '\0') { break; } else if (*p == '.') { From 7e1e7be8fcd67884b881aaa1760914566e8356a5 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 5 Sep 2023 18:12:33 +0100 Subject: [PATCH 248/350] Simplify fixes for unreachable code Signed-off-by: Dave Rodgman --- library/bignum_core.c | 35 +++++++---------------------------- library/common.h | 19 ------------------- 2 files changed, 7 insertions(+), 47 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 85dca5530e..441151e662 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -77,40 +77,19 @@ size_t mbedtls_mpi_core_bitlen(const mbedtls_mpi_uint *A, size_t A_limbs) return 0; } -/* Convert a big-endian byte array aligned to the size of mbedtls_mpi_uint - * into the storage form used by mbedtls_mpi. */ -static mbedtls_mpi_uint mpi_bigendian_to_host_c(mbedtls_mpi_uint a) -{ - uint8_t i; - unsigned char *a_ptr; - mbedtls_mpi_uint tmp = 0; - - for (i = 0, a_ptr = (unsigned char *) &a; i < ciL; i++, a_ptr++) { - tmp <<= CHAR_BIT; - tmp |= (mbedtls_mpi_uint) *a_ptr; - } - - return tmp; -} - static mbedtls_mpi_uint mpi_bigendian_to_host(mbedtls_mpi_uint a) { if (MBEDTLS_IS_BIG_ENDIAN) { /* Nothing to do on bigendian systems. */ return a; } else { -MBEDTLS_IGNORE_UNREACHABLE_BEGIN - switch (sizeof(mbedtls_mpi_uint)) { - case 4: - return (mbedtls_mpi_uint) MBEDTLS_BSWAP32((uint32_t) a); - case 8: - return (mbedtls_mpi_uint) MBEDTLS_BSWAP64((uint64_t) a); - } - - /* Fall back to C-based reordering if we don't know the byte order - * or we couldn't use a compiler-specific builtin. */ - return mpi_bigendian_to_host_c(a); -MBEDTLS_IGNORE_UNREACHABLE_END +#if defined(MBEDTLS_HAVE_INT32) + return (mbedtls_mpi_uint) MBEDTLS_BSWAP32((uint32_t) a); +#elif defined(MBEDTLS_HAVE_INT64) + return (mbedtls_mpi_uint) MBEDTLS_BSWAP64((uint64_t) a); +#else +#error "This is one of several places that need to be adapted to support a new limb size" +#endif } } diff --git a/library/common.h b/library/common.h index 4e1b2fa2dd..3c472c685d 100644 --- a/library/common.h +++ b/library/common.h @@ -334,23 +334,4 @@ static inline void mbedtls_xor_no_simd(unsigned char *r, #define MBEDTLS_OPTIMIZE_FOR_PERFORMANCE #endif -/* Define macros that can be used to disable warnings about unreachable code. */ -#if defined(__clang__) - -#define MBEDTLS_PRAGMA(x) _Pragma(#x) - -#define MBEDTLS_IGNORE_UNREACHABLE_BEGIN \ - MBEDTLS_PRAGMA(clang diagnostic push) \ - MBEDTLS_PRAGMA(clang diagnostic ignored "-Wunreachable-code") - -#define MBEDTLS_IGNORE_UNREACHABLE_END \ - MBEDTLS_PRAGMA(clang diagnostic pop) - -#else - -#define MBEDTLS_IGNORE_UNREACHABLE_BEGIN -#define MBEDTLS_IGNORE_UNREACHABLE_END - -#endif - #endif /* MBEDTLS_LIBRARY_COMMON_H */ From a8861e086e3b41a4bab606d9a14ae4d0c694951c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 5 Sep 2023 20:20:51 +0200 Subject: [PATCH 249/350] Fix boolean options in the wrong section Boolean options that modify the behavior of a module are supposed to be in the "feature support" section, not in the "configuration options" support: that section is documented to contain commented-out definitions with a value, for which the comment contains the default version. In particular, merely uncommenting a definition in the "configuration options" section is not supposed to change anything. Move the offending boolean options to the proper section. This causes those options to be enabled by `config.py full` unless explicitly excluded. For all the offending options, this is undesirable, so make sure those options are indeed excluded. Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 169 +++++++++++++++---------------- scripts/config.py | 8 +- 2 files changed, 91 insertions(+), 86 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 2a24a450c2..84b27e5008 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -272,6 +272,45 @@ //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT //#define MBEDTLS_PLATFORM_MS_TIME_ALT +/** + * Uncomment the macro to let Mbed TLS use your alternate implementation of + * mbedtls_platform_gmtime_r(). This replaces the default implementation in + * platform_util.c. + * + * gmtime() is not a thread-safe function as defined in the C standard. The + * library will try to use safer implementations of this function, such as + * gmtime_r() when available. However, if Mbed TLS cannot identify the target + * system, the implementation of mbedtls_platform_gmtime_r() will default to + * using the standard gmtime(). In this case, calls from the library to + * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex + * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the + * library are also guarded with this mutex to avoid race conditions. However, + * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will + * unconditionally use the implementation for mbedtls_platform_gmtime_r() + * supplied at compile time. + */ +//#define MBEDTLS_PLATFORM_GMTIME_R_ALT + +/** + * Uncomment the macro to let mbed TLS use your alternate implementation of + * mbedtls_platform_zeroize(). This replaces the default implementation in + * platform_util.c. + * + * mbedtls_platform_zeroize() is a widely used function across the library to + * zero a block of memory. The implementation is expected to be secure in the + * sense that it has been written to prevent the compiler from removing calls + * to mbedtls_platform_zeroize() as part of redundant code elimination + * optimizations. However, it is difficult to guarantee that calls to + * mbedtls_platform_zeroize() will not be optimized by the compiler as older + * versions of the C language standards do not provide a secure implementation + * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to + * configure their own implementation of mbedtls_platform_zeroize(), for + * example by using directives specific to their compiler, features from newer + * C standards (e.g using memset_s() in C11) or calling a secure memset() from + * their system (e.g explicit_bzero() in BSD). + */ +//#define MBEDTLS_PLATFORM_ZEROIZE_ALT + /** * \def MBEDTLS_DEPRECATED_WARNING * @@ -569,6 +608,20 @@ */ //#define MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH +/* + * Disable plain C implementation for AES. + * + * When the plain C implementation is enabled, and an implementation using a + * special CPU feature (such as MBEDTLS_AESCE_C) is also enabled, runtime + * detection will be used to select between them. + * + * If only one implementation is present, runtime detection will not be used. + * This configuration will crash at runtime if running on a CPU without the + * necessary features. It will not build unless at least one of MBEDTLS_AESCE_C + * and/or MBEDTLS_AESNI_C is enabled & present in the build. + */ +//#define MBEDTLS_AES_USE_HARDWARE_ONLY + /** * \def MBEDTLS_CAMELLIA_SMALL_MEMORY * @@ -692,6 +745,15 @@ */ //#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY +/** + * Enable the verified implementations of ECDH primitives from Project Everest + * (currently only Curve25519). This feature changes the layout of ECDH + * contexts and therefore is a compatibility break for applications that access + * fields of a mbedtls_ecdh_context structure directly. See also + * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. + */ +//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED + /** * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED * @@ -782,6 +844,28 @@ */ //#define MBEDTLS_ECP_RESTARTABLE +/** + * Uncomment to enable using new bignum code in the ECC modules. + * + * \warning This is currently experimental, incomplete and therefore should not + * be used in production. + */ +//#define MBEDTLS_ECP_WITH_MPI_UINT + +/** + * Uncomment to enable p256-m, which implements ECC key generation, ECDH, + * and ECDSA for SECP256R1 curves. This driver is used as an example to + * document how a third-party driver or software accelerator can be integrated + * to work alongside Mbed TLS. + * + * \warning p256-m has only been included to serve as a sample implementation + * of how a driver/accelerator can be integrated alongside Mbed TLS. It is not + * intended for use in production. p256-m files in Mbed TLS are not updated + * regularly, so they may not contain upstream fixes/improvements. + * DO NOT ENABLE/USE THIS MACRO IN PRODUCTION BUILDS! + */ +//#define MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED + /** * \def MBEDTLS_ECDSA_DETERMINISTIC * @@ -3998,89 +4082,4 @@ //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ //#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */ -/** - * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_platform_zeroize(). This replaces the default implementation in - * platform_util.c. - * - * mbedtls_platform_zeroize() is a widely used function across the library to - * zero a block of memory. The implementation is expected to be secure in the - * sense that it has been written to prevent the compiler from removing calls - * to mbedtls_platform_zeroize() as part of redundant code elimination - * optimizations. However, it is difficult to guarantee that calls to - * mbedtls_platform_zeroize() will not be optimized by the compiler as older - * versions of the C language standards do not provide a secure implementation - * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to - * configure their own implementation of mbedtls_platform_zeroize(), for - * example by using directives specific to their compiler, features from newer - * C standards (e.g using memset_s() in C11) or calling a secure memset() from - * their system (e.g explicit_bzero() in BSD). - */ -//#define MBEDTLS_PLATFORM_ZEROIZE_ALT - -/** - * Uncomment the macro to let Mbed TLS use your alternate implementation of - * mbedtls_platform_gmtime_r(). This replaces the default implementation in - * platform_util.c. - * - * gmtime() is not a thread-safe function as defined in the C standard. The - * library will try to use safer implementations of this function, such as - * gmtime_r() when available. However, if Mbed TLS cannot identify the target - * system, the implementation of mbedtls_platform_gmtime_r() will default to - * using the standard gmtime(). In this case, calls from the library to - * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex - * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the - * library are also guarded with this mutex to avoid race conditions. However, - * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will - * unconditionally use the implementation for mbedtls_platform_gmtime_r() - * supplied at compile time. - */ -//#define MBEDTLS_PLATFORM_GMTIME_R_ALT - -/** - * Enable the verified implementations of ECDH primitives from Project Everest - * (currently only Curve25519). This feature changes the layout of ECDH - * contexts and therefore is a compatibility break for applications that access - * fields of a mbedtls_ecdh_context structure directly. See also - * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h. - */ -//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED - -/** - * Uncomment to enable p256-m, which implements ECC key generation, ECDH, - * and ECDSA for SECP256R1 curves. This driver is used as an example to - * document how a third-party driver or software accelerator can be integrated - * to work alongside Mbed TLS. - * - * \warning p256-m has only been included to serve as a sample implementation - * of how a driver/accelerator can be integrated alongside Mbed TLS. It is not - * intended for use in production. p256-m files in Mbed TLS are not updated - * regularly, so they may not contain upstream fixes/improvements. - * DO NOT ENABLE/USE THIS MACRO IN PRODUCTION BUILDS! - */ -//#define MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED - - -/** - * Uncomment to enable using new bignum code in the ECC modules. - * - * \warning This is currently experimental, incomplete and therefore should not - * be used in production. - */ -//#define MBEDTLS_ECP_WITH_MPI_UINT - -/* - * Disable plain C implementation for AES. - * - * When the plain C implementation is enabled, and an implementation using a - * special CPU feature (such as MBEDTLS_AESCE_C) is also enabled, runtime - * detection will be used to select between them. - * - * If only one implementation is present, runtime detection will not be used. - * This configuration will crash at runtime if running on a CPU without the - * necessary features. It will not build unless at least one of MBEDTLS_AESCE_C - * and/or MBEDTLS_AESNI_C is enabled & present in the build. - */ -//#define MBEDTLS_AES_USE_HARDWARE_ONLY - /** \} name SECTION: Module configuration options */ diff --git a/scripts/config.py b/scripts/config.py index 4ff5166782..6e7fc84cf2 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -190,6 +190,7 @@ def realfull_adapter(_name, active, section): EXCLUDE_FROM_FULL = frozenset([ #pylint: disable=line-too-long 'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY + 'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency 'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options @@ -233,7 +234,12 @@ def is_seamless_alt(name): Exclude alternative implementations of library functions since they require an implementation of the relevant functions and an xxx_alt.h header. """ - if name in ('MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', 'MBEDTLS_PLATFORM_MS_TIME_ALT'): + if name in ( + 'MBEDTLS_PLATFORM_GMTIME_R_ALT', + 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT', + 'MBEDTLS_PLATFORM_MS_TIME_ALT', + 'MBEDTLS_PLATFORM_ZEROIZE_ALT', + ): # Similar to non-platform xxx_ALT, requires platform_alt.h return False return name.startswith('MBEDTLS_PLATFORM_') From da69eaa366743eb60b945e4a0c4411d4e58b551e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 5 Sep 2023 20:54:17 +0200 Subject: [PATCH 250/350] TLS 1.3 support is mostly complete In particular, pre-shared keys are supported. Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 84b27e5008..f34c0913f9 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1727,9 +1727,7 @@ * * Enable support for TLS 1.3. * - * \note The support for TLS 1.3 is not comprehensive yet, in particular - * pre-shared keys are not supported. - * See docs/architecture/tls13-support.md for a description of the TLS + * \note See docs/architecture/tls13-support.md for a description of the TLS * 1.3 support that this option enables. * * Requires: MBEDTLS_SSL_KEEP_PEER_CERTIFICATE From d65ea42262a45606a8054dfa0470e6d05343c2b3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 5 Sep 2023 21:07:32 +0200 Subject: [PATCH 251/350] Fix some TLS 1.3 settings that were required in mbedtls_config.h Mbed TLS can be configured by writing a configuration file from scratch, without copying mbedtls_config.h. As a consequence, all the macro definitions in mbedtls_config.h must be optional. This was not the case for some MBEDTLS_SSL_TLS1_3_xxx macros with numerical values related to session tickets. Fix that. Signed-off-by: Gilles Peskine --- ChangeLog.d/tls13-custom-config.txt | 3 +++ include/mbedtls/mbedtls_config.h | 6 +++--- include/mbedtls/ssl.h | 12 ++++++++++++ 3 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 ChangeLog.d/tls13-custom-config.txt diff --git a/ChangeLog.d/tls13-custom-config.txt b/ChangeLog.d/tls13-custom-config.txt new file mode 100644 index 0000000000..da2e25d950 --- /dev/null +++ b/ChangeLog.d/tls13-custom-config.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix undefined symbols in some builds using TLS 1.3 with a custom + configuration file. diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index f34c0913f9..df53041f0e 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -4055,7 +4055,7 @@ * This is not used in TLS 1.2. * */ -#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 +//#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 /** * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH @@ -4064,7 +4064,7 @@ * * This must be less than 256. */ -#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 +//#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 /** * \def MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS @@ -4074,7 +4074,7 @@ * the MBEDTLS_SSL_SESSION_TICKETS option is enabled. * */ -#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 +//#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 /* X509 options */ //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */ diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 920efa98cd..a3ecbfbf67 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -405,6 +405,18 @@ #define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 #endif +#if !defined(MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) +#define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 +#endif + +#if !defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH) +#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32 +#endif + +#if !defined(MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS) +#define MBEDTLS_SSL_TLS1_3_DEFAULT_NEW_SESSION_TICKETS 1 +#endif + /** \} name SECTION: Module settings */ /* From ff2558a47027a758fd9c2f047fa1f1732349273f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 5 Sep 2023 21:10:39 +0200 Subject: [PATCH 252/350] Fix unused variable in some TLS 1.3 builds Fix unused variable when MBEDTLS_SSL_PROTO_TLS1_3 and MBEDTLS_SSL_SESSION_TICKETS are enabled but not MBEDTLS_DEBUG_C. Signed-off-by: Gilles Peskine --- library/ssl_tls13_generic.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index 20cecdbdf8..81fa514f67 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -837,6 +837,8 @@ int mbedtls_ssl_tls13_process_certificate(mbedtls_ssl_context *ssl) ssl, MBEDTLS_SSL_HS_CERTIFICATE, buf, buf_len)); cleanup: +#else /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ + (void) ssl; #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED */ MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse certificate")); From f9e4caf388b26b4cdaba6370b2b1ed7b091a9e1d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 5 Sep 2023 21:11:27 +0200 Subject: [PATCH 253/350] Comment out default definition This is not required (it's ok to define the default in mbedtls_config and skip the definition in rsa.h), but comment it out for uniformity with all the other options in this section. Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index df53041f0e..ae98553987 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -3924,7 +3924,7 @@ //#define MBEDTLS_PSA_KEY_SLOT_COUNT 32 /* RSA OPTIONS */ -#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */ +//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */ /* SSL Cache options */ //#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /**< 1 day */ From b7b8c09c8106de777320c1e6ae790e2489052a95 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 5 Sep 2023 20:35:19 +0100 Subject: [PATCH 254/350] Update bignum_core.c Co-authored-by: Gilles Peskine Signed-off-by: Dave Rodgman --- library/bignum_core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/bignum_core.c b/library/bignum_core.c index 441151e662..e719dcc69b 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -84,9 +84,9 @@ static mbedtls_mpi_uint mpi_bigendian_to_host(mbedtls_mpi_uint a) return a; } else { #if defined(MBEDTLS_HAVE_INT32) - return (mbedtls_mpi_uint) MBEDTLS_BSWAP32((uint32_t) a); + return (mbedtls_mpi_uint) MBEDTLS_BSWAP32(a); #elif defined(MBEDTLS_HAVE_INT64) - return (mbedtls_mpi_uint) MBEDTLS_BSWAP64((uint64_t) a); + return (mbedtls_mpi_uint) MBEDTLS_BSWAP64(a); #else #error "This is one of several places that need to be adapted to support a new limb size" #endif From 85061b97b57f6bd70d90be58b4ba1c0548035aee Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Wed, 6 Sep 2023 08:41:05 +0100 Subject: [PATCH 255/350] Improve sanity checking of MBEDTLS_HAVE_INTxx Signed-off-by: Dave Rodgman --- include/mbedtls/bignum.h | 9 +++++++++ library/bignum_core.c | 2 -- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 3ba177799d..eb8446ea88 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -186,6 +186,15 @@ typedef uint64_t mbedtls_t_udbl; #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ +/* + * Sanity check that exactly one of MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 is defined, + * so that code elsewhere doesn't have to check. + */ +#if (!(defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64))) || \ + (defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)) +#error "Only 32-bit or 64-bit limbs are supported in bignum" +#endif + /** \typedef mbedtls_mpi_uint * \brief The type of machine digits in a bignum, called _limbs_. * diff --git a/library/bignum_core.c b/library/bignum_core.c index e719dcc69b..dbf6d1df46 100644 --- a/library/bignum_core.c +++ b/library/bignum_core.c @@ -87,8 +87,6 @@ static mbedtls_mpi_uint mpi_bigendian_to_host(mbedtls_mpi_uint a) return (mbedtls_mpi_uint) MBEDTLS_BSWAP32(a); #elif defined(MBEDTLS_HAVE_INT64) return (mbedtls_mpi_uint) MBEDTLS_BSWAP64(a); -#else -#error "This is one of several places that need to be adapted to support a new limb size" #endif } } From 8cae2c2eb56d82589d39898e62fe876a0e48ec31 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 6 Sep 2023 19:42:35 +0200 Subject: [PATCH 256/350] Use the zeroize function from Mbed TLS Keep using the upstream name, to minimize the differences with the upstream code. Signed-off-by: Gilles Peskine --- 3rdparty/p256-m/p256-m/p256-m.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c index 21a021bad6..693cc6da2c 100644 --- a/3rdparty/p256-m/p256-m/p256-m.c +++ b/3rdparty/p256-m/p256-m/p256-m.c @@ -7,6 +7,7 @@ */ #include "p256-m.h" +#include "mbedtls/platform_util.h" #include "psa/crypto.h" #include #include @@ -17,12 +18,7 @@ /* * Zeroize memory - this should not be optimized away */ -static void zeroize(void *d, size_t n) -{ - volatile char *p = d; - while( n-- ) - *p++ = 0; -} +#define zeroize mbedtls_platform_zeroize /* * Helpers to test constant-time behaviour with valgrind or MemSan. From b9c795344271708bd47946c4e87404b7630046e9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 7 Sep 2023 14:20:49 +0200 Subject: [PATCH 257/350] pkwrite: Fix defined but not used warning Fix defined but not used warning when MBEDTLS_USE_PSA_CRYPTO, MBEDTLS_PK_HAVE_RFC8410_CURVES and MBEDTLS_PK_HAVE_ECC_KEYS are defined but not MBEDTLS_PEM_WRITE_C. Signed-off-by: Ronald Cron --- library/pkwrite.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index 439428cff7..eee64ab17b 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -77,7 +77,7 @@ static inline int mbedtls_pk_is_rfc8410(const mbedtls_pk_context *pk) return 0; } -#if defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PEM_WRITE_C) /* It is assumed that the input key is opaque */ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) { @@ -92,7 +92,7 @@ static psa_ecc_family_t pk_get_opaque_ec_family(const mbedtls_pk_context *pk) return ec_family; } -#endif /* MBETLS_USE_PSA_CRYPTO */ +#endif /* MBETLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C */ #endif /* MBEDTLS_PK_HAVE_RFC8410_CURVES */ #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ From d3d566f1d8d1751a6debc96aea2428e470f709bf Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 7 Sep 2023 14:29:12 +0200 Subject: [PATCH 258/350] PSA config: Add comment about HKDF Signed-off-by: Ronald Cron --- include/mbedtls/config_adjust_legacy_from_psa.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h index 8d864ab6d4..471ba181bd 100644 --- a/include/mbedtls/config_adjust_legacy_from_psa.h +++ b/include/mbedtls/config_adjust_legacy_from_psa.h @@ -67,6 +67,10 @@ #if defined(PSA_WANT_ALG_HKDF) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF) +/* + * The PSA implementation has its own implementation of HKDF, separate from + * hkdf.c. No need to enable MBEDTLS_HKDF_C here. + */ #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */ @@ -74,6 +78,10 @@ #if defined(PSA_WANT_ALG_HKDF_EXTRACT) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT) +/* + * The PSA implementation has its own implementation of HKDF, separate from + * hkdf.c. No need to enable MBEDTLS_HKDF_C here. + */ #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT */ @@ -81,6 +89,10 @@ #if defined(PSA_WANT_ALG_HKDF_EXPAND) #if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND) +/* + * The PSA implementation has its own implementation of HKDF, separate from + * hkdf.c. No need to enable MBEDTLS_HKDF_C here. + */ #define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1 #define MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND 1 #endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND */ From 86733834bcad055afa4d08aabbf647c25412a690 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 7 Sep 2023 15:02:39 +0200 Subject: [PATCH 259/350] Modernize documentation of MBEDTLS_PLATFORM_ZEROIZE_ALT The documentation was not updated when we started detecting memset_s() and such. Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 33 +++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ae98553987..d73c83e44d 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -292,22 +292,25 @@ //#define MBEDTLS_PLATFORM_GMTIME_R_ALT /** - * Uncomment the macro to let mbed TLS use your alternate implementation of - * mbedtls_platform_zeroize(). This replaces the default implementation in - * platform_util.c. + * Uncomment the macro to let Mbed TLS use your alternate implementation of + * mbedtls_platform_zeroize(), to wipe sensitive data in memory. This replaces + * the default implementation in platform_util.c. * - * mbedtls_platform_zeroize() is a widely used function across the library to - * zero a block of memory. The implementation is expected to be secure in the - * sense that it has been written to prevent the compiler from removing calls - * to mbedtls_platform_zeroize() as part of redundant code elimination - * optimizations. However, it is difficult to guarantee that calls to - * mbedtls_platform_zeroize() will not be optimized by the compiler as older - * versions of the C language standards do not provide a secure implementation - * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to - * configure their own implementation of mbedtls_platform_zeroize(), for - * example by using directives specific to their compiler, features from newer - * C standards (e.g using memset_s() in C11) or calling a secure memset() from - * their system (e.g explicit_bzero() in BSD). + * By default, the library uses a system function such as memset_s() + * (optional feature of C11), explicit_bzero() (BSD and compatible), or + * SecureZeroMemory (Windows). If no such function is detected, the library + * falls back to a plain C implementation. Compilers are technically + * permitted to optimize this implementation out, meaning that the memory is + * not actually wiped. The library tries to prevent that, but the C language + * makes it impossible to guarantee that the memory will always be wiped. + * + * If your platform provides a guaranteed method to wipe memory which + * `platform_util.c` does not detect, define this macro to the name of + * a function that takes two arguments, a `void *` pointer and a length, + * and wipes that many bytes starting at the specified address. For example, + * if your platform has explicit_bzero() but `platform_util.c` does not + * detect its presence, define `MBEDTLS_PLATFORM_ZEROIZE_ALT` to be + * `explicit_bzero` to use that function as mbedtls_platform_zeroize(). */ //#define MBEDTLS_PLATFORM_ZEROIZE_ALT From 8ece2e9712f251e6b79c2f358ca89d0206ef8f46 Mon Sep 17 00:00:00 2001 From: David Horstmann Date: Thu, 7 Sep 2023 17:43:12 +0100 Subject: [PATCH 260/350] Fix incorrect test dependencies in pkwrite tests These should rely in MBEDTLS_PEM_{PARSE,WRITE}_C where applicable, not MBEDTLS_BASE64_C. Signed-off-by: David Horstmann --- tests/suites/test_suite_pkwrite.data | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data index 4256a88a64..5cbbb414ef 100644 --- a/tests/suites/test_suite_pkwrite.data +++ b/tests/suites/test_suite_pkwrite.data @@ -39,19 +39,19 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER Public key write check EC X25519 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_pubkey_check:"data_files/ec_x25519_pub.pem":TEST_PEM Public key write check EC X25519 (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_pubkey_check:"data_files/ec_x25519_pub.der":TEST_DER Public key write check EC X448 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_pubkey_check:"data_files/ec_x448_pub.pem":TEST_PEM Public key write check EC X448 (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_pubkey_check:"data_files/ec_x448_pub.der":TEST_DER Private key write check RSA @@ -111,19 +111,19 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_BP512R1_ENABLED pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER Private key write check EC X25519 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_key_check:"data_files/ec_x25519_prv.pem":TEST_PEM Private key write check EC X25519 (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE25519_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE25519_ENABLED pk_write_key_check:"data_files/ec_x25519_prv.der":TEST_DER Private key write check EC X448 -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_key_check:"data_files/ec_x448_prv.pem":TEST_PEM Private key write check EC X448 (DER) -depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_CURVE448_ENABLED +depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_CURVE448_ENABLED pk_write_key_check:"data_files/ec_x448_prv.der":TEST_DER Derive public key RSA From eab2055bdec6741c90d38624591e1ff68dbdffea Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 30 Aug 2023 17:36:25 +0200 Subject: [PATCH 261/350] Fix query_config.c generation with CMake build system In case of an out-of-tree build with the CMake build system the path to crypto_config.h has to be defined as the path to mbedtls_config.h. Add this possibility tp generate_query_config.pl. Signed-off-by: Ronald Cron --- programs/test/CMakeLists.txt | 2 ++ scripts/generate_query_config.pl | 25 +++++++++++-------------- 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 735684ebf6..a75f8d9239 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -45,11 +45,13 @@ if(GEN_FILES) ${PERL} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h + ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt ${CMAKE_CURRENT_BINARY_DIR}/query_config.c DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h + ${CMAKE_CURRENT_SOURCE_DIR}/../../include/psa/crypto_config.h ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt ) # this file will also be used in another directory, so create a target, see diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index ddbebfa448..4282339221 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -7,15 +7,16 @@ # form (if any). This facilitates querying the compile time configuration of # the library, for example, for testing. # -# The query_config.c is generated from the current configuration at -# include/mbedtls/mbedtls_config.h. The idea is that the mbedtls_config.h contains ALL the +# The query_config.c is generated from the default configuration files +# include/mbedtls/mbedtls_config.h and include/psa/crypto_config.h. +# The idea is that mbedtls_config.h and crypto_config.h contain ALL the # compile time configurations available in Mbed TLS (commented or uncommented). -# This script extracts the configuration macros from the mbedtls_config.h and this +# This script extracts the configuration macros from the two files and this # information is used to automatically generate the body of the query_config() # function by using the template in scripts/data_files/query_config.fmt. # # Usage: scripts/generate_query_config.pl without arguments, or -# generate_query_config.pl mbedtls_config_file template_file output_file [psa_crypto_config_file] +# generate_query_config.pl mbedtls_config_file psa_crypto_config_file template_file output_file # # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 @@ -34,29 +35,25 @@ use strict; -my ($mbedtls_config_file, $query_config_format_file, $query_config_file, $psa_crypto_config_file); +my ($mbedtls_config_file, $psa_crypto_config_file, $query_config_format_file, $query_config_file); my $default_mbedtls_config_file = "./include/mbedtls/mbedtls_config.h"; +my $default_psa_crypto_config_file = "./include/psa/crypto_config.h"; my $default_query_config_format_file = "./scripts/data_files/query_config.fmt"; my $default_query_config_file = "./programs/test/query_config.c"; -my $default_psa_crypto_config_file = "./include/psa/crypto_config.h"; if( @ARGV ) { - die "Invalid number of arguments - usage: $0 [CONFIG_FILE TEMPLATE_FILE OUTPUT_FILE]" if scalar @ARGV != 3; - ($mbedtls_config_file, $query_config_format_file, $query_config_file) = @ARGV; + die "Invalid number of arguments - usage: $0 [CONFIG_FILE TEMPLATE_FILE OUTPUT_FILE]" if scalar @ARGV != 4; + ($mbedtls_config_file, $psa_crypto_config_file, $query_config_format_file, $query_config_file) = @ARGV; -f $mbedtls_config_file or die "No such file: $mbedtls_config_file"; + -f $psa_crypto_config_file or die "No such file: $psa_crypto_config_file"; -f $query_config_format_file or die "No such file: $query_config_format_file"; - if (defined($psa_crypto_config_file) && length($psa_crypto_config_file)) { - -f $psa_crypto_config_file or die "No such file: $psa_crypto_config_file"; - } else { - $psa_crypto_config_file = (-f $default_psa_crypto_config_file) ? $default_psa_crypto_config_file : undef; - } } else { $mbedtls_config_file = $default_mbedtls_config_file; + $psa_crypto_config_file = $default_psa_crypto_config_file; $query_config_format_file = $default_query_config_format_file; $query_config_file = $default_query_config_file; - $psa_crypto_config_file = $default_psa_crypto_config_file; unless(-f $mbedtls_config_file && -f $query_config_format_file && -f $psa_crypto_config_file) { chdir '..' or die; From d7a983a0d88353ae48dd86251d00f55f695d8e73 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 8 Sep 2023 10:53:35 +0200 Subject: [PATCH 262/350] Fix generate_query_config.pl usage Signed-off-by: Ronald Cron --- scripts/generate_query_config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 4282339221..69eca83449 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -43,7 +43,7 @@ my $default_query_config_format_file = "./scripts/data_files/query_config.fmt"; my $default_query_config_file = "./programs/test/query_config.c"; if( @ARGV ) { - die "Invalid number of arguments - usage: $0 [CONFIG_FILE TEMPLATE_FILE OUTPUT_FILE]" if scalar @ARGV != 4; + die "Invalid number of arguments - usage: $0 [MBED_TLS_CONFIG_FILE PSA_CRYPTO_CONFIG_FILE TEMPLATE_FILE OUTPUT_FILE]" if scalar @ARGV != 4; ($mbedtls_config_file, $psa_crypto_config_file, $query_config_format_file, $query_config_file) = @ARGV; -f $mbedtls_config_file or die "No such file: $mbedtls_config_file"; From d34c4262da1a33b462c813b9712796105cadfe30 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 8 Sep 2023 11:09:50 +0100 Subject: [PATCH 263/350] Move conditionals to keep doxygen with function Signed-off-by: Agathiyan Bragadeesh --- include/mbedtls/asn1.