mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-25 00:39:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #4661 from mpg/make-blinding-mandatory

Browse Source 
Make blinding mandatory
This commit is contained in:
Manuel Pégourié-Gonnard 2021-06-18 18:32:13 +02:00 committed by GitHub
commit ae35830295
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
57 changed files with 572 additions and 618 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
ChangeLog.d/mandatory-rng-param.txt Normal file
View File

@ -0,0 +1,14 @@
API changes
* For all functions that take a random number generator (RNG) as a
parameter, this parameter is now mandatory (that is, NULL is not an
acceptable value). Functions which previously accepted NULL and now
reject it are: the X.509 CRT and CSR writing functions; the PK and RSA
sign and decrypt function; mbedtls_rsa_private(); the functions
in DHM and ECDH that compute the shared secret; the scalar multiplication
functions in ECP.
* The following functions now require an RNG parameter:
mbedtls_ecp_check_pub_priv(), mbedtls_pk_check_pair(),
mbedtls_pk_parse_key(), mbedtls_pk_parse_keyfile().
Removals
* The configuration option MBEDTLS_ECP_NO_INTERNAL_RNG has been removed as
it no longer had any effect.

1
ChangeLog.d/remove-rsa-mode-parameter.txt
View File

@ -6,4 +6,3 @@ API changes
decryption functions now always use the private key and verification and decryption functions now always use the private key and verification and
encryption use the public key. Verification functions also no longer have encryption use the public key. Verification functions also no longer have
RNG parameters. RNG parameters.
* The RNG is now mandatory for all private-key RSA operations.

40
docs/3.0-migration-guide.d/mandatory-rng-param.md Normal file
View File

@ -0,0 +1,40 @@
The RNG parameter is now mandatory for all functions that accept one
--------------------------------------------------------------------
This change affects all users who called a function accepting a `f_rng`
parameter with `NULL` as the value of this argument; this is no longer
supported.
The changed functions are: the X.509 CRT and CSR writing functions; the PK and
RSA sign and decrypt functions; `mbedtls_rsa_private()`; the functions in DHM
and ECDH that compute the shared secret; the scalar multiplication functions in
ECP.
You now need to pass a properly seeded, cryptographically secure RNG to all
functions that accept a `f_rng` parameter. It is of course still possible to
pass `NULL` as the context pointer `p_rng` if your RNG function doesn't need a
context.
Alternative implementations of a module (enabled with the `MBEDTLS_module_ALT`
configuration options) may have their own internal and are free to ignore the
`f_rng` argument but must allow users to pass one anyway.
Some functions gained an RNG parameter
--------------------------------------
This affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,
`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and
`mbedtls_pk_parse_keyfile()`.
You now need to pass a properly seeded, cryptographically secure RNG when
calling these functions. It is used for blinding, a counter-measure against
side-channel attacks.
The configuration option `MBEDTLS_ECP_NO_INTERNAL_RNG` was removed
------------------------------------------------------------------
This doesn't affect users of the default configuration; it only affects people
who were explicitly setting this option.
This was a trade-off between code size and counter-measures; it is no longer
relevant as the counter-measure is now always on at no cost in code size.

8
docs/3.0-migration-guide.d/remove-rsa-mode-parameter.md
View File

@ -19,11 +19,3 @@ RSA verification functions also no longer take random generator arguments (this
was only needed when using a private key). This affects all applications using was only needed when using a private key). This affects all applications using
the RSA verify functions. the RSA verify functions.
RNG is now mandatory in all RSA private key operations
------------------------------------------------------
The random generator is now mandatory for blinding in all RSA private-key
operations (`mbedtls_rsa_private`, `mbedtls_rsa_xxx_sign`,
`mbedtls_rsa_xxx_decrypt`) as well as for encryption
(`mbedtls_rsa_xxx_encrypt`). This means that passing a null `f_rng` is no longer
supported.

8
include/mbedtls/check_config.h
View File

@ -150,14 +150,6 @@
#error "MBEDTLS_ECP_C defined, but not all prerequisites" #error "MBEDTLS_ECP_C defined, but not all prerequisites"
#endif #endif
#if defined(MBEDTLS_ECP_C) && !( \
defined(MBEDTLS_ECP_ALT) || \
defined(MBEDTLS_CTR_DRBG_C) || \
defined(MBEDTLS_HMAC_DRBG_C) || \
defined(MBEDTLS_ECP_NO_INTERNAL_RNG))
#error "MBEDTLS_ECP_C requires a DRBG module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used"
#endif
#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites" #error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
#endif #endif

22
include/mbedtls/config.h
View File

@ -650,28 +650,6 @@
*/ */
#define MBEDTLS_ECP_NIST_OPTIM #define MBEDTLS_ECP_NIST_OPTIM
/**
* \def MBEDTLS_ECP_NO_INTERNAL_RNG
*
* When this option is disabled, mbedtls_ecp_mul() will make use of an
* internal RNG when called with a NULL \c f_rng argument, in order to protect
* against some side-channel attacks.
*
* This protection introduces a dependency of the ECP module on one of the
* DRBG modules. For very constrained implementations that don't require this
* protection (for example, because you're only doing signature verification,
* so not manipulating any secret, or because local/physical side-channel
* attacks are outside your threat model), it might be desirable to get rid of
* that dependency.
*
* \warning Enabling this option makes some uses of ECP vulnerable to some
* side-channel attacks. Only enable it if you know that's not a problem for
* your use case.
*
* Uncomment this macro to disable some counter-measures in ECP.
*/
//#define MBEDTLS_ECP_NO_INTERNAL_RNG
/** /**
* \def MBEDTLS_ECP_RESTARTABLE * \def MBEDTLS_ECP_RESTARTABLE
* *

8
include/mbedtls/dhm.h
View File

@ -279,10 +279,10 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
* \param output_size The size of the destination buffer. This must be at * \param output_size The size of the destination buffer. This must be at
* least the size of \c ctx->len (the size of \c P). * least the size of \c ctx->len (the size of \c P).
* \param olen On exit, holds the actual number of Bytes written. * \param olen On exit, holds the actual number of Bytes written.
* \param f_rng The RNG function, for blinding purposes. This may * \param f_rng The RNG function. Must not be \c NULL. Used for
* b \c NULL if blinding isn't needed. * blinding.
* \param p_rng The RNG context. This may be \c NULL if \p f_rng * \param p_rng The RNG context to be passed to \p f_rng. This may be
* doesn't need a context argument. * \c NULL if \p f_rng doesn't need a context parameter.
* *
* \return \c 0 on success. * \return \c 0 on success.
* \return An \c MBEDTLS_ERR_DHM_XXX error code on failure. * \return An \c MBEDTLS_ERR_DHM_XXX error code on failure.

8
include/mbedtls/ecdh.h
View File

@ -222,10 +222,7 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp
* This must be initialized. * This must be initialized.
* \param d Our secret exponent (private key). * \param d Our secret exponent (private key).
* This must be initialized. * This must be initialized.
* \param f_rng The RNG function. This may be \c NULL if randomization * \param f_rng The RNG function to use. This must not be \c NULL.
* of intermediate results during the ECP computations is
* not needed (discouraged). See the documentation of
* mbedtls_ecp_mul() for more.
* \param p_rng The RNG context to be passed to \p f_rng. This may be * \param p_rng The RNG context to be passed to \p f_rng. This may be
* \c NULL if \p f_rng is \c NULL or doesn't need a * \c NULL if \p f_rng is \c NULL or doesn't need a
* context argument. * context argument.
@ -428,8 +425,7 @@ int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
* \param buf The buffer to write the generated shared key to. This * \param buf The buffer to write the generated shared key to. This
* must be a writable buffer of size \p blen Bytes. * must be a writable buffer of size \p blen Bytes.
* \param blen The length of the destination buffer \p buf in Bytes. * \param blen The length of the destination buffer \p buf in Bytes.
* \param f_rng The RNG function, for blinding purposes. This may * \param f_rng The RNG function to use. This must not be \c NULL.
* b \c NULL if blinding isn't needed.
* \param p_rng The RNG context. This may be \c NULL if \p f_rng * \param p_rng The RNG context. This may be \c NULL if \p f_rng
* doesn't need a context argument. * doesn't need a context argument.
* *

31
include/mbedtls/ecp.h
View File

@ -911,15 +911,8 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
* \note To prevent timing attacks, this function * \note To prevent timing attacks, this function
* executes the exact same sequence of base-field * executes the exact same sequence of base-field
* operations for any valid \p m. It avoids any if-branch or * operations for any valid \p m. It avoids any if-branch or
* array index depending on the value of \p m. * array index depending on the value of \p m. If also uses
* * \p f_rng to randomize some intermediate results.
* \note If \p f_rng is not NULL, it is used to randomize
* intermediate results to prevent potential timing attacks
* targeting these results. We recommend always providing
* a non-NULL \p f_rng. The overhead is negligible.
* Note: unless #MBEDTLS_ECP_NO_INTERNAL_RNG is defined, when
* \p f_rng is NULL, an internal RNG (seeded from the value
* of \p m) will be used instead.
* *
* \param grp The ECP group to use. * \param grp The ECP group to use.
* This must be initialized and have group parameters * This must be initialized and have group parameters
@ -928,9 +921,9 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
* This must be initialized. * This must be initialized.
* \param m The integer by which to multiply. This must be initialized. * \param m The integer by which to multiply. This must be initialized.
* \param P The point to multiply. This must be initialized. * \param P The point to multiply. This must be initialized.
* \param f_rng The RNG function. This may be \c NULL if randomization * \param f_rng The RNG function. This must not be \c NULL.
* of intermediate results isn't desired (discouraged). * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
* \param p_rng The RNG context to be passed to \p p_rng. * NULL if \p f_rng doesn't need a context.
* *
* \return \c 0 on success. * \return \c 0 on success.
* \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private * \return #MBEDTLS_ERR_ECP_INVALID_KEY if \p m is not a valid private
@ -959,9 +952,9 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
* This must be initialized. * This must be initialized.
* \param m The integer by which to multiply. This must be initialized. * \param m The integer by which to multiply. This must be initialized.
* \param P The point to multiply. This must be initialized. * \param P The point to multiply. This must be initialized.
* \param f_rng The RNG function. This may be \c NULL if randomization * \param f_rng The RNG function. This must not be \c NULL.
* of intermediate results isn't desired (discouraged). * \param p_rng The RNG context to be passed to \p f_rng. This may be \c
* \param p_rng The RNG context to be passed to \p p_rng. * NULL if \p f_rng doesn't need a context.
* \param rs_ctx The restart context (NULL disables restart). * \param rs_ctx The restart context (NULL disables restart).
* *
* \return \c 0 on success. * \return \c 0 on success.
@ -1265,14 +1258,18 @@ int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key,
* part is ignored. * part is ignored.
* \param prv The keypair structure holding the full keypair. * \param prv The keypair structure holding the full keypair.
* This must be initialized. * This must be initialized.
* \param f_rng The RNG function. This must not be \c NULL.
* \param p_rng The RNG context to be passed to \p f_rng. This may be \c
* NULL if \p f_rng doesn't need a context.
* *
* \return \c 0 on success, meaning that the keys are valid and match. * \return \c 0 on success, meaning that the keys are valid and match.
* \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match. * \return #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the keys are invalid or do not match.
* \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX * \return An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
* error code on calculation failure. * error code on calculation failure.
*/ */
int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, int mbedtls_ecp_check_pub_priv(
const mbedtls_ecp_keypair *prv ); const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)

27
include/mbedtls/pk.h
View File

@ -498,7 +498,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
* given the key type. * given the key type.
* \param sig_len On successful return, * \param sig_len On successful return,
* the number of bytes written to \p sig. * the number of bytes written to \p sig.
* \param f_rng RNG function * \param f_rng RNG function, must not be \c NULL.
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
* \return 0 on success, or a specific error code. * \return 0 on success, or a specific error code.
@ -538,7 +538,7 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
* given the key type. * given the key type.
* \param sig_len On successful return, * \param sig_len On successful return,
* the number of bytes written to \p sig. * the number of bytes written to \p sig.
* \param f_rng RNG function * \param f_rng RNG function, must not be \c NULL.
* \param p_rng RNG parameter * \param p_rng RNG parameter
* \param rs_ctx Restart context (NULL to disable restart) * \param rs_ctx Restart context (NULL to disable restart)
* *
@ -563,7 +563,7 @@ int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
* \param output Decrypted output * \param output Decrypted output
* \param olen Decrypted message length * \param olen Decrypted message length
* \param osize Size of the output buffer * \param osize Size of the output buffer
* \param f_rng RNG function * \param f_rng RNG function, must not be \c NULL.
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
* \note For RSA keys, the default padding type is PKCS#1 v1.5. * \note For RSA keys, the default padding type is PKCS#1 v1.5.
@ -584,9 +584,11 @@ int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
* \param output Encrypted output * \param output Encrypted output
* \param olen Encrypted output length * \param olen Encrypted output length
* \param osize Size of the output buffer * \param osize Size of the output buffer
* \param f_rng RNG function * \param f_rng RNG function, must not be \c NULL.
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
* \note \p f_rng is used for padding generation.
*
* \note For RSA keys, the default padding type is PKCS#1 v1.5. * \note For RSA keys, the default padding type is PKCS#1 v1.5.
* *
* \return 0 on success, or a specific error code. * \return 0 on success, or a specific error code.
@ -601,6 +603,8 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
* *
* \param pub Context holding a public key. * \param pub Context holding a public key.
* \param prv Context holding a private (and public) key. * \param prv Context holding a private (and public) key.
* \param f_rng RNG function, must not be \c NULL.
* \param p_rng RNG parameter
* *
* \return \c 0 on success (keys were checked and match each other). * \return \c 0 on success (keys were checked and match each other).
* \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not * \return #MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE if the keys could not
@ -608,7 +612,10 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
* \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid. * \return #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
* \return Another non-zero value if the keys do not match. * \return Another non-zero value if the keys do not match.
*/ */
int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ); int mbedtls_pk_check_pair( const mbedtls_pk_context *pub,
const mbedtls_pk_context *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/** /**
* \brief Export debug information * \brief Export debug information
@ -660,6 +667,8 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
* The empty password is not supported. * The empty password is not supported.
* \param pwdlen Size of the password in bytes. * \param pwdlen Size of the password in bytes.
* Ignored if \p pwd is \c NULL. * Ignored if \p pwd is \c NULL.
* \param f_rng RNG function, must not be \c NULL. Used for blinding.
* \param p_rng RNG parameter
* *
* \note On entry, ctx must be empty, either freshly initialised * \note On entry, ctx must be empty, either freshly initialised
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@ -671,7 +680,8 @@ mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
*/ */
int mbedtls_pk_parse_key( mbedtls_pk_context *ctx, int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
const unsigned char *key, size_t keylen, const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen ); const unsigned char *pwd, size_t pwdlen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/** \ingroup pk_module */ /** \ingroup pk_module */
/** /**
@ -711,6 +721,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
* Pass a null-terminated string if expecting an encrypted * Pass a null-terminated string if expecting an encrypted
* key; a non-encrypted key will also be accepted. * key; a non-encrypted key will also be accepted.
* The empty password is not supported. * The empty password is not supported.
* \param f_rng RNG function, must not be \c NULL. Used for blinding.
* \param p_rng RNG parameter
* *
* \note On entry, ctx must be empty, either freshly initialised * \note On entry, ctx must be empty, either freshly initialised
* with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a * with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
@ -721,7 +733,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
* \return 0 if successful, or a specific PK or PEM error code * \return 0 if successful, or a specific PK or PEM error code
*/ */
int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
const char *path, const char *password ); const char *path, const char *password,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
/** \ingroup pk_module */ /** \ingroup pk_module */
/** /**

2
include/mbedtls/ssl.h
View File

@ -1535,7 +1535,7 @@ void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
* \brief Set the random number generator callback * \brief Set the random number generator callback
* *
* \param conf SSL configuration * \param conf SSL configuration
* \param f_rng RNG function * \param f_rng RNG function (mandatory)
* \param p_rng RNG parameter * \param p_rng RNG parameter
*/ */
void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf, void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,

2
include/mbedtls/ssl_ticket.h
View File

@ -90,7 +90,7 @@ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
* \brief Prepare context to be actually used * \brief Prepare context to be actually used
* *
* \param ctx Context to be set up * \param ctx Context to be set up
* \param f_rng RNG callback function * \param f_rng RNG callback function (mandatory)
* \param p_rng RNG callback context * \param p_rng RNG callback context
* \param cipher AEAD cipher to use for ticket protection. * \param cipher AEAD cipher to use for ticket protection.
* Recommended value: MBEDTLS_CIPHER_AES_256_GCM. * Recommended value: MBEDTLS_CIPHER_AES_256_GCM.

14
include/mbedtls/x509_crt.h
View File

@ -1108,16 +1108,13 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
* \param ctx certificate to write away * \param ctx certificate to write away
* \param buf buffer to write to * \param buf buffer to write to
* \param size size of the buffer * \param size size of the buffer
* \param f_rng RNG function (for signature, see note) * \param f_rng RNG function. This must not be \c NULL.
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
* \return length of data written if successful, or a specific * \return length of data written if successful, or a specific
* error code * error code
* *
* \note f_rng may be NULL if RSA is used for signature and the * \note \p f_rng is used for the signature operation.
* signature is made offline (otherwise f_rng is desirable
* for countermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/ */
int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
@ -1130,15 +1127,12 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf,
* \param ctx certificate to write away * \param ctx certificate to write away
* \param buf buffer to write to * \param buf buffer to write to
* \param size size of the buffer * \param size size of the buffer
* \param f_rng RNG function (for signature, see note) * \param f_rng RNG function. This must not be \c NULL.
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
* \return 0 if successful, or a specific error code * \return 0 if successful, or a specific error code
* *
* \note f_rng may be NULL if RSA is used for signature and the * \note \p f_rng is used for the signature operation.
* signature is made offline (otherwise f_rng is desirable
* for countermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/ */
int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size, int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),

14
include/mbedtls/x509_csr.h
View File

@ -264,16 +264,13 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx );
* \param ctx CSR to write away * \param ctx CSR to write away
* \param buf buffer to write to * \param buf buffer to write to
* \param size size of the buffer * \param size size of the buffer
* \param f_rng RNG function (for signature, see note) * \param f_rng RNG function. This must not be \c NULL.
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
* \return length of data written if successful, or a specific * \return length of data written if successful, or a specific
* error code * error code
* *
* \note f_rng may be NULL if RSA is used for signature and the * \note \p f_rng is used for the signature operation.
* signature is made offline (otherwise f_rng is desirable
* for countermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/ */
int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
@ -287,15 +284,12 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s
* \param ctx CSR to write away * \param ctx CSR to write away
* \param buf buffer to write to * \param buf buffer to write to
* \param size size of the buffer * \param size size of the buffer
* \param f_rng RNG function (for signature, see note) * \param f_rng RNG function. This must not be \c NULL.
* \param p_rng RNG parameter * \param p_rng RNG parameter
* *
* \return 0 if successful, or a specific error code * \return 0 if successful, or a specific error code
* *
* \note f_rng may be NULL if RSA is used for signature and the * \note \p f_rng is used for the signature operation.
* signature is made offline (otherwise f_rng is desirable
* for countermeasures against timing attacks).
* ECDSA signatures always require a non-NULL f_rng.
*/ */
int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),

11
library/dhm.c
View File

@ -444,6 +444,9 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
DHM_VALIDATE_RET( output != NULL ); DHM_VALIDATE_RET( output != NULL );
DHM_VALIDATE_RET( olen != NULL ); DHM_VALIDATE_RET( olen != NULL );
if( f_rng == NULL )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( output_size < mbedtls_dhm_get_len( ctx ) ) if( output_size < mbedtls_dhm_get_len( ctx ) )
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
@ -453,25 +456,17 @@ int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
mbedtls_mpi_init( &GYb ); mbedtls_mpi_init( &GYb );
/* Blind peer's value */ /* Blind peer's value */
if( f_rng != NULL )
{
MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( dhm_update_blinding( ctx, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &GYb, &ctx->GY, &ctx->Vi ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &GYb, &GYb, &ctx->P ) );
}
else
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &GYb, &ctx->GY ) );
/* Do modular exponentiation */ /* Do modular exponentiation */
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->K, &GYb, &ctx->X, MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &ctx->K, &GYb, &ctx->X,
&ctx->P, &ctx->RP ) ); &ctx->P, &ctx->RP ) );
/* Unblind secret value */ /* Unblind secret value */
if( f_rng != NULL )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &ctx->K, &ctx->K, &ctx->Vf ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->K, &ctx->K, &ctx->P ) );
}
/* Output the secret without any leading zero byte. This is mandatory /* Output the secret without any leading zero byte. This is mandatory
* for TLS per RFC 5246 §8.1.2. */ * for TLS per RFC 5246 §8.1.2. */

26
library/ecjpake.c
View File

@ -962,6 +962,28 @@ static const unsigned char ecjpake_test_pms[] = {
0xb4, 0x38, 0xf7, 0x19, 0xd3, 0xc4, 0xf3, 0x51 0xb4, 0x38, 0xf7, 0x19, 0xd3, 0xc4, 0xf3, 0x51
}; };
/*
* PRNG for test - !!!INSECURE NEVER USE IN PRODUCTION!!!
*
* This is the linear congruential generator from numerical recipes,
* except we only use the low byte as the output. See
* https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use
*/
static int self_test_rng( void *ctx, unsigned char *out, size_t len )
{
static uint32_t state = 42;
(void) ctx;
for( size_t i = 0; i < len; i++ )
{
state = state * 1664525u + 1013904223u;
out[i] = (unsigned char) state;
}
return( 0 );
}
/* Load my private keys and generate the corresponding public keys */ /* Load my private keys and generate the corresponding public keys */
static int ecjpake_test_load( mbedtls_ecjpake_context *ctx, static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
const unsigned char *xm1, size_t len1, const unsigned char *xm1, size_t len1,
@ -972,9 +994,9 @@ static int ecjpake_test_load( mbedtls_ecjpake_context *ctx,
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm1, xm1, len1 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->xm2, xm2, len2 ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1, MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm1, &ctx->xm1,
&ctx->grp.G, NULL, NULL ) ); &ctx->grp.G, self_test_rng, NULL ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2, MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &ctx->grp, &ctx->Xm2, &ctx->xm2,
&ctx->grp.G, NULL, NULL ) ); &ctx->grp.G, self_test_rng, NULL ) );
cleanup: cleanup:
return( ret ); return( ret );