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 825020fe33..c7aae0ff87 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -256,7 +256,9 @@ int mbedtls_asn1_get_len(unsigned char **p, int mbedtls_asn1_get_tag(unsigned char **p, const unsigned char *end, size_t *len, int tag); +#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */ +#if defined(MBEDTLS_ASN1_PARSE_C) /** * \brief Retrieve a boolean ASN.1 tag and its value. * Updates the pointer to immediately behind the full tag. @@ -272,9 +274,6 @@ int mbedtls_asn1_get_tag(unsigned char **p, * \return An ASN.1 error code if the input does not start with * a valid ASN.1 BOOLEAN. */ -#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */ - -#if defined(MBEDTLS_ASN1_PARSE_C) int mbedtls_asn1_get_bool(unsigned char **p, const unsigned char *end, int *val); From c34804dea2afd10c6dba10e349caefbdf7e0b0e1 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 8 Sep 2023 11:32:19 +0100 Subject: [PATCH 264/350] Fix bug with checking max dn length with hexpairs Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 6ef33b0336..cb9fd69967 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -168,13 +168,16 @@ static int parse_attribute_value_string(const char *s, } *(d++) = n; c++; - continue; - } else if (c == end || !strchr(" ,=+<>#;\"\\", *c)) { + } else if (c < end && strchr(" ,=+<>#;\"\\", *c)) { + *(d++) = *c; + } else { return MBEDTLS_ERR_X509_INVALID_NAME; } } + else { + *(d++) = *c; + } - *(d++) = *c; if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) { return MBEDTLS_ERR_X509_INVALID_NAME; From 706a1c3c3f90583d8d2b4f73cfe5dbae7bc01ecb Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Fri, 8 Sep 2023 12:04:41 +0100 Subject: [PATCH 265/350] Fix code style Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index cb9fd69967..eff36d5f1f 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -173,8 +173,7 @@ static int parse_attribute_value_string(const char *s, } else { return MBEDTLS_ERR_X509_INVALID_NAME; } - } - else { + } else { *(d++) = *c; } From 0b62b7a21f026581735f9bd5bf3c0384426c7c67 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Sep 2023 16:19:13 +0200 Subject: [PATCH 266/350] Allow turning off re-generation of files with make In make builds, when GEN_FILES is false (empty), don't try to re-generate configuration-independent source files, regardless of whether they seem out of date. This is useful, for example, if you have a source tree where `make generated_files` has already run and file timestamps reflect the time the files were copied or extracted, and you are now in an environment that lacks some of the necessary tools to re-generate the files. Signed-off-by: Gilles Peskine --- Makefile | 29 +++++++++++++++++++++++++---- library/Makefile | 28 ++++++++++++++++++---------- programs/Makefile | 24 +++++++++++++++++------- tests/Makefile | 14 +++++++++++--- 4 files changed, 71 insertions(+), 24 deletions(-) diff --git a/Makefile b/Makefile index 1f36a06c95..b324b9a358 100644 --- a/Makefile +++ b/Makefile @@ -36,6 +36,27 @@ generated_files: programs/generated_files generated_files: tests/generated_files generated_files: visualc_files +# Set GEN_FILES to the empty string to disable dependencies on generated +# source files. Then `make generated_files` will only build files that +# are missing, it will not rebuilt files that are present but out of date. +# This is useful, for example, if you have a source tree where +# `make generated_files` has already run and file timestamps reflect the +# time the files were copied or extracted, and you are now in an environment +# that lacks some of the necessary tools to re-generate the files. +# If $(GEN_FILES) is non-empty, the generated source files' dependencies +# are treated ordinarily, based on file timestamps. +GEN_FILES ?= yes + +# In dependencies where the target is a configuration-independent generated +# file, use `TARGET: $(gen_file_dep) DEPENDENCY1 DEPENDENCY2 ...` +# rather than directly `TARGET: DEPENDENCY1 DEPENDENCY2 ...`. This +# enables the re-generation to be turned off when GEN_FILES is disabled. +ifdef GEN_FILES +gen_file_dep = +else +gen_file_dep = | +endif + .PHONY: visualc_files VISUALC_FILES = visualc/VS2013/mbedTLS.sln visualc/VS2013/mbedTLS.vcxproj # TODO: $(app).vcxproj for each $(app) in programs/ @@ -45,10 +66,10 @@ visualc_files: $(VISUALC_FILES) # present before it runs. It doesn't matter if the files aren't up-to-date, # they just need to be present. $(VISUALC_FILES): | library/generated_files -$(VISUALC_FILES): scripts/generate_visualc_files.pl -$(VISUALC_FILES): scripts/data_files/vs2013-app-template.vcxproj -$(VISUALC_FILES): scripts/data_files/vs2013-main-template.vcxproj -$(VISUALC_FILES): scripts/data_files/vs2013-sln-template.sln +$(VISUALC_FILES): $(gen_file_dep) scripts/generate_visualc_files.pl +$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2013-app-template.vcxproj +$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2013-main-template.vcxproj +$(VISUALC_FILES): $(gen_file_dep) scripts/data_files/vs2013-sln-template.sln # TODO: also the list of .c and .h source files, but not their content $(VISUALC_FILES): echo " Gen $@ ..." diff --git a/library/Makefile b/library/Makefile index c383c32315..69ccbfd2ce 100644 --- a/library/Makefile +++ b/library/Makefile @@ -167,7 +167,7 @@ OBJS_X509= \ x509_crl.o \ x509_crt.o \ x509_csr.o \ - x509write.o \ + x509write.o \ x509write_crt.o \ x509write_csr.o \ pkcs7.o \ @@ -315,21 +315,29 @@ GENERATED_FILES = \ psa_crypto_driver_wrappers.c generated_files: $(GENERATED_FILES) -error.c: ../scripts/generate_errors.pl -error.c: ../scripts/data_files/error.fmt -error.c: $(filter-out %config%,$(wildcard ../include/mbedtls/*.h)) +# See root Makefile +GEN_FILES ?= yes +ifdef GEN_FILES +gen_file_dep = +else +gen_file_dep = | +endif + +error.c: $(gen_file_dep) ../scripts/generate_errors.pl +error.c: $(gen_file_dep) ../scripts/data_files/error.fmt +error.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h)) error.c: echo " Gen $@" $(PERL) ../scripts/generate_errors.pl -ssl_debug_helpers_generated.c: ../scripts/generate_ssl_debug_helpers.py -ssl_debug_helpers_generated.c: $(filter-out %config%,$(wildcard ../include/mbedtls/*.h)) +ssl_debug_helpers_generated.c: $(gen_file_dep) ../scripts/generate_ssl_debug_helpers.py +ssl_debug_helpers_generated.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h)) ssl_debug_helpers_generated.c: echo " Gen $@" $(PYTHON) ../scripts/generate_ssl_debug_helpers.py --mbedtls-root .. . -version_features.c: ../scripts/generate_features.pl -version_features.c: ../scripts/data_files/version_features.fmt +version_features.c: $(gen_file_dep) ../scripts/generate_features.pl +version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt ## The generated file only depends on the options that are present in mbedtls_config.h, ## not on which options are set. To avoid regenerating this file all the time ## when switching between configurations, don't declare mbedtls_config.h as a @@ -340,8 +348,8 @@ version_features.c: echo " Gen $@" $(PERL) ../scripts/generate_features.pl -psa_crypto_driver_wrappers.c: ../scripts/generate_driver_wrappers.py -psa_crypto_driver_wrappers.c: ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +psa_crypto_driver_wrappers.c: $(gen_file_dep) ../scripts/generate_driver_wrappers.py +psa_crypto_driver_wrappers.c: $(gen_file_dep) ../scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja psa_crypto_driver_wrappers.c: echo " Gen $@" $(PYTHON) ../scripts/generate_driver_wrappers.py diff --git a/programs/Makefile b/programs/Makefile index 3509fc374d..1dfebb5387 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -176,22 +176,32 @@ ${MBEDTLS_TEST_OBJS}: GENERATED_FILES = psa/psa_constant_names_generated.c test/query_config.c generated_files: $(GENERATED_FILES) -psa/psa_constant_names_generated.c: ../scripts/generate_psa_constants.py -psa/psa_constant_names_generated.c: ../include/psa/crypto_values.h -psa/psa_constant_names_generated.c: ../include/psa/crypto_extra.h -psa/psa_constant_names_generated.c: ../tests/suites/test_suite_psa_crypto_metadata.data +# See root Makefile +GEN_FILES ?= yes +ifdef GEN_FILES +gen_file_dep = +else +# Order-only dependency: generate the target if it's absent, but don't +# re-generate it if it's present but older than its dependencies. +gen_file_dep = | +endif + +psa/psa_constant_names_generated.c: $(gen_file_dep) ../scripts/generate_psa_constants.py +psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_values.h +psa/psa_constant_names_generated.c: $(gen_file_dep) ../include/psa/crypto_extra.h +psa/psa_constant_names_generated.c: $(gen_file_dep) ../tests/suites/test_suite_psa_crypto_metadata.data psa/psa_constant_names_generated.c: echo " Gen $@" $(PYTHON) ../scripts/generate_psa_constants.py -test/query_config.c: ../scripts/generate_query_config.pl +test/query_config.c: $(gen_file_dep) ../scripts/generate_query_config.pl ## The generated file only depends on the options that are present in mbedtls_config.h, ## not on which options are set. To avoid regenerating this file all the time ## when switching between configurations, don't declare mbedtls_config.h as a ## dependency. Remove this file from your working tree if you've just added or ## removed an option in mbedtls_config.h. -#test/query_config.c: ../include/mbedtls/mbedtls_config.h -test/query_config.c: ../scripts/data_files/query_config.fmt +#test/query_config.c: $(gen_file_dep) ../include/mbedtls/mbedtls_config.h +test/query_config.c: $(gen_file_dep) ../scripts/data_files/query_config.fmt test/query_config.c: echo " Gen $@" $(PERL) ../scripts/generate_query_config.pl diff --git a/tests/Makefile b/tests/Makefile index ec016d871f..60ab27ec7a 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -65,6 +65,14 @@ else PYTHON ?= $(shell if type python3 >/dev/null 2>/dev/null; then echo python3; else echo python; fi) endif +# See root Makefile +GEN_FILES ?= yes +ifdef GEN_FILES +gen_file_dep = +else +gen_file_dep = | +endif + .PHONY: generated_files GENERATED_BIGNUM_DATA_FILES := $(patsubst tests/%,%,$(shell \ $(PYTHON) scripts/generate_bignum_tests.py --list || \ @@ -97,7 +105,7 @@ generated_files: $(GENERATED_FILES) # Use an intermediate phony dependency so that parallel builds don't run # a separate instance of the recipe for each output file. .SECONDARY: generated_bignum_test_data generated_ecp_test_data generated_psa_test_data -$(GENERATED_BIGNUM_DATA_FILES): generated_bignum_test_data +$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data generated_bignum_test_data: scripts/generate_bignum_tests.py generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_common.py generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_core.py @@ -109,7 +117,7 @@ generated_bignum_test_data: echo " Gen $(GENERATED_BIGNUM_DATA_FILES)" $(PYTHON) scripts/generate_bignum_tests.py -$(GENERATED_ECP_DATA_FILES): generated_ecp_test_data +$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data generated_ecp_test_data: scripts/generate_ecp_tests.py generated_ecp_test_data: ../scripts/mbedtls_dev/bignum_common.py generated_ecp_test_data: ../scripts/mbedtls_dev/ecp.py @@ -119,7 +127,7 @@ generated_ecp_test_data: echo " Gen $(GENERATED_ECP_DATA_FILES)" $(PYTHON) scripts/generate_ecp_tests.py -$(GENERATED_PSA_DATA_FILES): generated_psa_test_data +$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data generated_psa_test_data: scripts/generate_psa_tests.py generated_psa_test_data: ../scripts/mbedtls_dev/crypto_data_tests.py generated_psa_test_data: ../scripts/mbedtls_dev/crypto_knowledge.py From dea4c7e09ff117590e13b96e780ab64770a7b70b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Sep 2023 16:34:01 +0200 Subject: [PATCH 267/350] Prepare to generalize the script to do more than .gitignore Signed-off-by: Gilles Peskine --- scripts/{gitignore_patch.sh => prepare_release.sh} | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) rename scripts/{gitignore_patch.sh => prepare_release.sh} (92%) diff --git a/scripts/gitignore_patch.sh b/scripts/prepare_release.sh similarity index 92% rename from scripts/gitignore_patch.sh rename to scripts/prepare_release.sh index 74ec66c1dc..6e6a1b7799 100755 --- a/scripts/gitignore_patch.sh +++ b/scripts/prepare_release.sh @@ -1,5 +1,7 @@ #!/bin/bash -# + +# Prepare .gitignore for a release. + # Copyright The Mbed TLS Contributors # SPDX-License-Identifier: Apache-2.0 # @@ -14,13 +16,6 @@ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. -# -# Purpose -# -# For adapting gitignore files for releases so generated files can be included. -# -# Usage: gitignore_add_generated_files.sh [ -h | --help ] etc -# set -eu From 473f6363f1b5600dd3ad616a35ee2a1df64d5f93 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 8 Sep 2023 16:49:14 +0200 Subject: [PATCH 268/350] In releases, turn off GEN_FILES in Makefile and CMakeLists.txt Signed-off-by: Gilles Peskine --- scripts/prepare_release.sh | 78 +++++++++++++++++++++++--------------- 1 file changed, 47 insertions(+), 31 deletions(-) diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 6e6a1b7799..9013cc8788 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -1,6 +1,15 @@ #!/bin/bash -# Prepare .gitignore for a release. +print_usage() +{ + cat <&2 "$0: unknown option: -$OPTLET" + echo 1>&2 "Try '$0 --help' for more information." + exit 3;; + esac +done + + + +#### .gitignore processing #### GITIGNORES=$(find . -name ".gitignore") for GITIGNORE in $GITIGNORES; do - if $IGNORE; then + if [ -n "$unrelease" ]; then sed -i '/###START_COMMENTED_GENERATED_FILES###/,/###END_COMMENTED_GENERATED_FILES###/s/^# //' $GITIGNORE sed -i 's/###START_COMMENTED_GENERATED_FILES###/###START_GENERATED_FILES###/' $GITIGNORE sed -i 's/###END_COMMENTED_GENERATED_FILES###/###END_GENERATED_FILES###/' $GITIGNORE @@ -64,3 +60,23 @@ for GITIGNORE in $GITIGNORES; do sed -i 's/###END_GENERATED_FILES###/###END_COMMENTED_GENERATED_FILES###/' $GITIGNORE fi done + + + +#### Build scripts #### + +# GEN_FILES defaults on (non-empty) in development, off (empty) in releases +if [ -n "$unrelease" ]; then + r=' yes' +else + r='' +fi +sed -i 's/^\(GEN_FILES[ ?:]*=\)\([^#]*\)/\1'"$r/" Makefile */Makefile + +# GEN_FILES defaults on in development, off in releases +if [ -n "$unrelease" ]; then + r='ON' +else + r='OFF' +fi +sed -i 's/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"$r/" CMakeLists.txt From 99f0cdc0e0a51ba67da76656643765bc095854bf Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 8 Sep 2023 17:18:04 +0100 Subject: [PATCH 269/350] Remove not-needed mov in x86_64 asm Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index ab32deee9f..86f7510cb3 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -345,8 +345,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbe "not %[mask] \n\t" "and %[mask], %[x] \n\t" "or %[y], %[x] \n\t" - "mov %[x], %[mask] \n\t" - "sar $63, %[mask] \n\t" + "sar $63, %[x] \n\t" : [mask] "=&a" (mask), [x] "+&S" (x), @@ -354,7 +353,7 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbe : : ); - return (mbedtls_ct_condition_t) mask; + return (mbedtls_ct_condition_t) x; #elif defined(MBEDTLS_CT_X86_ASM) && defined(MBEDTLS_CT_SIZE_32) uint32_t s; asm volatile ("mov %[x], %[s] \n\t" From 5f249852a50e74d8243e0777b18bdfb10d29b0f4 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 8 Sep 2023 17:18:29 +0100 Subject: [PATCH 270/350] Better register allocation for x86_64 asm Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 86f7510cb3..a8c398ba97 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -348,8 +348,8 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbe "sar $63, %[x] \n\t" : [mask] "=&a" (mask), - [x] "+&S" (x), - [y] "+&D" (y) + [x] "+&D" (x), + [y] "+&S" (y) : : ); From b6b8f6c68dcd5632d102c511b85334936776dbea Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 8 Sep 2023 17:19:32 +0100 Subject: [PATCH 271/350] Make variable name consistent in x86_64 asm Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index a8c398ba97..4a75c60cd0 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -337,17 +337,17 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbe ); return (mbedtls_ct_condition_t) x; #elif defined(MBEDTLS_CT_X86_64_ASM) && (defined(MBEDTLS_CT_SIZE_32) || defined(MBEDTLS_CT_SIZE_64)) - uint64_t mask; - asm volatile ("mov %[x], %[mask] \n\t" - "xor %[y], %[mask] \n\t" + uint64_t s; + asm volatile ("mov %[x], %[s] \n\t" + "xor %[y], %[s] \n\t" "sub %[y], %[x] \n\t" - "and %[mask], %[y] \n\t" - "not %[mask] \n\t" - "and %[mask], %[x] \n\t" + "and %[s], %[y] \n\t" + "not %[s] \n\t" + "and %[s], %[x] \n\t" "or %[y], %[x] \n\t" "sar $63, %[x] \n\t" : - [mask] "=&a" (mask), + [s] "=&a" (s), [x] "+&D" (x), [y] "+&S" (y) : From 4a97e736613eefaac3103642b68a44f5860398f9 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 8 Sep 2023 17:26:18 +0100 Subject: [PATCH 272/350] Eliminate a redundant not from x86 asm Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 4a75c60cd0..70e8b9a577 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -359,11 +359,10 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbe asm volatile ("mov %[x], %[s] \n\t" "xor %[y], %[s] \n\t" "sub %[y], %[x] \n\t" + "and %[s], %[y] \n\t" "not %[s] \n\t" "and %[s], %[x] \n\t" - "not %[s] \n\t" - "and %[y], %[s] \n\t" - "or %[s], %[x] \n\t" + "or %[y], %[x] \n\t" "sar $31, %[x] \n\t" : [s] "=&b" (s), From 3f8e483eed49c46fb80d36b58639beb18b514c0f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 8 Sep 2023 17:57:40 +0100 Subject: [PATCH 273/350] Mark y as modified in x86 asm for mbedtls_ct_uint_lt Signed-off-by: Dave Rodgman --- library/constant_time_impl.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/constant_time_impl.h b/library/constant_time_impl.h index 70e8b9a577..4290e6024e 100644 --- a/library/constant_time_impl.h +++ b/library/constant_time_impl.h @@ -366,9 +366,9 @@ static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbe "sar $31, %[x] \n\t" : [s] "=&b" (s), - [x] "+&a" (x) + [x] "+&a" (x), + [y] "+&c" (y) : - [y] "c" (y) : ); return (mbedtls_ct_condition_t) x; From eeed74e697c7ad2b568edef36dd2e0b86f4b36f5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 9 Sep 2023 21:00:30 +0200 Subject: [PATCH 274/350] Fix `prepare_release.sh -u` with CMakeLists.txt We want to keep GEN_FILES defaulting off on Windows. Signed-off-by: Gilles Peskine --- CMakeLists.txt | 3 ++- scripts/prepare_release.sh | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 4d7e0b055d..a99ca38b1d 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -57,7 +57,8 @@ option(ENABLE_PROGRAMS "Build mbed TLS programs." ON) option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF) option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON) if(CMAKE_HOST_WIN32) - option(GEN_FILES "Generate the auto-generated files as needed" OFF) + # N.B. The comment on the next line is significant for prepare_release.sh + option(GEN_FILES "Generate the auto-generated files as needed" OFF) # off in development else() option(GEN_FILES "Generate the auto-generated files as needed" ON) endif() diff --git a/scripts/prepare_release.sh b/scripts/prepare_release.sh index 9013cc8788..800383d2ca 100755 --- a/scripts/prepare_release.sh +++ b/scripts/prepare_release.sh @@ -79,4 +79,4 @@ if [ -n "$unrelease" ]; then else r='OFF' fi -sed -i 's/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"$r/" CMakeLists.txt +sed -i '/[Oo][Ff][Ff] in development/! s/^\( *option *( *GEN_FILES *"[^"]*" *\)\([A-Za-z0-9][A-Za-z0-9]*\)/\1'"$r/" CMakeLists.txt From 1bfc09bca74f1f6468620c5bc01cccb85f3b90e7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 9 Sep 2023 21:26:05 +0200 Subject: [PATCH 275/350] Move comment to its intended location Signed-off-by: Gilles Peskine --- Makefile | 2 ++ programs/Makefile | 2 -- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index b324b9a358..885948c112 100644 --- a/Makefile +++ b/Makefile @@ -54,6 +54,8 @@ GEN_FILES ?= yes ifdef GEN_FILES gen_file_dep = else +# Order-only dependency: generate the target if it's absent, but don't +# re-generate it if it's present but older than its dependencies. gen_file_dep = | endif diff --git a/programs/Makefile b/programs/Makefile index 1dfebb5387..5f47e25bcc 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -181,8 +181,6 @@ GEN_FILES ?= yes ifdef GEN_FILES gen_file_dep = else -# Order-only dependency: generate the target if it's absent, but don't -# re-generate it if it's present but older than its dependencies. gen_file_dep = | endif From ecc99611e4db352eed8d20f7e027afe81920a1a6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sat, 9 Sep 2023 22:54:26 +0200 Subject: [PATCH 276/350] Reinforce warning about a significant comment Signed-off-by: Gilles Peskine --- CMakeLists.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index a99ca38b1d..c5c9a24f44 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -57,7 +57,9 @@ option(ENABLE_PROGRAMS "Build mbed TLS programs." ON) option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF) option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON) if(CMAKE_HOST_WIN32) - # N.B. The comment on the next line is significant for prepare_release.sh + # N.B. The comment on the next line is significant! If you change it, + # edit the sed command in prepare_release.sh that modifies + # CMakeLists.txt. option(GEN_FILES "Generate the auto-generated files as needed" OFF) # off in development else() option(GEN_FILES "Generate the auto-generated files as needed" ON) From 876346e451008f8322191a0cdf35a32d59cbe0d1 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Sat, 9 Sep 2023 14:24:46 +0100 Subject: [PATCH 277/350] Remove always-false null pointer check in sha3.c that Coverity complains about Signed-off-by: Tom Cosgrove --- library/sha3.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/sha3.c b/library/sha3.c index dca5790484..4c1a1a9d4d 100644 --- a/library/sha3.c +++ b/library/sha3.c @@ -200,7 +200,7 @@ int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id) } } - if (p == NULL || p->id == MBEDTLS_SHA3_NONE) { + if (p->id == MBEDTLS_SHA3_NONE) { return MBEDTLS_ERR_SHA3_BAD_INPUT_DATA; } From aafd1e0924aa21c1d105328bb2a988b61e6294fc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 12:59:36 +0100 Subject: [PATCH 278/350] Ensure all md__finish functions perform zeroization Signed-off-by: Dave Rodgman --- library/md5.c | 10 +++++++--- library/ripemd160.c | 10 +++++++--- library/sha1.c | 11 +++++++---- library/sha256.c | 10 +++++++--- library/sha512.c | 10 +++++++--- 5 files changed, 35 insertions(+), 16 deletions(-) diff --git a/library/md5.c b/library/md5.c index 138a320573..7e7e3ad9ec 100644 --- a/library/md5.c +++ b/library/md5.c @@ -286,7 +286,7 @@ int mbedtls_md5_finish(mbedtls_md5_context *ctx, memset(ctx->buffer + used, 0, 64 - used); if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) { - return ret; + goto exit; } memset(ctx->buffer, 0, 56); @@ -303,7 +303,7 @@ int mbedtls_md5_finish(mbedtls_md5_context *ctx, MBEDTLS_PUT_UINT32_LE(high, ctx->buffer, 60); if ((ret = mbedtls_internal_md5_process(ctx, ctx->buffer)) != 0) { - return ret; + goto exit; } /* @@ -314,7 +314,11 @@ int mbedtls_md5_finish(mbedtls_md5_context *ctx, MBEDTLS_PUT_UINT32_LE(ctx->state[2], output, 8); MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12); - return 0; + ret = 0; + +exit: + mbedtls_md5_free(ctx); + return ret; } #endif /* !MBEDTLS_MD5_ALT */ diff --git a/library/ripemd160.c b/library/ripemd160.c index ba97c1f390..49fee8579b 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -356,12 +356,12 @@ int mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx, ret = mbedtls_ripemd160_update(ctx, ripemd160_padding, padn); if (ret != 0) { - return ret; + goto exit; } ret = mbedtls_ripemd160_update(ctx, msglen, 8); if (ret != 0) { - return ret; + goto exit; } MBEDTLS_PUT_UINT32_LE(ctx->state[0], output, 0); @@ -370,7 +370,11 @@ int mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx, MBEDTLS_PUT_UINT32_LE(ctx->state[3], output, 12); MBEDTLS_PUT_UINT32_LE(ctx->state[4], output, 16); - return 0; + ret = 0; + +exit: + mbedtls_ripemd160_free(ctx); + return ret; } #endif /* ! MBEDTLS_RIPEMD160_ALT */ diff --git a/library/sha1.c b/library/sha1.c index 4c9cbf5e85..28a57b6445 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -322,7 +322,7 @@ int mbedtls_sha1_finish(mbedtls_sha1_context *ctx, memset(ctx->buffer + used, 0, 64 - used); if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) { - return ret; + goto exit; } memset(ctx->buffer, 0, 56); @@ -339,7 +339,7 @@ int mbedtls_sha1_finish(mbedtls_sha1_context *ctx, MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60); if ((ret = mbedtls_internal_sha1_process(ctx, ctx->buffer)) != 0) { - return ret; + goto exit; } /* @@ -351,7 +351,11 @@ int mbedtls_sha1_finish(mbedtls_sha1_context *ctx, MBEDTLS_PUT_UINT32_BE(ctx->state[3], output, 12); MBEDTLS_PUT_UINT32_BE(ctx->state[4], output, 16); - return 0; + ret = 0; + +exit: + mbedtls_sha1_free(ctx); + return ret; } #endif /* !MBEDTLS_SHA1_ALT */ @@ -382,7 +386,6 @@ int mbedtls_sha1(const unsigned char *input, exit: mbedtls_sha1_free(&ctx); - return ret; } diff --git a/library/sha256.c b/library/sha256.c index 5df61ac956..5375255a8d 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -697,7 +697,7 @@ int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, memset(ctx->buffer + used, 0, SHA256_BLOCK_SIZE - used); if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) { - return ret; + goto exit; } memset(ctx->buffer, 0, 56); @@ -714,7 +714,7 @@ int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, MBEDTLS_PUT_UINT32_BE(low, ctx->buffer, 60); if ((ret = mbedtls_internal_sha256_process(ctx, ctx->buffer)) != 0) { - return ret; + goto exit; } /* @@ -736,7 +736,11 @@ int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, MBEDTLS_PUT_UINT32_BE(ctx->state[7], output, 28); } - return 0; + ret = 0; + +exit: + mbedtls_sha256_free(ctx); + return ret; } #endif /* !MBEDTLS_SHA256_ALT */ diff --git a/library/sha512.c b/library/sha512.c index 5ed920b982..a91d7922ac 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -844,7 +844,7 @@ int mbedtls_sha512_finish(mbedtls_sha512_context *ctx, memset(ctx->buffer + used, 0, SHA512_BLOCK_SIZE - used); if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) { - return ret; + goto exit; } memset(ctx->buffer, 0, 112); @@ -861,7 +861,7 @@ int mbedtls_sha512_finish(mbedtls_sha512_context *ctx, sha512_put_uint64_be(low, ctx->buffer, 120); if ((ret = mbedtls_internal_sha512_process(ctx, ctx->buffer)) != 0) { - return ret; + goto exit; } /* @@ -883,7 +883,11 @@ int mbedtls_sha512_finish(mbedtls_sha512_context *ctx, sha512_put_uint64_be(ctx->state[7], output, 56); } - return 0; + ret = 0; + +exit: + mbedtls_sha512_free(ctx); + return ret; } #endif /* !MBEDTLS_SHA512_ALT */ From 9f366b07ea9ac1496b8929b67dffb9f7dee6d49c Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 15:47:00 +0100 Subject: [PATCH 279/350] Reduce code size in mbedtls_asn1_write_len Signed-off-by: Dave Rodgman --- library/asn1write.c | 77 +++++++++++++-------------------------------- 1 file changed, 22 insertions(+), 55 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index c65d9370e2..1c7f15d8f9 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -30,66 +30,33 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t len) { - if (len < 0x80) { - if (*p - start < 1) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - *--(*p) = (unsigned char) len; - return 1; - } - - if (len <= 0xFF) { - if (*p - start < 2) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - *--(*p) = (unsigned char) len; - *--(*p) = 0x81; - return 2; - } - - if (len <= 0xFFFF) { - if (*p - start < 3) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - *--(*p) = MBEDTLS_BYTE_0(len); - *--(*p) = MBEDTLS_BYTE_1(len); - *--(*p) = 0x82; - return 3; - } - - if (len <= 0xFFFFFF) { - if (*p - start < 4) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - - *--(*p) = MBEDTLS_BYTE_0(len); - *--(*p) = MBEDTLS_BYTE_1(len); - *--(*p) = MBEDTLS_BYTE_2(len); - *--(*p) = 0x83; - return 4; - } - - int len_is_valid = 1; #if SIZE_MAX > 0xFFFFFFFF - len_is_valid = (len <= 0xFFFFFFFF); + if (len > 0xFFFFFFFF) return MBEDTLS_ERR_ASN1_INVALID_LENGTH; #endif - if (len_is_valid) { - if (*p - start < 5) { - return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; - } - *--(*p) = MBEDTLS_BYTE_0(len); - *--(*p) = MBEDTLS_BYTE_1(len); - *--(*p) = MBEDTLS_BYTE_2(len); - *--(*p) = MBEDTLS_BYTE_3(len); - *--(*p) = 0x84; - return 5; + int required = 1; + if (len < 0x80) { + required = 1; + } else { + for (size_t l = len; l != 0; l >>= 8) { + required++; + } } - return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + if (required > (*p - start)) { + return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; + } + + do { + *--(*p) = MBEDTLS_BYTE_0(len); + len >>= 8; + } while (len); + + if (required > 1) { + *--(*p) = (unsigned char)(required + 0x7f); + } + + return required; } int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsigned char tag) From 3bbedf6ba0a0233a0ab0b2efe908d2239dc13726 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 16:06:28 +0100 Subject: [PATCH 280/350] code style Signed-off-by: Dave Rodgman --- library/asn1write.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index 1c7f15d8f9..5dde3fe7ab 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -31,7 +31,9 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t len) { #if SIZE_MAX > 0xFFFFFFFF - if (len > 0xFFFFFFFF) return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + if (len > 0xFFFFFFFF) { + return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + } #endif int required = 1; @@ -53,7 +55,7 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t } while (len); if (required > 1) { - *--(*p) = (unsigned char)(required + 0x7f); + *--(*p) = (unsigned char) (required + 0x7f); } return required; From cf5f746a8caa3810116417a88f526a67534fe270 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 16:27:34 +0100 Subject: [PATCH 281/350] Refactor out some common code Signed-off-by: Dave Rodgman --- library/asn1write.c | 67 ++++++++++++++++----------------------------- 1 file changed, 23 insertions(+), 44 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index 5dde3fe7ab..4887f1551a 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -72,6 +72,19 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsign return 1; } +static int mbedtls_write_len_and_tag(unsigned char **p, + const unsigned char *start, + int len, + unsigned char tag) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); + MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag)); + + return len; +} + int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start, const unsigned char *buf, size_t size) { @@ -123,10 +136,7 @@ int mbedtls_asn1_write_mpi(unsigned char **p, const unsigned char *start, const len += 1; } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_INTEGER)); - - ret = (int) len; + ret = mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_INTEGER); cleanup: return ret; @@ -135,15 +145,9 @@ cleanup: int mbedtls_asn1_write_null(unsigned char **p, const unsigned char *start) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - size_t len = 0; - // Write NULL // - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, 0)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_NULL)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, 0, MBEDTLS_ASN1_NULL); } int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start, @@ -154,10 +158,7 @@ int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start, MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, (const unsigned char *) oid, oid_len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OID)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OID); } int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, const unsigned char *start, @@ -184,17 +185,12 @@ int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p, const unsigne MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, - MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); } int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int boolean) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; if (*p - start < 1) { @@ -204,15 +200,11 @@ int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int b *--(*p) = (boolean) ? 255 : 0; len++; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BOOLEAN)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BOOLEAN); } static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, int val, int tag) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; do { @@ -232,10 +224,7 @@ static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, len += 1; } - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, tag); } int mbedtls_asn1_write_int(unsigned char **p, const unsigned char *start, int val) @@ -258,10 +247,7 @@ int mbedtls_asn1_write_tagged_string(unsigned char **p, const unsigned char *sta (const unsigned char *) text, text_len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, tag); } int mbedtls_asn1_write_utf8_string(unsigned char **p, const unsigned char *start, @@ -330,7 +316,6 @@ int mbedtls_asn1_write_named_bitstring(unsigned char **p, int mbedtls_asn1_write_bitstring(unsigned char **p, const unsigned char *start, const unsigned char *buf, size_t bits) { - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len = 0; size_t unused_bits, byte_len; @@ -354,10 +339,7 @@ int mbedtls_asn1_write_bitstring(unsigned char **p, const unsigned char *start, /* Write unused bits */ *--(*p) = (unsigned char) unused_bits; - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_BIT_STRING)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BIT_STRING); } int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *start, @@ -368,10 +350,7 @@ int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *star MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, buf, size)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); - MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_OCTET_STRING)); - - return (int) len; + return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OCTET_STRING); } From 33287ae1340ea4a6225dc9e2016b91bf115214f2 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 17:03:22 +0100 Subject: [PATCH 282/350] Tidy up mbedtls_asn1_write_len Signed-off-by: Dave Rodgman --- library/asn1write.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index 4887f1551a..7d533491f3 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -37,9 +37,8 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t #endif int required = 1; - if (len < 0x80) { - required = 1; - } else { + + if (len >= 0x80) { for (size_t l = len; l != 0; l >>= 8) { required++; } @@ -55,7 +54,7 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t } while (len); if (required > 1) { - *--(*p) = (unsigned char) (required + 0x7f); + *--(*p) = (unsigned char) (0x80 + required - 1); } return required; From 49352832c9054ebff0f8542bc02038bf8a621a3a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 17:09:13 +0100 Subject: [PATCH 283/350] Eliminate duplicate of mbedtls_asn1_find_named_data Signed-off-by: Dave Rodgman --- library/asn1write.