290
library/ecp.c
View File

@ -101,16 +101,6 @@
#include "ecp_internal_alt.h" #include "ecp_internal_alt.h"
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
#if defined(MBEDTLS_HMAC_DRBG_C)
#include "mbedtls/hmac_drbg.h"
#elif defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/ctr_drbg.h"
#else
#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
#endif
#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus) !defined(inline) && !defined(__cplusplus)
#define inline __inline #define inline __inline
@ -124,144 +114,6 @@
static unsigned long add_count, dbl_count, mul_count; static unsigned long add_count, dbl_count, mul_count;
#endif #endif
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
/*
* Currently ecp_mul() takes a RNG function as an argument, used for
* side-channel protection, but it can be NULL. The initial reasoning was
* that people will pass non-NULL RNG when they care about side-channels, but
* unfortunately we have some APIs that call ecp_mul() with a NULL RNG, with
* no opportunity for the user to do anything about it.
*
* The obvious strategies for addressing that include:
* - change those APIs so that they take RNG arguments;
* - require a global RNG to be available to all crypto modules.
*
* Unfortunately those would break compatibility. So what we do instead is
* have our own internal DRBG instance, seeded from the secret scalar.
*
* The following is a light-weight abstraction layer for doing that with
* HMAC_DRBG (first choice) or CTR_DRBG.
*/
#if defined(MBEDTLS_HMAC_DRBG_C)
/* DRBG context type */
typedef mbedtls_hmac_drbg_context ecp_drbg_context;
/* DRBG context init */
static inline void ecp_drbg_init( ecp_drbg_context *ctx )
{
mbedtls_hmac_drbg_init( ctx );
}
/* DRBG context free */
static inline void ecp_drbg_free( ecp_drbg_context *ctx )
{
mbedtls_hmac_drbg_free( ctx );
}
/* DRBG function */
static inline int ecp_drbg_random( void *p_rng,
unsigned char *output, size_t output_len )
{
return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) );
}
/* DRBG context seeding */
static int ecp_drbg_seed( ecp_drbg_context *ctx,
const mbedtls_mpi *secret, size_t secret_len )
{
int ret;
unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
/* The list starts with strong hashes */
const mbedtls_md_type_t md_type = mbedtls_md_list()[0];
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type );
if( secret_len > MBEDTLS_ECP_MAX_BYTES )
{
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret,
secret_bytes, secret_len ) );
ret = mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_bytes, secret_len );
cleanup:
mbedtls_platform_zeroize( secret_bytes, secret_len );
return( ret );
}
#elif defined(MBEDTLS_CTR_DRBG_C)
/* DRBG context type */
typedef mbedtls_ctr_drbg_context ecp_drbg_context;
/* DRBG context init */
static inline void ecp_drbg_init( ecp_drbg_context *ctx )
{
mbedtls_ctr_drbg_init( ctx );
}
/* DRBG context free */
static inline void ecp_drbg_free( ecp_drbg_context *ctx )
{
mbedtls_ctr_drbg_free( ctx );
}
/* DRBG function */
static inline int ecp_drbg_random( void *p_rng,
unsigned char *output, size_t output_len )
{
return( mbedtls_ctr_drbg_random( p_rng, output, output_len ) );
}
/*
* Since CTR_DRBG doesn't have a seed_buf() function the way HMAC_DRBG does,
* we need to pass an entropy function when seeding. So we use a dummy
* function for that, and pass the actual entropy as customisation string.
* (During seeding of CTR_DRBG the entropy input and customisation string are
* concatenated before being used to update the secret state.)
*/
static int ecp_ctr_drbg_null_entropy(void *ctx, unsigned char *out, size_t len)
{
(void) ctx;
memset( out, 0, len );
return( 0 );
}
/* DRBG context seeding */
static int ecp_drbg_seed( ecp_drbg_context *ctx,
const mbedtls_mpi *secret, size_t secret_len )
{
int ret;
unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
if( secret_len > MBEDTLS_ECP_MAX_BYTES )
{
ret = MBEDTLS_ERR_ECP_RANDOM_FAILED;
goto cleanup;
}
MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret,
secret_bytes, secret_len ) );
ret = mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL,
secret_bytes, secret_len );
cleanup:
mbedtls_platform_zeroize( secret_bytes, secret_len );
return( ret );
}
#else
#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid."
#endif /* DRBG modules */
#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
/* /*
* Maximum number of "basic operations" to be done in a row. * Maximum number of "basic operations" to be done in a row.
@ -309,10 +161,6 @@ struct mbedtls_ecp_restart_mul
ecp_rsm_comb_core, /* ecp_mul_comb_core() */ ecp_rsm_comb_core, /* ecp_mul_comb_core() */
ecp_rsm_final_norm, /* do the final normalization */ ecp_rsm_final_norm, /* do the final normalization */
} state; } state;
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_context drbg_ctx;
unsigned char drbg_seeded;
#endif
}; };
/* /*
@ -325,10 +173,6 @@ static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx )
ctx->T = NULL; ctx->T = NULL;
ctx->T_size = 0; ctx->T_size = 0;
ctx->state = ecp_rsm_init; ctx->state = ecp_rsm_init;
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_init( &ctx->drbg_ctx );
ctx->drbg_seeded = 0;
#endif
} }
/* /*
@ -350,10 +194,6 @@ static void ecp_restart_rsm_free( mbedtls_ecp_restart_mul_ctx *ctx )
mbedtls_free( ctx->T ); mbedtls_free( ctx->T );
} }
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_free( &ctx->drbg_ctx );
#endif
ecp_restart_rsm_init( ctx ); ecp_restart_rsm_init( ctx );
} }
@ -2068,9 +1908,7 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R
i = d; i = d;
MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) ); MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) );
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != 0 ) if( f_rng != 0 )
#endif
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) );
} }
@ -2204,9 +2042,7 @@ final_norm:
* *
* Avoid the leak by randomizing coordinates before we normalize them. * Avoid the leak by randomizing coordinates before we normalize them.
*/ */
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != 0 ) if( f_rng != 0 )
#endif
MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) );
@ -2286,42 +2122,9 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
size_t d; size_t d;
unsigned char T_size = 0, T_ok = 0; unsigned char T_size = 0, T_ok = 0;
mbedtls_ecp_point *T = NULL; mbedtls_ecp_point *T = NULL;
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_context drbg_ctx;
ecp_drbg_init( &drbg_ctx );
#endif
ECP_RS_ENTER( rsm ); ECP_RS_ENTER( rsm );
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng == NULL )
{
/* Adjust pointers */
f_rng = &ecp_drbg_random;
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->rsm != NULL )
p_rng = &rs_ctx->rsm->drbg_ctx;
else
#endif
p_rng = &drbg_ctx;
/* Initialize internal DRBG if necessary */
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx == NULL || rs_ctx->rsm == NULL ||
rs_ctx->rsm->drbg_seeded == 0 )
#endif
{
const size_t m_len = ( grp->nbits + 7 ) / 8;
MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m, m_len ) );
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
if( rs_ctx != NULL && rs_ctx->rsm != NULL )
rs_ctx->rsm->drbg_seeded = 1;
#endif
}
#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
/* Is P the base point ? */ /* Is P the base point ? */
#if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1
p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
@ -2393,10 +2196,6 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
cleanup: cleanup:
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_free( &drbg_ctx );
#endif
/* does T belong to the group? */ /* does T belong to the group? */
if( T == grp->T ) if( T == grp->T )
T = NULL; T = NULL;
@ -2583,22 +2382,10 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
unsigned char b; unsigned char b;
mbedtls_ecp_point RP; mbedtls_ecp_point RP;
mbedtls_mpi PX; mbedtls_mpi PX;
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_context drbg_ctx;
ecp_drbg_init( &drbg_ctx );
#endif
mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX ); mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX );
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng == NULL ) if( f_rng == NULL )
{ return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
const size_t m_len = ( grp->nbits + 7 ) / 8;
MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m, m_len ) );
f_rng = &ecp_drbg_random;
p_rng = &drbg_ctx;
}
#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */
/* Save PX and read from P before writing to R, in case P == R */ /* Save PX and read from P before writing to R, in case P == R */
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) );
@ -2613,9 +2400,6 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
MOD_ADD( RP.X ); MOD_ADD( RP.X );
/* Randomize coordinates of the starting point */ /* Randomize coordinates of the starting point */
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != NULL )
#endif
MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) );
/* Loop invariant: R = result so far, RP = R + P */ /* Loop invariant: R = result so far, RP = R + P */
@ -2648,18 +2432,10 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
* *
* Avoid the leak by randomizing coordinates before we normalize them. * Avoid the leak by randomizing coordinates before we normalize them.
*/ */
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
if( f_rng != NULL )
#endif
MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) );
cleanup: cleanup:
#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
ecp_drbg_free( &drbg_ctx );
#endif
mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX ); mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX );
return( ret ); return( ret );
@ -2669,8 +2445,11 @@ cleanup:
/* /*
* Restartable multiplication R = m * P * Restartable multiplication R = m * P
*
* This internal function can be called without an RNG in case where we know
* the inputs are not sensitive.
*/ */
int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, static int ecp_mul_restartable_internal( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P, const mbedtls_mpi *m, const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx ) mbedtls_ecp_restart_ctx *rs_ctx )
@ -2679,10 +2458,6 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
#if defined(MBEDTLS_ECP_INTERNAL_ALT) #if defined(MBEDTLS_ECP_INTERNAL_ALT)
char is_grp_capable = 0; char is_grp_capable = 0;
#endif #endif
ECP_VALIDATE_RET( grp != NULL );
ECP_VALIDATE_RET( R != NULL );
ECP_VALIDATE_RET( m != NULL );
ECP_VALIDATE_RET( P != NULL );
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
/* reset ops count for this call if top-level */ /* reset ops count for this call if top-level */
@ -2735,6 +2510,25 @@ cleanup:
return( ret ); return( ret );
} }
/*
* Restartable multiplication R = m * P
*/
int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_ecp_restart_ctx *rs_ctx )
{
ECP_VALIDATE_RET( grp != NULL );
ECP_VALIDATE_RET( R != NULL );
ECP_VALIDATE_RET( m != NULL );
ECP_VALIDATE_RET( P != NULL );
if( f_rng == NULL )
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
return( ecp_mul_restartable_internal( grp, R, m, P, f_rng, p_rng, rs_ctx ) );
}
/* /*
* Multiplication R = m * P * Multiplication R = m * P
*/ */
@ -2828,7 +2622,7 @@ static int mbedtls_ecp_mul_shortcuts( mbedtls_ecp_group *grp,
} }
else else
{ {
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_restartable( grp, R, m, P, MBEDTLS_MPI_CHK( ecp_mul_restartable_internal( grp, R, m, P,
NULL, NULL, rs_ctx ) ); NULL, NULL, rs_ctx ) );
} }
@ -3272,7 +3066,9 @@ cleanup:
/* /*
* Check a public-private key pair * Check a public-private key pair
*/ */
int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv ) int mbedtls_ecp_check_pub_priv(
const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_ecp_point Q; mbedtls_ecp_point Q;
@ -3296,7 +3092,7 @@ int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ec
mbedtls_ecp_group_copy( &grp, &prv->grp ); mbedtls_ecp_group_copy( &grp, &prv->grp );
/* Also checks d is valid */ /* Also checks d is valid */
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, f_rng, p_rng ) );
if( mbedtls_mpi_cmp_mpi( &Q.X, &prv->Q.X ) || if( mbedtls_mpi_cmp_mpi( &Q.X, &prv->Q.X ) ||
mbedtls_mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) || mbedtls_mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) ||
@ -3315,6 +3111,28 @@ cleanup:
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)
/*
* PRNG for test - !!!INSECURE NEVER USE IN PRODUCTION!!!
*
* This is the linear congruential generator from numerical recipes,
* except we only use the low byte as the output. See
* https://en.wikipedia.org/wiki/Linear_congruential_generator#Parameters_in_common_use
*/
static int self_test_rng( void *ctx, unsigned char *out, size_t len )
{
static uint32_t state = 42;
(void) ctx;
for( size_t i = 0; i < len; i++ )
{
state = state * 1664525u + 1013904223u;
out[i] = (unsigned char) state;
}
return( 0 );
}
/* Adjust the exponent to be a valid private point for the specified curve. /* Adjust the exponent to be a valid private point for the specified curve.
* This is sometimes necessary because we use a single set of exponents * This is sometimes necessary because we use a single set of exponents
* for all curves but the validity of values depends on the curve. */ * for all curves but the validity of values depends on the curve. */
@ -3370,7 +3188,7 @@ static int self_test_point( int verbose,
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[0] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[0] ) );
MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) ); MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, self_test_rng, NULL ) );
for( i = 1; i < n_exponents; i++ ) for( i = 1; i < n_exponents; i++ )
{ {
@ -3383,7 +3201,7 @@ static int self_test_point( int verbose,
MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[i] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( m, 16, exponents[i] ) );
MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) ); MBEDTLS_MPI_CHK( self_test_adjust_exponent( grp, m ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, NULL, NULL ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_mul( grp, R, m, P, self_test_rng, NULL ) );
if( add_count != add_c_prev || if( add_count != add_c_prev ||
dbl_count != dbl_c_prev || dbl_count != dbl_c_prev ||
@ -3461,7 +3279,7 @@ int mbedtls_ecp_self_test( int verbose )
mbedtls_printf( " ECP SW test #1 (constant op_count, base point G): " ); mbedtls_printf( " ECP SW test #1 (constant op_count, base point G): " );
/* Do a dummy multiplication first to trigger precomputation */ /* Do a dummy multiplication first to trigger precomputation */
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &m, 2 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &m, 2 ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, NULL, NULL ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_mul( &grp, &P, &m, &grp.G, self_test_rng, NULL ) );
ret = self_test_point( verbose, ret = self_test_point( verbose,
&grp, &R, &m, &grp.G, &grp, &R, &m, &grp.G,
sw_exponents, sw_exponents,

10
library/pk.c
View File

@ -500,7 +500,10 @@ int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
/* /*
* Check public-private key pair * Check public-private key pair
*/ */
int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv ) int mbedtls_pk_check_pair( const mbedtls_pk_context *pub,
const mbedtls_pk_context *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{ {
PK_VALIDATE_RET( pub != NULL ); PK_VALIDATE_RET( pub != NULL );
PK_VALIDATE_RET( prv != NULL ); PK_VALIDATE_RET( prv != NULL );
@ -511,6 +514,9 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
} }
if( f_rng == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
if( prv->pk_info->check_pair_func == NULL ) if( prv->pk_info->check_pair_func == NULL )
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
@ -525,7 +531,7 @@ int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_conte
return( MBEDTLS_ERR_PK_TYPE_MISMATCH ); return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
} }
return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) ); return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx, f_rng, p_rng ) );
} }
/* /*

19
library/pk_wrap.c
View File

@ -154,8 +154,12 @@ static int rsa_encrypt_wrap( void *ctx,
ilen, input, output ) ); ilen, input, output ) );
} }
static int rsa_check_pair_wrap( const void *pub, const void *prv ) static int rsa_check_pair_wrap( const void *pub, const void *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{ {
(void) f_rng;
(void) p_rng;
return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub, return( mbedtls_rsa_check_pub_priv( (const mbedtls_rsa_context *) pub,
(const mbedtls_rsa_context *) prv ) ); (const mbedtls_rsa_context *) prv ) );
} }
@ -388,10 +392,13 @@ cleanup:
#endif /* MBEDTLS_ECP_RESTARTABLE */ #endif /* MBEDTLS_ECP_RESTARTABLE */
#endif /* MBEDTLS_ECDSA_C */ #endif /* MBEDTLS_ECDSA_C */
static int eckey_check_pair( const void *pub, const void *prv ) static int eckey_check_pair( const void *pub, const void *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{ {
return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub, return( mbedtls_ecp_check_pub_priv( (const mbedtls_ecp_keypair *) pub,
(const mbedtls_ecp_keypair *) prv ) ); (const mbedtls_ecp_keypair *) prv,
f_rng, p_rng ) );
} }
static void *eckey_alloc_wrap( void ) static void *eckey_alloc_wrap( void )
@ -799,7 +806,9 @@ static int rsa_alt_decrypt_wrap( void *ctx,
} }
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
static int rsa_alt_check_pair( const void *pub, const void *prv ) static int rsa_alt_check_pair( const void *pub, const void *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{ {
unsigned char sig[MBEDTLS_MPI_MAX_SIZE]; unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
unsigned char hash[32]; unsigned char hash[32];
@ -813,7 +822,7 @@ static int rsa_alt_check_pair( const void *pub, const void *prv )
if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE, if( ( ret = rsa_alt_sign_wrap( (void *) prv, MBEDTLS_MD_NONE,
hash, sizeof( hash ), hash, sizeof( hash ),
sig, &sig_len, NULL, NULL ) ) != 0 ) sig, &sig_len, f_rng, p_rng ) ) != 0 )
{ {
return( ret ); return( ret );
} }

4
library/pk_wrap.h
View File

@ -85,7 +85,9 @@ struct mbedtls_pk_info_t
void *p_rng ); void *p_rng );
/** Check public-private key pair */ /** Check public-private key pair */
int (*check_pair_func)( const void *pub, const void *prv ); int (*check_pair_func)( const void *pub, const void *prv,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng );
/** Allocate a new context */ /** Allocate a new context */
void * (*ctx_alloc_func)( void ); void * (*ctx_alloc_func)( void );

51
library/pkparse.c
View File

@ -123,7 +123,8 @@ int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n )
* Load and parse a private key * Load and parse a private key
*/ */
int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx, int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
const char *path, const char *pwd ) const char *path, const char *pwd,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n; size_t n;
@ -136,10 +137,10 @@ int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
return( ret ); return( ret );
if( pwd == NULL ) if( pwd == NULL )
ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0 ); ret = mbedtls_pk_parse_key( ctx, buf, n, NULL, 0, f_rng, p_rng );
else else
ret = mbedtls_pk_parse_key( ctx, buf, n, ret = mbedtls_pk_parse_key( ctx, buf, n,
(const unsigned char *) pwd, strlen( pwd ) ); (const unsigned char *) pwd, strlen( pwd ), f_rng, p_rng );
mbedtls_platform_zeroize( buf, n ); mbedtls_platform_zeroize( buf, n );
mbedtls_free( buf ); mbedtls_free( buf );
@ -859,8 +860,8 @@ cleanup:
* Parse a SEC1 encoded private EC key * Parse a SEC1 encoded private EC key
*/ */
static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
const unsigned char *key, const unsigned char *key, size_t keylen,
size_t keylen ) int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
int version, pubkey_done; int version, pubkey_done;
@ -967,7 +968,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
if( ! pubkey_done && if( ! pubkey_done &&
( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G, ( ret = mbedtls_ecp_mul( &eck->grp, &eck->Q, &eck->d, &eck->grp.G,
NULL, NULL ) ) != 0 ) f_rng, p_rng ) ) != 0 )
{ {
mbedtls_ecp_keypair_free( eck ); mbedtls_ecp_keypair_free( eck );
return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
@ -998,8 +999,8 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
*/ */
static int pk_parse_key_pkcs8_unencrypted_der( static int pk_parse_key_pkcs8_unencrypted_der(
mbedtls_pk_context *pk, mbedtls_pk_context *pk,
const unsigned char* key, const unsigned char* key, size_t keylen,
size_t keylen ) int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
int ret, version; int ret, version;
size_t len; size_t len;
@ -1009,6 +1010,11 @@ static int pk_parse_key_pkcs8_unencrypted_der(
mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE; mbedtls_pk_type_t pk_alg = MBEDTLS_PK_NONE;
const mbedtls_pk_info_t *pk_info; const mbedtls_pk_info_t *pk_info;
#if !defined(MBEDTLS_ECP_C)
(void) f_rng;
(void) p_rng;
#endif
/* /*
* This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208) * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
* *
@ -1071,7 +1077,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH ) if( pk_alg == MBEDTLS_PK_ECKEY || pk_alg == MBEDTLS_PK_ECKEY_DH )
{ {
if( ( ret = pk_use_ecparams( &params, &mbedtls_pk_ec( *pk )->grp ) ) != 0 || if( ( ret = pk_use_ecparams( &params, &mbedtls_pk_ec( *pk )->grp ) ) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len ) ) != 0 ) ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), p, len, f_rng, p_rng ) ) != 0 )
{ {
mbedtls_pk_free( pk ); mbedtls_pk_free( pk );
return( ret ); return( ret );
@ -1096,7 +1102,8 @@ static int pk_parse_key_pkcs8_unencrypted_der(
static int pk_parse_key_pkcs8_encrypted_der( static int pk_parse_key_pkcs8_encrypted_der(
mbedtls_pk_context *pk, mbedtls_pk_context *pk,
unsigned char *key, size_t keylen, unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen ) const unsigned char *pwd, size_t pwdlen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
int ret, decrypted = 0; int ret, decrypted = 0;
size_t len; size_t len;
@ -1206,7 +1213,7 @@ static int pk_parse_key_pkcs8_encrypted_der(
if( decrypted == 0 ) if( decrypted == 0 )
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len, f_rng, p_rng ) );
} }
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
@ -1215,7 +1222,8 @@ static int pk_parse_key_pkcs8_encrypted_der(
*/ */
int mbedtls_pk_parse_key( mbedtls_pk_context *pk, int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
const unsigned char *key, size_t keylen, const unsigned char *key, size_t keylen,
const unsigned char *pwd, size_t pwdlen ) const unsigned char *pwd, size_t pwdlen,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
const mbedtls_pk_info_t *pk_info; const mbedtls_pk_info_t *pk_info;
@ -1278,7 +1286,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
pem.buf, pem.buflen ) ) != 0 ) pem.buf, pem.buflen,
f_rng, p_rng ) ) != 0 )
{ {
mbedtls_pk_free( pk ); mbedtls_pk_free( pk );
} }
@ -1305,7 +1314,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
if( ret == 0 ) if( ret == 0 )
{ {
if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk,
pem.buf, pem.buflen ) ) != 0 ) pem.buf, pem.buflen, f_rng, p_rng ) ) != 0 )
{ {
mbedtls_pk_free( pk ); mbedtls_pk_free( pk );
} }
@ -1327,9 +1336,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
key, NULL, 0, &len ); key, NULL, 0, &len );
if( ret == 0 ) if( ret == 0 )
{ {
if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, pem.buf, pem.buflen,
pem.buf, pem.buflen, pwd, pwdlen, f_rng, p_rng ) ) != 0 )
pwd, pwdlen ) ) != 0 )
{ {
mbedtls_pk_free( pk ); mbedtls_pk_free( pk );
} }
@ -1362,7 +1370,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
memcpy( key_copy, key, keylen ); memcpy( key_copy, key, keylen );
ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
pwd, pwdlen ); pwd, pwdlen, f_rng, p_rng );
mbedtls_platform_zeroize( key_copy, keylen ); mbedtls_platform_zeroize( key_copy, keylen );
mbedtls_free( key_copy ); mbedtls_free( key_copy );
@ -1380,8 +1388,11 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
} }
#endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */ #endif /* MBEDTLS_PKCS12_C || MBEDTLS_PKCS5_C */
if( ( ret = pk_parse_key_pkcs8_unencrypted_der( pk, key, keylen ) ) == 0 ) if( ( ret = pk_parse_key_pkcs8_unencrypted_der(
pk, key, keylen, f_rng, p_rng ) ) == 0 )
{
return( 0 ); return( 0 );
}
mbedtls_pk_free( pk ); mbedtls_pk_free( pk );
mbedtls_pk_init( pk ); mbedtls_pk_init( pk );
@ -1403,7 +1414,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
if( mbedtls_pk_setup( pk, pk_info ) == 0 && if( mbedtls_pk_setup( pk, pk_info ) == 0 &&
pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
key, keylen ) == 0 ) key, keylen, f_rng, p_rng ) == 0 )
{ {
return( 0 ); return( 0 );
} }