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/library/asn1write.c b/library/asn1write.c index 7d533491f3..2e7c4a96f1 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -28,6 +28,10 @@ #include "mbedtls/platform.h" +#if defined(MBEDTLS_ASN1_PARSE_C) +#include "mbedtls/asn1.h" +#endif + int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start, size_t len) { #if SIZE_MAX > 0xFFFFFFFF @@ -353,6 +357,7 @@ int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *star } +#if !defined(MBEDTLS_ASN1_PARSE_C) /* This is a copy of the ASN.1 parsing function mbedtls_asn1_find_named_data(), * which is replicated to avoid a dependency ASN1_WRITE_C on ASN1_PARSE_C. */ static mbedtls_asn1_named_data *asn1_find_named_data( @@ -370,6 +375,10 @@ static mbedtls_asn1_named_data *asn1_find_named_data( return list; } +#else +#define asn1_find_named_data(list, oid, len) \ + ((mbedtls_asn1_named_data *) mbedtls_asn1_find_named_data(list, oid, len)) +#endif mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **head, From 5265c318a03e2b681821aeabe651e8ab3f7a2216 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 18:04:13 +0100 Subject: [PATCH 284/350] Fix type-conversion error Signed-off-by: Dave Rodgman --- library/asn1write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/asn1write.c b/library/asn1write.c index 2e7c4a96f1..6e806151db 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -77,7 +77,7 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsign static int mbedtls_write_len_and_tag(unsigned char **p, const unsigned char *start, - int len, + size_t len, unsigned char tag) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; From dc669a1944d4196b9fa8058a1480c9ec14dc288f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 18:39:57 +0100 Subject: [PATCH 285/350] Fix type error Signed-off-by: Dave Rodgman --- library/asn1write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/asn1write.c b/library/asn1write.c index 6e806151db..fb725748b1 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -85,7 +85,7 @@ static int mbedtls_write_len_and_tag(unsigned char **p, MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len)); MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, tag)); - return len; + return (int) len; } int mbedtls_asn1_write_raw_buffer(unsigned char **p, const unsigned char *start, From bac6d9a703ad7e96db9f7bf8eb39e5ec6f82d335 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 7 Aug 2023 09:59:14 +0200 Subject: [PATCH 286/350] Add key management utilities to p256-m MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Those will be needed in order for the driver to implement all the PSA key management entry points (currently only implements key generation). Signed-off-by: Manuel Pégourié-Gonnard --- 3rdparty/p256-m/p256-m/p256-m.c | 45 +++++++++++++++++++++++++++++++++ 3rdparty/p256-m/p256-m/p256-m.h | 39 ++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+) diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c index 53d306f638..de550cf8e5 100644 --- a/3rdparty/p256-m/p256-m/p256-m.c +++ b/3rdparty/p256-m/p256-m/p256-m.c @@ -1468,4 +1468,49 @@ int p256_ecdsa_verify(const uint8_t sig[64], const uint8_t pub[64], return P256_INVALID_SIGNATURE; } +/********************************************************************** + * + * Key management utilities + * + **********************************************************************/ + +int p256_validate_pubkey(const uint8_t pub[64]) +{ + uint32_t x[8], y[8]; + int ret = point_from_bytes(x, y, pub); + + return ret == 0 ? P256_SUCCESS : P256_INVALID_PUBKEY; +} + +int p256_validate_privkey(const uint8_t priv[32]) +{ + uint32_t s[8]; + int ret = scalar_from_bytes(s, priv); + zeroize(s, sizeof(s)); + + return ret == 0 ? P256_SUCCESS : P256_INVALID_PRIVKEY; +} + +int p256_public_from_private(uint8_t pub[64], const uint8_t priv[32]) +{ + int ret; + uint32_t s[8]; + + ret = scalar_from_bytes(s, priv); + if (ret != 0) + return P256_INVALID_PRIVKEY; + + /* compute and ouput the associated public key */ + uint32_t x[8], y[8]; + scalar_mult(x, y, p256_gx, p256_gy, s); + + /* the associated public key is not a secret, the scalar was */ + CT_UNPOISON(x, 32); + CT_UNPOISON(y, 32); + zeroize(s, sizeof(s)); + + point_to_bytes(pub, x, y); + return P256_SUCCESS; +} + #endif diff --git a/3rdparty/p256-m/p256-m/p256-m.h b/3rdparty/p256-m/p256-m/p256-m.h index 398c8469f0..d4b053ad0d 100644 --- a/3rdparty/p256-m/p256-m/p256-m.h +++ b/3rdparty/p256-m/p256-m/p256-m.h @@ -89,6 +89,45 @@ int p256_ecdsa_sign(uint8_t sig[64], const uint8_t priv[32], int p256_ecdsa_verify(const uint8_t sig[64], const uint8_t pub[64], const uint8_t *hash, size_t hlen); +/* + * Public key validation + * + * Note: you never need to call this function, as all other function always + * validate their input; however it's availabe if you want to validate the key + * without performing an operation. + * + * [in] pub: the public key, as two big-endian integers + * + * return: P256_SUCCESS if the key is valid + * P256_INVALID_PUBKEY if pub is invalid + */ +int p256_validate_pubkey(const uint8_t pub[64]); + +/* + * Private key validation + * + * Note: you never need to call this function, as all other function always + * validate their input; however it's availabe if you want to validate the key + * without performing an operation. + * + * [in] priv: the private key, as a big-endian integer + * + * return: P256_SUCCESS if the key is valid + * P256_INVALID_PRIVKEY if priv is invalid + */ +int p256_validate_privkey(const uint8_t priv[32]); + +/* + * Compute public key from private key + * + * [out] pub: the associated public key, as two big-endian integers + * [in] priv: the private key, as a big-endian integer + * + * return: P256_SUCCESS on success + * P256_INVALID_PRIVKEY if priv is invalid + */ +int p256_public_from_private(uint8_t pub[64], const uint8_t priv[32]); + #ifdef __cplusplus } #endif From 5424cf2e406b0b5f34953ae00806cbf4056e9106 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 7 Aug 2023 10:56:12 +0200 Subject: [PATCH 287/350] Add import_key entry point to p256-m driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- 3rdparty/p256-m/p256-m_driver_entrypoints.c | 45 +++++++++++++++++++++ 3rdparty/p256-m/p256-m_driver_entrypoints.h | 33 +++++++++++++++ 2 files changed, 78 insertions(+) diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c index 90dce1e18c..e48b4e8b10 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.c +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c @@ -24,6 +24,7 @@ #include "psa/crypto.h" #include "psa_crypto_driver_wrappers.h" #include +#include #if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) @@ -59,6 +60,50 @@ static psa_status_t p256_to_psa_error(int ret) } } +psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length, + size_t *bits) +{ + /* Check the key size */ + if (*bits != 0 && *bits != 256) { + return PSA_ERROR_NOT_SUPPORTED; + } + + /* Validate the key (and its type and size) */ + psa_key_type_t type = psa_get_key_type(attributes); + if (type == PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)) { + if (data_length != 65) { + return *bits == 0 ? PSA_ERROR_NOT_SUPPORTED : PSA_ERROR_INVALID_ARGUMENT; + } + if (p256_validate_pubkey(data + 1) != P256_SUCCESS) { + return PSA_ERROR_INVALID_ARGUMENT; + } + } else if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) { + if (data_length != 32) { + return *bits == 0 ? PSA_ERROR_NOT_SUPPORTED : PSA_ERROR_INVALID_ARGUMENT; + } + if (p256_validate_privkey(data) != P256_SUCCESS) { + return PSA_ERROR_INVALID_ARGUMENT; + } + } else { + return PSA_ERROR_NOT_SUPPORTED; + } + *bits = 256; + + /* We only support the export format for input, so just copy. */ + if (key_buffer_size < data_length) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + memcpy(key_buffer, data, data_length); + *key_buffer_length = data_length; + + return PSA_SUCCESS; +} + psa_status_t p256_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h index 18c677a891..6eacbc3e65 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.h +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h @@ -29,6 +29,39 @@ #include "psa/crypto_types.h" +/** Import SECP256R1 key. + * + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] data The raw key material. For private keys + * this must be a big-endian integer of 32 + * bytes; for public key this must be an + * uncompressed ECPoint (65 bytes). + * \param[in] data_length The size of the raw key material. + * \param[out] key_buffer The buffer to contain the key data in + * output format upon successful return. + * \param[in] key_buffer_size Size of the \p key_buffer buffer in bytes. + * \param[out] key_buffer_length The length of the data written in \p + * key_buffer in bytes. + * \param[out] bits The bitsize of the key. + * + * \retval #PSA_SUCCESS + * Success. Keypair generated and stored in buffer. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The input is not supported by this driver (not SECP256R1). + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The input is invalid. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p key_buffer_size is too small. + */ +psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes, + const uint8_t *data, + size_t data_length, + uint8_t *key_buffer, + size_t key_buffer_size, + size_t *key_buffer_length, + size_t *bits); + /** Generate SECP256R1 ECC Key Pair. * Interface function which calls the p256-m key generation function and * places it in the key buffer provided by the caller (mbed TLS) in the From 18d7142efd0a186275c9dd10f6de2de128dde3be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 7 Aug 2023 11:18:05 +0200 Subject: [PATCH 288/350] Add export_public_key entry point to p256-m driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- 3rdparty/p256-m/p256-m_driver_entrypoints.c | 34 +++++++++++++++++++++ 3rdparty/p256-m/p256-m_driver_entrypoints.h | 27 ++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c index e48b4e8b10..6131daec29 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.c +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c @@ -104,6 +104,40 @@ psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes, return PSA_SUCCESS; } +psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *data, + size_t data_size, + size_t *data_length) +{ + /* Is this the right curve? */ + size_t bits = psa_get_key_bits(attributes); + psa_key_type_t type = psa_get_key_type(attributes); + if (bits != 256 || type != PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) { + return PSA_ERROR_NOT_SUPPORTED; + } + + /* Validate input and output sizes */ + if (key_buffer_size != 32) { + return PSA_ERROR_INVALID_ARGUMENT; + } + if (data_size < 65) { + return PSA_ERROR_BUFFER_TOO_SMALL; + } + + /* Output public key in the PSA export format */ + data[0] = 0x04; + int ret = p256_public_from_private(data + 1, key_buffer); + if (ret != P256_SUCCESS) { + /* The only possible error is the private key was invalid */ + return PSA_ERROR_INVALID_ARGUMENT; + } + *data_length = 65; + + return PSA_SUCCESS; +} + psa_status_t p256_transparent_generate_key( const psa_key_attributes_t *attributes, uint8_t *key_buffer, diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h index 6eacbc3e65..42e51d975a 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.h +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h @@ -62,6 +62,33 @@ psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes, size_t *key_buffer_length, size_t *bits); +/** Export SECP256R1 public key, from the private key. + * + * \param[in] attributes The attributes of the key to use for the + * operation. + * \param[in] key_buffer The private key in the export format. + * \param[in] key_buffer_size The size of the private key in bytes. + * \param[out] data The buffer to contain the public key in + * the export format upon successful return. + * \param[in] data_size The size of the \p data buffer in bytes. + * \param[out] data_length The length written to \p data in bytes. + * + * \retval #PSA_SUCCESS + * Success. Keypair generated and stored in buffer. + * \retval #PSA_ERROR_NOT_SUPPORTED + * The input is not supported by this driver (not SECP256R1). + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The input is invalid. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p key_buffer_size is too small. + */ +psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attributes, + const uint8_t *key_buffer, + size_t key_buffer_size, + uint8_t *data, + size_t data_size, + size_t *data_length); + /** Generate SECP256R1 ECC Key Pair. * Interface function which calls the p256-m key generation function and * places it in the key buffer provided by the caller (mbed TLS) in the From 92a386f24ccef8ca8b3549c8783962273a90a0f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 7 Aug 2023 12:53:33 +0200 Subject: [PATCH 289/350] Add JSON file for p256-m driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../data_files/driver_jsons/driverlist.json | 2 +- .../driver_jsons/p256_transparent_driver.json | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 scripts/data_files/driver_jsons/p256_transparent_driver.json diff --git a/scripts/data_files/driver_jsons/driverlist.json b/scripts/data_files/driver_jsons/driverlist.json index 50ad81604a..42c186adb5 100644 --- a/scripts/data_files/driver_jsons/driverlist.json +++ b/scripts/data_files/driver_jsons/driverlist.json @@ -1 +1 @@ -["mbedtls_test_opaque_driver.json","mbedtls_test_transparent_driver.json"] +["mbedtls_test_opaque_driver.json","mbedtls_test_transparent_driver.json","p256_transparent_driver.json"] diff --git a/scripts/data_files/driver_jsons/p256_transparent_driver.json b/scripts/data_files/driver_jsons/p256_transparent_driver.json new file mode 100644 index 0000000000..7ab1f6c847 --- /dev/null +++ b/scripts/data_files/driver_jsons/p256_transparent_driver.json @@ -0,0 +1,19 @@ +{ + "prefix": "p256", + "type": "transparent", + "mbedtls/h_condition": "defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)", + "headers": ["../3rdparty/p256-m/p256-m_driver_entrypoints.h"], + "capabilities": [ + { + "mbedtls/c_condition": "defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)", + "entry_points": ["import_key", "export_public_key"], + "algorithms": ["PSA_ALG_ECDH", "PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)"], + "key_types": [ + "PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)", + "PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)" + ], + "key_sizes": [256], + "fallback": false + } + ] +} From 25b45db3d8eb782096028e13282948ee82466de9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Aug 2023 11:06:21 +0200 Subject: [PATCH 290/350] Disable ECP_C in component with p256-m driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Builds, but 20 test cases failing in test_suite_psa_crypto, to be addressed in future commits. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 3482df33a5..a9efa5108b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2823,19 +2823,18 @@ component_test_tfm_config_p256m_driver_accel_ec () { # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + # Disable deterministic ECDSA as p256-m only does randomized + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Add missing symbols from "tfm_mbedcrypto_config_profile_medium.h" # # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS echo "#define MBEDTLS_USE_PSA_CRYPTO" >> "$CONFIG_H" - # - ECP_C and BIGNUM because P256M does not have support for import and export - # of keys so we need the builtin support for that - echo "#define MBEDTLS_ECP_C" >> "$CONFIG_H" - echo "#define MBEDTLS_BIGNUM_C" >> "$CONFIG_H" - # - ASN1_[PARSE/WRITE]_C and OID_C found by check_config.h + # - ASN1_[PARSE/WRITE]_C found by check_config.h for pkparse/pkwrite echo "#define MBEDTLS_ASN1_PARSE_C" >> "$CONFIG_H" echo "#define MBEDTLS_ASN1_WRITE_C" >> "$CONFIG_H" - echo "#define MBEDTLS_OID_C" >> "$CONFIG_H" + # - MD_C for HKDF_C + echo "#define MBEDTLS_MD_C" >> "$CONFIG_H" # Set the list of accelerated components in order to remove them from # builtin support. We don't set IMPORT and EXPORT because P256M does not @@ -2843,6 +2842,8 @@ component_test_tfm_config_p256m_driver_accel_ec () { loc_accel_list="ALG_ECDSA \ ALG_ECDH \ KEY_TYPE_ECC_KEY_PAIR_BASIC \ + KEY_TYPE_ECC_KEY_PAIR_IMPORT \ + KEY_TYPE_ECC_KEY_PAIR_EXPORT \ KEY_TYPE_ECC_KEY_PAIR_GENERATE \ KEY_TYPE_ECC_PUBLIC_KEY" loc_accel_flags="$( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" From f0251e0824f173c18ddb9183f34731908eac50d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Aug 2023 12:23:42 +0200 Subject: [PATCH 291/350] Improve error codes in p256-m driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix 19 out of 20 errors in test_suite_psa_crypto mentioned in the previous commit. The remaining error will be fix in the next commit. Signed-off-by: Manuel Pégourié-Gonnard --- 3rdparty/p256-m/p256-m_driver_entrypoints.c | 77 ++++++++++----------- 1 file changed, 36 insertions(+), 41 deletions(-) diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c index 6131daec29..8c8f85cb53 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.c +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c @@ -118,9 +118,9 @@ psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attr return PSA_ERROR_NOT_SUPPORTED; } - /* Validate input and output sizes */ + /* Validate sizes, as p256-m expects fixed-size buffers */ if (key_buffer_size != 32) { - return PSA_ERROR_INVALID_ARGUMENT; + return PSA_ERROR_CORRUPTION_DETECTED; } if (data_size < 65) { return PSA_ERROR_BUFFER_TOO_SMALL; @@ -129,13 +129,11 @@ psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attr /* Output public key in the PSA export format */ data[0] = 0x04; int ret = p256_public_from_private(data + 1, key_buffer); - if (ret != P256_SUCCESS) { - /* The only possible error is the private key was invalid */ - return PSA_ERROR_INVALID_ARGUMENT; + if (ret == P256_SUCCESS) { + *data_length = 65; } - *data_length = 65; - return PSA_SUCCESS; + return p256_to_psa_error(ret); } psa_status_t p256_transparent_generate_key( @@ -148,13 +146,9 @@ psa_status_t p256_transparent_generate_key( * of driver entry-points. (void) used to avoid compiler warning. */ (void) attributes; - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; - - /* - * p256-m generates a 32 byte private key, and expects to write to a buffer - * that is of that size. */ + /* Validate sizes, as p256-m expects fixed-size buffers */ if (key_buffer_size != 32) { - return status; + return PSA_ERROR_BUFFER_TOO_SMALL; } /* @@ -164,13 +158,12 @@ psa_status_t p256_transparent_generate_key( * function as an argument. */ uint8_t public_key_buffer[64]; - status = p256_to_psa_error( - p256_gen_keypair(key_buffer, public_key_buffer)); - if (status == PSA_SUCCESS) { + int ret = p256_gen_keypair(key_buffer, public_key_buffer); + if (ret == P256_SUCCESS) { *key_buffer_length = 32; } - return status; + return p256_to_psa_error(ret); } psa_status_t p256_transparent_key_agreement( @@ -190,25 +183,23 @@ psa_status_t p256_transparent_key_agreement( (void) attributes; (void) alg; - /* - * Check that private key = 32 bytes, peer public key = 65 bytes, - * and that the shared secret buffer is big enough. */ - psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; - if (key_buffer_size != 32 || shared_secret_size < 32 || - peer_key_length != 65) { - return status; + /* Validate sizes, as p256-m expects fixed-size buffers */ + if (key_buffer_size != 32 || peer_key_length != 65) { + return PSA_ERROR_INVALID_ARGUMENT; + } + if (shared_secret_size < 32) { + return PSA_ERROR_BUFFER_TOO_SMALL; } /* We add 1 to peer_key pointer to omit the leading byte of the public key * representation (0x04). See information about PSA key formats at the top * of the file. */ - status = p256_to_psa_error( - p256_ecdh_shared_secret(shared_secret, key_buffer, peer_key+1)); - if (status == PSA_SUCCESS) { + int ret = p256_ecdh_shared_secret(shared_secret, key_buffer, peer_key + 1); + if (ret == P256_SUCCESS) { *shared_secret_length = 32; } - return status; + return p256_to_psa_error(ret); } psa_status_t p256_transparent_sign_hash( @@ -228,18 +219,20 @@ psa_status_t p256_transparent_sign_hash( (void) attributes; (void) alg; - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; - if (key_buffer_size != 32 || signature_size < 64) { - return status; + /* Validate sizes, as p256-m expects fixed-size buffers */ + if (key_buffer_size != 32) { + return PSA_ERROR_CORRUPTION_DETECTED; + } + if (signature_size < 64) { + return PSA_ERROR_BUFFER_TOO_SMALL; } - status = p256_to_psa_error( - p256_ecdsa_sign(signature, key_buffer, hash, hash_length)); - if (status == PSA_SUCCESS) { + int ret = p256_ecdsa_sign(signature, key_buffer, hash, hash_length); + if (ret == P256_SUCCESS) { *signature_length = 64; } - return status; + return p256_to_psa_error(ret); } /* This function expects the key buffer to contain a 65 byte public key, @@ -252,19 +245,21 @@ static psa_status_t p256_verify_hash_with_public_key( const uint8_t *signature, size_t signature_length) { - psa_status_t status = PSA_ERROR_NOT_SUPPORTED; - if (key_buffer_size != 65 || signature_length != 64 || *key_buffer != 0x04) { - return status; + /* Validate sizes, as p256-m expects fixed-size buffers */ + if (key_buffer_size != 65 || *key_buffer != 0x04) { + return PSA_ERROR_CORRUPTION_DETECTED; + } + if (signature_length != 64) { + return PSA_ERROR_INVALID_SIGNATURE; } /* We add 1 to public_key_buffer pointer to omit the leading byte of the * public key representation (0x04). See information about PSA key formats * at the top of the file. */ const uint8_t *public_key_buffer = key_buffer + 1; - status = p256_to_psa_error( - p256_ecdsa_verify(signature, public_key_buffer, hash, hash_length)); + int ret = p256_ecdsa_verify(signature, public_key_buffer, hash, hash_length); - return status; + return p256_to_psa_error(ret); } psa_status_t p256_transparent_verify_hash( From 0509b5878ca57f818b45f7f439b803b96690927d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Aug 2023 12:47:56 +0200 Subject: [PATCH 292/350] Fix INVALID vs NOT_SUPPORTED issue in test suite MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes the last remaining failure. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_psa_crypto.function | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 2396590b2d..02cc5efe3d 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1366,7 +1366,21 @@ void import_with_data(data_t *data, int type_arg, psa_set_key_bits(&attributes, attr_bits); status = psa_import_key(&attributes, data->x, data->len, &key); - TEST_EQUAL(status, expected_status); + /* When expecting INVALID_ARGUMENT, also accept NOT_SUPPORTED. + * + * This can happen with a type supported only by a driver: + * - the driver sees the invalid data (for example wrong size) and thinks + * "well perhaps this is a key size I don't support" so it returns + * NOT_SUPPORTED which is correct at this point; + * - we fallback to built-ins, which don't support this type, so return + * NOT_SUPPORTED which again is correct at this point. + */ + if (expected_status == PSA_ERROR_INVALID_ARGUMENT && + status == PSA_ERROR_NOT_SUPPORTED) { + ; // OK + } else { + TEST_EQUAL(status, expected_status); + } if (status != PSA_SUCCESS) { goto exit; } From 96839e745009e441ec5faf0099cf6289e3d43ba9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Aug 2023 13:01:29 +0200 Subject: [PATCH 293/350] Move common things to common function MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These should be shared between ref and accel, for meaningful coverage comparison. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 43 ++++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a9efa5108b..c0811933e4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2798,20 +2798,36 @@ common_tfm_config () { scripts/config.py unset MBEDTLS_AES_SETKEY_DEC_ALT # We have an OS that provides entropy, use it scripts/config.py unset MBEDTLS_NO_PLATFORM_ENTROPY - # Disable buffer allocator and use dynamic memory for calloc/free - scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # Other config adjustments to make the tests pass. - # Those are a surprise and should be investigated and fixed. + # Those should probably be adopted upstream. # + # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS + echo "#define MBEDTLS_USE_PSA_CRYPTO" >> "$CONFIG_H" # pkparse.c and pkwrite.c fail to link without this echo "#define MBEDTLS_OID_C" >> "$CONFIG_H" + # - ASN1_[PARSE/WRITE]_C found by check_config.h for pkparse/pkwrite + echo "#define MBEDTLS_ASN1_PARSE_C" >> "$CONFIG_H" + echo "#define MBEDTLS_ASN1_WRITE_C" >> "$CONFIG_H" + # - MD_C for HKDF_C + echo "#define MBEDTLS_MD_C" >> "$CONFIG_H" # Config adjustements for better test coverage in our environment. # These are not needed just to build and pass tests. # # Enable filesystem I/O for the benefit of PK parse/write tests. echo "#define MBEDTLS_FS_IO" >> "$CONFIG_H" + # Disable this for maximal ASan efficiency + scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + + # Config adjustements for features that are not supported + # when using only drivers / by p256-m + # + # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE + # Disable deterministic ECDSA as p256-m only does randomized + scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA + } # Keep this in sync with component_test_tfm_config() as they are both meant @@ -2821,21 +2837,6 @@ component_test_tfm_config_p256m_driver_accel_ec () { common_tfm_config - # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE - # Disable deterministic ECDSA as p256-m only does randomized - scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA - - # Add missing symbols from "tfm_mbedcrypto_config_profile_medium.h" - # - # - USE_PSA_CRYPTO for PK_HAVE_ECC_KEYS - echo "#define MBEDTLS_USE_PSA_CRYPTO" >> "$CONFIG_H" - # - ASN1_[PARSE/WRITE]_C found by check_config.h for pkparse/pkwrite - echo "#define MBEDTLS_ASN1_PARSE_C" >> "$CONFIG_H" - echo "#define MBEDTLS_ASN1_WRITE_C" >> "$CONFIG_H" - # - MD_C for HKDF_C - echo "#define MBEDTLS_MD_C" >> "$CONFIG_H" - # Set the list of accelerated components in order to remove them from # builtin support. We don't set IMPORT and EXPORT because P256M does not # support these operations. @@ -2852,14 +2853,14 @@ component_test_tfm_config_p256m_driver_accel_ec () { make CFLAGS="$ASAN_CFLAGS $loc_accel_flags -DMBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED" LDFLAGS="$ASAN_CFLAGS" # Make sure any built-in EC alg was not re-enabled by accident (additive config) - #not grep mbedtls_ecdsa_ library/ecdsa.o # this is needed for deterministic ECDSA + not grep mbedtls_ecdsa_ library/ecdsa.o not grep mbedtls_ecdh_ library/ecdh.o not grep mbedtls_ecjpake_ library/ecjpake.o # Also ensure that ECP, RSA, DHM or BIGNUM modules were not re-enabled - #not grep mbedtls_ecp_ library/ecp.o # this is needed for import/export EC keys (explained above) + not grep mbedtls_ecp_ library/ecp.o not grep mbedtls_rsa_ library/rsa.o not grep mbedtls_dhm_ library/dhm.o - #not grep mbedtls_mpi_ library/bignum.o # this is needed from ECP module + not grep mbedtls_mpi_ library/bignum.o # Run the tests msg "test: TF-M config + p256m driver + accel ECDH(E)/ECDSA" From e9d97976b26d8669ad93b1224245563704c92383 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 8 Aug 2023 18:34:47 +0200 Subject: [PATCH 294/350] Update list of ignored tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/analyze_outcomes.py | 44 ++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index ac97a99dd9..8648aec950 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -407,9 +407,20 @@ TASKS = { 'args': { 'component_ref': 'test_tfm_config', 'component_driver': 'test_tfm_config_p256m_driver_accel_ec', - # Ignore test suites for the modules that are disabled in the - # accelerated test case. - 'ignored_suites': ['ecdh', 'ecdsa'], + 'ignored_suites': [ + # Ignore test suites for the modules that are disabled in the + # accelerated test case. + 'ecp', + 'ecdsa', + 'ecdh', + 'ecjpake', + 'bignum_core', + 'bignum_random', + 'bignum_mod', + 'bignum_mod_raw', + 'bignum.generated', + 'bignum.misc', + ], 'ignored_tests': { # Ignore all tests that require DERIVE support which is disabled # in the driver version @@ -456,9 +467,34 @@ TASKS = { 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)', 'PSA raw key agreement: ECDH SECP256R1 (RFC 5903)', ], + 'test_suite_random': [ + 'PSA classic wrapper: ECDSA signature (SECP256R1)', + ], 'test_suite_psa_crypto_pake': [ 'PSA PAKE: ecjpake size macros', - ] + ], + 'test_suite_asn1parse': [ + # This test depends on BIGNUM_C + 'INTEGER too large for mpi', + ], + 'test_suite_asn1write': [ + # Following tests depends on BIGNUM_C + 'ASN.1 Write mpi 0 (1 limb)', + 'ASN.1 Write mpi 0 (null)', + 'ASN.1 Write mpi 0x100', + 'ASN.1 Write mpi 0x7f', + 'ASN.1 Write mpi 0x7f with leading 0 limb', + 'ASN.1 Write mpi 0x80', + 'ASN.1 Write mpi 0x80 with leading 0 limb', + 'ASN.1 Write mpi 0xff', + 'ASN.1 Write mpi 1', + 'ASN.1 Write mpi, 127*8 bits', + 'ASN.1 Write mpi, 127*8+1 bits', + 'ASN.1 Write mpi, 127*8-1 bits', + 'ASN.1 Write mpi, 255*8 bits', + 'ASN.1 Write mpi, 255*8-1 bits', + 'ASN.1 Write mpi, 256*8-1 bits', + ], } } } From 138bdb6b17a644ec326b21d34e5cf40ab5611cc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 9 Aug 2023 11:18:49 +0200 Subject: [PATCH 295/350] Add comment to p256-m driver JSON file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- scripts/data_files/driver_jsons/p256_transparent_driver.json | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/data_files/driver_jsons/p256_transparent_driver.json b/scripts/data_files/driver_jsons/p256_transparent_driver.json index 7ab1f6c847..97c11f97bd 100644 --- a/scripts/data_files/driver_jsons/p256_transparent_driver.json +++ b/scripts/data_files/driver_jsons/p256_transparent_driver.json @@ -6,6 +6,7 @@ "capabilities": [ { "mbedtls/c_condition": "defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)", + "_comment_entry_points": "This is not the complete list of entry points supported by this driver, only those that are currently supported in JSON. See docs/psa-driver-example-and-guide.md", "entry_points": ["import_key", "export_public_key"], "algorithms": ["PSA_ALG_ECDH", "PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)"], "key_types": [ From ba63e0ce34086fb439960478e4611a03bc9b73a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 9 Aug 2023 11:53:09 +0200 Subject: [PATCH 296/350] Use macros for sizes in p256-m driver MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- 3rdparty/p256-m/p256-m_driver_entrypoints.c | 58 ++++++++++++--------- 1 file changed, 34 insertions(+), 24 deletions(-) diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c index 8c8f85cb53..0ca5583c9a 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.c +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c @@ -41,7 +41,17 @@ * keys is only 64 bytes; the same as PSA but without the leading byte (0x04). * Hence, when passing public keys from PSA to p256-m, the leading byte is * removed. + * + * Shared secret and signature have the same format between PSA and p256-m. */ +#define PSA_PUBKEY_SIZE 65 +#define PSA_PUBKEY_HEADER_BYTE 0x04 +#define P256_PUBKEY_SIZE 64 +#define PRIVKEY_SIZE 32 +#define SHARED_SECRET_SIZE 32 +#define SIGNATURE_SIZE 64 + +#define CURVE_BITS 256 /* Convert between p256-m and PSA error codes */ static psa_status_t p256_to_psa_error(int ret) @@ -69,21 +79,21 @@ psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes, size_t *bits) { /* Check the key size */ - if (*bits != 0 && *bits != 256) { + if (*bits != 0 && *bits != CURVE_BITS) { return PSA_ERROR_NOT_SUPPORTED; } /* Validate the key (and its type and size) */ psa_key_type_t type = psa_get_key_type(attributes); if (type == PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1)) { - if (data_length != 65) { + if (data_length != PSA_PUBKEY_SIZE) { return *bits == 0 ? PSA_ERROR_NOT_SUPPORTED : PSA_ERROR_INVALID_ARGUMENT; } if (p256_validate_pubkey(data + 1) != P256_SUCCESS) { return PSA_ERROR_INVALID_ARGUMENT; } } else if (type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) { - if (data_length != 32) { + if (data_length != PRIVKEY_SIZE) { return *bits == 0 ? PSA_ERROR_NOT_SUPPORTED : PSA_ERROR_INVALID_ARGUMENT; } if (p256_validate_privkey(data) != P256_SUCCESS) { @@ -92,7 +102,7 @@ psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes, } else { return PSA_ERROR_NOT_SUPPORTED; } - *bits = 256; + *bits = CURVE_BITS; /* We only support the export format for input, so just copy. */ if (key_buffer_size < data_length) { @@ -114,23 +124,23 @@ psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attr /* Is this the right curve? */ size_t bits = psa_get_key_bits(attributes); psa_key_type_t type = psa_get_key_type(attributes); - if (bits != 256 || type != PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) { + if (bits != CURVE_BITS || type != PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) { return PSA_ERROR_NOT_SUPPORTED; } /* Validate sizes, as p256-m expects fixed-size buffers */ - if (key_buffer_size != 32) { + if (key_buffer_size != PRIVKEY_SIZE) { return PSA_ERROR_CORRUPTION_DETECTED; } - if (data_size < 65) { + if (data_size < PSA_PUBKEY_SIZE) { return PSA_ERROR_BUFFER_TOO_SMALL; } /* Output public key in the PSA export format */ - data[0] = 0x04; + data[0] = PSA_PUBKEY_HEADER_BYTE; int ret = p256_public_from_private(data + 1, key_buffer); if (ret == P256_SUCCESS) { - *data_length = 65; + *data_length = PSA_PUBKEY_SIZE; } return p256_to_psa_error(ret); @@ -147,7 +157,7 @@ psa_status_t p256_transparent_generate_key( (void) attributes; /* Validate sizes, as p256-m expects fixed-size buffers */ - if (key_buffer_size != 32) { + if (key_buffer_size != PRIVKEY_SIZE) { return PSA_ERROR_BUFFER_TOO_SMALL; } @@ -156,11 +166,11 @@ psa_status_t p256_transparent_generate_key( * keys. Allocate a buffer to which the public key will be written. The * private key will be written to key_buffer, which is passed to this * function as an argument. */ - uint8_t public_key_buffer[64]; + uint8_t public_key_buffer[P256_PUBKEY_SIZE]; int ret = p256_gen_keypair(key_buffer, public_key_buffer); if (ret == P256_SUCCESS) { - *key_buffer_length = 32; + *key_buffer_length = PRIVKEY_SIZE; } return p256_to_psa_error(ret); @@ -184,10 +194,10 @@ psa_status_t p256_transparent_key_agreement( (void) alg; /* Validate sizes, as p256-m expects fixed-size buffers */ - if (key_buffer_size != 32 || peer_key_length != 65) { + if (key_buffer_size != PRIVKEY_SIZE || peer_key_length != PSA_PUBKEY_SIZE) { return PSA_ERROR_INVALID_ARGUMENT; } - if (shared_secret_size < 32) { + if (shared_secret_size < SHARED_SECRET_SIZE) { return PSA_ERROR_BUFFER_TOO_SMALL; } @@ -196,7 +206,7 @@ psa_status_t p256_transparent_key_agreement( * of the file. */ int ret = p256_ecdh_shared_secret(shared_secret, key_buffer, peer_key + 1); if (ret == P256_SUCCESS) { - *shared_secret_length = 32; + *shared_secret_length = SHARED_SECRET_SIZE; } return p256_to_psa_error(ret); @@ -220,22 +230,22 @@ psa_status_t p256_transparent_sign_hash( (void) alg; /* Validate sizes, as p256-m expects fixed-size buffers */ - if (key_buffer_size != 32) { + if (key_buffer_size != PRIVKEY_SIZE) { return PSA_ERROR_CORRUPTION_DETECTED; } - if (signature_size < 64) { + if (signature_size < SIGNATURE_SIZE) { return PSA_ERROR_BUFFER_TOO_SMALL; } int ret = p256_ecdsa_sign(signature, key_buffer, hash, hash_length); if (ret == P256_SUCCESS) { - *signature_length = 64; + *signature_length = SIGNATURE_SIZE; } return p256_to_psa_error(ret); } -/* This function expects the key buffer to contain a 65 byte public key, +/* This function expects the key buffer to contain a PSA public key, * as exported by psa_export_public_key() */ static psa_status_t p256_verify_hash_with_public_key( const uint8_t *key_buffer, @@ -246,10 +256,10 @@ static psa_status_t p256_verify_hash_with_public_key( size_t signature_length) { /* Validate sizes, as p256-m expects fixed-size buffers */ - if (key_buffer_size != 65 || *key_buffer != 0x04) { + if (key_buffer_size != PSA_PUBKEY_SIZE || *key_buffer != PSA_PUBKEY_HEADER_BYTE) { return PSA_ERROR_CORRUPTION_DETECTED; } - if (signature_length != 64) { + if (signature_length != SIGNATURE_SIZE) { return PSA_ERROR_INVALID_SIGNATURE; } @@ -277,10 +287,10 @@ psa_status_t p256_transparent_verify_hash( (void) alg; psa_status_t status; - uint8_t public_key_buffer[65]; - size_t public_key_buffer_size = 65; + uint8_t public_key_buffer[PSA_PUBKEY_SIZE]; + size_t public_key_buffer_size = PSA_PUBKEY_SIZE; - size_t public_key_length = 65; + size_t public_key_length = PSA_PUBKEY_SIZE; /* As p256-m doesn't require dynamic allocation, we want to avoid it in * the entrypoint functions as well. psa_driver_wrapper_export_public_key() * requires size_t*, so we use a pointer to a stack variable. */ From 45b6e5e69f582bafa3478e3c5d7da9880e1f236a Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 12 Sep 2023 11:29:16 +0100 Subject: [PATCH 297/350] Prevent potential use of uninitialised data in pkcs7 tests Move the initialisation of the pkcs7 object to before the first possible test failure, otherwise failure in those tests could result in an uninitialised pointer being free'd. Found by coverity. Signed-off-by: Paul Elliott --- tests/suites/test_suite_pkcs7.function | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function index a0da1d72d9..65384a8550 100644 --- a/tests/suites/test_suite_pkcs7.function +++ b/tests/suites/test_suite_pkcs7.function @@ -78,6 +78,8 @@ void pkcs7_verify(char *pkcs7_file, MD_OR_USE_PSA_INIT(); + mbedtls_pkcs7_init(&pkcs7); + /* crt_files are space seprated list */ for (i = 0; i < strlen(crt_files); i++) { if (crt_files[i] == ' ') { @@ -100,7 +102,6 @@ void pkcs7_verify(char *pkcs7_file, i = k; } - mbedtls_pkcs7_init(&pkcs7); for (i = 0; i < n_crts; i++) { TEST_CALLOC(crts[i], 1); mbedtls_x509_crt_init(crts[i]); From 9d8a7d62f5dcf7988dbde7089e54c5bd2f66ba34 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Tue, 12 Sep 2023 16:01:52 +0100 Subject: [PATCH 298/350] Use the correct variable when tracking padding length Fixes an error introduced in a81373f80 Signed-off-by: Tom Cosgrove --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index c8ffc1ede2..85632a1c31 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1973,7 +1973,7 @@ hmac_failed_etm_enabled: increment = mbedtls_ct_size_if_else_0(b, increment); pad_count += increment; } - correct = mbedtls_ct_size_if_else_0(mbedtls_ct_uint_eq(pad_count, padlen), padlen); + correct = mbedtls_ct_size_if_else_0(mbedtls_ct_uint_eq(pad_count, padlen), correct); #if defined(MBEDTLS_SSL_DEBUG_ALL) if (padlen > 0 && correct == 0) { From a722d0a415b47df512c6d4b3c0b58d612b9c9b95 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 12 Sep 2023 16:27:24 +0100 Subject: [PATCH 299/350] Update CMake minimum version(s) to match main CMakeLists.txt Signed-off-by: Paul Elliott --- programs/test/cmake_package/CMakeLists.txt | 2 +- programs/test/cmake_package_install/CMakeLists.txt | 2 +- programs/test/cmake_subproject/CMakeLists.