3
library/psa_crypto_rsa.c
View File

@ -108,7 +108,8 @@ psa_status_t mbedtls_psa_rsa_load_representation(
/* Parse the data. */ /* Parse the data. */
if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) if( PSA_KEY_TYPE_IS_KEY_PAIR( type ) )
status = mbedtls_to_psa_error( status = mbedtls_to_psa_error(
mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0 ) ); mbedtls_pk_parse_key( &ctx, data, data_length, NULL, 0,
mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE ) );
else else
status = mbedtls_to_psa_error( status = mbedtls_to_psa_error(
mbedtls_pk_parse_public_key( &ctx, data, data_length ) ); mbedtls_pk_parse_public_key( &ctx, data, data_length ) );

17
library/rsa.c
View File

@ -929,8 +929,11 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
RSA_VALIDATE_RET( input != NULL ); RSA_VALIDATE_RET( input != NULL );
RSA_VALIDATE_RET( output != NULL ); RSA_VALIDATE_RET( output != NULL );
if( f_rng == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
if( rsa_check_context( ctx, 1 /* private key checks */, if( rsa_check_context( ctx, 1 /* private key checks */,
f_rng != NULL /* blinding y/n */ ) != 0 ) 1 /* blinding on */ ) != 0 )
{ {
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
} }
@ -947,15 +950,12 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &Q1 );
mbedtls_mpi_init( &R ); mbedtls_mpi_init( &R );
if( f_rng != NULL )
{
#if defined(MBEDTLS_RSA_NO_CRT) #if defined(MBEDTLS_RSA_NO_CRT)
mbedtls_mpi_init( &D_blind ); mbedtls_mpi_init( &D_blind );
#else #else
mbedtls_mpi_init( &DP_blind ); mbedtls_mpi_init( &DP_blind );
mbedtls_mpi_init( &DQ_blind ); mbedtls_mpi_init( &DQ_blind );
#endif #endif
}
#if !defined(MBEDTLS_RSA_NO_CRT) #if !defined(MBEDTLS_RSA_NO_CRT)
mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ ); mbedtls_mpi_init( &TP ); mbedtls_mpi_init( &TQ );
@ -975,8 +975,6 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &I, &T ) );
if( f_rng != NULL )
{
/* /*
* Blinding * Blinding
* T = T * Vi mod N * T = T * Vi mod N
@ -1025,7 +1023,6 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
DQ = &DQ_blind; DQ = &DQ_blind;
#endif /* MBEDTLS_RSA_NO_CRT */ #endif /* MBEDTLS_RSA_NO_CRT */
}
#if defined(MBEDTLS_RSA_NO_CRT) #if defined(MBEDTLS_RSA_NO_CRT)
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) );
@ -1054,15 +1051,12 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &TQ, &TP ) );
#endif /* MBEDTLS_RSA_NO_CRT */ #endif /* MBEDTLS_RSA_NO_CRT */
if( f_rng != NULL )
{
/* /*
* Unblind * Unblind
* T = T * Vf mod N * T = T * Vf mod N
*/ */
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vf ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
}
/* Verify the result to prevent glitching attacks. */ /* Verify the result to prevent glitching attacks. */
MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E, MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &C, &T, &ctx->E,
@ -1086,15 +1080,12 @@ cleanup:
mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &Q1 );
mbedtls_mpi_free( &R ); mbedtls_mpi_free( &R );
if( f_rng != NULL )
{
#if defined(MBEDTLS_RSA_NO_CRT) #if defined(MBEDTLS_RSA_NO_CRT)
mbedtls_mpi_free( &D_blind ); mbedtls_mpi_free( &D_blind );
#else #else
mbedtls_mpi_free( &DP_blind ); mbedtls_mpi_free( &DP_blind );
mbedtls_mpi_free( &DQ_blind ); mbedtls_mpi_free( &DQ_blind );
#endif #endif
}
mbedtls_mpi_free( &T ); mbedtls_mpi_free( &T );

1
programs/aes/CMakeLists.txt
View File

@ -5,6 +5,7 @@ set(executables
foreach(exe IN LISTS executables) foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target}) target_link_libraries(${exe} ${mbedcrypto_target})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach() endforeach()
install(TARGETS ${executables} install(TARGETS ${executables}

2
programs/fuzz/CMakeLists.txt
View File

@ -8,7 +8,6 @@ if(FUZZINGENGINE_LIB)
endif() endif()
set(executables_no_common_c set(executables_no_common_c
fuzz_privkey
fuzz_pubkey fuzz_pubkey
fuzz_x509crl fuzz_x509crl
fuzz_x509crt fuzz_x509crt
@ -16,6 +15,7 @@ set(executables_no_common_c
) )
set(executables_with_common_c set(executables_with_common_c
fuzz_privkey
fuzz_client fuzz_client
fuzz_dtlsclient fuzz_dtlsclient
fuzz_dtlsserver fuzz_dtlsserver

3
programs/fuzz/fuzz_dtlsserver.c
View File

@ -55,7 +55,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
mbedtls_test_cas_pem_len ) != 0) mbedtls_test_cas_pem_len ) != 0)
return 1; return 1;
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ) != 0) mbedtls_test_srv_key_len, NULL, 0,
dummy_random, NULL ) != 0)
return 1; return 1;
#endif #endif
dummy_init(); dummy_init();

4
programs/fuzz/fuzz_privkey.c
View File

@ -3,6 +3,7 @@
#include <stdint.h> #include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "common.h"
//4 Kb should be enough for every bug ;-) //4 Kb should be enough for every bug ;-)
#define MAX_LEN 0x1000 #define MAX_LEN 0x1000
@ -19,7 +20,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
} }
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0 ); ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0,
dummy_random, NULL );
if (ret == 0) { if (ret == 0) {
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )

17
programs/fuzz/fuzz_server.c
View File

@ -56,6 +56,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
options = Data[Size - 1]; options = Data[Size - 1];
if (initialized == 0) { if (initialized == 0) {
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen( pers ) ) != 0 )
return 1;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init( &srvcert ); mbedtls_x509_crt_init( &srvcert );
mbedtls_pk_init( &pkey ); mbedtls_pk_init( &pkey );
@ -66,7 +73,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
mbedtls_test_cas_pem_len ) != 0) mbedtls_test_cas_pem_len ) != 0)
return 1; return 1;
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ) != 0) mbedtls_test_srv_key_len, NULL, 0,
dummy_random, &ctr_drbg ) != 0)
return 1; return 1;
#endif #endif
@ -80,17 +88,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
} }
mbedtls_ssl_init( &ssl ); mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf ); mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
#if defined(MBEDTLS_SSL_SESSION_TICKETS) #if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_ticket_init( &ticket_ctx ); mbedtls_ssl_ticket_init( &ticket_ctx );
#endif #endif
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen( pers ) ) != 0 )
goto exit;
if( mbedtls_ssl_config_defaults( &conf, if( mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_TRANSPORT_STREAM,

1
programs/hash/CMakeLists.txt
View File

@ -6,6 +6,7 @@ set(executables
foreach(exe IN LISTS executables) foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target}) target_link_libraries(${exe} ${mbedcrypto_target})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach() endforeach()
install(TARGETS ${executables} install(TARGETS ${executables}

2
programs/pkey/CMakeLists.txt
View File

@ -6,6 +6,7 @@ set(executables_mbedtls
foreach(exe IN LISTS executables_mbedtls) foreach(exe IN LISTS executables_mbedtls)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedtls_target}) target_link_libraries(${exe} ${mbedtls_target})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach() endforeach()
set(executables_mbedcrypto set(executables_mbedcrypto
@ -32,6 +33,7 @@ set(executables_mbedcrypto
foreach(exe IN LISTS executables_mbedcrypto) foreach(exe IN LISTS executables_mbedcrypto)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target}) target_link_libraries(${exe} ${mbedcrypto_target})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach() endforeach()
install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto} install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto}

35
programs/pkey/key_app.c
View File

@ -35,10 +35,13 @@
#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_BIGNUM_C) && \ #if defined(MBEDTLS_BIGNUM_C) && \
defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/rsa.h" #include "mbedtls/rsa.h"
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <string.h> #include <string.h>
#endif #endif
@ -63,11 +66,13 @@
"\n" "\n"
#if !defined(MBEDTLS_BIGNUM_C) || \ #if !defined(MBEDTLS_BIGNUM_C) || \
!defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
int main( void ) int main( void )
{ {
mbedtls_printf("MBEDTLS_BIGNUM_C and/or " mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
"MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO not defined.\n"); "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 ); mbedtls_exit( 0 );
} }
#else #else
@ -92,12 +97,19 @@ int main( int argc, char *argv[] )
int i; int i;
char *p, *q; char *p, *q;
const char *pers = "pkey/key_app";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_pk_context pk; mbedtls_pk_context pk;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
/* /*
* Set to sane values * Set to sane values
*/ */
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
memset( buf, 0, sizeof(buf) ); memset( buf, 0, sizeof(buf) );
@ -181,7 +193,16 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Loading the private key ..." ); mbedtls_printf( "\n . Loading the private key ..." );
fflush( stdout ); fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
goto cleanup;
}
ret = mbedtls_pk_parse_keyfile( &pk, opt.filename, opt.password,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
@ -299,6 +320,9 @@ cleanup:
} }
#endif #endif
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
mbedtls_pk_free( &pk ); mbedtls_pk_free( &pk );
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
@ -311,4 +335,5 @@ cleanup:
mbedtls_exit( exit_code ); mbedtls_exit( exit_code );
} }
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */ #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