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/test/cmake_package/CMakeLists.txt b/programs/test/cmake_package/CMakeLists.txt index 518d2e94f2..019e6e7c0a 100644 --- a/programs/test/cmake_package/CMakeLists.txt +++ b/programs/test/cmake_package/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 2.8.12) +cmake_minimum_required(VERSION 3.5.1) # # Simulate configuring and building Mbed TLS as the user might do it. We'll diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt index fb5ad51b54..6070a6c067 100644 --- a/programs/test/cmake_package_install/CMakeLists.txt +++ b/programs/test/cmake_package_install/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 2.8.12) +cmake_minimum_required(VERSION 3.5.1) # # Simulate configuring and building Mbed TLS as the user might do it. We'll diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt index a9fcfde29d..3c3cba3c2d 100644 --- a/programs/test/cmake_subproject/CMakeLists.txt +++ b/programs/test/cmake_subproject/CMakeLists.txt @@ -1,4 +1,4 @@ -cmake_minimum_required(VERSION 2.6) +cmake_minimum_required(VERSION 3.5.1) # Test the target renaming support by adding a prefix to the targets built set(MBEDTLS_TARGET_PREFIX subproject_test_) From c7959b22c6aa5d196ba229cc461ca147e6632454 Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 12 Sep 2023 17:54:43 +0100 Subject: [PATCH 300/350] Remove magic number in x509.c Signed-off-by: Agathiyan Bragadeesh --- library/x509.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/x509.c b/library/x509.c index c1d6bd485c..790decf226 100644 --- a/library/x509.c +++ b/library/x509.c @@ -825,7 +825,8 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, j, n, asn1_len_size, asn1_tag_size, asn1_tag_len_buf_start; - unsigned char asn1_tag_len_buf[10]; + /* 6 is enough as our asn1 write functions only write one byte for the tag and at most five bytes for the length*/ + unsigned char asn1_tag_len_buf[6]; unsigned char *asn1_len_p; unsigned char c, merge = 0; const mbedtls_x509_name *name; @@ -874,7 +875,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) if (print_hexstring) { s[0] = '#'; - asn1_len_p = asn1_tag_len_buf + 10; + asn1_len_p = asn1_tag_len_buf + sizeof(asn1_tag_len_buf); if ((ret = mbedtls_asn1_write_len(&asn1_len_p, asn1_tag_len_buf, name->val.len)) < 0) { return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } @@ -883,7 +884,7 @@ int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn) return MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; } asn1_tag_size = ret; - asn1_tag_len_buf_start = 10 - asn1_len_size - asn1_tag_size; + asn1_tag_len_buf_start = sizeof(asn1_tag_len_buf) - asn1_len_size - asn1_tag_size; for (i = 0, j = 1; i < asn1_len_size + asn1_tag_size; i++) { if (j + 1 >= sizeof(s) - 1) { return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; From a72ea814d8c3cec481813ee118a4b84b7137e63d Mon Sep 17 00:00:00 2001 From: Agathiyan Bragadeesh Date: Tue, 12 Sep 2023 17:57:09 +0100 Subject: [PATCH 301/350] Remove double blank line in x509_create.c Signed-off-by: Agathiyan Bragadeesh --- library/x509_create.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/x509_create.c b/library/x509_create.c index eff36d5f1f..1c489a3ca5 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -177,7 +177,6 @@ static int parse_attribute_value_string(const char *s, *(d++) = *c; } - if (d - data == MBEDTLS_X509_MAX_DN_NAME_SIZE) { return MBEDTLS_ERR_X509_INVALID_NAME; } From 484327823724f1eb537ca3602b82479fae7415d5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Aug 2023 17:22:44 +0200 Subject: [PATCH 302/350] Allow "Mbed TLS" as the project name in Doxygen Previously the code only recognized the old spelling "mbed TLS", so it missed doxygen/input/doc_mainpage.h. Signed-off-by: Gilles Peskine --- scripts/bump_version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 7fc8c6c76c..47f5dc716e 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -142,7 +142,7 @@ mv tmp tests/suites/test_suite_version.data [ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h" for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h; do - sed -e "s/mbed TLS v[0-9\.]\{1,\}/mbed TLS v$VERSION/g" < $i > tmp + sed -e "s/\\([Mm]bed TLS v\\)[0-9][0-9.]*/\\1$VERSION/g" < $i > tmp mv tmp $i done From e820c0abc82cb851f81b9fd10298f5b5f7b0d72a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 3 Aug 2023 17:45:20 +0200 Subject: [PATCH 303/350] Update spelling "mbed TLS" to "Mbed TLS" The official spelling of the trade mark changed from all-lowercase "mbed" to normal proper noun capitalization "Mbed" a few years ago. We've been using the new spelling in new text but still have the old spelling in a lot of text. This commit updates most occurrences of "mbed TLS": ``` sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*') ``` Justification for the omissions: * `ChangeLog`: historical text. * `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many occurrences are significant names in certificates and such. Changing the spelling would invalidate many signatures and tests. * `configs/tfm*`: this is an imported file. We'll follow the upstream updates. Signed-off-by: Gilles Peskine --- .../everest/include/everest/vs2013/inttypes.h | 2 +- .../everest/include/everest/vs2013/stdbool.h | 2 +- 3rdparty/everest/include/everest/x25519.h | 2 +- .../everest/library/Hacl_Curve25519_joined.c | 2 +- 3rdparty/everest/library/x25519.c | 2 +- 3rdparty/p256-m/p256-m_driver_entrypoints.h | 2 +- CMakeLists.txt | 12 ++--- DartConfiguration.tcl | 2 +- configs/README.txt | 2 +- configs/config-no-entropy.h | 4 +- configs/config-suite-b.h | 4 +- configs/config-thread.h | 4 +- doxygen/mbedtls.doxyfile | 2 +- include/CMakeLists.txt | 2 +- include/mbedtls/build_info.h | 2 +- include/mbedtls/check_config.h | 2 +- include/mbedtls/ecp.h | 2 +- include/mbedtls/error.h | 2 +- include/mbedtls/mbedtls_config.h | 44 +++++++++---------- include/mbedtls/platform_time.h | 2 +- include/mbedtls/ssl_ciphersuites.h | 2 +- include/mbedtls/threading.h | 4 +- include/mbedtls/version.h | 8 ++-- include/mbedtls/x509_crt.h | 4 +- include/mbedtls/x509_csr.h | 2 +- library/CMakeLists.txt | 8 ++-- library/cipher.c | 2 +- library/cipher_wrap.c | 2 +- library/ecjpake.c | 2 +- library/entropy_poll.h | 2 +- library/md.c | 2 +- library/mps_common.h | 2 +- library/mps_error.h | 2 +- library/mps_reader.h | 2 +- library/mps_trace.h | 2 +- library/psa_crypto_core.h | 4 +- library/ssl_ciphersuites.c | 2 +- library/ssl_client.c | 2 +- library/ssl_tls13_client.c | 2 +- programs/ssl/ssl_fork_server.c | 2 +- programs/ssl/ssl_mail_client.c | 4 +- programs/ssl/ssl_pthread_server.c | 2 +- programs/ssl/ssl_server.c | 2 +- programs/ssl/ssl_server2.c | 2 +- scripts/bump_version.sh | 2 +- scripts/footprint.sh | 4 +- scripts/generate_features.pl | 4 +- scripts/lcov.sh | 2 +- tests/compat.sh | 4 +- tests/scripts/basic-build-test.sh | 2 +- tests/scripts/check-doxy-blocks.pl | 2 +- tests/scripts/check-generated-files.sh | 2 +- tests/scripts/doxygen.sh | 2 +- tests/scripts/generate-afl-tests.sh | 2 +- tests/suites/test_suite_ecp.function | 2 +- tests/suites/test_suite_version.function | 4 +- tests/suites/test_suite_x509parse.function | 2 +- 57 files changed, 100 insertions(+), 100 deletions(-) diff --git a/3rdparty/everest/include/everest/vs2013/inttypes.h b/3rdparty/everest/include/everest/vs2013/inttypes.h index d53f87f21d..77003be0b0 100644 --- a/3rdparty/everest/include/everest/vs2013/inttypes.h +++ b/3rdparty/everest/include/everest/vs2013/inttypes.h @@ -17,7 +17,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef _INTTYPES_H_VS2010 diff --git a/3rdparty/everest/include/everest/vs2013/stdbool.h b/3rdparty/everest/include/everest/vs2013/stdbool.h index 5b7039c4f4..dcae6d80ad 100644 --- a/3rdparty/everest/include/everest/vs2013/stdbool.h +++ b/3rdparty/everest/include/everest/vs2013/stdbool.h @@ -17,7 +17,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef _STDBOOL_H_VS2010 diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h index 7a973dcf01..ef314d2f3b 100644 --- a/3rdparty/everest/include/everest/x25519.h +++ b/3rdparty/everest/include/everest/x25519.h @@ -16,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef MBEDTLS_X25519_H diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/3rdparty/everest/library/Hacl_Curve25519_joined.c index 957294f648..a778160fff 100644 --- a/3rdparty/everest/library/Hacl_Curve25519_joined.c +++ b/3rdparty/everest/library/Hacl_Curve25519_joined.c @@ -16,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #ifndef _BSD_SOURCE /* Required to get htole64() from gcc/glibc's endian.h (older systems) diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c index 9faa9ab7d8..83064dc619 100644 --- a/3rdparty/everest/library/x25519.c +++ b/3rdparty/everest/library/x25519.c @@ -16,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ #include "common.h" diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h index 18c677a891..9522cede85 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.h +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h @@ -31,7 +31,7 @@ /** Generate SECP256R1 ECC Key Pair. * Interface function which calls the p256-m key generation function and - * places it in the key buffer provided by the caller (mbed TLS) in the + * places it in the key buffer provided by the caller (Mbed TLS) in the * correct format. For a SECP256R1 curve this is the 32 bit private key. * * \param[in] attributes The attributes of the key to use for the diff --git a/CMakeLists.txt b/CMakeLists.txt index 4d7e0b055d..1216c72686 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -34,14 +34,14 @@ cmake_policy(SET CMP0011 NEW) cmake_policy(SET CMP0012 NEW) if(TEST_CPP) - project("mbed TLS" LANGUAGES C CXX) + project("Mbed TLS" LANGUAGES C CXX) else() - project("mbed TLS" LANGUAGES C) + project("Mbed TLS" LANGUAGES C) endif() include(GNUInstallDirs) -# Determine if mbed TLS is being built as a subproject using add_subdirectory() +# Determine if Mbed TLS is being built as a subproject using add_subdirectory() if(NOT DEFINED MBEDTLS_AS_SUBPROJECT) set(MBEDTLS_AS_SUBPROJECT ON) if(CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR) @@ -52,7 +52,7 @@ endif() # Set the project root directory. set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR}) -option(ENABLE_PROGRAMS "Build mbed TLS programs." ON) +option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON) option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF) option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON) @@ -71,9 +71,9 @@ string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${CMAKE_C_COMPILER_ID}") # the test suites currently have compile errors with MSVC if(CMAKE_COMPILER_IS_MSVC) - option(ENABLE_TESTING "Build mbed TLS tests." OFF) + option(ENABLE_TESTING "Build Mbed TLS tests." OFF) else() - option(ENABLE_TESTING "Build mbed TLS tests." ON) + option(ENABLE_TESTING "Build Mbed TLS tests." ON) endif() # Warning string - created as a list for compatibility with CMake 2.8 diff --git a/DartConfiguration.tcl b/DartConfiguration.tcl index dfa0f07181..af0578a581 100644 --- a/DartConfiguration.tcl +++ b/DartConfiguration.tcl @@ -1,4 +1,4 @@ Site: localhost -BuildName: mbed TLS-test +BuildName: Mbed TLS-test CoverageCommand: /usr/bin/gcov MemoryCheckCommand: /usr/bin/valgrind diff --git a/configs/README.txt b/configs/README.txt index 9e5a243f8d..86496db013 100644 --- a/configs/README.txt +++ b/configs/README.txt @@ -21,4 +21,4 @@ them, you can pick one of the following methods: make Note that the second method also works if you want to keep your custom -configuration file outside the mbed TLS tree. +configuration file outside the Mbed TLS tree. diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 31fab4e918..1964e8e559 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -33,7 +33,7 @@ #define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_TIME -/* mbed TLS feature support */ +/* Mbed TLS feature support */ #define MBEDTLS_CIPHER_MODE_CBC #define MBEDTLS_CIPHER_PADDING_PKCS7 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED @@ -47,7 +47,7 @@ #define MBEDTLS_SELF_TEST #define MBEDTLS_VERSION_FEATURES -/* mbed TLS modules */ +/* Mbed TLS modules */ #define MBEDTLS_AES_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 89898b33a7..56a700f740 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -37,13 +37,13 @@ #define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_TIME -/* mbed TLS feature support */ +/* Mbed TLS feature support */ #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_DP_SECP384R1_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED #define MBEDTLS_SSL_PROTO_TLS1_2 -/* mbed TLS modules */ +/* Mbed TLS modules */ #define MBEDTLS_AES_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C diff --git a/configs/config-thread.h b/configs/config-thread.h index 0652136a54..e05b557ede 100644 --- a/configs/config-thread.h +++ b/configs/config-thread.h @@ -35,7 +35,7 @@ /* System support */ #define MBEDTLS_HAVE_ASM -/* mbed TLS feature support */ +/* Mbed TLS feature support */ #define MBEDTLS_AES_ROM_TABLES #define MBEDTLS_ECP_DP_SECP256R1_ENABLED #define MBEDTLS_ECP_NIST_OPTIM @@ -46,7 +46,7 @@ #define MBEDTLS_SSL_DTLS_ANTI_REPLAY #define MBEDTLS_SSL_DTLS_HELLO_VERIFY -/* mbed TLS modules */ +/* Mbed TLS modules */ #define MBEDTLS_AES_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 7fd5ddef82..c8a47d9ead 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -1,4 +1,4 @@ -PROJECT_NAME = "mbed TLS v3.4.1" +PROJECT_NAME = "Mbed TLS v3.4.1" OUTPUT_DIRECTORY = ../apidoc/ FULL_PATH_NAMES = NO OPTIMIZE_OUTPUT_FOR_C = YES diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt index e693bc17cc..e11e2715af 100644 --- a/include/CMakeLists.txt +++ b/include/CMakeLists.txt @@ -1,4 +1,4 @@ -option(INSTALL_MBEDTLS_HEADERS "Install mbed TLS headers." ON) +option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON) if(INSTALL_MBEDTLS_HEADERS) diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h index 7fd4fcc13c..d37cc81f7e 100644 --- a/include/mbedtls/build_info.h +++ b/include/mbedtls/build_info.h @@ -47,7 +47,7 @@ */ #define MBEDTLS_VERSION_NUMBER 0x03040100 #define MBEDTLS_VERSION_STRING "3.4.1" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.4.1" +#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.4.1" #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) #define _CRT_SECURE_NO_DEPRECATE 1 diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index ca267bdd8b..5ea7b9470d 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -30,7 +30,7 @@ */ #include #if CHAR_BIT != 8 -#error "mbed TLS requires a platform with 8-bit chars" +#error "Mbed TLS requires a platform with 8-bit chars" #endif #include diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index a89d4d23c8..bf95b907a4 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -175,7 +175,7 @@ mbedtls_ecp_point; #if !defined(MBEDTLS_ECP_ALT) /* - * default mbed TLS elliptic curve arithmetic implementation + * default Mbed TLS elliptic curve arithmetic implementation * * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an * alternative implementation for the whole module and it will replace this diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 11600bb60e..6882d71b17 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -166,7 +166,7 @@ static inline int mbedtls_error_add(int high, int low, } /** - * \brief Translate a mbed TLS error code into a string representation, + * \brief Translate a Mbed TLS error code into a string representation, * Result is truncated if necessary and always includes a terminating * null byte. * diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index d73c83e44d..2f5c672fb9 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -168,7 +168,7 @@ * * Enable the memory allocation layer. * - * By default mbed TLS uses the system-provided calloc() and free(). + * By default Mbed TLS uses the system-provided calloc() and free(). * This allows different allocators (self-implemented or provided) to be * provided to the platform abstraction layer. * @@ -241,10 +241,10 @@ /** * \def MBEDTLS_PLATFORM_EXIT_ALT * - * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the + * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let Mbed TLS support the * function in the platform abstraction layer. * - * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will + * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, Mbed TLS will * provide a function "mbedtls_platform_set_printf()" that allows you to set an * alternative printf function pointer. * @@ -344,7 +344,7 @@ /** \} name SECTION: System support */ /** - * \name SECTION: mbed TLS feature support + * \name SECTION: Mbed TLS feature support * * This section sets support for features that are or are not needed * within the modules that are enabled. @@ -367,7 +367,7 @@ /** * \def MBEDTLS_AES_ALT * - * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your + * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your * alternate core implementation of a symmetric crypto, an arithmetic or hash * module (e.g. platform specific assembly optimized implementations). Keep * in mind that the function prototypes should remain the same. @@ -375,7 +375,7 @@ * This replaces the whole module. If you only want to replace one of the * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags. * - * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer + * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer * provide the "struct mbedtls_aes_context" definition and omit the base * function declarations and implementations. "aes_alt.h" will be included from * "aes.h" to include the new function definitions. @@ -423,14 +423,14 @@ /** * \def MBEDTLS_SHA256_PROCESS_ALT * - * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you + * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you * alternate core implementation of symmetric crypto or hash function. Keep in * mind that function prototypes should remain the same. * - * This replaces only one function. The header file from mbed TLS is still + * This replaces only one function. The header file from Mbed TLS is still * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags. * - * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will + * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will * no longer provide the mbedtls_sha1_process() function, but it will still provide * the other function (using your mbedtls_sha1_process() function) and the definition * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible @@ -480,11 +480,11 @@ * * Expose a part of the internal interface of the Elliptic Curve Point module. * - * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your + * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your * alternative core implementation of elliptic curve arithmetic. Keep in mind * that function prototypes should remain the same. * - * This partially replaces one function. The header file from mbed TLS is still + * This partially replaces one function. The header file from Mbed TLS is still * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation * is still present and it is used for group structures not supported by the * alternative. @@ -508,11 +508,11 @@ * implement optimized set up and tear down instructions. * * Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and - * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac() + * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac() * function, but will use your mbedtls_internal_ecp_double_jac() if the group * for the operation is supported by your implementation (i.e. your * mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the - * group is not supported by your implementation, then the original mbed TLS + * group is not supported by your implementation, then the original Mbed TLS * implementation of ecp_double_jac() is used instead, unless this fallback * behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case * ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE). @@ -543,7 +543,7 @@ /** * \def MBEDTLS_ENTROPY_HARDWARE_ALT * - * Uncomment this macro to let mbed TLS use your own implementation of a + * Uncomment this macro to let Mbed TLS use your own implementation of a * hardware entropy collector. * * Your function must be called \c mbedtls_hardware_poll(), have the same @@ -1491,7 +1491,7 @@ * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES * * Enable sending of alert messages in case of encountered errors as per RFC. - * If you choose not to send the alert messages, mbed TLS can still communicate + * If you choose not to send the alert messages, Mbed TLS can still communicate * with other servers, only debugging of failures is harder. * * The advantage of not sending alert messages, is that no information is given @@ -2181,12 +2181,12 @@ * Comment this macro to disallow using RSASSA-PSS in certificates. */ #define MBEDTLS_X509_RSASSA_PSS_SUPPORT -/** \} name SECTION: mbed TLS feature support */ +/** \} name SECTION: Mbed TLS feature support */ /** - * \name SECTION: mbed TLS modules + * \name SECTION: Mbed TLS modules * - * This section enables or disables entire modules in mbed TLS + * This section enables or disables entire modules in Mbed TLS * \{ */ @@ -2882,7 +2882,7 @@ * Module: library/memory_buffer_alloc.c * * Requires: MBEDTLS_PLATFORM_C - * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS) + * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS) * * Enable this module to enable the buffer memory allocator. */ @@ -3484,7 +3484,7 @@ * \def MBEDTLS_THREADING_C * * Enable the threading abstraction layer. - * By default mbed TLS assumes it is used in a non-threaded environment or that + * By default Mbed TLS assumes it is used in a non-threaded environment or that * contexts are not shared between threads. If you do intend to use contexts * between threads, you will need to enable this layer to prevent race * conditions. See also our Knowledge Base article about threading: @@ -3498,7 +3498,7 @@ * You will have to enable either MBEDTLS_THREADING_ALT or * MBEDTLS_THREADING_PTHREAD. * - * Enable this layer to allow use of mutexes within mbed TLS + * Enable this layer to allow use of mutexes within Mbed TLS */ //#define MBEDTLS_THREADING_C @@ -3644,7 +3644,7 @@ */ #define MBEDTLS_X509_CSR_WRITE_C -/** \} name SECTION: mbed TLS modules */ +/** \} name SECTION: Mbed TLS modules */ /** * \name SECTION: General configuration options diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h index c7973d9fc1..21b3697458 100644 --- a/include/mbedtls/platform_time.h +++ b/include/mbedtls/platform_time.h @@ -1,7 +1,7 @@ /** * \file platform_time.h * - * \brief mbed TLS Platform time abstraction + * \brief Mbed TLS Platform time abstraction */ /* * Copyright The Mbed TLS Contributors diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 2db5209ea9..bf0c1a1b36 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -1,7 +1,7 @@ /** * \file ssl_ciphersuites.h * - * \brief SSL Ciphersuites for mbed TLS + * \brief SSL Ciphersuites for Mbed TLS */ /* * Copyright The Mbed TLS Contributors diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index 1b9c7ced25..6a336c3ed2 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -55,9 +55,9 @@ typedef struct mbedtls_threading_mutex_t { * \brief Set your alternate threading implementation function * pointers and initialize global mutexes. If used, this * function must be called once in the main thread before any - * other mbed TLS function is called, and + * other Mbed TLS function is called, and * mbedtls_threading_free_alt() must be called once in the main - * thread after all other mbed TLS functions. + * thread after all other Mbed TLS functions. * * \note mutex_init() and mutex_free() don't return a status code. * If mutex_init() fails, it should leave its argument (the diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index bb1a4c3cbe..073211a191 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -52,9 +52,9 @@ unsigned int mbedtls_version_get_number(void); void mbedtls_version_get_string(char *string); /** - * Get the full version string ("mbed TLS x.y.z"). + * Get the full version string ("Mbed TLS x.y.z"). * - * \param string The string that will receive the value. The mbed TLS version + * \param string The string that will receive the value. The Mbed TLS version * string will use 18 bytes AT MOST including a terminating * null byte. * (So the buffer should be at least 18 bytes to receive this @@ -64,12 +64,12 @@ void mbedtls_version_get_string_full(char *string); /** * \brief Check if support for a feature was compiled into this - * mbed TLS binary. This allows you to see at runtime if the + * Mbed TLS binary. This allows you to see at runtime if the * library was for instance compiled with or without * Multi-threading support. * * \note only checks against defines in the sections "System - * support", "mbed TLS modules" and "mbed TLS feature + * support", "Mbed TLS modules" and "Mbed TLS feature * support" in mbedtls_config.h * * \param feature The string for the define to check (e.g. "MBEDTLS_AES_C") diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 078781ca8f..3f9b25075f 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -1007,7 +1007,7 @@ int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx, const char * * \brief Set the issuer name for a Certificate * Issuer names should contain a comma-separated list * of OID types and values: - * e.g. "C=UK,O=ARM,CN=mbed TLS CA" + * e.g. "C=UK,O=ARM,CN=Mbed TLS CA" * * \param ctx CRT context to use * \param issuer_name issuer name to set @@ -1022,7 +1022,7 @@ int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx, * \brief Set the subject name for a Certificate * Subject names should contain a comma-separated list * of OID types and values: - * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1" + * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1" * * \param ctx CRT context to use * \param subject_name subject name to set diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 80adb1910c..513a83edd0 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -180,7 +180,7 @@ void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx); * \brief Set the subject name for a CSR * Subject names should contain a comma-separated list * of OID types and values: - * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1" + * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1" * * \param ctx CSR context to use * \param subject_name subject name to set diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 351edd0bae..83204f35e8 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -1,7 +1,7 @@ -option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON) -option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF) -option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF) -option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." OFF) +option(USE_STATIC_MBEDTLS_LIBRARY "Build Mbed TLS static library." ON) +option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF) +option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF) +option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF) # Set the project root directory if it's not already defined, as may happen if # the library folder is included directly by a parent project, without diff --git a/library/cipher.c b/library/cipher.c index de7f8378e3..69ee6d79c3 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -1,7 +1,7 @@ /** * \file cipher.c * - * \brief Generic cipher wrapper for mbed TLS + * \brief Generic cipher wrapper for Mbed TLS * * \author Adriaan de Jong * diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 6ab2f5f132..8e061218cb 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -1,7 +1,7 @@ /** * \file cipher_wrap.c * - * \brief Generic cipher wrapper for mbed TLS + * \brief Generic cipher wrapper for Mbed TLS * * \author Adriaan de Jong * diff --git a/library/ecjpake.c b/library/ecjpake.c index 19ad2c6e0f..6355b5ea58 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -1131,7 +1131,7 @@ int mbedtls_ecjpake_self_test(int verbose) #if !defined(MBEDTLS_ECJPAKE_ALT) /* 'reference handshake' tests can only be run against implementations * for which we have 100% control over how the random ephemeral keys - * are generated. This is only the case for the internal mbed TLS + * are generated. This is only the case for the internal Mbed TLS * implementation, so these tests are skipped in case the internal * implementation is swapped out for an alternative one. */ if (verbose != 0) { diff --git a/library/entropy_poll.h b/library/entropy_poll.h index 3cfd4a4444..be4943cce4 100644 --- a/library/entropy_poll.h +++ b/library/entropy_poll.h @@ -50,7 +50,7 @@ int mbedtls_platform_entropy_poll(void *data, /** * \brief Entropy poll callback for a hardware source * - * \warning This is not provided by mbed TLS! + * \warning This is not provided by Mbed TLS! * See \c MBEDTLS_ENTROPY_HARDWARE_ALT in mbedtls_config.h. * * \note This must accept NULL as its first argument. diff --git a/library/md.c b/library/md.c index 0b2ea4d149..6dfbba78d1 100644 --- a/library/md.c +++ b/library/md.c @@ -1,7 +1,7 @@ /** * \file md.c * - * \brief Generic message digest wrapper for mbed TLS + * \brief Generic message digest wrapper for Mbed TLS * * \author Adriaan de Jong * diff --git a/library/mps_common.h b/library/mps_common.h index 33b518b0a8..301d52532c 100644 --- a/library/mps_common.h +++ b/library/mps_common.h @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/mps_error.h b/library/mps_error.h index 15570d2384..5113959beb 100644 --- a/library/mps_error.h +++ b/library/mps_error.h @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/mps_reader.h b/library/mps_reader.h index bff6705037..bb912ec17f 100644 --- a/library/mps_reader.h +++ b/library/mps_reader.h @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/mps_trace.h b/library/mps_trace.h index 6f0455f038..f8e0a5d807 100644 --- a/library/mps_trace.h +++ b/library/mps_trace.h @@ -14,7 +14,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS (https://tls.mbed.org) + * This file is part of Mbed TLS (https://tls.mbed.org) */ /** diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index 2b4afd7e1d..575f302d40 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -225,12 +225,12 @@ psa_status_t psa_copy_key_material_into_slot(psa_key_slot_t *slot, const uint8_t *data, size_t data_length); -/** Convert an mbed TLS error code to a PSA error code +/** Convert an Mbed TLS error code to a PSA error code * * \note This function is provided solely for the convenience of * Mbed TLS and may be removed at any time without notice. * - * \param ret An mbed TLS-thrown error code + * \param ret An Mbed TLS-thrown error code * * \return The corresponding PSA error code */ diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index a0cf5300f1..d2c050b431 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1,7 +1,7 @@ /** * \file ssl_ciphersuites.c * - * \brief SSL ciphersuites for mbed TLS + * \brief SSL ciphersuites for Mbed TLS * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/library/ssl_client.c b/library/ssl_client.c index dc2b650b46..7114ef01a7 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -16,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS ( https://tls.mbed.org ) + * This file is part of Mbed TLS ( https://tls.mbed.org ) */ #include "common.h" diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c index 77325c3273..d018bee74a 100644 --- a/library/ssl_tls13_client.c +++ b/library/ssl_tls13_client.c @@ -16,7 +16,7 @@ * See the License for the specific language governing permissions and * limitations under the License. * - * This file is part of mbed TLS ( https://tls.mbed.org ) + * This file is part of Mbed TLS ( https://tls.mbed.org ) */ #include "common.h" diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c index 4777ee0d93..6734a14d9f 100644 --- a/programs/ssl/ssl_fork_server.c +++ b/programs/ssl/ssl_fork_server.c @@ -65,7 +65,7 @@ int main(void) #define HTTP_RESPONSE \ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ - "

mbed TLS Test Server

\r\n" \ + "

Mbed TLS Test Server

\r\n" \ "

Successful connection using: %s

\r\n" #define DEBUG_LEVEL 0 diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index fb6f371353..1e648e8afd 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -775,9 +775,9 @@ usage: mbedtls_printf(" > Write content to server:"); fflush(stdout); - len = sprintf((char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n" + len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n" "This is a simple test mail from the " - "mbed TLS mail client example.\r\n" + "Mbed TLS mail client example.\r\n" "\r\n" "Enjoy!", opt.mail_from); ret = write_ssl_data(&ssl, buf, len); diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c index 9416c3cf20..12d3057b4d 100644 --- a/programs/ssl/ssl_pthread_server.c +++ b/programs/ssl/ssl_pthread_server.c @@ -66,7 +66,7 @@ int main(void) #define HTTP_RESPONSE \ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ - "

mbed TLS Test Server

\r\n" \ + "

Mbed TLS Test Server

\r\n" \ "

Successful connection using: %s

\r\n" #define DEBUG_LEVEL 0 diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c index bb4915516f..ad82567f49 100644 --- a/programs/ssl/ssl_server.c +++ b/programs/ssl/ssl_server.c @@ -59,7 +59,7 @@ int main(void) #define HTTP_RESPONSE \ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ - "

mbed TLS Test Server

\r\n" \ + "

Mbed TLS Test Server

\r\n" \ "

Successful connection using: %s

\r\n" #define DEBUG_LEVEL 0 diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 58c2f1eff4..e3fabec80f 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -173,7 +173,7 @@ int main(void) * packets (for fragmentation purposes) */ #define HTTP_RESPONSE \ "HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \ - "

mbed TLS Test Server

\r\n" \ + "

Mbed TLS Test Server

\r\n" \ "