38
programs/pkey/key_app_writer.c
View File

@ -34,11 +34,16 @@
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE #define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_PLATFORM_C */
#if defined(MBEDTLS_PK_WRITE_C) && defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_PK_WRITE_C) && \
defined(MBEDTLS_FS_IO) && \
defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#endif #endif
@ -88,10 +93,14 @@
#if !defined(MBEDTLS_PK_PARSE_C) || \ #if !defined(MBEDTLS_PK_PARSE_C) || \
!defined(MBEDTLS_PK_WRITE_C) || \ !defined(MBEDTLS_PK_WRITE_C) || \
!defined(MBEDTLS_FS_IO) !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_CTR_DRBG_C)
int main( void ) int main( void )
{ {
mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO not defined.\n" ); mbedtls_printf( "MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or "
"MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
"MBEDTLS_FS_IO not defined.\n" );
mbedtls_exit( 0 ); mbedtls_exit( 0 );
} }
#else #else
@ -201,12 +210,19 @@ int main( int argc, char *argv[] )
int i; int i;
char *p, *q; char *p, *q;
const char *pers = "pkey/key_app";
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_pk_context key; mbedtls_pk_context key;
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
/* /*
* Set to sane values * Set to sane values
*/ */
mbedtls_entropy_init( &entropy );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_pk_init( &key ); mbedtls_pk_init( &key );
memset( buf, 0, sizeof( buf ) ); memset( buf, 0, sizeof( buf ) );
@ -292,8 +308,16 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Loading the private key ..." ); mbedtls_printf( "\n . Loading the private key ..." );
fflush( stdout ); fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL ); if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%04x\n", (unsigned int) -ret );
goto exit;
}
ret = mbedtls_pk_parse_keyfile( &key, opt.filename, NULL,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, (char *) buf, sizeof(buf) ); mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
@ -429,6 +453,9 @@ exit:
mbedtls_pk_free( &key ); mbedtls_pk_free( &key );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_entropy_free( &entropy );
#if defined(_WIN32) #if defined(_WIN32)
mbedtls_printf( " + Press Enter to exit this program.\n" ); mbedtls_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar(); fflush( stdout ); getchar();
@ -436,4 +463,5 @@ exit:
mbedtls_exit( exit_code ); mbedtls_exit( exit_code );
} }
#endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO */ #endif /* MBEDTLS_PK_PARSE_C && MBEDTLS_PK_WRITE_C && MBEDTLS_FS_IO &&
MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

3
programs/pkey/pk_decrypt.c
View File

@ -106,7 +106,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x\n", (unsigned int) -ret );
goto exit; goto exit;

3
programs/pkey/pk_sign.c
View File

@ -101,7 +101,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] ); mbedtls_printf( " failed\n ! Could not parse '%s'\n", argv[1] );
goto exit; goto exit;

3
programs/pkey/rsa_sign_pss.c
View File

@ -102,7 +102,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( "\n . Reading private key from '%s'", argv[1] ); mbedtls_printf( "\n . Reading private key from '%s'", argv[1] );
fflush( stdout ); fflush( stdout );
if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "" ) ) != 0 ) if( ( ret = mbedtls_pk_parse_keyfile( &pk, argv[1], "",
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] ); mbedtls_printf( " failed\n ! Could not read key from '%s'\n", argv[1] );
mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret ); mbedtls_printf( " ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret );

1
programs/random/CMakeLists.txt
View File

@ -6,6 +6,7 @@ set(executables
foreach(exe IN LISTS executables) foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target}) target_link_libraries(${exe} ${mbedcrypto_target})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach() endforeach()
install(TARGETS ${executables} install(TARGETS ${executables}

39
programs/ssl/dtls_server.c
View File

@ -79,6 +79,7 @@ int main( void )
#include "mbedtls/error.h" #include "mbedtls/error.h"
#include "mbedtls/debug.h" #include "mbedtls/debug.h"
#include "mbedtls/timing.h" #include "mbedtls/timing.h"
#include "test/certs.h" #include "test/certs.h"
#if defined(MBEDTLS_SSL_CACHE_C) #if defined(MBEDTLS_SSL_CACHE_C)
@ -138,7 +139,23 @@ int main( void )
#endif #endif
/* /*
* 1. Load the certificates and private RSA key * 1. Seed the RNG
*/
printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
/*
* 2. Load the certificates and private RSA key
*/ */
printf( "\n . Loading the server cert. and key..." ); printf( "\n . Loading the server cert. and key..." );
fflush( stdout ); fflush( stdout );
@ -165,7 +182,7 @@ int main( void )
} }
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ); mbedtls_test_srv_key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret ); printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
@ -175,7 +192,7 @@ int main( void )
printf( " ok\n" ); printf( " ok\n" );
/* /*
* 2. Setup the "listening" UDP socket * 3. Setup the "listening" UDP socket
*/ */
printf( " . Bind on udp/*/4433 ..." ); printf( " . Bind on udp/*/4433 ..." );
fflush( stdout ); fflush( stdout );
@ -188,22 +205,6 @@ int main( void )
printf( " ok\n" ); printf( " ok\n" );
/*
* 3. Seed the RNG
*/
printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
printf( " ok\n" );
/* /*
* 4. Setup stuff * 4. Setup stuff
*/ */

4
programs/ssl/ssl_client2.c
View File

@ -1548,12 +1548,12 @@ int main( int argc, char *argv[] )
else else
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) ) if( strlen( opt.key_file ) )
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd ); ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, opt.key_pwd, rng_get, &rng );
else else
#endif #endif
ret = mbedtls_pk_parse_key( &pkey, ret = mbedtls_pk_parse_key( &pkey,
(const unsigned char *) mbedtls_test_cli_key, (const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 ); mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",

3
programs/ssl/ssl_fork_server.c
View File

@ -166,7 +166,8 @@ int main( void )
} }
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ); mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed! mbedtls_pk_parse_key returned %d\n\n", ret ); mbedtls_printf( " failed! mbedtls_pk_parse_key returned %d\n\n", ret );

9
programs/ssl/ssl_mail_client.c
View File

@ -556,12 +556,17 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_FS_IO) #if defined(MBEDTLS_FS_IO)
if( strlen( opt.key_file ) ) if( strlen( opt.key_file ) )
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" ); {
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "",
mbedtls_ctr_drbg_random, &ctr_drbg );
}
else else
#endif #endif
#if defined(MBEDTLS_PEM_PARSE_C) #if defined(MBEDTLS_PEM_PARSE_C)
{
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key, ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key,
mbedtls_test_cli_key_len, NULL, 0 ); mbedtls_test_cli_key_len, NULL, 0, mbedtls_ctr_drbg_random, &ctr_drbg );
}
#else #else
{ {
mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined."); mbedtls_printf("MBEDTLS_PEM_PARSE_C not defined.");

37
programs/ssl/ssl_pthread_server.c
View File

@ -360,7 +360,23 @@ int main( void )
mbedtls_entropy_init( &entropy ); mbedtls_entropy_init( &entropy );
/* /*
* 1. Load the certificates and private RSA key * 1a. Seed the random number generator
*/
mbedtls_printf( " . Seeding the random number generator..." );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
( unsigned int ) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 1b. Load the certificates and private RSA key
*/ */
mbedtls_printf( "\n . Loading the server cert. and key..." ); mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout ); fflush( stdout );
@ -388,7 +404,8 @@ int main( void )
mbedtls_pk_init( &pkey ); mbedtls_pk_init( &pkey );
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ); mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
@ -397,22 +414,6 @@ int main( void )
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/*
* 1b. Seed the random number generator
*/
mbedtls_printf( " . Seeding the random number generator..." );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed: mbedtls_ctr_drbg_seed returned -0x%04x\n",
( unsigned int ) -ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/* /*
* 1c. Prepare SSL configuration * 1c. Prepare SSL configuration
*/ */

39
programs/ssl/ssl_server.c
View File

@ -125,7 +125,23 @@ int main( void )
#endif #endif
/* /*
* 1. Load the certificates and private RSA key * 1. Seed the RNG
*/
mbedtls_printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/*
* 2. Load the certificates and private RSA key
*/ */
mbedtls_printf( "\n . Loading the server cert. and key..." ); mbedtls_printf( "\n . Loading the server cert. and key..." );
fflush( stdout ); fflush( stdout );
@ -152,7 +168,8 @@ int main( void )
} }
ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ); mbedtls_test_srv_key_len, NULL, 0,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned %d\n\n", ret );
@ -162,7 +179,7 @@ int main( void )
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/* /*
* 2. Setup the listening TCP socket * 3. Setup the listening TCP socket
*/ */
mbedtls_printf( " . Bind on https://localhost:4433/ ..." ); mbedtls_printf( " . Bind on https://localhost:4433/ ..." );
fflush( stdout ); fflush( stdout );
@ -175,22 +192,6 @@ int main( void )
mbedtls_printf( " ok\n" ); mbedtls_printf( " ok\n" );
/*
* 3. Seed the RNG
*/
mbedtls_printf( " . Seeding the random number generator..." );
fflush( stdout );
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d\n", ret );
goto exit;
}
mbedtls_printf( " ok\n" );
/* /*
* 4. Setup stuff * 4. Setup stuff
*/ */

18
programs/ssl/ssl_server2.c
View File

@ -525,6 +525,8 @@ int main( void )
(out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \ (out_be)[(i) + 7] = (unsigned char)( ( (in_le) >> 0 ) & 0xFF ); \
} }
/* This is global so it can be easily accessed by callback functions */
rng_context_t rng;
/* /*
* global options * global options
@ -727,7 +729,7 @@ sni_entry *sni_parse( char *sni_string )
mbedtls_pk_init( new->key ); mbedtls_pk_init( new->key );
if( mbedtls_x509_crt_parse_file( new->cert, crt_file ) != 0 || if( mbedtls_x509_crt_parse_file( new->cert, crt_file ) != 0 ||
mbedtls_pk_parse_keyfile( new->key, key_file, "" ) != 0 ) mbedtls_pk_parse_keyfile( new->key, key_file, "", rng_get, &rng ) != 0 )
goto error; goto error;
if( strcmp( ca_file, "-" ) != 0 ) if( strcmp( ca_file, "-" ) != 0 )
@ -1045,7 +1047,8 @@ static int ssl_async_start( mbedtls_ssl_context *ssl,
for( slot = 0; slot < config_data->slots_used; slot++ ) for( slot = 0; slot < config_data->slots_used; slot++ )
{ {
if( mbedtls_pk_check_pair( &cert->pk, if( mbedtls_pk_check_pair( &cert->pk,
config_data->slots[slot].pk ) == 0 ) config_data->slots[slot].pk,
rng_get, &rng ) == 0 )
break; break;
} }
if( slot == config_data->slots_used ) if( slot == config_data->slots_used )
@ -1271,7 +1274,6 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_X509_CRT_PARSE_C) #if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default; mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif #endif
rng_context_t rng;
mbedtls_ssl_context ssl; mbedtls_ssl_context ssl;
mbedtls_ssl_config conf; mbedtls_ssl_config conf;
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
@ -2257,7 +2259,7 @@ int main( int argc, char *argv[] )
{ {
key_cert_init++; key_cert_init++;
if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, if( ( ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file,
opt.key_pwd ) ) != 0 ) opt.key_pwd, rng_get, &rng ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%x\n\n", (unsigned int) -ret );
goto exit; goto exit;
@ -2283,7 +2285,7 @@ int main( int argc, char *argv[] )
{ {
key_cert_init2++; key_cert_init2++;
if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2, if( ( ret = mbedtls_pk_parse_keyfile( &pkey2, opt.key_file2,
opt.key_pwd2 ) ) != 0 ) opt.key_pwd2, rng_get, &rng ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile(2) returned -0x%x\n\n",
(unsigned int) -ret ); (unsigned int) -ret );
@ -2314,7 +2316,8 @@ int main( int argc, char *argv[] )
} }
if( ( ret = mbedtls_pk_parse_key( &pkey, if( ( ret = mbedtls_pk_parse_key( &pkey,
(const unsigned char *) mbedtls_test_srv_key_rsa, (const unsigned char *) mbedtls_test_srv_key_rsa,
mbedtls_test_srv_key_rsa_len, NULL, 0 ) ) != 0 ) mbedtls_test_srv_key_rsa_len, NULL, 0,
rng_get, &rng ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n", mbedtls_printf( " failed\n ! mbedtls_pk_parse_key returned -0x%x\n\n",
(unsigned int) -ret ); (unsigned int) -ret );
@ -2333,7 +2336,8 @@ int main( int argc, char *argv[] )
} }
if( ( ret = mbedtls_pk_parse_key( &pkey2, if( ( ret = mbedtls_pk_parse_key( &pkey2,
(const unsigned char *) mbedtls_test_srv_key_ec, (const unsigned char *) mbedtls_test_srv_key_ec,
mbedtls_test_srv_key_ec_len, NULL, 0 ) ) != 0 ) mbedtls_test_srv_key_ec_len, NULL, 0,
rng_get, &rng ) ) != 0 )
{ {
mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n", mbedtls_printf( " failed\n ! pk_parse_key2 returned -0x%x\n\n",
(unsigned int) -ret ); (unsigned int) -ret );