Successful connection using: %s

\r\n" // LONG_RESPONSE /* diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index 47f5dc716e..19d90bce7e 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -131,7 +131,7 @@ cat include/mbedtls/build_info.h | \ sed -e "s/\(# *define *[A-Z]*_VERSION\)_PATCH .\{1,\}/\1_PATCH $PATCH/" | \ sed -e "s/\(# *define *[A-Z]*_VERSION\)_NUMBER .\{1,\}/\1_NUMBER $VERSION_NR/" | \ sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING .\{1,\}/\1_STRING \"$VERSION\"/" | \ - sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING_FULL .\{1,\}/\1_STRING_FULL \"mbed TLS $VERSION\"/" \ + sed -e "s/\(# *define *[A-Z]*_VERSION\)_STRING_FULL .\{1,\}/\1_STRING_FULL \"Mbed TLS $VERSION\"/" \ > tmp mv tmp include/mbedtls/build_info.h diff --git a/scripts/footprint.sh b/scripts/footprint.sh index 6c0fc2554a..ae95db4a13 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -17,7 +17,7 @@ # # Purpose # -# This script determines ROM size (or code size) for the standard mbed TLS +# This script determines ROM size (or code size) for the standard Mbed TLS # configurations, when built for a Cortex M3/M4 target. # # Configurations included: @@ -108,7 +108,7 @@ else fi log "" -log "mbed TLS $MBEDTLS_VERSION$GIT_VERSION" +log "Mbed TLS $MBEDTLS_VERSION$GIT_VERSION" log "$( arm-none-eabi-gcc --version | head -n1 )" log "CFLAGS=$ARMGCC_FLAGS" diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl index e0de6b71ed..49cca2ec38 100755 --- a/scripts/generate_features.pl +++ b/scripts/generate_features.pl @@ -39,8 +39,8 @@ if( @ARGV ) { my $feature_format_file = $data_dir.'/version_features.fmt'; -my @sections = ( "System support", "mbed TLS modules", - "mbed TLS feature support" ); +my @sections = ( "System support", "Mbed TLS modules", + "Mbed TLS feature support" ); my $line_separator = $/; undef $/; diff --git a/scripts/lcov.sh b/scripts/lcov.sh index 8d141eedf7..6bba02fd24 100755 --- a/scripts/lcov.sh +++ b/scripts/lcov.sh @@ -51,7 +51,7 @@ lcov_library_report () { lcov --rc lcov_branch_coverage=1 --add-tracefile Coverage/tmp/files.info --add-tracefile Coverage/tmp/tests.info -o Coverage/tmp/all.info lcov --rc lcov_branch_coverage=1 --remove Coverage/tmp/all.info -o Coverage/tmp/final.info '*.h' gendesc tests/Descriptions.txt -o Coverage/tmp/descriptions - genhtml --title "mbed TLS" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info + genhtml --title "Mbed TLS" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info rm -f Coverage/tmp/*.info Coverage/tmp/descriptions echo "Coverage report in: Coverage/index.html" } diff --git a/tests/compat.sh b/tests/compat.sh index b070e71c46..252736bb25 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -262,7 +262,7 @@ filter_ciphersuites() { if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ]; then - # Ciphersuite for mbed TLS + # Ciphersuite for Mbed TLS M_CIPHERS=$( filter "$M_CIPHERS" ) # Ciphersuite for OpenSSL @@ -272,7 +272,7 @@ filter_ciphersuites() G_CIPHERS=$( filter "$G_CIPHERS" ) fi - # For GnuTLS client -> mbed TLS server, + # For GnuTLS client -> Mbed TLS server, # we need to force IPv4 by connecting to 127.0.0.1 but then auth fails if is_dtls "$MODE" && [ "X$VERIFY" = "XYES" ]; then G_CIPHERS="" diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 32be0eef16..43a91eed26 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -43,7 +43,7 @@ set -eu if [ -d library -a -d include -a -d tests ]; then :; else - echo "Must be run from mbed TLS root" >&2 + echo "Must be run from Mbed TLS root" >&2 exit 1 fi diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl index 3ed7069c57..dd955301ff 100755 --- a/tests/scripts/check-doxy-blocks.pl +++ b/tests/scripts/check-doxy-blocks.pl @@ -68,7 +68,7 @@ sub check_dir { # Check that the script is being run from the project's root directory. for my $dir (@directories) { if (! -d $dir) { - die "This script must be run from the mbed TLS root directory"; + die "This script must be run from the Mbed TLS root directory"; } else { check_dir($dir) } diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 4d6f93079c..a1c37e9f18 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -35,7 +35,7 @@ EOF fi if [ -d library -a -d include -a -d tests ]; then :; else - echo "Must be run from mbed TLS root" >&2 + echo "Must be run from Mbed TLS root" >&2 exit 1 fi diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh index 2bc8dc992c..cb87829e26 100755 --- a/tests/scripts/doxygen.sh +++ b/tests/scripts/doxygen.sh @@ -21,7 +21,7 @@ set -eu if [ -d library -a -d include -a -d tests ]; then :; else - echo "Must be run from mbed TLS root" >&2 + echo "Must be run from Mbed TLS root" >&2 exit 1 fi diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh index a640b566dd..a51fbc9650 100755 --- a/tests/scripts/generate-afl-tests.sh +++ b/tests/scripts/generate-afl-tests.sh @@ -41,7 +41,7 @@ THIS_DIR=$(basename $PWD) if [ -d ../library -a -d ../include -a -d ../tests -a $THIS_DIR == "tests" ]; then :; else - echo " [!] Must be run from mbed TLS tests directory" >&2 + echo " [!] Must be run from Mbed TLS tests directory" >&2 exit 1 fi diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 619a5ddb4e..5751624804 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -166,7 +166,7 @@ void ecp_test_vect_restart(int id, * MBEDTLS_ECP_WINDOW_SIZE, as well as implementation details that may * change in the future. A factor 2 is a minimum safety margin. * - * For reference, with mbed TLS 2.4 and default settings, for P-256: + * For reference, with Mbed TLS 2.4 and default settings, for P-256: * - Random point mult: ~3250M * - Cold base point mult: ~3300M * - Hot base point mult: ~1100M diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function index 981f8ab85f..eeae512626 100644 --- a/tests/suites/test_suite_version.function +++ b/tests/suites/test_suite_version.function @@ -20,7 +20,7 @@ void check_compiletime_version(char *version_str) mbedtls_snprintf(build_str, 100, "%d.%d.%d", MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH); - mbedtls_snprintf(build_str_full, 100, "mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR, + mbedtls_snprintf(build_str_full, 100, "Mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR, MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH); build_int = MBEDTLS_VERSION_MAJOR << 24 | @@ -56,7 +56,7 @@ void check_runtime_version(char *version_str) (get_int >> 24) & 0xFF, (get_int >> 16) & 0xFF, (get_int >> 8) & 0xFF); - mbedtls_snprintf(build_str_full, 100, "mbed TLS %s", version_str); + mbedtls_snprintf(build_str_full, 100, "Mbed TLS %s", version_str); TEST_ASSERT(strcmp(build_str, version_str) == 0); TEST_ASSERT(strcmp(build_str_full, get_str_full) == 0); diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index e6bce1d4fb..114bd52776 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -619,7 +619,7 @@ void x509_verify_restart(char *crt_file, char *ca_file, /* * See comments on ecp_test_vect_restart() for op count precision. * - * For reference, with mbed TLS 2.6 and default settings: + * For reference, with Mbed TLS 2.6 and default settings: * - ecdsa_verify() for P-256: ~ 6700 * - ecdsa_verify() for P-384: ~ 18800 * - x509_verify() for server5 -> test-ca2: ~ 18800 From 2e38a0d603994727c66f893627bf1933a7933b99 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 12 Sep 2023 19:19:31 +0200 Subject: [PATCH 304/350] More spelling corrections Signed-off-by: Gilles Peskine --- include/mbedtls/error.h | 6 +++--- tests/data_files/Makefile | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 6882d71b17..a7454f2348 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -166,9 +166,9 @@ static inline int mbedtls_error_add(int high, int low, } /** - * \brief Translate a Mbed TLS error code into a string representation, - * Result is truncated if necessary and always includes a terminating - * null byte. + * \brief Translate an Mbed TLS error code into a string representation. + * The result is truncated if necessary and always includes a + * terminating null byte. * * \param errnum error code * \param buffer buffer to place representation in diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index b5f0844c9d..f50f058946 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -1,7 +1,7 @@ ## This file contains a record of how some of the test data was ## generated. The final build products are committed to the repository ## as well to make sure that the test data is identical. You do not -## need to use this makefile unless you're extending mbed TLS's tests. +## need to use this makefile unless you're extending Mbed TLS's tests. ## Many data files were generated prior to the existence of this ## makefile, so the method of their generation was not recorded. From 7d52f2a0d939c610e18f7cd2b7d3a6361f3d4a98 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 12 Sep 2023 16:29:39 +0100 Subject: [PATCH 305/350] Improve use of ct interface in mbedtls_ssl_decrypt_buf Signed-off-by: Dave Rodgman --- library/ssl_msg.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 85632a1c31..47a206dd44 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1504,7 +1504,8 @@ int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl, int auth_done = 0; #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) - size_t padlen = 0, correct = 1; + size_t padlen = 0; + mbedtls_ct_condition_t correct = MBEDTLS_CT_TRUE; #endif unsigned char *data; /* For an explanation of the additional data length see @@ -1921,7 +1922,7 @@ hmac_failed_etm_enabled: const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge( rec->data_len, padlen + 1); - correct = mbedtls_ct_size_if_else_0(ge, correct); + correct = mbedtls_ct_bool_and(ge, correct); padlen = mbedtls_ct_size_if_else_0(ge, padlen); } else { #if defined(MBEDTLS_SSL_DEBUG_ALL) @@ -1937,7 +1938,7 @@ hmac_failed_etm_enabled: const mbedtls_ct_condition_t ge = mbedtls_ct_uint_ge( rec->data_len, transform->maclen + padlen + 1); - correct = mbedtls_ct_size_if_else_0(ge, correct); + correct = mbedtls_ct_bool_and(ge, correct); padlen = mbedtls_ct_size_if_else_0(ge, padlen); } @@ -1973,14 +1974,14 @@ hmac_failed_etm_enabled: increment = mbedtls_ct_size_if_else_0(b, increment); pad_count += increment; } - correct = mbedtls_ct_size_if_else_0(mbedtls_ct_uint_eq(pad_count, padlen), correct); + correct = mbedtls_ct_bool_and(mbedtls_ct_uint_eq(pad_count, padlen), correct); #if defined(MBEDTLS_SSL_DEBUG_ALL) - if (padlen > 0 && correct == 0) { + if (padlen > 0 && correct == MBEDTLS_CT_FALSE) { MBEDTLS_SSL_DEBUG_MSG(1, ("bad padding byte detected")); } #endif - padlen = mbedtls_ct_size_if_else_0(mbedtls_ct_bool(correct), padlen); + padlen = mbedtls_ct_size_if_else_0(correct, padlen); #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ @@ -2075,7 +2076,7 @@ hmac_failed_etm_enabled: #if defined(MBEDTLS_SSL_DEBUG_ALL) MBEDTLS_SSL_DEBUG_MSG(1, ("message mac does not match")); #endif - correct = 0; + correct = MBEDTLS_CT_FALSE; } auth_done++; @@ -2090,7 +2091,7 @@ hmac_failed_etm_disabled: /* * Finally check the correct flag */ - if (correct == 0) { + if (correct == MBEDTLS_CT_FALSE) { return MBEDTLS_ERR_SSL_INVALID_MAC; } #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */ From 016db89107131f49ca10b5940a536a785615cbe6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 13 Sep 2023 14:34:40 +0200 Subject: [PATCH 306/350] Update p256-m to state that it's ready for production Add some guidance as to whether and how to enable it. Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 34 +++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index d73c83e44d..6eeafc3c65 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -856,16 +856,32 @@ //#define MBEDTLS_ECP_WITH_MPI_UINT /** - * Uncomment to enable p256-m, which implements ECC key generation, ECDH, - * and ECDSA for SECP256R1 curves. This driver is used as an example to - * document how a third-party driver or software accelerator can be integrated - * to work alongside Mbed TLS. + * Uncomment to enable p256-m. This is an alternative implementation of + * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. + * Compared to the default implementation: * - * \warning p256-m has only been included to serve as a sample implementation - * of how a driver/accelerator can be integrated alongside Mbed TLS. It is not - * intended for use in production. p256-m files in Mbed TLS are not updated - * regularly, so they may not contain upstream fixes/improvements. - * DO NOT ENABLE/USE THIS MACRO IN PRODUCTION BUILDS! + * - p256-m has a much smaller code size and RAM footprint. + * - p256-m is only available via the PSA API. This includes the pk module + * when #MBEDTLS_USE_PSA_CRYPTO is enabled. + * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols + * over the core arithmetic, or deterministic derivation of keys. + * + * We recommend enabling this option if your application uses the PSA API + * and the only elliptic curve support it needs is ECDH and ECDSA over + * SECP256R1. + * + * If you enable this option, you do not need to enable any ECC-related + * MBEDTLS_xxx option. You do need to separately request support for the + * cryptographic mechanisms through the PSA API: + * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based + * configuration; + * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS; + * - #PSA_WANT_ECC_SECP_R1_256; + * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed; + * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. */ //#define MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED From 6f784dff491010337d3ea210296f401e19a53458 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 13 Sep 2023 15:32:30 +0200 Subject: [PATCH 307/350] Reflect the fact p256-m has been integrated into Mbed TLS Signed-off-by: Gilles Peskine --- docs/psa-driver-example-and-guide.md | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md index ae3c04c64d..7fb70223d0 100644 --- a/docs/psa-driver-example-and-guide.md +++ b/docs/psa-driver-example-and-guide.md @@ -138,15 +138,20 @@ This guide assumes you are building Mbed TLS from source alongside your project. ### Example: Manually integrating a software accelerator alongside Mbed TLS -[p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on the NIST P-256 curve, specifically optimized for use in constrained 32-bit environments. As such, it serves as a software accelerator. This section demonstrates the integration of `p256-m` as a transparent driver alongside Mbed TLS, serving as a guide for implementation. -The code for p256-m can be found in `3rdparty/p256-m/p256m`. In this demonstration, p256-m is built from source alongside Mbed TLS. +[p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on the NIST P-256 curve, specifically optimized for use in constrained 32-bit environments. It started out as an independent project and has been integrated in Mbed TLS as a PSA transparent driver. The source code of p256-m and the driver entry points is located in the Mbed TLS source tree under `3rdparty/p256-m`. In this section, we will look at how this integration was done. -The driver prefix for p256-m is `P256`/`p256`. The driver macro is `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED`. To build with and use p256-m, set the macro using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run: +The Mbed TLS build system includes the instructions needed to build p256-m. To build with and use p256-m, set the macro `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED` using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run: + python3 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG python3 scripts/config.py set MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED make -p256-m implements four entry points: `generate_key`, `key_agreement`, `sign_hash`, `verify_hash`. The `sign/verify_hash` entry points are used instead of `sign/verify_message` as messages must be hashed prior to any operation, and p256-m does not implement this. The driver entry point functions can be found in `p256m_driver_entrypoints.[hc]`. These functions act as an interface between Mbed TLS and p256-m; converting between PSA and p256-m argument formats and performing sanity checks. If the driver's status codes differ from PSA's, it is recommended to implement a status code translation function. The function `p256_to_psa_error()` converts error codes returned by p256-m into PSA error codes. +(You need extra steps if you want to disable the built-in implementation of ECC algorithms, which includes more features than p256-m. Refer to the documentation of `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED` for more information.) + +The driver prefix for p256-m is `P256`/`p256`. +The p256-m driver implements four entry points: `generate_key`, `key_agreement`, `sign_hash`, `verify_hash`. +There are no entry points for `sign_message` and `verify_message`, which are not necessary for a sign-and-hash algorithm. The core still implements these functions by doing the hashes and then calling the sign/verify-hash entry points. +The driver entry point functions can be found in `p256m_driver_entrypoints.[hc]`. These functions act as an interface between Mbed TLS and p256-m; converting between PSA and p256-m argument formats and performing sanity checks. If the driver's status codes differ from PSA's, it is recommended to implement a status code translation function. The function `p256_to_psa_error()` converts error codes returned by p256-m into PSA error codes. The driver wrapper functions in `psa_crypto_driver_wrappers.c.jinja` for all four entry points have also been modified. The code block below shows the additions made to `psa_driver_wrapper_sign_hash()`. In adherence to the defined process, all code related to the driver call is placed within a check for `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED`. p256-m only supports non-deterministic ECDSA using keys based on NIST P256; these constraints are enforced through checks (see the `if` statement). Checks that involve accessing key attributes, (e.g. checking key type or bits) **must** be performed in the driver wrapper. This is because this information is marked private and may not be accessed outside the library. Other checks can be performed here or in the entry point function. The status returned by the driver is propagated up the call hierarchy **unless** the driver does not support the operation (i.e. return `PSA_ERROR_NOT_SUPPORTED`). In that case the next available driver/built-in implementation is called. From 528ec901abe6ef3830c69108cad811e5e3378146 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 13 Sep 2023 15:41:23 +0200 Subject: [PATCH 308/350] Add a changelog entry for p256-m Signed-off-by: Gilles Peskine --- ChangeLog.d/p256-m.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/p256-m.txt diff --git a/ChangeLog.d/p256-m.txt b/ChangeLog.d/p256-m.txt new file mode 100644 index 0000000000..0725488757 --- /dev/null +++ b/ChangeLog.d/p256-m.txt @@ -0,0 +1,5 @@ +Features + * Applications using ECC over secp256r1 through the PSA API can use a + new implementation with a much smaller footprint, but some minor + usage restrictions. See the documentation of the new configuration + option MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED for details. From 3d0bffb257c04bf192f20ef89205ac1be89c9828 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 13 Sep 2023 15:15:37 +0100 Subject: [PATCH 309/350] Improve statement in driver-only-builds.md Signed-off-by: Paul Elliott --- docs/driver-only-builds.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 277c5e3981..4e2d68f363 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -145,9 +145,9 @@ timeline, please let us know if you're interested. ### Limitations regarding the selection of curves -There is an ongoing work which tries to establish a link/constrain between -the list of supported curves and supported algorithms both in the builtin and -PSA sides. In particular: +There is ongoing work which is trying to establish the links and constraints +between the list of supported curves and supported algorithms both in the +builtin and PSA sides. In particular: - #8014 ensures that the curves supported on the PSA side (`PSA_WANT_ECC_xxx`) are always a superset of the builtin ones (`MBEDTLS_ECP_DP_xxx`) From d9f22804ea24379559c88bee7d2939cbd8edd692 Mon Sep 17 00:00:00 2001 From: mcagriaksoy Date: Wed, 13 Sep 2023 22:42:19 +0200 Subject: [PATCH 310/350] Fixes log level for got supported group message Signed-off-by: mcagriaksoy --- library/ssl_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 7114ef01a7..760fa7f9db 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -260,7 +260,7 @@ static int ssl_write_supported_groups_ext(mbedtls_ssl_context *ssl, for (; *group_list != 0; group_list++) { int propose_group = 0; - MBEDTLS_SSL_DEBUG_MSG(1, ("got supported group(%04x)", *group_list)); + MBEDTLS_SSL_DEBUG_MSG(3, ("got supported group(%04x)", *group_list)); #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) if (flags & SSL_WRITE_SUPPORTED_GROUPS_EXT_TLS1_3_FLAG) { From 7732ced037e92978c23260d9e15e922838103094 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Thu, 14 Sep 2023 13:51:14 +0800 Subject: [PATCH 311/350] cipher_wrap: remove 192- and 256-bit for AES_ONLY_128_BIT_KEY_LENGTH Signed-off-by: Yanray Wang --- library/cipher_wrap.c | 44 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index 8e061218cb..bbf57ceee7 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -307,6 +307,7 @@ static const mbedtls_cipher_info_t aes_128_ecb_info = { MBEDTLS_CIPHER_BASE_INDEX_AES }; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) static const mbedtls_cipher_info_t aes_192_ecb_info = { "AES-192-ECB", 16, @@ -328,6 +329,7 @@ static const mbedtls_cipher_info_t aes_256_ecb_info = { 0, MBEDTLS_CIPHER_BASE_INDEX_AES }; +#endif #if defined(MBEDTLS_CIPHER_MODE_CBC) static const mbedtls_cipher_info_t aes_128_cbc_info = { @@ -341,6 +343,7 @@ static const mbedtls_cipher_info_t aes_128_cbc_info = { MBEDTLS_CIPHER_BASE_INDEX_AES }; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) static const mbedtls_cipher_info_t aes_192_cbc_info = { "AES-192-CBC", 16, @@ -362,6 +365,7 @@ static const mbedtls_cipher_info_t aes_256_cbc_info = { 0, MBEDTLS_CIPHER_BASE_INDEX_AES }; +#endif #endif /* MBEDTLS_CIPHER_MODE_CBC */ #if defined(MBEDTLS_CIPHER_MODE_CFB) @@ -376,6 +380,7 @@ static const mbedtls_cipher_info_t aes_128_cfb128_info = { MBEDTLS_CIPHER_BASE_INDEX_AES }; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) static const mbedtls_cipher_info_t aes_192_cfb128_info = { "AES-192-CFB128", 16, @@ -397,6 +402,7 @@ static const mbedtls_cipher_info_t aes_256_cfb128_info = { 0, MBEDTLS_CIPHER_BASE_INDEX_AES }; +#endif #endif /* MBEDTLS_CIPHER_MODE_CFB */ #if defined(MBEDTLS_CIPHER_MODE_OFB) @@ -411,6 +417,7 @@ static const mbedtls_cipher_info_t aes_128_ofb_info = { MBEDTLS_CIPHER_BASE_INDEX_AES }; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) static const mbedtls_cipher_info_t aes_192_ofb_info = { "AES-192-OFB", 16, @@ -432,6 +439,7 @@ static const mbedtls_cipher_info_t aes_256_ofb_info = { 0, MBEDTLS_CIPHER_BASE_INDEX_AES }; +#endif #endif /* MBEDTLS_CIPHER_MODE_OFB */ #if defined(MBEDTLS_CIPHER_MODE_CTR) @@ -446,6 +454,7 @@ static const mbedtls_cipher_info_t aes_128_ctr_info = { MBEDTLS_CIPHER_BASE_INDEX_AES }; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) static const mbedtls_cipher_info_t aes_192_ctr_info = { "AES-192-CTR", 16, @@ -467,6 +476,7 @@ static const mbedtls_cipher_info_t aes_256_ctr_info = { 0, MBEDTLS_CIPHER_BASE_INDEX_AES }; +#endif #endif /* MBEDTLS_CIPHER_MODE_CTR */ #if defined(MBEDTLS_CIPHER_MODE_XTS) @@ -545,6 +555,7 @@ static const mbedtls_cipher_info_t aes_128_xts_info = { MBEDTLS_CIPHER_BASE_INDEX_XTS_AES }; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) static const mbedtls_cipher_info_t aes_256_xts_info = { "AES-256-XTS", 16, @@ -555,6 +566,7 @@ static const mbedtls_cipher_info_t aes_256_xts_info = { 0, MBEDTLS_CIPHER_BASE_INDEX_XTS_AES }; +#endif #endif /* MBEDTLS_CIPHER_MODE_XTS */ #if defined(MBEDTLS_GCM_C) @@ -603,6 +615,7 @@ static const mbedtls_cipher_info_t aes_128_gcm_info = { MBEDTLS_CIPHER_BASE_INDEX_GCM_AES }; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) static const mbedtls_cipher_info_t aes_192_gcm_info = { "AES-192-GCM", 16, @@ -624,6 +637,7 @@ static const mbedtls_cipher_info_t aes_256_gcm_info = { MBEDTLS_CIPHER_VARIABLE_IV_LEN, MBEDTLS_CIPHER_BASE_INDEX_GCM_AES }; +#endif #endif /* MBEDTLS_GCM_C */ #if defined(MBEDTLS_CCM_C) @@ -672,6 +686,7 @@ static const mbedtls_cipher_info_t aes_128_ccm_info = { MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) static const mbedtls_cipher_info_t aes_192_ccm_info = { "AES-192-CCM", 16, @@ -693,6 +708,7 @@ static const mbedtls_cipher_info_t aes_256_ccm_info = { MBEDTLS_CIPHER_VARIABLE_IV_LEN, MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; +#endif static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = { "AES-128-CCM*-NO-TAG", @@ -705,6 +721,7 @@ static const mbedtls_cipher_info_t aes_128_ccm_star_no_tag_info = { MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) static const mbedtls_cipher_info_t aes_192_ccm_star_no_tag_info = { "AES-192-CCM*-NO-TAG", 16, @@ -726,6 +743,7 @@ static const mbedtls_cipher_info_t aes_256_ccm_star_no_tag_info = { MBEDTLS_CIPHER_VARIABLE_IV_LEN, MBEDTLS_CIPHER_BASE_INDEX_CCM_AES }; +#endif #endif /* MBEDTLS_CCM_C */ #endif /* MBEDTLS_AES_C */ @@ -2125,6 +2143,7 @@ static const mbedtls_cipher_info_t aes_128_nist_kw_info = { MBEDTLS_CIPHER_BASE_INDEX_KW_AES }; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) static const mbedtls_cipher_info_t aes_192_nist_kw_info = { "AES-192-KW", 16, @@ -2146,6 +2165,7 @@ static const mbedtls_cipher_info_t aes_256_nist_kw_info = { 0, MBEDTLS_CIPHER_BASE_INDEX_KW_AES }; +#endif static const mbedtls_cipher_info_t aes_128_nist_kwp_info = { "AES-128-KWP", @@ -2158,6 +2178,7 @@ static const mbedtls_cipher_info_t aes_128_nist_kwp_info = { MBEDTLS_CIPHER_BASE_INDEX_KW_AES }; +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) static const mbedtls_cipher_info_t aes_192_nist_kwp_info = { "AES-192-KWP", 16, @@ -2179,51 +2200,70 @@ static const mbedtls_cipher_info_t aes_256_nist_kwp_info = { 0, MBEDTLS_CIPHER_BASE_INDEX_KW_AES }; +#endif #endif /* MBEDTLS_NIST_KW_C */ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = { #if defined(MBEDTLS_AES_C) { MBEDTLS_CIPHER_AES_128_ECB, &aes_128_ecb_info }, +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_ECB, &aes_192_ecb_info }, { MBEDTLS_CIPHER_AES_256_ECB, &aes_256_ecb_info }, +#endif #if defined(MBEDTLS_CIPHER_MODE_CBC) { MBEDTLS_CIPHER_AES_128_CBC, &aes_128_cbc_info }, +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CBC, &aes_192_cbc_info }, { MBEDTLS_CIPHER_AES_256_CBC, &aes_256_cbc_info }, #endif +#endif #if defined(MBEDTLS_CIPHER_MODE_CFB) { MBEDTLS_CIPHER_AES_128_CFB128, &aes_128_cfb128_info }, +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CFB128, &aes_192_cfb128_info }, { MBEDTLS_CIPHER_AES_256_CFB128, &aes_256_cfb128_info }, #endif +#endif #if defined(MBEDTLS_CIPHER_MODE_OFB) { MBEDTLS_CIPHER_AES_128_OFB, &aes_128_ofb_info }, +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_OFB, &aes_192_ofb_info }, { MBEDTLS_CIPHER_AES_256_OFB, &aes_256_ofb_info }, #endif +#endif #if defined(MBEDTLS_CIPHER_MODE_CTR) { MBEDTLS_CIPHER_AES_128_CTR, &aes_128_ctr_info }, +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CTR, &aes_192_ctr_info }, { MBEDTLS_CIPHER_AES_256_CTR, &aes_256_ctr_info }, #endif +#endif #if defined(MBEDTLS_CIPHER_MODE_XTS) { MBEDTLS_CIPHER_AES_128_XTS, &aes_128_xts_info }, +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_256_XTS, &aes_256_xts_info }, #endif +#endif #if defined(MBEDTLS_GCM_C) { MBEDTLS_CIPHER_AES_128_GCM, &aes_128_gcm_info }, +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_GCM, &aes_192_gcm_info }, { MBEDTLS_CIPHER_AES_256_GCM, &aes_256_gcm_info }, #endif +#endif #if defined(MBEDTLS_CCM_C) { MBEDTLS_CIPHER_AES_128_CCM, &aes_128_ccm_info }, +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CCM, &aes_192_ccm_info }, { MBEDTLS_CIPHER_AES_256_CCM, &aes_256_ccm_info }, +#endif { MBEDTLS_CIPHER_AES_128_CCM_STAR_NO_TAG, &aes_128_ccm_star_no_tag_info }, +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_CCM_STAR_NO_TAG, &aes_192_ccm_star_no_tag_info }, { MBEDTLS_CIPHER_AES_256_CCM_STAR_NO_TAG, &aes_256_ccm_star_no_tag_info }, #endif +#endif #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_CAMELLIA_C) @@ -2315,12 +2355,16 @@ const mbedtls_cipher_definition_t mbedtls_cipher_definitions[] = #if defined(MBEDTLS_NIST_KW_C) { MBEDTLS_CIPHER_AES_128_KW, &aes_128_nist_kw_info }, +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_KW, &aes_192_nist_kw_info }, { MBEDTLS_CIPHER_AES_256_KW, &aes_256_nist_kw_info }, +#endif { MBEDTLS_CIPHER_AES_128_KWP, &aes_128_nist_kwp_info }, +#if !defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) { MBEDTLS_CIPHER_AES_192_KWP, &aes_192_nist_kwp_info }, { MBEDTLS_CIPHER_AES_256_KWP, &aes_256_nist_kwp_info }, #endif +#endif #if defined(MBEDTLS_CIPHER_NULL_CIPHER) { MBEDTLS_CIPHER_NULL, &null_cipher_info }, From 3b4471ef87d756838735e0c3ed59f833eee14d2d Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 14 Sep 2023 12:59:50 +0100 Subject: [PATCH 312/350] MBEDTLS_SSL_MAX_EARLY_DATA_SIZE: default value should be commented out in config Numeric options should be commented out with their default values in the config file, and a separate header file should set the default value if necessary. This was done for most other options in #8161; do it here for MBEDTLS_SSL_MAX_EARLY_DATA_SIZE. Signed-off-by: Tom Cosgrove --- include/mbedtls/check_config.h | 8 ++++---- include/mbedtls/mbedtls_config.h | 2 +- include/mbedtls/ssl.h | 4 ++++ 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 5ea7b9470d..17eb0340cf 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -830,10 +830,10 @@ #endif #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C) && \ - ( !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) || \ - ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0 ) || \ - ( MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX ) ) -#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE MUST be defined and in range(0..UINT32_MAX)" + defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) && \ + ((MBEDTLS_SSL_MAX_EARLY_DATA_SIZE < 0) || \ + (MBEDTLS_SSL_MAX_EARLY_DATA_SIZE > UINT32_MAX)) +#error "MBEDTLS_SSL_MAX_EARLY_DATA_SIZE must be in the range(0..UINT32_MAX)" #endif #if defined(MBEDTLS_SSL_PROTO_DTLS) && \ diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 2f5c672fb9..77644a1335 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1848,7 +1848,7 @@ * production. * */ -#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 +//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 /** * \def MBEDTLS_SSL_PROTO_DTLS diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index a3ecbfbf67..d6083daf19 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -405,6 +405,10 @@ #define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16 #endif +#if !defined(MBEDTLS_SSL_MAX_EARLY_DATA_SIZE) +#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 +#endif + #if !defined(MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE) #define MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE 6000 #endif From a63775b16855b3d28fb3763ec1fded877961aab7 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 14 Sep 2023 13:31:19 +0100 Subject: [PATCH 313/350] Move MBEDTLS_SSL_MAX_EARLY_DATA_SIZE to the correct section Signed-off-by: Tom Cosgrove --- include/mbedtls/mbedtls_config.h | 37 +++++++++++++++++--------------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 77644a1335..314dac639a 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1830,26 +1830,12 @@ * This feature is experimental, not completed and thus not ready for * production. * + * \note The maximum amount of early data can be set with + * MBEDTLS_SSL_MAX_EARLY_DATA_SIZE. + * */ //#define MBEDTLS_SSL_EARLY_DATA -/** - * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE - * - * The default maximum amount of 0-RTT data. See the documentation of - * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information. - * - * It must be positive and smaller than UINT32_MAX. - * - * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not - * have any impact on the build. - * - * This feature is experimental, not completed and thus not ready for - * production. - * - */ -//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 - /** * \def MBEDTLS_SSL_PROTO_DTLS * @@ -4040,6 +4026,23 @@ */ //#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 +/** + * \def MBEDTLS_SSL_MAX_EARLY_DATA_SIZE + * + * The default maximum amount of 0-RTT data. See the documentation of + * \c mbedtls_ssl_tls13_conf_max_early_data_size() for more information. + * + * It must be positive and smaller than UINT32_MAX. + * + * If MBEDTLS_SSL_EARLY_DATA is not defined, this default value does not + * have any impact on the build. + * + * This feature is experimental, not completed and thus not ready for + * production. + * + */ +//#define MBEDTLS_SSL_MAX_EARLY_DATA_SIZE 1024 + /** * \def MBEDTLS_SSL_TLS1_3_TICKET_AGE_TOLERANCE * From e99b24dd9ffc9bf67a8e1c804120d376a82d2822 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 14 Sep 2023 15:45:03 +0100 Subject: [PATCH 314/350] Fix some clang-18 warnings Signed-off-by: Dave Rodgman --- library/ssl_client.c | 9 +++++---- library/ssl_tls.c | 9 +++++---- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 7114ef01a7..d553997baf 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -648,14 +648,15 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED */ #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - if ( + int write_sig_alg_ext = 0; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - (propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl)) || + write_sig_alg_ext = write_sig_alg_ext || (propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl)); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) - propose_tls12 || + write_sig_alg_ext = write_sig_alg_ext || propose_tls12; #endif - 0) { + + if (write_sig_alg_ext) { ret = mbedtls_ssl_write_sig_alg_ext(ssl, p, end, &output_len); if (ret != 0) { return ret; diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7a1f85531f..64a38781a0 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4578,13 +4578,14 @@ static int ssl_context_load(mbedtls_ssl_context *ssl, * We can't check that the config matches the initial one, but we can at * least check it matches the requirements for serializing. */ - if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || - ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 || - ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 || + if ( #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl->conf->disable_renegotiation != MBEDTLS_SSL_RENEGOTIATION_DISABLED || #endif - 0) { + ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || + ssl->conf->max_tls_version < MBEDTLS_SSL_VERSION_TLS1_2 || + ssl->conf->min_tls_version > MBEDTLS_SSL_VERSION_TLS1_2 + ) { return MBEDTLS_ERR_SSL_BAD_INPUT_DATA; } From a11eac429240ef75755fd4c39d261033091c3068 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Thu, 14 Sep 2023 16:16:04 +0100 Subject: [PATCH 315/350] code style Signed-off-by: Dave Rodgman --- library/ssl_client.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index d553997baf..2ff39f4855 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -650,7 +650,8 @@ static int ssl_write_client_hello_body(mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) int write_sig_alg_ext = 0; #if defined(MBEDTLS_SSL_PROTO_TLS1_3) - write_sig_alg_ext = write_sig_alg_ext || (propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl)); + write_sig_alg_ext = write_sig_alg_ext || + (propose_tls13 && mbedtls_ssl_conf_tls13_ephemeral_enabled(ssl)); #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) write_sig_alg_ext = write_sig_alg_ext || propose_tls12; From 7f84471a604d312a45c4636276328fc1f098864f Mon Sep 17 00:00:00 2001 From: mcagriaksoy Date: Thu, 14 Sep 2023 22:43:08 +0200 Subject: [PATCH 316/350] Adding changelog for log level message fix Signed-off-by: mcagriaksoy --- ChangeLog.d/fix-log-level-msg.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/fix-log-level-msg.txt diff --git a/ChangeLog.d/fix-log-level-msg.txt b/ChangeLog.d/fix-log-level-msg.txt new file mode 100644 index 0000000000..4e82ad1508 --- /dev/null +++ b/ChangeLog.d/fix-log-level-msg.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix log level for the got supported group message. Fixes #6765 From fd3360ebf4f29e0dac9f75e83afceb46b5223dfa Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 15 Sep 2023 17:39:08 +0100 Subject: [PATCH 317/350] Remove unneeded setting of ret from ssl programs Remove coverity warnings on unused values. Signed-off-by: Paul Elliott --- programs/ssl/dtls_client.c | 1 - programs/ssl/dtls_server.c | 1 - programs/ssl/ssl_server2.c | 1 - 3 files changed, 3 deletions(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index e47715c003..f0abcabc72 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -294,7 +294,6 @@ send_request: case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: mbedtls_printf(" connection was closed gracefully\n"); - ret = 0; goto close_notify; default: diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c index 1697ff81de..b11a4f5b44 100644 --- a/programs/ssl/dtls_server.c +++ b/programs/ssl/dtls_server.c @@ -331,7 +331,6 @@ reset: case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: printf(" connection was closed gracefully\n"); - ret = 0; goto close_notify; default: diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index e3fabec80f..0efcb7f9a6 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3781,7 +3781,6 @@ data_exchange: switch (ret) { case MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY: mbedtls_printf(" connection was closed gracefully\n"); - ret = 0; goto close_notify; default: From ecdfc1c94f547817edf2e1b045e59998383bd87f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 15 Sep 2023 18:00:37 +0100 Subject: [PATCH 318/350] Fix poorly named function Signed-off-by: Dave Rodgman --- library/asn1write.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index fb725748b1..40584d6bae 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -75,7 +75,7 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsign return 1; } -static int mbedtls_write_len_and_tag(unsigned char **p, +static int mbedtls_asn1_write_len_and_tag(unsigned char **p, const unsigned char *start, size_t len, unsigned char tag) @@ -139,7 +139,7 @@ int mbedtls_asn1_write_mpi(unsigned char **p, const unsigned char *start, const len += 1; } - ret = mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_INTEGER); + ret = mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_INTEGER); cleanup: return ret; @@ -150,7 +150,7 @@ int mbedtls_asn1_write_null(unsigned char **p, const unsigned char *start) { // Write NULL // - return mbedtls_write_len_and_tag(p, start, 0, MBEDTLS_ASN1_NULL); + return mbedtls_asn1_write_len_and_tag(p, start, 0, MBEDTLS_ASN1_NULL); } int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start, @@ -161,7 +161,7 @@ int mbedtls_asn1_write_oid(unsigned char **p, const unsigned char *start, MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, (const unsigned char *) oid, oid_len)); - return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OID); + return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OID); } int mbedtls_asn1_write_algorithm_identifier(unsigned char **p, const unsigned char *start, @@ -188,7 +188,7 @@ int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p, const unsigne MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); - return mbedtls_write_len_and_tag(p, start, len, + return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); } @@ -203,7 +203,7 @@ int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int b *--(*p) = (boolean) ? 255 : 0; len++; - return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BOOLEAN); + return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BOOLEAN); } static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, int val, int tag) @@ -227,7 +227,7 @@ static int asn1_write_tagged_int(unsigned char **p, const unsigned char *start, len += 1; } - return mbedtls_write_len_and_tag(p, start, len, tag); + return mbedtls_asn1_write_len_and_tag(p, start, len, tag); } int mbedtls_asn1_write_int(unsigned char **p, const unsigned char *start, int val) @@ -250,7 +250,7 @@ int mbedtls_asn1_write_tagged_string(unsigned char **p, const unsigned char *sta (const unsigned char *) text, text_len)); - return mbedtls_write_len_and_tag(p, start, len, tag); + return mbedtls_asn1_write_len_and_tag(p, start, len, tag); } int mbedtls_asn1_write_utf8_string(unsigned char **p, const unsigned char *start, @@ -342,7 +342,7 @@ int mbedtls_asn1_write_bitstring(unsigned char **p, const unsigned char *start, /* Write unused bits */ *--(*p) = (unsigned char) unused_bits; - return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BIT_STRING); + return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_BIT_STRING); } int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *start, @@ -353,7 +353,7 @@ int mbedtls_asn1_write_octet_string(unsigned char **p, const unsigned char *star MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(p, start, buf, size)); - return mbedtls_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OCTET_STRING); + return mbedtls_asn1_write_len_and_tag(p, start, len, MBEDTLS_ASN1_OCTET_STRING); } From 0c9516ea896bed84f45d2818b71b688e563dd47a Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 15 Sep 2023 18:30:09 +0100 Subject: [PATCH 319/350] code style Signed-off-by: Dave Rodgman --- library/asn1write.