1
programs/util/CMakeLists.txt
View File

@ -10,6 +10,7 @@ set(executables
foreach(exe IN LISTS executables) foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${libs}) target_link_libraries(${exe} ${libs})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach() endforeach()
install(TARGETS ${executables} install(TARGETS ${executables}

1
programs/x509/CMakeLists.txt
View File

@ -13,6 +13,7 @@ set(executables
foreach(exe IN LISTS executables) foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${libs}) target_link_libraries(${exe} ${libs})
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
endforeach() endforeach()
target_link_libraries(cert_app ${mbedtls_target}) target_link_libraries(cert_app ${mbedtls_target})

3
programs/x509/cert_req.c
View File

@ -346,7 +346,8 @@ int main( int argc, char *argv[] )
mbedtls_printf( " . Loading the private key ..." ); mbedtls_printf( " . Loading the private key ..." );
fflush( stdout ); fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password ); ret = mbedtls_pk_parse_keyfile( &key, opt.filename, opt.password,
mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {

7
programs/x509/cert_write.c
View File

@ -577,7 +577,7 @@ int main( int argc, char *argv[] )
fflush( stdout ); fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &loaded_subject_key, opt.subject_key, ret = mbedtls_pk_parse_keyfile( &loaded_subject_key, opt.subject_key,
opt.subject_pwd ); opt.subject_pwd, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
@ -593,7 +593,7 @@ int main( int argc, char *argv[] )
fflush( stdout ); fflush( stdout );
ret = mbedtls_pk_parse_keyfile( &loaded_issuer_key, opt.issuer_key, ret = mbedtls_pk_parse_keyfile( &loaded_issuer_key, opt.issuer_key,
opt.issuer_pwd ); opt.issuer_pwd, mbedtls_ctr_drbg_random, &ctr_drbg );
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_strerror( ret, buf, 1024 ); mbedtls_strerror( ret, buf, 1024 );
@ -606,7 +606,8 @@ int main( int argc, char *argv[] )
// //
if( strlen( opt.issuer_crt ) ) if( strlen( opt.issuer_crt ) )
{ {
if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key ) != 0 ) if( mbedtls_pk_check_pair( &issuer_crt.MBEDTLS_PRIVATE(pk), issuer_key,
mbedtls_ctr_drbg_random, &ctr_drbg ) != 0 )
{ {
mbedtls_printf( " failed\n ! issuer_key does not match " mbedtls_printf( " failed\n ! issuer_key does not match "
"issuer certificate\n\n" ); "issuer certificate\n\n" );

1
scripts/config.py
View File

@ -181,7 +181,6 @@ EXCLUDE_FROM_FULL = frozenset([
'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options
'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS
'MBEDTLS_ECP_NO_FALLBACK', # removes internal ECP implementation 'MBEDTLS_ECP_NO_FALLBACK', # removes internal ECP implementation
'MBEDTLS_ECP_NO_INTERNAL_RNG', # removes a feature
'MBEDTLS_ECP_RESTARTABLE', # incompatible with USE_PSA_CRYPTO 'MBEDTLS_ECP_RESTARTABLE', # incompatible with USE_PSA_CRYPTO
'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY
'MBEDTLS_HAVE_SSE2', # hardware dependency 'MBEDTLS_HAVE_SSE2', # hardware dependency

39
tests/scripts/all.sh
View File

@ -1000,7 +1000,6 @@ component_test_psa_external_rng_no_drbg_classic () {
scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
# When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG, # When MBEDTLS_USE_PSA_CRYPTO is disabled and there is no DRBG,
# the SSL test programs don't have an RNG and can't work. Explicitly # the SSL test programs don't have an RNG and can't work. Explicitly
# make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG. # make them use the PSA RNG with -DMBEDTLS_TEST_USE_PSA_CRYPTO_RNG.
@ -1023,7 +1022,6 @@ component_test_psa_external_rng_no_drbg_use_psa () {
scripts/config.py unset MBEDTLS_CTR_DRBG_C scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS" make CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites" msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
@ -1048,43 +1046,6 @@ component_test_psa_external_rng_use_psa_crypto () {
if_build_succeeded tests/ssl-opt.sh -f 'Default\|opaque' if_build_succeeded tests/ssl-opt.sh -f 'Default\|opaque'
} }
component_test_ecp_no_internal_rng () {
msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules"
scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: ECP_NO_INTERNAL_RNG, no DRBG module"
make test
# no SSL tests as they all depend on having a DRBG
}
component_test_ecp_restartable_no_internal_rng () {
msg "build: Default plus ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG"
scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
scripts/config.py set MBEDTLS_ECP_RESTARTABLE
scripts/config.py unset MBEDTLS_CTR_DRBG_C
scripts/config.py unset MBEDTLS_HMAC_DRBG_C
scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires CTR_DRBG
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG module"
make test
# no SSL tests as they all depend on having a DRBG
}
component_test_everest () { component_test_everest () {
msg "build: Everest ECDH context (ASan build)" # ~ 6 min msg "build: Everest ECDH context (ASan build)" # ~ 6 min
scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED

10
tests/suites/test_suite_dhm.function
View File

@ -150,7 +150,10 @@ void dhm_do_dhm( int radix_P, char *input_P, int x_size,
&sec_srv_len, &sec_srv_len,
&mbedtls_test_rnd_pseudo_rand, &mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 ); &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ),
&sec_cli_len,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
TEST_ASSERT( sec_srv_len == sec_cli_len ); TEST_ASSERT( sec_srv_len == sec_cli_len );
TEST_ASSERT( sec_srv_len != 0 ); TEST_ASSERT( sec_srv_len != 0 );
@ -206,7 +209,10 @@ void dhm_do_dhm( int radix_P, char *input_P, int x_size,
&sec_srv_len, &sec_srv_len,
&mbedtls_test_rnd_pseudo_rand, &mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 ); &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ),
&sec_cli_len,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
TEST_ASSERT( sec_srv_len == sec_cli_len ); TEST_ASSERT( sec_srv_len == sec_cli_len );
TEST_ASSERT( sec_srv_len != 0 ); TEST_ASSERT( sec_srv_len != 0 );

24
tests/suites/test_suite_ecdh.function
View File

@ -85,7 +85,8 @@ void ecdh_primitive_random( int id )
&mbedtls_test_rnd_pseudo_rand, &mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 ); &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB,
NULL, NULL ) == 0 ); &mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &zB ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &zB ) == 0 );
@ -106,11 +107,13 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
mbedtls_ecp_point qA, qB; mbedtls_ecp_point qA, qB;
mbedtls_mpi dA, dB, zA, zB, check; mbedtls_mpi dA, dB, zA, zB, check;
mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B;
mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_group_init( &grp ); mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB ); mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB );
mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB ); mbedtls_mpi_init( &check ); mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB ); mbedtls_mpi_init( &check );
memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
@ -169,9 +172,13 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.Y, &check ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.Y, &check ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, z_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, z_str ) == 0 );
TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &check ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zA, &check ) == 0 );
TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zB, &check ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &zB, &check ) == 0 );
exit: exit:
@ -215,7 +222,8 @@ void ecdh_exchange( int id )
&mbedtls_test_rnd_pseudo_rand, &mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 ); &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000, TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000,
NULL, NULL ) == 0 ); &mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
TEST_ASSERT( len == res_len ); TEST_ASSERT( len == res_len );
TEST_ASSERT( memcmp( buf, res_buf, len ) == 0 ); TEST_ASSERT( memcmp( buf, res_buf, len ) == 0 );
@ -235,12 +243,14 @@ void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z,
const unsigned char *vbuf; const unsigned char *vbuf;
size_t len; size_t len;
mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B;
mbedtls_test_rnd_pseudo_info rnd_info;
int cnt_restart; int cnt_restart;
mbedtls_ecp_group grp; mbedtls_ecp_group grp;
mbedtls_ecp_group_init( &grp ); mbedtls_ecp_group_init( &grp );
mbedtls_ecdh_init( &srv ); mbedtls_ecdh_init( &srv );
mbedtls_ecdh_init( &cli ); mbedtls_ecdh_init( &cli );
memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand; rnd_info_A.fallback_f_rng = mbedtls_test_rnd_std_rand;
rnd_info_A.fallback_p_rng = NULL; rnd_info_A.fallback_p_rng = NULL;
@ -315,7 +325,8 @@ void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z,
cnt_restart = 0; cnt_restart = 0;
do { do {
ret = mbedtls_ecdh_calc_secret( &srv, &len, buf, sizeof( buf ), ret = mbedtls_ecdh_calc_secret( &srv, &len, buf, sizeof( buf ),
NULL, NULL ); &mbedtls_test_rnd_pseudo_rand,
&rnd_info );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
@ -332,7 +343,8 @@ void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z,
cnt_restart = 0; cnt_restart = 0;
do { do {
ret = mbedtls_ecdh_calc_secret( &cli, &len, buf, sizeof( buf ), ret = mbedtls_ecdh_calc_secret( &cli, &len, buf, sizeof( buf ),
NULL, NULL ); &mbedtls_test_rnd_pseudo_rand,
&rnd_info );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );

28
tests/suites/test_suite_ecp.function
View File

@ -124,12 +124,14 @@ void ecp_test_vect_restart( int id,
mbedtls_mpi dA, xA, yA, dB, xZ, yZ; mbedtls_mpi dA, xA, yA, dB, xZ, yZ;
int cnt_restarts; int cnt_restarts;
int ret; int ret;
mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_restart_init( &ctx ); mbedtls_ecp_restart_init( &ctx );
mbedtls_ecp_group_init( &grp ); mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &R ); mbedtls_ecp_point_init( &P ); mbedtls_ecp_point_init( &R ); mbedtls_ecp_point_init( &P );
mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA ); mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA );
mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ ); mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ );
memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
@ -147,7 +149,8 @@ void ecp_test_vect_restart( int id,
cnt_restarts = 0; cnt_restarts = 0;
do { do {
ECP_PT_RESET( &R ); ECP_PT_RESET( &R );
ret = mbedtls_ecp_mul_restartable( &grp, &R, &dA, &grp.G, NULL, NULL, &ctx ); ret = mbedtls_ecp_mul_restartable( &grp, &R, &dA, &grp.G,
&mbedtls_test_rnd_pseudo_rand, &rnd_info, &ctx );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
@ -162,7 +165,8 @@ void ecp_test_vect_restart( int id,
cnt_restarts = 0; cnt_restarts = 0;
do { do {
ECP_PT_RESET( &R ); ECP_PT_RESET( &R );
ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx ); ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P,
&mbedtls_test_rnd_pseudo_rand, &rnd_info, &ctx );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restarts );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
@ -176,7 +180,8 @@ void ecp_test_vect_restart( int id,
* This test only makes sense when we actually restart */ * This test only makes sense when we actually restart */
if( min_restarts > 0 ) if( min_restarts > 0 )
{ {
ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P, NULL, NULL, &ctx ); ret = mbedtls_ecp_mul_restartable( &grp, &R, &dB, &P,
&mbedtls_test_rnd_pseudo_rand, &rnd_info, &ctx );
TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
} }
@ -294,12 +299,14 @@ void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str,
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &R, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &R,
&mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G,
&mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xB ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xB ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yB ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yB ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
@ -351,11 +358,13 @@ void ecp_test_vec_x( int id, char * dA_hex, char * xA_hex, char * dB_hex,
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &grp.G,
&mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xB ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xB ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &R, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &R,
&mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 );
@ -767,9 +776,11 @@ void mbedtls_ecp_check_pub_priv( int id_pub, char * Qx_pub, char * Qy_pub,
int ret ) int ret )
{ {
mbedtls_ecp_keypair pub, prv; mbedtls_ecp_keypair pub, prv;
mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_keypair_init( &pub ); mbedtls_ecp_keypair_init( &pub );
mbedtls_ecp_keypair_init( &prv ); mbedtls_ecp_keypair_init( &prv );
memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
if( id_pub != MBEDTLS_ECP_DP_NONE ) if( id_pub != MBEDTLS_ECP_DP_NONE )
TEST_ASSERT( mbedtls_ecp_group_load( &pub.grp, id_pub ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &pub.grp, id_pub ) == 0 );
@ -780,7 +791,8 @@ void mbedtls_ecp_check_pub_priv( int id_pub, char * Qx_pub, char * Qy_pub,
TEST_ASSERT( mbedtls_ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 ); TEST_ASSERT( mbedtls_ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &prv.d, 16, d ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &prv.d, 16, d ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pub_priv( &pub, &prv ) == ret ); TEST_ASSERT( mbedtls_ecp_check_pub_priv( &pub, &prv,
&mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
exit: exit:
mbedtls_ecp_keypair_free( &pub ); mbedtls_ecp_keypair_free( &pub );

22
tests/suites/test_suite_pk.function
View File

@ -177,7 +177,8 @@ void pk_psa_utils( )
/* unsupported functions: check_pair, debug */ /* unsupported functions: check_pair, debug */
TEST_ASSERT( mbedtls_pk_setup( &pk2, TEST_ASSERT( mbedtls_pk_setup( &pk2,
mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2 ) TEST_ASSERT( mbedtls_pk_check_pair( &pk, &pk2,
mbedtls_test_rnd_std_rand, NULL )
== MBEDTLS_ERR_PK_TYPE_MISMATCH ); == MBEDTLS_ERR_PK_TYPE_MISMATCH );
TEST_ASSERT( mbedtls_pk_debug( &pk, &dbg ) TEST_ASSERT( mbedtls_pk_debug( &pk, &dbg )
== MBEDTLS_ERR_PK_TYPE_MISMATCH ); == MBEDTLS_ERR_PK_TYPE_MISMATCH );
@ -278,7 +279,8 @@ void valid_parameters( )
MBEDTLS_ERR_PK_BAD_INPUT_DATA ); MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#if defined(MBEDTLS_PK_PARSE_C) #if defined(MBEDTLS_PK_PARSE_C)
TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1 ) == TEST_ASSERT( mbedtls_pk_parse_key( &pk, NULL, 0, NULL, 1,
mbedtls_test_rnd_std_rand, NULL ) ==
MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) == TEST_ASSERT( mbedtls_pk_parse_public_key( &pk, NULL, 0 ) ==
@ -295,8 +297,8 @@ void valid_parameters_pkwrite( data_t *key_data )
/* For the write tests to be effective, we need a valid key pair. */ /* For the write tests to be effective, we need a valid key pair. */
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
TEST_ASSERT( mbedtls_pk_parse_key( &pk, TEST_ASSERT( mbedtls_pk_parse_key( &pk,
key_data->x, key_data->len, key_data->x, key_data->len, NULL, 0,
NULL, 0 ) == 0 ); mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) == TEST_ASSERT( mbedtls_pk_write_key_der( &pk, NULL, 0 ) ==
MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
@ -348,9 +350,13 @@ void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret )
mbedtls_pk_init( &alt ); mbedtls_pk_init( &alt );
TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 ); TEST_ASSERT( mbedtls_pk_parse_public_keyfile( &pub, pub_file ) == 0 );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &prv, prv_file, NULL,
mbedtls_test_rnd_std_rand, NULL )
== 0 );
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv ) == ret ); TEST_ASSERT( mbedtls_pk_check_pair( &pub, &prv,
mbedtls_test_rnd_std_rand, NULL )
== ret );
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT) #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA ) if( mbedtls_pk_get_type( &prv ) == MBEDTLS_PK_RSA )
@ -358,7 +364,9 @@ void mbedtls_pk_check_pair( char * pub_file, char * prv_file, int ret )
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ), TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &alt, mbedtls_pk_rsa( prv ),
mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func, mbedtls_rsa_decrypt_func, mbedtls_rsa_sign_func,
mbedtls_rsa_key_len_func ) == 0 ); mbedtls_rsa_key_len_func ) == 0 );
TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt ) == ret ); TEST_ASSERT( mbedtls_pk_check_pair( &pub, &alt,
mbedtls_test_rnd_std_rand, NULL )
== ret );
} }
#endif #endif

9
tests/suites/test_suite_pkparse.function
View File

@ -21,7 +21,8 @@ void pk_parse_keyfile_rsa( char * key_file, char * password, int result )
if( strcmp( pwd, "NULL" ) == 0 ) if( strcmp( pwd, "NULL" ) == 0 )
pwd = NULL; pwd = NULL;
res = mbedtls_pk_parse_keyfile( &ctx, key_file, pwd ); res = mbedtls_pk_parse_keyfile( &ctx, key_file, pwd,
mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( res == result ); TEST_ASSERT( res == result );
@ -96,7 +97,8 @@ void pk_parse_keyfile_ec( char * key_file, char * password, int result )
mbedtls_pk_init( &ctx ); mbedtls_pk_init( &ctx );
res = mbedtls_pk_parse_keyfile( &ctx, key_file, password ); res = mbedtls_pk_parse_keyfile( &ctx, key_file, password,
mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( res == result ); TEST_ASSERT( res == result );
@ -120,7 +122,8 @@ void pk_parse_key( data_t * buf, int result )
mbedtls_pk_init( &pk ); mbedtls_pk_init( &pk );
TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0 ) == result ); TEST_ASSERT( mbedtls_pk_parse_key( &pk, buf->x, buf->len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL ) == result );
exit: exit:
mbedtls_pk_free( &pk ); mbedtls_pk_free( &pk );

3
tests/suites/test_suite_pkwrite.function
View File

@ -63,7 +63,8 @@ void pk_write_key_check( char * key_file )
memset( check_buf, 0, sizeof( check_buf ) ); memset( check_buf, 0, sizeof( check_buf ) );
mbedtls_pk_init( &key ); mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL ) == 0 );
ret = mbedtls_pk_write_key_pem( &key, buf, sizeof( buf )); ret = mbedtls_pk_write_key_pem( &key, buf, sizeof( buf ));
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );

12
tests/suites/test_suite_ssl.function
View File

@ -800,7 +800,8 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
ret = mbedtls_pk_parse_key( &( cert->pkey ), ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char*) mbedtls_test_srv_key_rsa_der, (const unsigned char*) mbedtls_test_srv_key_rsa_der,
mbedtls_test_srv_key_rsa_der_len, NULL, 0 ); mbedtls_test_srv_key_rsa_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
} }
else else
@ -812,7 +813,8 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
ret = mbedtls_pk_parse_key( &( cert->pkey ), ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char*) mbedtls_test_srv_key_ec_der, (const unsigned char*) mbedtls_test_srv_key_ec_der,
mbedtls_test_srv_key_ec_der_len, NULL, 0 ); mbedtls_test_srv_key_ec_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
} }
} }
@ -827,7 +829,8 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
ret = mbedtls_pk_parse_key( &( cert->pkey ), ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char *) mbedtls_test_cli_key_rsa_der, (const unsigned char *) mbedtls_test_cli_key_rsa_der,
mbedtls_test_cli_key_rsa_der_len, NULL, 0 ); mbedtls_test_cli_key_rsa_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
} }
else else
@ -839,7 +842,8 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
ret = mbedtls_pk_parse_key( &( cert->pkey ), ret = mbedtls_pk_parse_key( &( cert->pkey ),
(const unsigned char *) mbedtls_test_cli_key_ec_der, (const unsigned char *) mbedtls_test_cli_key_ec_der,
mbedtls_test_cli_key_ec_der_len, NULL, 0 ); mbedtls_test_cli_key_ec_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 ); TEST_ASSERT( ret == 0 );
} }
} }

10
tests/suites/test_suite_x509write.function
View File

@ -94,7 +94,8 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_pk_init( &key ); mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL ) == 0 );
mbedtls_x509write_csr_init( &req ); mbedtls_x509write_csr_init( &req );
mbedtls_x509write_csr_set_md_alg( &req, md_type ); mbedtls_x509write_csr_set_md_alg( &req, md_type );
@ -163,7 +164,8 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE ); TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
mbedtls_pk_init( &key ); mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 ); TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &key_id, md_alg_psa ) == 0 );
mbedtls_x509write_csr_init( &req ); mbedtls_x509write_csr_init( &req );
@ -225,10 +227,10 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
mbedtls_x509write_crt_init( &crt ); mbedtls_x509write_crt_init( &crt );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file, TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
subject_pwd ) == 0 ); subject_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file, TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
issuer_pwd ) == 0 ); issuer_pwd, mbedtls_test_rnd_std_rand, NULL ) == 0 );
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C)
/* For RSA PK contexts, create a copy as an alternative RSA context. */ /* For RSA PK contexts, create a copy as an alternative RSA context. */