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/asn1write.c b/library/asn1write.c index 2fb8a12a33..2e9b98ad58 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -78,9 +78,9 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsign #if defined(MBEDTLS_ASN1_WRITE_C) static int mbedtls_asn1_write_len_and_tag(unsigned char **p, - const unsigned char *start, - size_t len, - unsigned char tag) + const unsigned char *start, + size_t len, + unsigned char tag) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; @@ -191,7 +191,7 @@ int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p, const unsigne MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len)); return mbedtls_asn1_write_len_and_tag(p, start, len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); } int mbedtls_asn1_write_bool(unsigned char **p, const unsigned char *start, int boolean) From 83f0a65d715838966a45b69a6e0b04ce7b19b710 Mon Sep 17 00:00:00 2001 From: jnmeurisse <88129653+jnmeurisse@users.noreply.github.com> Date: Sat, 16 Sep 2023 18:12:18 +0200 Subject: [PATCH 320/350] Fix issue #8215 : add missing requires documentation in mbedtls_config.h Add missing requirements MBEDTLS_SSL_PROTO_TLS1_2 to option MBEDTLS_SSL_RENEGOTIATION documentation. Signed-off-by: jnmeurisse <88129653+jnmeurisse@users.noreply.github.com> --- include/mbedtls/mbedtls_config.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 314dac639a..7d94329381 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1672,6 +1672,8 @@ * it has been associated with security issues in the past and is easy to * misuse/misunderstand. * + * Requires: MBEDTLS_SSL_PROTO_TLS1_2 + * * Comment this to disable support for renegotiation. * * \note Even if this option is disabled, both client and server are aware From f7298cd3974a181d8f76463b13f682ddbf63474c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 18 Sep 2023 09:55:24 +0200 Subject: [PATCH 321/350] Fix some issues in comments MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ranging from typos to outdated comment contradicting the code. Signed-off-by: Manuel Pégourié-Gonnard --- 3rdparty/p256-m/p256-m/p256-m.h | 4 ++-- include/mbedtls/pk.h | 24 ++++++++++++------------ tests/scripts/all.sh | 7 +++---- 3 files changed, 17 insertions(+), 18 deletions(-) diff --git a/3rdparty/p256-m/p256-m/p256-m.h b/3rdparty/p256-m/p256-m/p256-m.h index d4b053ad0d..28d319f394 100644 --- a/3rdparty/p256-m/p256-m/p256-m.h +++ b/3rdparty/p256-m/p256-m/p256-m.h @@ -92,7 +92,7 @@ int p256_ecdsa_verify(const uint8_t sig[64], const uint8_t pub[64], /* * Public key validation * - * Note: you never need to call this function, as all other function always + * Note: you never need to call this function, as all other functions always * validate their input; however it's availabe if you want to validate the key * without performing an operation. * @@ -106,7 +106,7 @@ int p256_validate_pubkey(const uint8_t pub[64]); /* * Private key validation * - * Note: you never need to call this function, as all other function always + * Note: you never need to call this function, as all other functions always * validate their input; however it's availabe if you want to validate the key * without performing an operation. * diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 28ec29d6ba..48e331a5bc 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -173,11 +173,11 @@ typedef struct mbedtls_pk_rsassa_pss_options { /* Internal helper to define which fields in the pk_context structure below * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) - * format. It should be noticed that this only affects how data is stored, not + * format. It should be noted that this only affects how data is stored, not * which functions are used for various operations. The overall picture looks * like this: - * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure - * and legacy functions + * - if USE_PSA is not defined and ECP_C is defined then use ecp_keypair data + * structure and legacy functions * - if USE_PSA is defined and * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly * format and use PSA functions @@ -185,13 +185,13 @@ typedef struct mbedtls_pk_rsassa_pss_options { * * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the - * ecp_keypair structure inside the pk_context so he/she can modify it using + * ecp_keypair structure inside the pk_context so they can modify it using * ECP functions which are not under PK module's control. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ !defined(MBEDTLS_ECP_C) #define MBEDTLS_PK_USE_PSA_EC_DATA -#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ +#endif /* Helper symbol to state that the PK module has support for EC keys. This * can either be provided through the legacy ECP solution or through the @@ -202,11 +202,11 @@ typedef struct mbedtls_pk_rsassa_pss_options { /* Internal helper to define which fields in the pk_context structure below * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) - * format. It should be noted that this only affect how data is stored, not + * format. It should be noted that this only affects how data is stored, not * which functions are used for various operations. The overall picture looks * like this: - * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure - * and legacy functions + * - if USE_PSA is not defined and ECP_C is defined then use ecp_keypair data + * structure and legacy functions * - if USE_PSA is defined and * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly * format and use PSA functions @@ -220,11 +220,11 @@ typedef struct mbedtls_pk_rsassa_pss_options { #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ !defined(MBEDTLS_ECP_C) #define MBEDTLS_PK_USE_PSA_EC_DATA -#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ +#endif /* Internal helper to define which fields in the pk_context structure below * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) - * format. It should be noticed that this only affect how data is stored, not + * format. It should be noted that this only affects how data is stored, not * which functions are used for various operations. The overall picture looks * like this: * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure @@ -236,13 +236,13 @@ typedef struct mbedtls_pk_rsassa_pss_options { * * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the - * ecp_keypair structure inside the pk_context so he/she can modify it using + * ecp_keypair structure inside the pk_context so they can modify it using * ECP functions which are not under PK module's control. */ #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ !defined(MBEDTLS_ECP_C) #define MBEDTLS_PK_USE_PSA_EC_DATA -#endif /* MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_ECP_C */ +#endif /** * \brief Types for interfacing with the debug module diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c0811933e4..c1fd50c29f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2812,7 +2812,7 @@ common_tfm_config () { # - MD_C for HKDF_C echo "#define MBEDTLS_MD_C" >> "$CONFIG_H" - # Config adjustements for better test coverage in our environment. + # Config adjustments for better test coverage in our environment. # These are not needed just to build and pass tests. # # Enable filesystem I/O for the benefit of PK parse/write tests. @@ -2820,7 +2820,7 @@ common_tfm_config () { # Disable this for maximal ASan efficiency scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C - # Config adjustements for features that are not supported + # Config adjustments for features that are not supported # when using only drivers / by p256-m # # Disable all the features that auto-enable ECP_LIGHT (see build_info.h) @@ -2838,8 +2838,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { common_tfm_config # Set the list of accelerated components in order to remove them from - # builtin support. We don't set IMPORT and EXPORT because P256M does not - # support these operations. + # builtin support. loc_accel_list="ALG_ECDSA \ ALG_ECDH \ KEY_TYPE_ECC_KEY_PAIR_BASIC \ From 4f119b8f211abd6a8feba0e560281afd14092304 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 18 Sep 2023 09:57:04 +0200 Subject: [PATCH 322/350] Remove extra copies of a block of comment/define MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Not sure how it happened, but this block was not just duplicated, but triplicated. Keep only the first copy: the one before the code that uses the macro being defined. Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/pk.h | 44 -------------------------------------------- 1 file changed, 44 deletions(-) diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h index 48e331a5bc..aea602be79 100644 --- a/include/mbedtls/pk.h +++ b/include/mbedtls/pk.h @@ -200,50 +200,6 @@ typedef struct mbedtls_pk_rsassa_pss_options { #define MBEDTLS_PK_HAVE_ECC_KEYS #endif /* MBEDTLS_PK_USE_PSA_EC_DATA || MBEDTLS_ECP_C */ -/* Internal helper to define which fields in the pk_context structure below - * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) - * format. It should be noted that this only affects how data is stored, not - * which functions are used for various operations. The overall picture looks - * like this: - * - if USE_PSA is not defined and ECP_C is defined then use ecp_keypair data - * structure and legacy functions - * - if USE_PSA is defined and - * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly - * format and use PSA functions - * - if !ECP_C then use new raw data and PSA functions directly. - * - * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long - * as ECP_C is defined mbedtls_pk_ec() gives the user read/write access to the - * ecp_keypair structure inside the pk_context so they can modify it using - * ECP functions which are not under the PK module's control. - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ - !defined(MBEDTLS_ECP_C) -#define MBEDTLS_PK_USE_PSA_EC_DATA -#endif - -/* Internal helper to define which fields in the pk_context structure below - * should be used for EC keys: legacy ecp_keypair or the raw (PSA friendly) - * format. It should be noted that this only affects how data is stored, not - * which functions are used for various operations. The overall picture looks - * like this: - * - if USE_PSA is not defined and ECP_C is then use ecp_keypair data structure - * and legacy functions - * - if USE_PSA is defined and - * - if ECP_C then use ecp_keypair structure, convert data to a PSA friendly - * format and use PSA functions - * - if !ECP_C then use new raw data and PSA functions directly. - * - * The main reason for the "intermediate" (USE_PSA + ECP_C) above is that as long - * as ECP_C is defined mbedtls_pk_ec() gives the user a read/write access to the - * ecp_keypair structure inside the pk_context so they can modify it using - * ECP functions which are not under PK module's control. - */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \ - !defined(MBEDTLS_ECP_C) -#define MBEDTLS_PK_USE_PSA_EC_DATA -#endif - /** * \brief Types for interfacing with the debug module */ From f299efdb96346ef4f5a81ac851ae3203b8f0508f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 18 Sep 2023 11:19:04 +0200 Subject: [PATCH 323/350] Improve a comment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b214c65550..06a6fa25bb 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1639,7 +1639,7 @@ run_test() { fi # If the client or server requires certain features that can be detected - # from their command-line arguments, check that they're enabled. + # from their command-line arguments, check whether they're enabled. detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" From 275afe187f06f6cb05414c58f7aceab63f69d0a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 18 Sep 2023 11:19:20 +0200 Subject: [PATCH 324/350] Fix preset shared between 1.2 and 1.3 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- library/ssl_tls.c | 35 +++++++++++++++-------------------- 1 file changed, 15 insertions(+), 20 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index af51616126..0c95a60ac7 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4981,29 +4981,26 @@ static const int ssl_preset_suiteb_ciphersuites[] = { */ static uint16_t ssl_preset_default_sig_algs[] = { -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ defined(MBEDTLS_MD_CAN_SHA256) && \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED && - MBEDTLS_MD_CAN_SHA256 && - MBEDTLS_ECP_DP_SECP256R1_ENABLED */ + // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256) +#endif -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ defined(MBEDTLS_MD_CAN_SHA384) && \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED && - MBEDTLS_MD_CAN_SHA384&& - MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384) +#endif -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ defined(MBEDTLS_MD_CAN_SHA512) && \ defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP521R1_SHA512, -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED && - MBEDTLS_MD_CAN_SHA384&& - MBEDTLS_ECP_DP_SECP521R1_ENABLED */ + // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA512) +#endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ defined(MBEDTLS_MD_CAN_SHA512) @@ -5080,21 +5077,19 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = { /* NOTICE: see above */ static uint16_t ssl_preset_suiteb_sig_algs[] = { -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ defined(MBEDTLS_MD_CAN_SHA256) && \ defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP256R1_SHA256, -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED && - MBEDTLS_MD_CAN_SHA256 && - MBEDTLS_ECP_DP_SECP256R1_ENABLED */ + // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA256) +#endif -#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \ +#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \ defined(MBEDTLS_MD_CAN_SHA384) && \ defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) MBEDTLS_TLS1_3_SIG_ECDSA_SECP384R1_SHA384, -#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED && - MBEDTLS_MD_CAN_SHA384 && - MBEDTLS_ECP_DP_SECP384R1_ENABLED */ + // == MBEDTLS_SSL_TLS12_SIG_AND_HASH_ALG(MBEDTLS_SSL_SIG_ECDSA, MBEDTLS_SSL_HASH_SHA384) +#endif #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \ defined(MBEDTLS_MD_CAN_SHA256) From 97bb726e2d4d5c1864f3e20cef12284060f66459 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 18 Sep 2023 11:28:32 +0200 Subject: [PATCH 325/350] Add clarifying comment MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ssl_ciphersuites.h | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 62c138d3a2..a707132e8b 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -304,13 +304,21 @@ typedef enum { #define MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED #endif -/* Key exchanges allowing client certificate requests */ +/* Key exchanges allowing client certificate requests. + * + * Note: that's almost the same as MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED + * above, except RSA-PSK uses a server certificate but no client cert. + * + * Note: this difference is specific to TLS 1.2, as with TLS 1.3, things are + * more symmetrical: client certs and server certs are either both allowed + * (Ephemeral mode) or both disallowed (PSK and PKS-Ephemeral modes). + */ #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \ + defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \ - defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) + defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) #define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED #endif From fbea9d2e7d004dfdd5f457d9a3f0d8d6581f4405 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 20 Sep 2023 09:22:29 +0200 Subject: [PATCH 326/350] Improve return code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CORRUPTION_DETECTED should be reserved for cases that are impossible, short of physical corruption during execution or a major bug in the code. We shouldn't use this for the kind of mistakes that can happen during configuration or integration, such as calling a driver on a key type that it doesn't support. Signed-off-by: Manuel Pégourié-Gonnard --- 3rdparty/p256-m/p256-m_driver_entrypoints.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c index 0ca5583c9a..b75c06c669 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.c +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c @@ -130,7 +130,7 @@ psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attr /* Validate sizes, as p256-m expects fixed-size buffers */ if (key_buffer_size != PRIVKEY_SIZE) { - return PSA_ERROR_CORRUPTION_DETECTED; + return PSA_ERROR_INVALID_ARGUMENT; } if (data_size < PSA_PUBKEY_SIZE) { return PSA_ERROR_BUFFER_TOO_SMALL; @@ -231,7 +231,7 @@ psa_status_t p256_transparent_sign_hash( /* Validate sizes, as p256-m expects fixed-size buffers */ if (key_buffer_size != PRIVKEY_SIZE) { - return PSA_ERROR_CORRUPTION_DETECTED; + return PSA_ERROR_INVALID_ARGUMENT; } if (signature_size < SIGNATURE_SIZE) { return PSA_ERROR_BUFFER_TOO_SMALL; @@ -257,7 +257,7 @@ static psa_status_t p256_verify_hash_with_public_key( { /* Validate sizes, as p256-m expects fixed-size buffers */ if (key_buffer_size != PSA_PUBKEY_SIZE || *key_buffer != PSA_PUBKEY_HEADER_BYTE) { - return PSA_ERROR_CORRUPTION_DETECTED; + return PSA_ERROR_INVALID_ARGUMENT; } if (signature_length != SIGNATURE_SIZE) { return PSA_ERROR_INVALID_SIGNATURE; From 5ca69349b50ad4d0c8d9d47bbcaf849f189c9f80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 20 Sep 2023 09:28:02 +0200 Subject: [PATCH 327/350] Improve comments on key formats MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- 3rdparty/p256-m/p256-m_driver_entrypoints.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c index b75c06c669..bcbb651c7c 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.c +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c @@ -38,7 +38,7 @@ * total of 65 bytes. * * p256-m's internal format for private keys matches PSA. Its format for public - * keys is only 64 bytes; the same as PSA but without the leading byte (0x04). + * keys is only 64 bytes: the same as PSA but without the leading byte (0x04). * Hence, when passing public keys from PSA to p256-m, the leading byte is * removed. * @@ -89,6 +89,7 @@ psa_status_t p256_transparent_import_key(const psa_key_attributes_t *attributes, if (data_length != PSA_PUBKEY_SIZE) { return *bits == 0 ? PSA_ERROR_NOT_SUPPORTED : PSA_ERROR_INVALID_ARGUMENT; } + /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */ if (p256_validate_pubkey(data + 1) != P256_SUCCESS) { return PSA_ERROR_INVALID_ARGUMENT; } @@ -136,7 +137,7 @@ psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attr return PSA_ERROR_BUFFER_TOO_SMALL; } - /* Output public key in the PSA export format */ + /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */ data[0] = PSA_PUBKEY_HEADER_BYTE; int ret = p256_public_from_private(data + 1, key_buffer); if (ret == P256_SUCCESS) { @@ -201,10 +202,9 @@ psa_status_t p256_transparent_key_agreement( return PSA_ERROR_BUFFER_TOO_SMALL; } - /* We add 1 to peer_key pointer to omit the leading byte of the public key - * representation (0x04). See information about PSA key formats at the top - * of the file. */ - int ret = p256_ecdh_shared_secret(shared_secret, key_buffer, peer_key + 1); + /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */ + const uint8_t peer_key_p256m = peer_key + 1; + int ret = p256_ecdh_shared_secret(shared_secret, key_buffer, peer_key_p256m); if (ret == P256_SUCCESS) { *shared_secret_length = SHARED_SECRET_SIZE; } @@ -263,11 +263,9 @@ static psa_status_t p256_verify_hash_with_public_key( return PSA_ERROR_INVALID_SIGNATURE; } - /* We add 1 to public_key_buffer pointer to omit the leading byte of the - * public key representation (0x04). See information about PSA key formats - * at the top of the file. */ - const uint8_t *public_key_buffer = key_buffer + 1; - int ret = p256_ecdsa_verify(signature, public_key_buffer, hash, hash_length); + /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */ + const uint8_t *public_key_p256m = key_buffer + 1; + int ret = p256_ecdsa_verify(signature, public_key_p256m, hash, hash_length); return p256_to_psa_error(ret); } From f25189473b24b50603926ab682eb5ceae20fd564 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 20 Sep 2023 09:42:55 +0200 Subject: [PATCH 328/350] Fix documentation of error codes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- 3rdparty/p256-m/p256-m_driver_entrypoints.h | 39 +++++++++++++-------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h index 42e51d975a..0e85237e5e 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.h +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h @@ -104,9 +104,10 @@ psa_status_t p256_transparent_export_public_key(const psa_key_attributes_t *attr * * \retval #PSA_SUCCESS * Success. Keypair generated and stored in buffer. - * \retval #PSA_ERROR_NOT_SUPPORTED - * \retval #PSA_ERROR_GENERIC_ERROR - * \retval #PSA_ERROR_INSUFFICIENT_MEMORY + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p key_buffer_size is too small. + * \retval #PSA_ERROR_GENERIC_ERROR + * The internal RNG failed. */ psa_status_t p256_transparent_generate_key( const psa_key_attributes_t *attributes, @@ -132,9 +133,12 @@ psa_status_t p256_transparent_generate_key( * bytes. * \param[out] shared_secret_length On success, the number of bytes that * make up the returned shared secret. - * \retval #PSA_SUCCESS - * Success. Shared secret successfully calculated. - * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_SUCCESS + * Success. Shared secret successfully calculated. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The input is invalid. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p shared_secret_size is too small. */ psa_status_t p256_transparent_key_agreement( const psa_key_attributes_t *attributes, @@ -163,10 +167,14 @@ psa_status_t p256_transparent_key_agreement( * \param[out] signature_length On success, the number of bytes * that make up the returned signature value. * - * \retval #PSA_SUCCESS + * \retval #PSA_SUCCESS * Success. Hash was signed successfully. - * respectively of the key. - * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The input is invalid. + * \retval #PSA_ERROR_BUFFER_TOO_SMALL + * \p signature_size is too small. + * \retval #PSA_ERROR_GENERIC_ERROR + * The internal RNG failed. */ psa_status_t p256_transparent_sign_hash( const psa_key_attributes_t *attributes, @@ -202,12 +210,13 @@ psa_status_t p256_transparent_sign_hash( * \param[in] signature Buffer containing the signature to verify. * \param[in] signature_length Size of the \p signature buffer in bytes. * - * \retval #PSA_SUCCESS - * The signature is valid. - * \retval #PSA_ERROR_INVALID_SIGNATURE - * The calculation was performed successfully, but the passed - * signature is not a valid signature. - * \retval #PSA_ERROR_NOT_SUPPORTED + * \retval #PSA_SUCCESS + * The signature is valid. + * \retval #PSA_ERROR_INVALID_SIGNATURE + * The calculation was performed successfully, but the passed + * signature is not a valid signature. + * \retval #PSA_ERROR_INVALID_ARGUMENT + * The input is invalid. */ psa_status_t p256_transparent_verify_hash( const psa_key_attributes_t *attributes, From edc8456e01fbaea5ae94ff9587a8014748374f2b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Sep 2023 15:03:18 +0200 Subject: [PATCH 329/350] Work around a race condition in parallel builds Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 12913b346b..350f298ec4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1749,6 +1749,9 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () { component_test_tls1_2_ecjpake_compatibility() { msg "build: TLS1.2 server+client w/ EC-JPAKE w/o USE_PSA" scripts/config.py set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + # Explicitly make lib first to avoid a race condition: + # https://github.com/Mbed-TLS/mbedtls/issues/8229 + make lib make -C programs ssl/ssl_server2 ssl/ssl_client2 cp programs/ssl/ssl_server2 s2_no_use_psa cp programs/ssl/ssl_client2 c2_no_use_psa @@ -1756,6 +1759,7 @@ component_test_tls1_2_ecjpake_compatibility() { msg "build: TLS1.2 server+client w/ EC-JPAKE w/ USE_PSA" scripts/config.py set MBEDTLS_USE_PSA_CRYPTO make clean + make lib make -C programs ssl/ssl_server2 ssl/ssl_client2 make -C programs test/udp_proxy test/query_compile_time_config From 3ec976c42c229b39858559ee45627a294293bebd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 20 Sep 2023 16:12:46 +0200 Subject: [PATCH 330/350] Fix typo in variable declaration MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- 3rdparty/p256-m/p256-m_driver_entrypoints.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c index bcbb651c7c..b2236e4877 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.c +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c @@ -203,7 +203,7 @@ psa_status_t p256_transparent_key_agreement( } /* See INFORMATION ON PSA KEY EXPORT FORMATS near top of file */ - const uint8_t peer_key_p256m = peer_key + 1; + const uint8_t *peer_key_p256m = peer_key + 1; int ret = p256_ecdh_shared_secret(shared_secret, key_buffer, peer_key_p256m); if (ret == P256_SUCCESS) { *shared_secret_length = SHARED_SECRET_SIZE; From efaee9a299081e2ec0cbd79d5e509611142d8cee Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Sep 2023 20:49:47 +0200 Subject: [PATCH 331/350] Give a production-sounding name to the p256m option Now that p256-m is officially a production feature and not just an example, give it a more suitable name. Signed-off-by: Gilles Peskine --- 3rdparty/CMakeLists.txt | 2 +- 3rdparty/p256-m/p256-m/p256-m.c | 2 +- 3rdparty/p256-m/p256-m_driver_entrypoints.c | 4 ++-- 3rdparty/p256-m/p256-m_driver_entrypoints.h | 4 ++-- ChangeLog.d/p256-m.txt | 2 +- docs/psa-driver-example-and-guide.md | 14 +++++++------- include/mbedtls/mbedtls_config.h | 2 +- library/psa_crypto_driver_wrappers.h | 4 ++-- scripts/config.py | 2 +- .../driver_jsons/p256_transparent_driver.json | 4 ++-- .../psa_crypto_driver_wrappers.c.jinja | 16 ++++++++-------- 11 files changed, 28 insertions(+), 28 deletions(-) diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt index 67db68da56..14a4674577 100644 --- a/3rdparty/CMakeLists.txt +++ b/3rdparty/CMakeLists.txt @@ -1,5 +1,5 @@ execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE everest_result) -execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED RESULT_VARIABLE p256m_result) +execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/mbedtls_config.h get MBEDTLS_PSA_P256M_DRIVER_ENABLED RESULT_VARIABLE p256m_result) if(${everest_result} EQUAL 0) add_subdirectory(everest) diff --git a/3rdparty/p256-m/p256-m/p256-m.c b/3rdparty/p256-m/p256-m/p256-m.c index 050ffa5c3f..3f878f758d 100644 --- a/3rdparty/p256-m/p256-m/p256-m.c +++ b/3rdparty/p256-m/p256-m/p256-m.c @@ -13,7 +13,7 @@ #include #include -#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) /* * Zeroize memory - this should not be optimized away diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.c b/3rdparty/p256-m/p256-m_driver_entrypoints.c index b2236e4877..7709301b62 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.c +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.c @@ -26,7 +26,7 @@ #include #include -#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) /* INFORMATION ON PSA KEY EXPORT FORMATS: * @@ -321,4 +321,4 @@ exit: return status; } -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ diff --git a/3rdparty/p256-m/p256-m_driver_entrypoints.h b/3rdparty/p256-m/p256-m_driver_entrypoints.h index a509ba94c8..d92a8f00b5 100644 --- a/3rdparty/p256-m/p256-m_driver_entrypoints.h +++ b/3rdparty/p256-m/p256-m_driver_entrypoints.h @@ -21,11 +21,11 @@ #ifndef P256M_DRIVER_ENTRYPOINTS_H #define P256M_DRIVER_ENTRYPOINTS_H -#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) #ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ #include "psa/crypto_types.h" diff --git a/ChangeLog.d/p256-m.txt b/ChangeLog.d/p256-m.txt index 0725488757..e473580527 100644 --- a/ChangeLog.d/p256-m.txt +++ b/ChangeLog.d/p256-m.txt @@ -2,4 +2,4 @@ Features * Applications using ECC over secp256r1 through the PSA API can use a new implementation with a much smaller footprint, but some minor usage restrictions. See the documentation of the new configuration - option MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED for details. + option MBEDTLS_PSA_P256M_DRIVER_ENABLED for details. diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md index 7fb70223d0..eb100d7028 100644 --- a/docs/psa-driver-example-and-guide.md +++ b/docs/psa-driver-example-and-guide.md @@ -140,23 +140,23 @@ This guide assumes you are building Mbed TLS from source alongside your project. [p256-m](https://github.com/mpg/p256-m) is a minimalistic implementation of ECDH and ECDSA on the NIST P-256 curve, specifically optimized for use in constrained 32-bit environments. It started out as an independent project and has been integrated in Mbed TLS as a PSA transparent driver. The source code of p256-m and the driver entry points is located in the Mbed TLS source tree under `3rdparty/p256-m`. In this section, we will look at how this integration was done. -The Mbed TLS build system includes the instructions needed to build p256-m. To build with and use p256-m, set the macro `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED` using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run: +The Mbed TLS build system includes the instructions needed to build p256-m. To build with and use p256-m, set the macro `MBEDTLS_PSA_P256M_DRIVER_ENABLED` using `config.py`, then build as usual using make/cmake. From the root of the `mbedtls/` directory, run: python3 scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG - python3 scripts/config.py set MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED + python3 scripts/config.py set MBEDTLS_PSA_P256M_DRIVER_ENABLED make -(You need extra steps if you want to disable the built-in implementation of ECC algorithms, which includes more features than p256-m. Refer to the documentation of `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED` for more information.) +(You need extra steps if you want to disable the built-in implementation of ECC algorithms, which includes more features than p256-m. Refer to the documentation of `MBEDTLS_PSA_P256M_DRIVER_ENABLED` for more information.) The driver prefix for p256-m is `P256`/`p256`. The p256-m driver implements four entry points: `generate_key`, `key_agreement`, `sign_hash`, `verify_hash`. There are no entry points for `sign_message` and `verify_message`, which are not necessary for a sign-and-hash algorithm. The core still implements these functions by doing the hashes and then calling the sign/verify-hash entry points. The driver entry point functions can be found in `p256m_driver_entrypoints.[hc]`. These functions act as an interface between Mbed TLS and p256-m; converting between PSA and p256-m argument formats and performing sanity checks. If the driver's status codes differ from PSA's, it is recommended to implement a status code translation function. The function `p256_to_psa_error()` converts error codes returned by p256-m into PSA error codes. -The driver wrapper functions in `psa_crypto_driver_wrappers.c.jinja` for all four entry points have also been modified. The code block below shows the additions made to `psa_driver_wrapper_sign_hash()`. In adherence to the defined process, all code related to the driver call is placed within a check for `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED`. p256-m only supports non-deterministic ECDSA using keys based on NIST P256; these constraints are enforced through checks (see the `if` statement). Checks that involve accessing key attributes, (e.g. checking key type or bits) **must** be performed in the driver wrapper. This is because this information is marked private and may not be accessed outside the library. Other checks can be performed here or in the entry point function. The status returned by the driver is propagated up the call hierarchy **unless** the driver does not support the operation (i.e. return `PSA_ERROR_NOT_SUPPORTED`). In that case the next available driver/built-in implementation is called. +The driver wrapper functions in `psa_crypto_driver_wrappers.c.jinja` for all four entry points have also been modified. The code block below shows the additions made to `psa_driver_wrapper_sign_hash()`. In adherence to the defined process, all code related to the driver call is placed within a check for `MBEDTLS_PSA_P256M_DRIVER_ENABLED`. p256-m only supports non-deterministic ECDSA using keys based on NIST P256; these constraints are enforced through checks (see the `if` statement). Checks that involve accessing key attributes, (e.g. checking key type or bits) **must** be performed in the driver wrapper. This is because this information is marked private and may not be accessed outside the library. Other checks can be performed here or in the entry point function. The status returned by the driver is propagated up the call hierarchy **unless** the driver does not support the operation (i.e. return `PSA_ERROR_NOT_SUPPORTED`). In that case the next available driver/built-in implementation is called. ``` -#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && @@ -175,6 +175,6 @@ The driver wrapper functions in `psa_crypto_driver_wrappers.c.jinja` for all fou if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); } -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ ``` -Following this, p256-m is now ready to use alongside Mbed TLS as a software accelerator. If `MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED` is set in the config, p256-m's implementations of key generation, ECDH, and ECDSA will be used where applicable. +Following this, p256-m is now ready to use alongside Mbed TLS as a software accelerator. If `MBEDTLS_PSA_P256M_DRIVER_ENABLED` is set in the config, p256-m's implementations of key generation, ECDH, and ECDSA will be used where applicable. diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index ce8395e603..52fab1f099 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -883,7 +883,7 @@ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. */ -//#define MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED +//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED /** * \def MBEDTLS_ECDSA_DETERMINISTIC diff --git a/library/psa_crypto_driver_wrappers.h b/library/psa_crypto_driver_wrappers.h index cf8fe696a9..0d20eaa66b 100644 --- a/library/psa_crypto_driver_wrappers.h +++ b/library/psa_crypto_driver_wrappers.h @@ -24,9 +24,9 @@ #include "psa/crypto.h" #include "psa/crypto_driver_common.h" -#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) #include "../3rdparty/p256-m/p256-m_driver_entrypoints.h" -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ /* * Initialization and termination functions diff --git a/scripts/config.py b/scripts/config.py index b7167d1c5e..17fbe653a3 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -206,7 +206,7 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature 'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature 'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum - 'MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA + 'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA 'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature 'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency 'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO diff --git a/scripts/data_files/driver_jsons/p256_transparent_driver.json b/scripts/data_files/driver_jsons/p256_transparent_driver.json index 97c11f97bd..7d2aabfb3a 100644 --- a/scripts/data_files/driver_jsons/p256_transparent_driver.json +++ b/scripts/data_files/driver_jsons/p256_transparent_driver.json @@ -1,11 +1,11 @@ { "prefix": "p256", "type": "transparent", - "mbedtls/h_condition": "defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)", + "mbedtls/h_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)", "headers": ["../3rdparty/p256-m/p256-m_driver_entrypoints.h"], "capabilities": [ { - "mbedtls/c_condition": "defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED)", + "mbedtls/c_condition": "defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED)", "_comment_entry_points": "This is not the complete list of entry points supported by this driver, only those that are currently supported in JSON. See docs/psa-driver-example-and-guide.md", "entry_points": ["import_key", "export_public_key"], "algorithms": ["PSA_ALG_ECDH", "PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)"], diff --git a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja index 1b52066259..63540617de 100644 --- a/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja +++ b/scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja @@ -317,7 +317,7 @@ psa_status_t psa_driver_wrapper_sign_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && @@ -336,7 +336,7 @@ psa_status_t psa_driver_wrapper_sign_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); } -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Fell through, meaning no accelerator supports this operation */ return( psa_sign_hash_builtin( attributes, @@ -421,7 +421,7 @@ psa_status_t psa_driver_wrapper_verify_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#if defined (MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined (MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_ALG_IS_ECDSA(alg) && !PSA_ALG_ECDSA_IS_DETERMINISTIC( alg ) && @@ -439,7 +439,7 @@ psa_status_t psa_driver_wrapper_verify_hash( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); } -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ return( psa_verify_hash_builtin( attributes, @@ -854,7 +854,7 @@ psa_status_t psa_driver_wrapper_generate_key( if( status != PSA_ERROR_NOT_SUPPORTED ) break; #endif /* PSA_CRYPTO_DRIVER_TEST */ -#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && attributes->core.type == PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1) && attributes->core.bits == 256 ) @@ -867,7 +867,7 @@ psa_status_t psa_driver_wrapper_generate_key( break; } -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ } #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ @@ -2806,7 +2806,7 @@ psa_status_t psa_driver_wrapper_key_agreement( if( status != PSA_ERROR_NOT_SUPPORTED ) return( status ); #endif /* PSA_CRYPTO_DRIVER_TEST */ -#if defined(MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED) +#if defined(MBEDTLS_PSA_P256M_DRIVER_ENABLED) if( PSA_KEY_TYPE_IS_ECC( attributes->core.type ) && PSA_ALG_IS_ECDH(alg) && PSA_KEY_TYPE_ECC_GET_FAMILY(attributes->core.type) == PSA_ECC_FAMILY_SECP_R1 && @@ -2824,7 +2824,7 @@ psa_status_t psa_driver_wrapper_key_agreement( if( status != PSA_ERROR_NOT_SUPPORTED) return( status ); } -#endif /* MBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED */ +#endif /* MBEDTLS_PSA_P256M_DRIVER_ENABLED */ #endif /* PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT */ /* Software Fallback */ From 08b66cd7d7124cf5437f4e5422f304e8cedac81d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Sep 2023 20:51:47 +0200 Subject: [PATCH 332/350] Move MBEDTLS_PSA_P256M_DRIVER_ENABLED to keep alphabetical order Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 60 ++++++++++++++++---------------- 1 file changed, 30 insertions(+), 30 deletions(-) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 52fab1f099..a2e10e1d14 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -855,36 +855,6 @@ */ //#define MBEDTLS_ECP_WITH_MPI_UINT -/** - * Uncomment to enable p256-m. This is an alternative implementation of - * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. - * Compared to the default implementation: - * - * - p256-m has a much smaller code size and RAM footprint. - * - p256-m is only available via the PSA API. This includes the pk module - * when #MBEDTLS_USE_PSA_CRYPTO is enabled. - * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols - * over the core arithmetic, or deterministic derivation of keys. - * - * We recommend enabling this option if your application uses the PSA API - * and the only elliptic curve support it needs is ECDH and ECDSA over - * SECP256R1. - * - * If you enable this option, you do not need to enable any ECC-related - * MBEDTLS_xxx option. You do need to separately request support for the - * cryptographic mechanisms through the PSA API: - * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based - * configuration; - * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS; - * - #PSA_WANT_ECC_SECP_R1_256; - * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed; - * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or - * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. - */ -//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED - /** * \def MBEDTLS_ECDSA_DETERMINISTIC * @@ -1446,6 +1416,36 @@ */ //#define MBEDTLS_PSA_CRYPTO_SPM +/** + * Uncomment to enable p256-m. This is an alternative implementation of + * key generation, ECDH and (randomized) ECDSA on the curve SECP256R1. + * Compared to the default implementation: + * + * - p256-m has a much smaller code size and RAM footprint. + * - p256-m is only available via the PSA API. This includes the pk module + * when #MBEDTLS_USE_PSA_CRYPTO is enabled. + * - p256-m does not support deterministic ECDSA, EC-JPAKE, custom protocols + * over the core arithmetic, or deterministic derivation of keys. + * + * We recommend enabling this option if your application uses the PSA API + * and the only elliptic curve support it needs is ECDH and ECDSA over + * SECP256R1. + * + * If you enable this option, you do not need to enable any ECC-related + * MBEDTLS_xxx option. You do need to separately request support for the + * cryptographic mechanisms through the PSA API: + * - #MBEDTLS_PSA_CRYPTO_C and #MBEDTLS_PSA_CRYPTO_CONFIG for PSA-based + * configuration; + * - #MBEDTLS_USE_PSA_CRYPTO if you want to use p256-m from PK, X.509 or TLS; + * - #PSA_WANT_ECC_SECP_R1_256; + * - #PSA_WANT_ALG_ECDH and/or #PSA_WANT_ALG_ECDSA as needed; + * - #PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY, #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or + * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. + */ +//#define MBEDTLS_PSA_P256M_DRIVER_ENABLED + /** * \def MBEDTLS_PSA_INJECT_ENTROPY * From 3aa79691fc8cc960123eacd519c2dfcd595404fb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Sep 2023 20:54:50 +0200 Subject: [PATCH 333/350] Add a note about p256m near the option to enable secp256r1 Only document it with the PSA configuration, not for MBEDTLS_ECP_DP_SECP256R1_ENABLED, since p256m can't be used with the classic API. Signed-off-by: Gilles Peskine --- include/psa/crypto_config.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h index 4e7a71e1d4..d34cbf3397 100644 --- a/include/psa/crypto_config.h +++ b/include/psa/crypto_config.h @@ -115,6 +115,8 @@ #define PSA_WANT_ECC_SECP_K1_256 1 #define PSA_WANT_ECC_SECP_R1_192 1 #define PSA_WANT_ECC_SECP_R1_224 1 +/* For secp256r1, consider enabling #MBEDTLS_PSA_P256M_DRIVER_ENABLED + * (see the description in mbedtls/mbedtls_config.h for details). */ #define PSA_WANT_ECC_SECP_R1_256 1 #define PSA_WANT_ECC_SECP_R1_384 1 #define PSA_WANT_ECC_SECP_R1_521 1 From 29d0bfba0d4e73699317d6cc03607e925a11623e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Sep 2023 23:11:33 +0200 Subject: [PATCH 334/350] Rename option where concatenated with -D Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4541b57470..22087831f3 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2953,7 +2953,7 @@ component_test_tfm_config_p256m_driver_accel_ec () { loc_accel_flags="$( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )" # Build crypto library specifying we want to use P256M code for EC operations - make CFLAGS="$ASAN_CFLAGS $loc_accel_flags -DMBEDTLS_P256M_EXAMPLE_DRIVER_ENABLED" LDFLAGS="$ASAN_CFLAGS" + make CFLAGS="$ASAN_CFLAGS $loc_accel_flags -DMBEDTLS_PSA_P256M_DRIVER_ENABLED" LDFLAGS="$ASAN_CFLAGS" # Make sure any built-in EC alg was not re-enabled by accident (additive config) not grep mbedtls_ecdsa_ library/ecdsa.o From 67cf66b4278273453f4efb68d7049b8ac0b7b6b3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Sep 2023 23:19:46 +0200 Subject: [PATCH 335/350] Add a note about the code size benefits We don't normally make promises related to code size, but this one is vague enough (just "to benefit"), and it's what a lot of users of this option care about. Signed-off-by: Gilles Peskine --- include/mbedtls/mbedtls_config.h | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index a2e10e1d14..e9354da5a4 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -1443,6 +1443,16 @@ * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT, * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT and/or * #PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE as needed. + * + * \note To genuinely benefit from the smaller code size of p256-m, make + * sure that you do not enable any ECC-related option that requires + * the built-in implementation of elliptic curve arithmetic. This + * means enabling #MBEDTLS_PSA_CRYPTO_C, #MBEDTLS_PSA_CRYPTO_CONFIG, + * #PSA_WANT_ECC_SECP_R1_256 and #MBEDTLS_PSA_P256M_DRIVER_ENABLED, + * plus any of the `PSA_WANT_ALG_xxx` and `PSA_WANT_KEY_TYPE_xxx` + * options listed above, and not enabling other ECC-related options + * through `PSA_WANT_xxx` or `MBEDTLS_xxx` (in particular, not + * enabling other curves or EC-JPAKE). */ //#define MBEDTLS_PSA_P256M_DRIVER_ENABLED From d3450da98d7af6acf10d9df850724d9ef9cbc0cc Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Mon, 11 Sep 2023 18:24:40 +0100 Subject: [PATCH 336/350] Re-order mbedtls_ccm_context Signed-off-by: Dave Rodgman --- include/mbedtls/ccm.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index a1f601ff64..e00e747dea 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -77,8 +77,6 @@ extern "C" { typedef struct mbedtls_ccm_context { unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working buffer */ unsigned char MBEDTLS_PRIVATE(ctr)[16]; /*!< The counter buffer */ - int MBEDTLS_PRIVATE(state); /*!< Working value holding context's - state. Used for chunked data input */ size_t MBEDTLS_PRIVATE(plaintext_len); /*!< Total plaintext length */ size_t MBEDTLS_PRIVATE(add_len); /*!< Total authentication data length */ size_t MBEDTLS_PRIVATE(tag_len); /*!< Total tag length */ @@ -95,6 +93,8 @@ typedef struct mbedtls_ccm_context { #MBEDTLS_CCM_STAR_ENCRYPT or #MBEDTLS_CCM_STAR_DECRYPT. */ mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher context used. */ + int MBEDTLS_PRIVATE(state); /*!< Working value holding context's + state. Used for chunked data input */ } mbedtls_ccm_context; From ef6795d2a99b80fbde796d3678e5a853e8fd3f1f Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Tue, 12 Sep 2023 14:42:46 +0100 Subject: [PATCH 337/350] Reduce size of mbedtls_asn1_get_len Signed-off-by: Dave Rodgman --- library/asn1parse.c | 53 ++++++++++----------------------------------- 1 file changed, 12 insertions(+), 41 deletions(-) diff --git a/library/asn1parse.c b/library/asn1parse.c index edc4c698ff..abdd0b1bd0 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -47,47 +47,18 @@ int mbedtls_asn1_get_len(unsigned char **p, if ((**p & 0x80) == 0) { *len = *(*p)++; } else { - switch (**p & 0x7F) { - case 1: - if ((end - *p) < 2) { - return MBEDTLS_ERR_ASN1_OUT_OF_DATA; - } - - *len = (*p)[1]; - (*p) += 2; - break; - - case 2: - if ((end - *p) < 3) { - return MBEDTLS_ERR_ASN1_OUT_OF_DATA; - } - - *len = ((size_t) (*p)[1] << 8) | (*p)[2]; - (*p) += 3; - break; - - case 3: - if ((end - *p) < 4) { - return MBEDTLS_ERR_ASN1_OUT_OF_DATA; - } - - *len = ((size_t) (*p)[1] << 16) | - ((size_t) (*p)[2] << 8) | (*p)[3]; - (*p) += 4; - break; - - case 4: - if ((end - *p) < 5) { - return MBEDTLS_ERR_ASN1_OUT_OF_DATA; - } - - *len = ((size_t) (*p)[1] << 24) | ((size_t) (*p)[2] << 16) | - ((size_t) (*p)[3] << 8) | (*p)[4]; - (*p) += 5; - break; - - default: - return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + int n = (**p) & 0x7F; + if (n == 0 || n > 4) { + return MBEDTLS_ERR_ASN1_INVALID_LENGTH; + } + if ((end - *p) <= n) { + return MBEDTLS_ERR_ASN1_OUT_OF_DATA; + } + *len = 0; + (*p)++; + while (n--) { + *len = (*len << 8) | **p; + (*p)++; } } From a15b4851d4945225c53bc4ef5d303cdcc51af053 Mon Sep 17 00:00:00 2001 From: correy <112426112@qq.com> Date: Thu, 21 Sep 2023 16:19:11 +0800 Subject: [PATCH 338/350] Fix MSVC error C4703 about possibly uninitialized variable in pkwrite.c Signed-off-by: correy <112426112@qq.com> --- library/pkwrite.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index eee64ab17b..a2b3e63f05 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -379,7 +379,7 @@ int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *key, unsigned char *bu #if defined(MBEDTLS_PK_HAVE_ECC_KEYS) mbedtls_ecp_group_id ec_grp_id = MBEDTLS_ECP_DP_NONE; #endif - const char *oid; + const char *oid = NULL; if (size == 0) { return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL; From 8d276fbc23c3a7e0571b023adc3acd26384d3216 Mon Sep 17 00:00:00 2001 From: Tom Cosgrove Date: Thu, 21 Sep 2023 17:13:51 +0100 Subject: [PATCH 339/350] Remove unused variable and unreachable return from mbedtls_pk_write_key_der() Signed-off-by: Tom Cosgrove --- library/pkwrite.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index eee64ab17b..6ed98bffeb 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -688,7 +688,6 @@ end_of_export: int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, size_t size) { unsigned char *c; - size_t len = 0; #if defined(MBEDTLS_RSA_C) int is_rsa_opaque = 0; #endif /* MBEDTLS_RSA_C */ @@ -733,8 +732,6 @@ int mbedtls_pk_write_key_der(const mbedtls_pk_context *key, unsigned char *buf, } else #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */ return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; - - return (int) len; } #if defined(MBEDTLS_PEM_WRITE_C) From 38c3228f3e3406e388a30394c0498a8dba4d6aef Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 22 Sep 2023 10:51:37 +0100 Subject: [PATCH 340/350] fix cast warning Signed-off-by: Dave Rodgman --- library/pkparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index fe01a1149b..83291c4c7c 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -737,7 +737,7 @@ static int pk_get_ecpubkey(unsigned char **p, const unsigned char *end, #endif /* MBEDTLS_PK_PARSE_EC_COMPRESSED */ } else { /* Uncompressed format */ - if ((end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) { + if ((size_t) (end - *p) > MBEDTLS_PK_MAX_EC_PUBKEY_RAW_LEN) { return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL; } memcpy(pk->pub_raw, *p, (end - *p)); From 84e8f1d618bcf2e2f3c537ca2a13efc66edcf1c3 Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 22 Sep 2023 17:40:18 +0100 Subject: [PATCH 341/350] Set MBEDTLS_MD_C Signed-off-by: Dave Rodgman --- .../tfm_mbedcrypto_config_profile_medium.h | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/tfm_mbedcrypto_config_profile_medium.h index b581f1f62a..41e3afe273 100644 --- a/configs/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/tfm_mbedcrypto_config_profile_medium.h @@ -407,6 +407,39 @@ */ #define MBEDTLS_HKDF_C /* Used for HUK deriviation */ +/** + * \def MBEDTLS_MD_C + * + * Enable the generic layer for message digest (hashing) and HMAC. + * + * Requires: one of: MBEDTLS_MD5_C, MBEDTLS_RIPEMD160_C, MBEDTLS_SHA1_C, + * MBEDTLS_SHA224_C, MBEDTLS_SHA256_C, MBEDTLS_SHA384_C, + * MBEDTLS_SHA512_C, or MBEDTLS_PSA_CRYPTO_C with at least + * one hash. + * Module: library/md.c + * Caller: library/constant_time.c + * library/ecdsa.c + * library/ecjpake.c + * library/hkdf.c + * library/hmac_drbg.c + * library/pk.c + * library/pkcs5.c + * library/pkcs12.c + * library/psa_crypto_ecp.c + * library/psa_crypto_rsa.c + * library/rsa.c + * library/ssl_cookie.c + * library/ssl_msg.c + * library/ssl_tls.c + * library/x509.c + * library/x509_crt.c + * library/x509write_crt.c + * library/x509write_csr.c + * + * Uncomment to enable generic message digest wrappers. + */ +#define MBEDTLS_MD_C + /** * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C * From 739d815b7f31f4ac78f113530cf0b553f2f6afbb Mon Sep 17 00:00:00 2001 From: Dave Rodgman Date: Fri, 22 Sep 2023 17:40:24 +0100 Subject: [PATCH 342/350] Remove PK options Signed-off-by: Dave Rodgman --- .../tfm_mbedcrypto_config_profile_medium.h | 39 ------------------- 1 file changed, 39 deletions(-) diff --git a/configs/tfm_mbedcrypto_config_profile_medium.h b/configs/tfm_mbedcrypto_config_profile_medium.h index 41e3afe273..88736b54bb 100644 --- a/configs/tfm_mbedcrypto_config_profile_medium.h +++ b/configs/tfm_mbedcrypto_config_profile_medium.h @@ -456,45 +456,6 @@ */ #define MBEDTLS_MEMORY_BUFFER_ALLOC_C -/** - * \def MBEDTLS_PK_C - * - * Enable the generic public (asymetric) key layer. - * - * Module: library/pk.c - * - * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C - * - * Uncomment to enable generic public key wrappers. - */ -#define MBEDTLS_PK_C - -/** - * \def MBEDTLS_PK_PARSE_C - * - * Enable the generic public (asymetric) key parser. - * - * Module: library/pkparse.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key parse functions. - */ -#define MBEDTLS_PK_PARSE_C - -/** - * \def MBEDTLS_PK_WRITE_C - * - * Enable the generic public (asymetric) key writer. - * - * Module: library/pkwrite.c - * - * Requires: MBEDTLS_PK_C - * - * Uncomment to enable generic public key write functions. - */ -#define MBEDTLS_PK_WRITE_C - /** * \def MBEDTLS_PLATFORM_C * From 645a5417472a9299434467eed31b08a7285c88bb Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 22 Sep 2023 17:46:35 +0100 Subject: [PATCH 343/350] Remove all travis builds except for coverity_scan Signed-off-by: Paul Elliott --- .travis.yml | 176 ++-------------------------------------------------- 1 file changed, 6 insertions(+), 170 deletions(-) diff --git a/.travis.yml b/.travis.yml index f411ec38a4..d020394195 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,185 +1,21 @@ # Declare python as our language. This way we get our chosen Python version, # and pip is available. Gcc and clang are available anyway. +distro: xenial +os: linux language: python python: 3.5 -sudo: false + cache: ccache -jobs: - include: - - name: basic checks and reference configurations - addons: - apt: - packages: - - gnutls-bin - - doxygen - - graphviz - - gcc-arm-none-eabi - - libnewlib-arm-none-eabi - - gcc-arm-linux-gnueabi - - libc6-dev-armel-cross - script: - - tests/scripts/all.sh -k 'check_*' - - tests/scripts/all.sh -k test_default_out_of_box - - tests/scripts/all.sh -k test_ref_configs - - tests/scripts/all.sh -k build_arm_linux_gnueabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus - - - name: full configuration - os: linux - dist: focal - addons: - apt: - packages: - - clang-10 - - gnutls-bin - env: - # Platform tests have an allocation that returns null - - ASAN_OPTIONS="allocator_may_return_null=1" - - MSAN_OPTIONS="allocator_may_return_null=1" - script: - # Do a manual build+test sequence rather than using all.sh, - # because there's no all.sh component that does what we want, - # which is a build with Clang >= 10 and ASan, running all the SSL - # testing. - # - The clang executable in the default PATH is Clang 7 on - # Travis's focal instances, but we want Clang >= 10. - # - Running all the SSL testing requires a specific set of - # OpenSSL and GnuTLS versions and we don't want to bother - # with those on Travis. - # So we explicitly select clang-10 as the compiler, and we - # have ad hoc restrictions on SSL testing based on what is - # passing at the time of writing. We will remove these limitations - # gradually. - - make generated_files - - make CC=clang-10 CFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all -O2' LDFLAGS='-Werror -Wall -Wextra -fsanitize=address,undefined -fno-sanitize-recover=all' - - make test - - programs/test/selftest - - tests/scripts/test_psa_constant_names.py - - tests/ssl-opt.sh - # Modern OpenSSL does not support null ciphers. - - tests/compat.sh -p OpenSSL -e 'NULL' - - tests/scripts/travis-log-failure.sh - # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it. - - tests/compat.sh -p GnuTLS -e 'CAMELLIA' - - tests/scripts/travis-log-failure.sh - - tests/context-info.sh - - - name: Windows - os: windows - # The language 'python' is currently unsupported on the - # Windows Build Environment. And 'generic' causes the job to get stuck - # on "Booting virtual machine". - language: c - before_install: - - choco install python --version=3.5.4 - env: - # Add the directory where the Choco packages go - - PATH=/c/Python35:/c/Python35/Scripts:$PATH - - PYTHON=python.exe - script: - - type perl; perl --version - - type python; python --version - - scripts/make_generated_files.bat - # Logs appear out of sequence on Windows. Give time to catch up. - - sleep 5 - - scripts/windows_msbuild.bat v141 # Visual Studio 2017 - - visualc/VS2013/x64/Release/selftest.exe - - - name: full configuration on arm64 - os: linux - dist: focal - arch: arm64 - addons: - apt: - packages: - - gcc - env: - # Platform tests have an allocation that returns null - - ASAN_OPTIONS="allocator_may_return_null=1" - - MSAN_OPTIONS="allocator_may_return_null=1" - script: - # Do a manual build+test sequence rather than using all.sh. - # - # On Arm64 host of Travis CI, the time of `test_full_cmake_*` exceeds - # limitation of Travis CI. Base on `test_full_cmake_*`, we removed - # `ssl-opt.sh` and GnuTLS compat.sh here to meet the time limitation. - - scripts/config.py full - - make generated_files - - make CFLAGS='-O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all' - - make test - - programs/test/selftest - - tests/scripts/test_psa_constant_names.py - # Modern OpenSSL does not support fixed ECDH or null ciphers. - - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH_' - - tests/scripts/travis-log-failure.sh - - tests/context-info.sh - - - name: full configuration(GnuTLS compat tests) on arm64 - os: linux - dist: focal - arch: arm64 - addons: - apt: - packages: - - clang - - gnutls-bin - env: - # Platform tests have an allocation that returns null - - ASAN_OPTIONS="allocator_may_return_null=1" - - MSAN_OPTIONS="allocator_may_return_null=1" - script: - # Do a manual build+test sequence rather than using all.sh. - # - # On Arm64 host of Travis CI, the time of `test_full_cmake_*` exceeds - # limitation of Travis CI. Base on `test_full_cmake_*`, we removed - # `ssl-opt.sh` and OpenSSl compat.sh here to meet the time limitation. - - scripts/config.py full - - make generated_files - - make CC=clang CFLAGS='-O3 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all' LDFLAGS='-Werror -fsanitize=address,undefined -fno-sanitize-recover=all' - # GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it. - - tests/compat.sh -p GnuTLS -e 'CAMELLIA' - - tests/scripts/travis-log-failure.sh - - tests/context-info.sh - - - name: Arm64 accelerators tests on arm64 host - os: linux - dist: focal - arch: arm64 - addons: - apt: - packages: - - gcc - script: - # Do a manual build+test sequence rather than using all.sh. - # - # This is arm64 host only test for no runtime detection case. Internal - # and Open CI do not include Arm64 host, and they check if components - # are be tested. As result, it will always fail on `pre-test-check` in - # them. - - scripts/config.py unset MBEDTLS_AESNI_C - - scripts/config.py unset MBEDTLS_PADLOCK_C - - scripts/config.py set MBEDTLS_AESCE_C - - scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY - - make generated_files - - make - - programs/test/selftest aes | grep "using AESCE" - - tests/context-info.sh - -after_failure: -- tests/scripts/travis-log-failure.sh +branches: + only: + coverity_scan env: global: - SEED=1 - secure: "GF/Fde5fkm15T/RNykrjrPV5Uh1KJ70cP308igL6Xkk3eJmqkkmWCe9JqRH12J3TeWw2fu9PYPHt6iFSg6jasgqysfUyg+W03knRT5QNn3h5eHgt36cQJiJr6t3whPrRaiM6U9omE0evm+c0cAwlkA3GGSMw8Z+na4EnKI6OFCo=" - -install: - - $PYTHON scripts/min_requirements.py - addons: - apt: - packages: - - gnutls-bin coverity_scan: project: name: "ARMmbed/mbedtls" From cc21ad441a222780f76e851c4a072adf12543007 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 22 Sep 2023 09:46:14 +0200 Subject: [PATCH 344/350] Add SHA-3 support to libtestdriver1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- .../crypto_config_test_driver_extension.h | 32 +++++++++++++++++++ tests/scripts/all.sh | 14 ++++++-- 2 files changed, 43 insertions(+), 3 deletions(-) diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h index 138327ae87..ef8c88a668 100644 --- a/tests/include/test/drivers/crypto_config_test_driver_extension.h +++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h @@ -152,6 +152,38 @@ #endif #endif +#if defined(PSA_WANT_ALG_SHA3_224) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_224 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA3_256) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_256 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA3_384) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_384 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384 1 +#endif +#endif + +#if defined(PSA_WANT_ALG_SHA3_512) +#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512) +#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_512 +#else +#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512 1 +#endif +#endif + #if defined(PSA_WANT_ALG_XTS) #if defined(MBEDTLS_PSA_ACCEL_ALG_XTS) #undef MBEDTLS_PSA_ACCEL_ALG_XTS diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 22087831f3..14c95f8839 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -3290,7 +3290,9 @@ component_test_new_psa_want_key_pair_symbol() { component_test_psa_crypto_config_accel_hash () { msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash" - loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ + ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ + ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" # Configure # --------- @@ -3306,6 +3308,7 @@ component_test_psa_crypto_config_accel_hash () { scripts/config.py unset MBEDTLS_SHA256_C scripts/config.py unset MBEDTLS_SHA384_C scripts/config.py unset MBEDTLS_SHA512_C + scripts/config.py unset MBEDTLS_SHA3_C # Build # ----- @@ -3334,7 +3337,9 @@ component_test_psa_crypto_config_accel_hash_keep_builtins () { # This component ensures that all the test cases for # md_psa_dynamic_dispatch with legacy+driver in test_suite_md are run. - loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ + ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ + ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" # Start from default config (no TLS 1.3, no USE_PSA) helper_libtestdriver1_adjust_config "default" @@ -3363,6 +3368,7 @@ config_psa_crypto_hash_use_psa () { scripts/config.py unset MBEDTLS_SHA384_C scripts/config.py unset MBEDTLS_SHA512_C scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT + scripts/config.py unset MBEDTLS_SHA3_C fi } @@ -3372,7 +3378,9 @@ config_psa_crypto_hash_use_psa () { component_test_psa_crypto_config_accel_hash_use_psa () { msg "test: full with accelerated hashes" - loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + loc_accel_list="ALG_MD5 ALG_RIPEMD160 ALG_SHA_1 \ + ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ + ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" # Configure # --------- From 1f61b7b8ea4a699e70979d754868d6fa0ba528e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 22 Sep 2023 10:15:22 +0200 Subject: [PATCH 345/350] Document driver-only hashes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/driver-only-hashes.txt | 3 ++- docs/driver-only-builds.md | 26 +++++++++++++++++++++++++- 2 files changed, 27 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/driver-only-hashes.txt b/ChangeLog.d/driver-only-hashes.txt index 4967bb187e..cd1e030d17 100644 --- a/ChangeLog.d/driver-only-hashes.txt +++ b/ChangeLog.d/driver-only-hashes.txt @@ -7,4 +7,5 @@ Features provided - these limitations are lifted in this version. A new set of feature macros, MBEDTLS_MD_CAN_xxx, has been introduced that can be used to check for availability of hash algorithms, regardless of whether - they're provided by a built-in implementation, a driver or both. + they're provided by a built-in implementation, a driver or both. See + docs/driver-only-builds.md. diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index 4e2d68f363..a20b24a264 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -71,7 +71,31 @@ you're interested in driver-only support for RSA, please let us know. Hashes ------ -TODO +If is possible to have all hash operations provided only by a driver. + +More precisely: +- you can enable `PSA_WANT_ALG_SHA_256` without `MBEDTLS_SHA256_C`, provided + you have `MBEDTLS_PSA_ACCEL_ALG_SHA_256` enabled; +- and similarly for all supported hash algorithms: `MD5`, `RIPEMD160`, + `SHA_1`, `SHA_224`, `SHA_256`, `SHA_384`, `SHA_512`, `SHA3_224`, `SHA3_256`, +`SHA3_384`, `SHA3_512`. + +In such a build, all crypto operations (via the PSA Crypto API, or non-PSA +APIs), as well as X.509 and TLS, will work as usual, except that direct calls +to low-level hash APIs (`mbedtls_sha256()` etc.) are not possible for the +modules that are disabled. + +You'll need to call `psa_crypto_init()` before any crypto operation that uses +a hash algorithm that's provided only by a driver, as mentioned in [General +considerations](#general-considerations) above. + +If you want to check at compile-time whether a certain hash algorithm is +available in the present build of Mbed TLS, regardless of whether it's +provided by a driver or built-in, you should use the following macros: +- for code that uses only the PSA Crypto API: `PSA_WANT_ALG_xxx` from + `psa/crypto.h`; +- for code that may also use non-PSA crypto APIs: `MBEDTLS_MD_CAN_xxx` from + `mbedtls/md.h`. Elliptic-curve cryptography (ECC) --------------------------------- From f4ceb16813277d570ea090892c73a35e9ee1cb5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 22 Sep 2023 11:30:27 +0200 Subject: [PATCH 346/350] Fix dependencies for SHA-3 MD dispatch tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_md.psa.data | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_md.psa.data b/tests/suites/test_suite_md.psa.data index cd24add46d..3ae787cbed 100644 --- a/tests/suites/test_suite_md.psa.data +++ b/tests/suites/test_suite_md.psa.data @@ -87,49 +87,49 @@ depends_on:MBEDTLS_SHA512_C:MBEDTLS_MD_SHA512_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA512:0:MBEDTLS_MD_ENGINE_PSA PSA dispatch SHA3-224 legacy only -depends_on:MBEDTLS_SHA3_224_C:!MBEDTLS_MD_SHA3_224_VIA_PSA +depends_on:MBEDTLS_SHA3_C:!MBEDTLS_MD_SHA3_224_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_224:0:MBEDTLS_MD_ENGINE_LEGACY PSA dispatch SHA3-224 driver only -depends_on:!MBEDTLS_SHA3_224_C:MBEDTLS_MD_SHA3_224_VIA_PSA +depends_on:!MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_224_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_224:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA PSA dispatch SHA3-224 legacy+driver -depends_on:MBEDTLS_SHA3_224_C:MBEDTLS_MD_SHA3_224_VIA_PSA +depends_on:MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_224_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_224:0:MBEDTLS_MD_ENGINE_PSA PSA dispatch SHA3-256 legacy only -depends_on:MBEDTLS_SHA3_256_C:!MBEDTLS_MD_SHA3_256_VIA_PSA +depends_on:MBEDTLS_SHA3_C:!MBEDTLS_MD_SHA3_256_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_256:0:MBEDTLS_MD_ENGINE_LEGACY PSA dispatch SHA3-256 driver only -depends_on:!MBEDTLS_SHA3_256_C:MBEDTLS_MD_SHA3_256_VIA_PSA +depends_on:!MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_256_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_256:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA PSA dispatch SHA3-256 legacy+driver -depends_on:MBEDTLS_SHA3_256_C:MBEDTLS_MD_SHA3_256_VIA_PSA +depends_on:MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_256_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_256:0:MBEDTLS_MD_ENGINE_PSA PSA dispatch SHA3-384 legacy only -depends_on:MBEDTLS_SHA3_384_C:!MBEDTLS_MD_SHA3_384_VIA_PSA +depends_on:MBEDTLS_SHA3_C:!MBEDTLS_MD_SHA3_384_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_384:0:MBEDTLS_MD_ENGINE_LEGACY PSA dispatch SHA3-384 driver only -depends_on:!MBEDTLS_SHA3_384_C:MBEDTLS_MD_SHA3_384_VIA_PSA +depends_on:!MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_384_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_384:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA PSA dispatch SHA3-384 legacy+driver -depends_on:MBEDTLS_SHA3_384_C:MBEDTLS_MD_SHA3_384_VIA_PSA +depends_on:MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_384_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_384:0:MBEDTLS_MD_ENGINE_PSA PSA dispatch SHA3-512 legacy only -depends_on:MBEDTLS_SHA3_512_C:!MBEDTLS_MD_SHA3_512_VIA_PSA +depends_on:MBEDTLS_SHA3_C:!MBEDTLS_MD_SHA3_512_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_512:0:MBEDTLS_MD_ENGINE_LEGACY PSA dispatch SHA3-512 driver only -depends_on:!MBEDTLS_SHA3_512_C:MBEDTLS_MD_SHA3_512_VIA_PSA +depends_on:!MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_512_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_512:MBEDTLS_ERR_MD_BAD_INPUT_DATA:MBEDTLS_MD_ENGINE_PSA PSA dispatch SHA3-512 legacy+driver -depends_on:MBEDTLS_SHA3_512_C:MBEDTLS_MD_SHA3_512_VIA_PSA +depends_on:MBEDTLS_SHA3_C:MBEDTLS_MD_SHA3_512_VIA_PSA md_psa_dynamic_dispatch:MBEDTLS_MD_SHA3_512:0:MBEDTLS_MD_ENGINE_PSA From e47c53eeab39b7e35d2b91f192c9b0bdaadb9876 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 23 Sep 2023 08:54:30 +0200 Subject: [PATCH 347/350] Fix SHA-3 in accel tests that need it MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Components that accelerate an algorithm that uses hashing internally (such as deterministic ECDSA and RSA-PSS) need the hash algorithms available in libtestdriver1. Previously, the omission of SHA-3 in tests/include/test/drivers/crypto_config_test_driver_extension.h meant it was enabled in libtestdriver1 when not requesting its acceleration, and disabled when requesting it. Adding it in a previous commit fixed the components that asked it accelerated, but broke the component that didn't ask for it but still needed it. Fix those components by explicitly requesting SHA-3 as we already do for the other hash algorithms that are require for the same reason. Note: this broke test_suite_psa_crypto_storage_format.v0 which is apparently the only place exercising signatures with SHA-3. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 14c95f8839..c85d4865ed 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2321,7 +2321,8 @@ component_test_psa_crypto_config_accel_ecdsa () { # ----- # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ + ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" @@ -2527,7 +2528,8 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () { # ----- # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ + ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" helper_libtestdriver1_make_main "$loc_accel_list" @@ -2629,8 +2631,9 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () { # ----- # Things we wanted supported in libtestdriver1, but not accelerated in the main library: - # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic. + loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ + ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" @@ -2806,8 +2809,9 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () { # ----- # Things we wanted supported in libtestdriver1, but not accelerated in the main library: - # SHA-1 and all SHA-2 variants, as they are used by ECDSA deterministic. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + # SHA-1 and all SHA-2/3 variants, as they are used by ECDSA deterministic. + loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ + ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" @@ -3052,7 +3056,8 @@ psa_crypto_config_accel_all_curves_except_one () { # ----- # These hashes are needed for some ECDSA signature tests. - loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ + ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" # (See above regarding loc_curve_list.) @@ -3219,7 +3224,8 @@ component_test_psa_crypto_config_accel_rsa_signature () { # ----- # These hashes are needed for some RSA-PSS signature tests. - loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512" + loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \ + ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512" helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list" helper_libtestdriver1_make_main "$loc_accel_list" From 030f11b0b18481b34d95cd9b8ca78d41f35c99d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Sat, 23 Sep 2023 09:02:42 +0200 Subject: [PATCH 348/350] Type fixes and wording improvements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- docs/driver-only-builds.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/driver-only-builds.md b/docs/driver-only-builds.md index a20b24a264..3b61329035 100644 --- a/docs/driver-only-builds.md +++ b/docs/driver-only-builds.md @@ -3,7 +3,7 @@ cryptographic mechanisms are provided only by PSA drivers (that is, no built-in implementation of those algorithms), from a user's perspective. This is useful to save code size for people who are using either a hardware -accelerator, or an alternative software implementation that's more +accelerator, or an alternative software implementation that is more aggressively optimized for code size than the default one in Mbed TLS. General considerations @@ -71,7 +71,7 @@ you're interested in driver-only support for RSA, please let us know. Hashes ------ -If is possible to have all hash operations provided only by a driver. +It is possible to have all hash operations provided only by a driver. More precisely: - you can enable `PSA_WANT_ALG_SHA_256` without `MBEDTLS_SHA256_C`, provided @@ -85,8 +85,8 @@ APIs), as well as X.509 and TLS, will work as usual, except that direct calls to low-level hash APIs (`mbedtls_sha256()` etc.) are not possible for the modules that are disabled. -You'll need to call `psa_crypto_init()` before any crypto operation that uses -a hash algorithm that's provided only by a driver, as mentioned in [General +You need to call `psa_crypto_init()` before any crypto operation that uses +a hash algorithm that is provided only by a driver, as mentioned in [General considerations](#general-considerations) above. If you want to check at compile-time whether a certain hash algorithm is @@ -94,7 +94,7 @@ available in the present build of Mbed TLS, regardless of whether it's provided by a driver or built-in, you should use the following macros: - for code that uses only the PSA Crypto API: `PSA_WANT_ALG_xxx` from `psa/crypto.h`; -- for code that may also use non-PSA crypto APIs: `MBEDTLS_MD_CAN_xxx` from +- for code that uses non-PSA crypto APIs: `MBEDTLS_MD_CAN_xxx` from `mbedtls/md.h`. Elliptic-curve cryptography (ECC) From 4fe1e8762dd2d60d89182b14c0a23c7cea0ea04e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 25 Sep 2023 10:05:23 +0200 Subject: [PATCH 349/350] Fix SHA-3 dependencies in test_suite_md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_md.data | 120 ++++++++++++++++---------------- 1 file changed, 60 insertions(+), 60 deletions(-) diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index 9b39e9f523..fb9b5effa0 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -37,19 +37,19 @@ depends_on:MBEDTLS_MD_CAN_SHA512 md_info:MBEDTLS_MD_SHA512:"SHA512":64 Information on SHA3-224 -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_224 md_info:MBEDTLS_MD_SHA3_224:"SHA3-224":28 Information on SHA3-256 -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_256 md_info:MBEDTLS_MD_SHA3_256:"SHA3-256":32 Information on SHA3-384 -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_384 md_info:MBEDTLS_MD_SHA3_384:"SHA3-384":48 Information on SHA3-512 -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_512 md_info:MBEDTLS_MD_SHA3_512:"SHA3-512":64 generic mbedtls_md5 Test vector RFC1321 #1 @@ -113,19 +113,19 @@ depends_on:MBEDTLS_MD_CAN_RIPEMD160 md_text:MBEDTLS_MD_RIPEMD160:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb" generic mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 8 -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_224 md_hex:MBEDTLS_MD_SHA3_224:"01":"488286d9d32716e5881ea1ee51f36d3660d70f0db03b3f612ce9eda4" generic mbedtls_sha3 SHA3-256 Test vector from CAVS 19.0 with Len = 8 -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_256 md_hex:MBEDTLS_MD_SHA3_256:"e9":"f0d04dd1e6cfc29a4460d521796852f25d9ef8d28b44ee91ff5b759d72c1e6d6" generic mbedtls_sha3 SHA3-384 Test vector from CAVS 19.0 with Len = 8 -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_384 md_hex:MBEDTLS_MD_SHA3_384:"80":"7541384852e10ff10d5fb6a7213a4a6c15ccc86d8bc1068ac04f69277142944f4ee50d91fdc56553db06b2f5039c8ab7" generic mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 8 -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_512 md_hex:MBEDTLS_MD_SHA3_512:"e5":"150240baf95fb36f8ccb87a19a41767e7aed95125075a2b2dbba6e565e1ce8575f2b042b62e29a04e9440314a821c6224182964d8b557b16a492b3806f4c39c1" generic HMAC-MD5 Hash File OpenSSL test #1 @@ -261,19 +261,19 @@ depends_on:MBEDTLS_MD_CAN_RIPEMD160 md_text_multi:MBEDTLS_MD_RIPEMD160:"12345678901234567890123456789012345678901234567890123456789012345678901234567890":"9b752e45573d4b39f4dbd3323cab82bf63326bfb" generic multi step mbedtls_sha3 SHA3-224 Test vector from CAVS 19.0 with Len = 48 -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_224 md_hex_multi:MBEDTLS_MD_SHA3_224:"e7183e4d89c9":"650618f3b945c07de85b8478d69609647d5e2a432c6b15fbb3db91e4" generic multi step mbedtls_sha3 SHA3-256 Test vector from CAVS 19.0 with Len = 48 -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_256 md_hex_multi:MBEDTLS_MD_SHA3_256:"e6fd42037f80":"2294f8d3834f24aa9037c431f8c233a66a57b23fa3de10530bbb6911f6e1850f" generic multi step mbedtls_sha3 SHA3-384 Test vector from CAVS 19.0 with Len = 48 -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_384 md_hex_multi:MBEDTLS_MD_SHA3_384:"5a6659e9f0e7":"21b1f3f63b907f968821185a7fe30b16d47e1d6ee5b9c80be68947854de7a8ef4a03a6b2e4ec96abdd4fa29ab9796f28" generic multi step mbedtls_sha3 SHA3-512 Test vector from CAVS 19.0 with Len = 48 -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_512 md_hex_multi:MBEDTLS_MD_SHA3_512:"71a986d2f662":"def6aac2b08c98d56a0501a8cb93f5b47d6322daf99e03255457c303326395f765576930f8571d89c01e727cc79c2d4497f85c45691b554e20da810c2bc865ef" generic multi step HMAC-MD5 Hash File OpenSSL test #1 @@ -525,67 +525,67 @@ depends_on:MBEDTLS_MD_CAN_SHA512 mbedtls_md_hmac:MBEDTLS_MD_SHA512:48:"8ab783d5acf32efa0d9c0a21abce955e96630d89":"17371e013dce839963d54418e97be4bd9fa3cb2a368a5220f5aa1b8aaddfa3bdefc91afe7c717244fd2fb640f5cb9d9bf3e25f7f0c8bc758883b89dcdce6d749d9672fed222277ece3e84b3ec01b96f70c125fcb3cbee6d19b8ef0873f915f173bdb05d81629ba187cc8ac1934b2f75952fb7616ae6bd812946df694bd2763af":"9ac7ca8d1aefc166b046e4cf7602ebe181a0e5055474bff5b342106731da0d7e48e4d87bc0a6f05871574289a1b099f8" HMAC-SHA3-224: NIST example #1: keylenblocklen -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_224 mbedtls_md_hmac:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59" HMAC-SHA3-224: NIST example #4: keylenblocklen -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_256 mbedtls_md_hmac:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258" HMAC-SHA3-256: NIST example #4: keylenblocklen -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_384 mbedtls_md_hmac:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091929394959697":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"e5ae4c739f455279368ebf36d4f5354c95aa184c899d3870e460ebc288ef1f9470053f73f7c6da2a71bcaec38ce7d6ac" HMAC-SHA3-384: NIST example #4: keylenblocklen -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_512 mbedtls_md_hmac:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915" HMAC-SHA3-512: NIST example #4: keylenblocklen -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_224 md_hmac_multi:MBEDTLS_MD_SHA3_224:28:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaab":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"078695eecc227c636ad31d063a15dd05a7e819a66ec6d8de1e193e59" HMAC-SHA3-224 multi-step: NIST example #4: keylenblocklen -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_256 md_hmac_multi:MBEDTLS_MD_SHA3_256:32:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"9bcf2c238e235c3ce88404e813bd2f3a97185ac6f238c63d6229a00b07974258" HMAC-SHA3-256 multi-step: NIST example #4: keylenblocklen -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_384 md_hmac_multi:MBEDTLS_MD_SHA3_384:48:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f9091929394959697":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"e5ae4c739f455279368ebf36d4f5354c95aa184c899d3870e460ebc288ef1f9470053f73f7c6da2a71bcaec38ce7d6ac" HMAC-SHA3-384 multi-step: NIST example #4: keylenblocklen -depends_on:MBEDTLS_SHA3_C +depends_on:MBEDTLS_MD_CAN_SHA3_512 md_hmac_multi:MBEDTLS_MD_SHA3_512:64:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384858687":"53616d706c65206d65737361676520666f72206b65796c656e3e626c6f636b6c656e":"5f464f5e5b7848e3885e49b2c385f0694985d0e38966242dc4a5fe3fea4b37d46b65ceced5dcf59438dd840bab22269f0ba7febdb9fcf74602a35666b2a32915" HMAC-SHA3-512 multi-step: NIST example #4: keylen Date: Mon, 25 Sep 2023 10:25:18 +0200 Subject: [PATCH 350/350] Set explicit version for the typing packages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Bence Szépkúti --- scripts/driver.requirements.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/driver.requirements.txt b/scripts/driver.requirements.txt index 9e26b3c1c4..7b002ec78d 100644 --- a/scripts/driver.requirements.txt +++ b/scripts/driver.requirements.txt @@ -14,6 +14,6 @@ markupsafe < 2.1 Jinja2 >= 2.10.1; python_version < '3.10' Jinja2 >= 2.10.3; python_version >= '3.10' # Jinja2 >=2.10, <3.0 needs a separate package for type annotations -types-Jinja2 +types-Jinja2 >= 2.11.9 jsonschema >= 3.2.0 -types-jsonschema +types-jsonschema >= 3.2.0